this post was submitted on 21 Mar 2026
19 points (91.3% liked)

Ask Experienced Devs

1467 readers
1 users here now

Icon base by Delapouite under CC BY 3.0 with modifications to add a gradient

founded 2 years ago
MODERATORS
Ategon@programming.dev
19
Could online age verification be done in a way that protects privacy and autonomy? (lemmy.world)
submitted 2 days ago* (last edited 2 days ago) by 58008@lemmy.world to c/ask_experienced_devs@programming.dev
55 comments fedilink hide all child comments
 

Apologies if this isn't the right place to ask this, but I thought actual developers with a deep understanding of how technology actually works would be the people to ask!

If you were tasked with setting up a safe and secure way to do this, how would you do it differently than what the UK government is proposing? How could it be done such that I wouldn't have to worry about my privacy and the threat of government suppression? Is it even theoretically possible to accomplish such a task at such a scale?

Cheers!

EDIT: Just to be clear: I'm not in favour of age verification laws. But they're on their way regardless. My question is purely about the implementation and technology of the thing, rather than the ethics or efficacy of it. Can this seemingly-inevitable privacy hellscape be done in a non-hellscapish way?

you are viewing a single comment's thread
view the rest of the comments
[–] blitzen@lemmy.ca 13 points 2 days ago (2 children)

I agree with others here when they say that age-verification laws aren't about children at all, and identification isn't a side effect, it's the raison d'être.

But if I were to earnestly try to solve the problem, I might look to the physical (non-online) world. In every part of the world I've been to, buying alcohol requires one thing; to be of age. So if you very clearly look of age, you are allowed to buy it. If you look younger, you may be asked to provide ID proving you are old enough. While some vendors may take additional precautions such as scanning your ID, it is not a requirement and most do not. They simply look at your ID to verify, then allow the purchase.

One could buy a physical verification token, like one might buy a gift card currently, and the purchase requires the same verification as buying alcohol. Imagine you buy a plastic gift-card-like item branded Roblox and they verify you are of age, when you sign up for Roblox you enter in the details of the gift-card-like item. You are verified to be of age, and no-one has any other details.

[–] bearboiblake@pawb.social 6 points 2 days ago* (last edited 2 days ago) (2 children)

I think this is the best possible solution, great write up and explanation. A minor improvement would be to make the card some kind of OATH device to generate TOTP tokens rather than a single ID number, so that you can reuse the same identifying token in multiple places with no way to connect the token.

Edit: On second thought, I can't think of a way to make that work, without compromising privacy, and I can think of a few possible ways that the original idea could potentially go wrong, too. Still, I think this is the closest possible solution.

[–] blitzen@lemmy.ca 3 points 2 days ago

Oh, mine is a terrible idea, but maybe one of the least bad. I like your idea of making it reusable somehow.

[–] Zagorath@quokk.au 1 points 2 days ago (1 children)

On second thought, I can't think of a way to make that work, without compromising privacy

I'd say check out my top-level comment, and the link to the crypto Stack Exchange within it.

[–] Zagorath@quokk.au 3 points 2 days ago* (last edited 2 days ago)

identification isn't a side effect, it's the raison d'être.

In Australia, the law quite specifically says sites aren't allowed to require ID as the method of age verification. It can be one option they provide, but it cannot be the only. Even a sort of sentiment analysis is permitted, and from everything I've heard that seems to be the method most have defaulted to. Social media sites don't want to risk losing users by putting up barriers to them making accounts. People talking about politics and taxes are probably adults. People looking at Bluey videos are much more likely to be children. And it's all based on information they already had used in ways a lot of them probably already did.

So at least here, I think the idea that it's anything other than what they say it is is just an unfounded conspiracy theory. It may not be well-implemented, but it is genuinely well-intentioned. Or if not well-intentioned, the real intent is bad, but not in the same way you suggest—it's just about being seen to do something good and win some good PR for the government, without actually having to go to any effort to implement good policy.