Comment by nemomarx
7 days ago
At minimum they should have tried for a digital attestation and not "send pictures of your official identity documents to every site" approach.
7 days ago
At minimum they should have tried for a digital attestation and not "send pictures of your official identity documents to every site" approach.
Well, they didn't take that approach.
Read the actual guidance. They in no way require "send pictures of your official identity documents to every site".
There are a bunch of ways (some advisable, some not) where an existing entity that knows you are an adult can extend just that -- we know they are an adult.
Credit card providers know all their customers are adults, for example -- because you have to be an adult to enter into a credit agreement. And credit cards are insured.
Mobile phone companies in the UK block adult content by default and have done for some time; you have to unblock it by telling them you are an adult. But once you've done that, adult content can be verified quite trivially with an SMS.
And there are other methods still. For example a site with longstanding members is allowed to estimate the age of members based on how long they have used the same email address!
It's not a porn filter. It's a set of rules for companies to follow to identify adult users.
Is it the best law? No. But it's not the Texas law, that's for sure, and that law has survived a US Supreme Court challenge.
Sure, but if they don't already know they have to ask to see ID or try the video estimation stuff, right?
That's a lot more data leakage than some central authentication for it, and PII going to more places. And it's very optimistic to assume implementations will be good faith and secure.
I'm not sure I would call the USC a mark of quality right now anyway.