Comment by cloudfudge

> That's bad because if someone got a hold of the records from both the site and the identity provider they might be able to match access time logs and figure out who you are

I see your point, but this doesn't sound like an actual risk to me. The idp will have security as one of their critical features and should be considered trustworthy in this regard. And having *both* the target site logs *and* the idp logs compromised is even more far-fetched. We aren't sitting around worrying about people correlating ISP logs to pornhub logs, and I don't trust my ISP any farther than I can throw them.

The beauty of using an SSO-style scheme is that one could actually see it easily slotting in as a subset of existing protocols. The site could get a SAML doc and the only claims it has in it are "user is over 18", for example. Use the infrastructure for exactly what it's designed for: identifying some selection of attributes that describe a person. It's very elegant and leverages existing well-understood (and well-integrated) tech plumbing.

This also takes all the sensitive data handling out of the hands of social media mongers and pornographers. Let them do what they're good at and let the competent security folks handle the sensitive bits.