Comment by Aurornis
11 hours ago
That's not how ID checking works, though.
A key part of ID verification laws is that you're confirming the ID presented also belongs to the user.
They can't just check for "This person currently has an adult ID in their possession" and nothing more, otherwise one kid at school would borrow their older brothers' ID and then use it to register all of their friends' accounts one day.
You tie it cryptographically to their phone with keys in the phone's hardware security module. This doesn't stop sharing of ID but it makes it much more inconvenient.
And I access the website from my computer how?
Why would you invite a technology that by definition makes websites accessible only via phones? These social media age verification laws are inevitably going to hit sites you use, too.
> And I access the website from my computer how?
By cross device authentication, such as by scanning a QR code displayed on the computer from your phone. Nearly all these laws or proposed laws only require verification on account creation and maybe an occasional re-verification. They don't require it on every login.
> Why would you invite a technology that by definition makes websites accessible only via phones?
In most or all of the countries proposing age verification phone use is extremely high. In Finland it is nearly 100% for people over 15 and not retired. It is around 96% for retired people.
Social media use is heavily skewed toward people under retirement age, which is were mobile use is highest. Even Facebook which many dismiss as the old folk's social media has about 92% of their users under 65. 98.5% of their users use it from mobile devices (82% use it exclusively from mobile).
This all suggests it will only be a very small fraction of people that use social media from desktops and do not have a mobile phone they could use for the initial verification or re-verification.
I haven't seen any country proposing to make mobile the only way to do age verification. They all are including methods that work without a phone, although a phone can give much better privacy and security assurances. (I don't know if any country has considered this but another good option would be to allow accounts that have existed longer than some threshold to skip verification. That would probably cover most of those elderly users without a smartphone).
1. Make it illegal and punish people. 2. Have a certain limit (like 5) on virtual ids one person can register. Allow to withdraw consent and close virtual ids.
> 1. Make it illegal and punish people.
Which you will prove how? With no record of which ID was used and with the person who used it being under 18 by necessity, this means there would be no evidence to even punish anyone old enough to be punished.
> 2. Have a certain limit (like 5) on virtual ids one person can register. Allow to withdraw consent and close virtual ids.
If the ID is only checked in a zero-knowledge way to register accounts, you don’t even need multiple IDs. You just need access to one, which can be used a million times.
All of the schemes to check if it’s being used multiple times start exposing more info or requiring a central party to manage. We start sliding down the slope of having the government manage ID checking centrally, which conveniently gives them a way to check which people are accessing which services.