this post was submitted on 15 Apr 2026
788 points (98.9% liked)

Technology

83831 readers
3641 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
788
Federal Bill Would Bring OS-Level Age Verification to the Entire U.S. (linuxiac.com)
submitted 1 day ago by throws_lemy@reddthat.com to c/technology@lemmy.world
254 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] mrmaplebar@fedia.io 190 points 1 day ago (12 children)

Remember folks, age verification is personal identity verification.

[–] nullify3112@lemmy.world 27 points 20 hours ago* (last edited 20 hours ago) (9 children)

Well they could do it the right way where, for example, you go to your city hall to get a certificate of age where they check your ID. Then some cryptography happens so you only enter a public key from that certificate on a website or OS to verify your age.

The website or OS doesn’t check your ID. City hall doesn’t know your browsing history.

But I’m not fooling myself, that’s not the point of such a law.

[–] BonkTheAnnoyed@piefed.blahaj.zone 16 points 14 hours ago (3 children)

no implementation of personal ID for internet access will ever be "correct."

[–] ferrule@sh.itjust.works 4 points 3 hours ago (2 children)

That's not true. It's simple if all you actually want is age verification.

You go in to the government building and show your ID. Seeing you are 18 or older you get to go to another room where they don't check your ID, just give you a token saying the one holding it is over 18. Make the token like a FIDO key where you have a pin you set yourself.

There is an air gap between the validation and the token creation so there is no way to go from token to ID. You make the key use a pin so we consider it to be once usable by one person.

The issue is not about the technology. The issue is that we all know this has nothing to do with kids getting on porn sites.

[–] harmbugler@piefed.social 2 points 1 hour ago* (last edited 1 hour ago) (1 children)

You make the key use a pin so we consider it to be once usable by one person.

Now you have trusted the user not to provide the PIN to another, and the implementation is no longer correct. You'd at least need to use biometrics to tie the key to the person.

[–] ferrule@sh.itjust.works 2 points 1 hour ago (1 children)

You are changing the goal. The point of this is to provide THE USER with a solution where they don't have to give away their personal information to the Government or the 3rd Party site. We do not care about situations where users commit crimes as that means our focus is on the Government's needs which they would already have met by just implementing a "Show us your ID" solution.

Now you could make the pin be a biometric so it's physically connected to the user. But part of the solution needs to be that the token is not identifiable with the user. If I pull of my wrist band no one will know it was mine. If you throw out your token someone could go around testing everyone's fingers and find out it was yours.

[–] harmbugler@piefed.social 1 points 4 minutes ago

Without ensuring that the key issued to one person is not used by another, the key does not prove the age of the user, and isn't that the whole point of the key?

[–] evilcultist@sh.itjust.works 1 points 2 hours ago (1 children)

Would these tokens be unique per website visit? Are they generated by the user or the government?

[–] ferrule@sh.itjust.works 1 points 1 hour ago

It can be a shared token. For example a cryptographic hash. There are many solutions for the problem of certifying a token while giving no traceable data.

In most solutions there would be the traceability of knowing "User X went to site Y and site Z" but never knowing who "User X" is. There have been solutions proposed that create site specific hashes where it becomes more difficult if not impossible to track a user across different sites. So it just depends on if this issue needs to be resolved or not.

Personally I would be fine letting every porn site I use know I've been to every other porn site. If you wanted to go somewhere that you don't want them to know, throw out your token and go get a new one.

[–] MrKoyun@lemmy.world 3 points 13 hours ago

Exactly. Digital ID verification is in no way comparable to physical ID verification.

[–] Holytimes@sh.itjust.works 0 points 9 hours ago

Never say never there is ALWAYS a way to do things right. But our government is too stupid to do it. So it might as well be impossible. Kek

load more comments (5 replies)
load more comments (7 replies)