this post was submitted on 06 Sep 2025
735 points (99.5% liked)
Technology
74914 readers
1907 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I am disinclined to believe that this is a death-sentence for smaller platforms longterm.
The article names multiple sites that have already shut down due to the UKs law
Depends on the nature of the platform. It is not good for small commercial entities that will be required to enact a ID verification system because it will increase the cost of entry to the market.
Increasing the cost of entry will benefit large corporations that will easily absorb the cost. Platforms that don't require it will likely be unaffected.
As someone who works in this space, I doubt it’s going to be an issue for smaller entities. We already have SSO for basic login identity from a variety of providers (Microsoft, Facebook, Google, Apple) — smaller sites already love to use these as it provides easy access to existing users, and saves a ton of coding for having to handle login information, password management, etc.
These same entities can handle the age verification. Now I can see arguments as to why centralizing logins and age verification like this could be a problem for users, but if I decided to start my own social media app tomorrow I’d likely rely on the big platforms to handle all of this (as we already see everywhere — heck, app for ordering pizza support Facebook, Google, and Apple logins), and save myself the cost and hassle of implementing this myself (never mind the potential embarrassment and liability should someone hack my site). Then it’s on those platforms to worry about age verification.
All of these services are currently free, and save you from a ton of coding around user accounts and authentication, so using them is usually cheaper then having to DIY it.
Yes, but I will never log in to any site with those. If those are my only options I am not using your website.
And that’s just fine. Considering how many people do login with those services, I doubt any that use the SSO services will particularly miss you and the small subset of users who don’t want to let a third-party service confirm your login.
That’s not meant as snark — every app and website out there has some subset of users who will decry “I won’t use that because it does X”. And that’s fine. It’s a personal decision. But it likely won’t significantly affect development decisions, as it’s going to happen with some group for some reason anyway.
And that’s always worked out in the past, hasn’t it?
Imagine putting your entire business in a position where one of Google’s half-assed AIs could decide tomorrow at zero notice to cut you off from your entire user base.
This is why most apps that do use such services use more than one. Lots of modern sites have buttons for “Login with Google”, “Login with Facebook”, “Login with Apple”. None of them want to lose access to the user data and analytics they get from these services — so I doubt one is going to jump into cutting you off or requiring payment while the others are still free.
It would take all of these services to (illegally) coordinate to suddenly start charging — and of all of them I don’t see that being in the interest at all for Apple. Apple’s login service uses Touch and Face ID on their devices, and is part of the selling point for those devices (extremely easy logins with no password). They’re not making their money off Single Sign-On (SSO) login services — they make their money off selling devices, and they make the case for selling these devices in large part by selling “simplicity”.
So if you’re worried today about a login service yanking the rug out from under you, you just implement many/all of them. It’s not significantly more work — all of them are based off OAuth — so long as your website or app can authenticate via OAuth you just need to use the APIs each company provides to implement the authentication, and you’re done.
Nothing them stops you as you get bigger form implementing your own login/authentication service — and if you ever get big enough, you too can offer it as a service for other websites.
“Don’t worry, it’ll only affect the 70% of your users that choose that one” isn’t the safeguard you seem to think it is.
I could see it being an issue for more privacy-oriented sites. I imagine some Lemmy and Mastodon users might be less inclined to have to login to Apple, Google or Microsoft to be able to interact with others even if the vast majority of users are fine with it. Would be nice for somebody to come up with an open-source service that handles some more basic age verification so other services can just self-host it instead of each platform implementing their own logins. By basic age verification I mean things like matching user behaviour to users with a known age and maybe some face scanning. Nowhere near perfect and it’s a constant cat and mouse game, but maybe enough to be compliant with the law.
If age verification wasn’t being made mandatory in Australia for social media sites I think it could be a great idea for some services especially if the verification is done by the government with the same level as photo ID. Think dating apps, finance and marketplace sites where having a higher level of confidence that the person you are talking to is who they say they really matters, especially if law enforcement need to be involved down the line. Even if you the user can’t verify the identity of the other person, law enforcement could, and the site might be able to block alt accounts. The credential theft problem still exists of course so it’s no silver bullet, but it’s a lot better than what we have now.
Breathtaking complacency & a load of mental gymnastics to justify an entirely unnecessary and intrusive policy
I will take your word for it then. Thanks for letting me know.