On the government endpoint, which returns X that the platform uses as "evidence" for you being an adult, yes, that's tied to your identity, as the certificate/whatever is tied to your identity.
But as long as the platform who need to validate that you're an adult don't get your identity, but just the proof, I don't see what the problem is?
> What is the incentive for the citizen to make sure their authentication isn't shared?
What incentives do people today have for keeping their identifications to themselves? Why aren't we all sharing CC numbers? Because we realize some data is "personal" and isn't to be used by others, like our username+passwords or whatever. This isn't exactly a new concept, just look at how it works for anything else that is tied to you.
> On the government endpoint, which returns X that the platform uses as "evidence" for you being an adult, yes, that's tied to your identity, as the certificate/whatever is tied to your identity.
In this scenario the government knows all the age-restricted sites I've visited. I'd argue that is worse than if all the age-restricted sites I've visited know who I am...
(FTR I don't know what I think about age restrictions in general, but I'm pretty sure there's no implementation that comes without negative side effects)
Not necessarily. The age verification proof doesn't need to be site-specific. But again, that reduces the incentive "for the citizen to make sure their authentication isn't shared" because there's nothing tying it to them.
I also kinda hate the whole idea of needing explicit permission from the government to access the open web, regardless of whether or not they know which specific sites they're giving me permission to access.
There's actually a much better idea that's been floating around. Require over-18 sites to set a certain header. Then anyone who wants to can install a browser on their kid's device that will block pages with the header. There's no privacy implications, no surveillance implications, no need to make VPNs illegal as long as they pass it through; it's just a plain old parental block with a regulation keeping it always up to date. Yes, you may have to stop your kid installing random software on the device to bypass whatever blocking you set up, but you had to do that anyway. If it's Apple or Google they could easily enough require everything in the app store to respect the flag when the device is set to kid mode.
(If the government does the incredibly overbearing thing and does not do the simple and effective and unintrusive thing, it proves their motivations are surveillance)
Already exists; the industry called it RTA (Restricted To Adults). Nobody used it... and it's 19 years old. Complete failure categorized under "we already tried that."
I don't think that it matters. The big porn sites have served RTA tags for many years. Android, Windows, macOS, and iOS can all be configured to block adult content tagged with this system. That still hasn't stopped a bunch of states from passing age verification laws ostensibly targeted at protecting children from these sites.
In order to accomplish that working, you'd have to legally mandate parents put the blockers on their kids devices.
Similar things exist that block based upon lists and content keywords and such.
Most parents do not want to block stuff from their kids or they would be.
If thousands of them demanded that devices came with blockers then the market would provide such devices.
Many moons ago you could argue parents did not know what the youngins would find on the internet. Today's parents definitely know, and most do nothing to restrict access.
It doesn't have to be mandated - parents could choose.
Even if it's mandated that kids can only use phones with a special "kid mode" turned on, even if you had to present ID to turn it on or off or buy a phone with it turned off, that would still be way less bad than what's being rammed through parliaments right now.
> What incentives do people today have for keeping their identifications to themselves?
Not being liable for loans they didn't take out themselves, being the recipient of government benefits they are owed, etc. I'm sure you have heard of identity theft before, but it sounds like you haven't heard of why it's a bad thing. It's not just a privacy thing.
If you share your CC number, someone could steal your money. If you share your anonymous age verification token... someone could pretend to be 18? And by design that token is anonymous and there's no way to prove you were the one they got it from? Doesn't seem like much of a disincentive.
But as long as the platform who need to validate that you're an adult don't get your identity, but just the proof, I don't see what the problem is?
> What is the incentive for the citizen to make sure their authentication isn't shared?
What incentives do people today have for keeping their identifications to themselves? Why aren't we all sharing CC numbers? Because we realize some data is "personal" and isn't to be used by others, like our username+passwords or whatever. This isn't exactly a new concept, just look at how it works for anything else that is tied to you.