Decentralized social network Mastodon says it cannot comply with age verification laws, like in Mississippi and elsewhere, and says it's up to individual server owners to decide.
On a side-note. I do not consider the government to be a trusted party. Whatever solution gets implemented needs to not provide the government any information that they can use for mass surveillance.
The two main requirements in my view are:
The website that needs your age shouldn’t get to know your identity. They only get to verify your age.
The government age verification shouldn’t get to know what service you are requesting access for. They only provide age verification.
Edit: You mention the certificate being short-lived, but one of the concerns mentioned in the proposed implementation for the EU age verification states that if that window is too short it can be used to determine identity.
I think I have to specify what I mean by trusted. I do not trust them with my browser history, but I do trust them handling my government-issued identity. I do however not trust a company with that identity because I know they will definitely use it for their own good. What I want is the complete and absolute separation of information. Everyone knows exactly what they need to know, not a byte more. I’m still not convinced we desperately need the possibility to identify us for every fucking service though. Keeping kids from accessing porn should be the task of the parent. Keeping kids out of porn, yes indeed, we all need to tackle that problem.
So basically, yes, I think we have the same solution in mind, but with different wording.
Funnily enough that is roughly the implementation the EU seems to be working on.
https://digital-strategy.ec.europa.eu/en/policies/eu-age-verification
On a side-note. I do not consider the government to be a trusted party. Whatever solution gets implemented needs to not provide the government any information that they can use for mass surveillance.
The two main requirements in my view are:
Edit: You mention the certificate being short-lived, but one of the concerns mentioned in the proposed implementation for the EU age verification states that if that window is too short it can be used to determine identity.
I think I have to specify what I mean by trusted. I do not trust them with my browser history, but I do trust them handling my government-issued identity. I do however not trust a company with that identity because I know they will definitely use it for their own good. What I want is the complete and absolute separation of information. Everyone knows exactly what they need to know, not a byte more. I’m still not convinced we desperately need the possibility to identify us for every fucking service though. Keeping kids from accessing porn should be the task of the parent. Keeping kids out of porn, yes indeed, we all need to tackle that problem.
So basically, yes, I think we have the same solution in mind, but with different wording.