Honestly, we should start doing hardware-based age verification instead. Have the government run a simple yes/no service for individuals to be able to verify their age. The service simply asks if you’re over 18, and the government responds with a simple yes/no.
You verify your identity on the device once when setting it up, it asks the government if you’re over 18, and then your user account is verified as an adult when the “yes” response is returned. The only time it would need to be repeated is when someone turns 18, which would be something the user would need to manually prompt their device to retry. And notably, the government isn’t being pinged for every site you visit, they only got pinged for the initial device setup. So they don’t get access to any of your browsing data.
Now your phone can automatically send a “yes, I’m over 18” signal to any site or service that asks. And kids won’t be verified, meaning they won’t even be able to see the “are you over 18” prompts; they’ll simply be booted off the site (or in Discord’s case, restricted) as soon as it automatically asks their device for an age verification. No action is required on the user’s part, and the site/service didn’t need any invasive info about who you are. As far as an adult is concerned, they got direct access to the site without any kind of annoying “are you over 18” prompt. And as far as a child is concerned, they got automatically redirected right back to Google’s home page as soon as they clicked the porn link.
For shared devices (like computers) it could be handled on a per user basis. You verify your age on Windows/Linux/MacOS when creating the account, and then whenever you’re logged in, any site can simply ask if you’re over 18. Don’t want your kid to stumble across porn? Don’t verify their account. Now safeguarding kids on the internet is as simple as parents safeguarding their computer password and refusing to verify their child accounts.
It’s basically the best of all worlds:
The government/private data brokers don’t get free access to your browsing data, like what would happen if every individual site asked the government for verification. This is our current reality, with data brokers hoovering up photos of IDs to feed to their data scientists.
The adult user only needs to take action once to verify their age, and then after that the age gates are automatically opened. You don’t need to verify independently with each site, because your device handles that automatically during the initial handshake.
Sites don’t get any additional personal info about you, except for the automatic pass/fail hardware response saying that you’re over 18. They don’t need to collect your info to pass to a third party verification system. They don’t need to ask the government, because that has already been done. And they don’t need to worry about things like GDPR compliance for collected info, because there is no additional collected info.
Your browsing info isn’t shared with third parties, because the sites/services you use have no need to ask third parties for verification.
Of course it’ll never happen though, because it would restrict what kinds of info data brokers could collect and sell.
Honestly, we should start doing hardware-based age verification instead. Have the government run a simple yes/no service for individuals to be able to verify their age. The service simply asks if you’re over 18, and the government responds with a simple yes/no.
You verify your identity on the device once when setting it up, it asks the government if you’re over 18, and then your user account is verified as an adult when the “yes” response is returned. The only time it would need to be repeated is when someone turns 18, which would be something the user would need to manually prompt their device to retry. And notably, the government isn’t being pinged for every site you visit, they only got pinged for the initial device setup. So they don’t get access to any of your browsing data.
Now your phone can automatically send a “yes, I’m over 18” signal to any site or service that asks. And kids won’t be verified, meaning they won’t even be able to see the “are you over 18” prompts; they’ll simply be booted off the site (or in Discord’s case, restricted) as soon as it automatically asks their device for an age verification. No action is required on the user’s part, and the site/service didn’t need any invasive info about who you are. As far as an adult is concerned, they got direct access to the site without any kind of annoying “are you over 18” prompt. And as far as a child is concerned, they got automatically redirected right back to Google’s home page as soon as they clicked the porn link.
For shared devices (like computers) it could be handled on a per user basis. You verify your age on Windows/Linux/MacOS when creating the account, and then whenever you’re logged in, any site can simply ask if you’re over 18. Don’t want your kid to stumble across porn? Don’t verify their account. Now safeguarding kids on the internet is as simple as parents safeguarding their computer password and refusing to verify their child accounts.
It’s basically the best of all worlds:
Of course it’ll never happen though, because it would restrict what kinds of info data brokers could collect and sell.