What a total joke. These companies need to stop normalizing the sharing of personal private photos. It's literally the opposite direction from good Internet hygiene, especially for kids!

This has been proven false a bunch of times, at least if the 1000s of people complaining online about it are to be believed. My google account is definitely old enough to vote, but I get the verification popup all the time on YouTube.

I think the truth is, they just want your face. The financial incentive is to get as much data as possible so they can hand it to 3rd parties. I don't believe for a second that these social networks aren't selling both the data and the meta data.

I used to watch good soccer matches on public TV. When services like DAZN appeared, only one major match was available each weekend on public TV. Later, none were free to watch unless you subscribed to a private channel. I didn't want to do that, so I stopped watching soccer. Now I only follow big tournaments like the World cup, which still air on public TV (once every 4 years).

Sometimes you just have to let things go

> A few years ago, I received a letter in the mail addressed to my then-toddler. It was from a company I had never heard of. Apparently, there had been a breach and some customer information had been stolen. They offered a year of credit monitoring and other services. I had to read through every single word in that barrage of text to find out that this was a subcontractor with the hospital where my kids were born. So my kid's information was stolen before he could talk. Interestingly, they didn't send any letter about his twin brother. I'm pretty sure his name was right there next to his brother's in the database.

> Here was a company that I had no interaction with, that I had never done business with, that somehow managed to lose our private information to criminals. That's the problem with online identity. If I upload my ID online for verification, it has to go through the wires. Once it reaches someone else's server, I can never get it back, and I have no control over what they do with it.

All those parties are copying and transferring your information, and it's only a matter of time before it leaks.

[0]: https://idiallo.com/blog/your-id-online-and-offline

So the question is really: what is the best way to implement it?

* I find the "buying a gift card at a store" idea interesting: the seller checks your ID and gives you a gift card.

* I find the digital idea with privacy preservation interesting, too: the government already knows about me. If they can give me a token that only reveals my age, and I can use that token without revealing to the government where I used the token, then it works.

I think the EFF's stance on this is: "but some people will have issues using that technology". I would like to know how many people that is, and why we couldn't imagine a way to help them?

I do look a little younger than 32, due to a healthy lifestyle and religious use of sunscreen but I have a beard and moustache. It's a little insane that I was instantly banned with no way to move forward.

I don't want to google it because I don't want to be put on a list but I also feel somewhat confident that this is being done. Apparently, HN feels safe to ask questions like that for me.

Simple answer, never accept this If everyone selected "cancel" you can be sure these sites will stop age banning, they wan $ more than anything else.

If a site asks me one question about me, I stop using if.

I think the EFF would have more success spreading their message if they didn't outright lie in their blog posts. While cryptographic digital ID schemes have their problems (which they address below), they do fully protect privacy rights. So do extremely simple systems like selling age-verification scratchcards in grocery stores, with the same age restrictions as cigarettes or alcohol.

On similar lines, I think that something between an unrestricted smart phone and the classic dumb phone is a market segment that is needed.

And maybe consider using a VPN.

They can implement a transparently auditable system, where you scan your id-card (nfc or camera) in the government's portal, and using oauth federation, it will confirm your age, and nothing more than that to sites requesting it.

Site that wish to prevent the fact that you visited them a secret from the government can use various temporary domains, ips, Tor,etc... so long as the government's verification service can reach it.

The government already has your ID information, and they already know at least your home IP (yes, this is actively shared with them in the US). The only privacy concern is them knowing what sites you're visiting.

I get resisting and fighting this, but it's been years now and people are having to endure this mess. It isn't going away either. I was complaining about KYC laws earlier, they started out the same, it was about "terrorists" then.

You can fight two fights in parallel. One to prevent the whole thing, another to require the government to implement a service themselves, do it transparently and preserve privacy while doing so.

Yet another proposal I have is for sites that offer oauth federated login (google,microsoft,github,etc..) to vouch for your id verification, either by them doing it directly or via the government portal i proposed earlier. You'll then just login to sites with the right google account or whatever and that's all the site will ask from you.

I would also be fine with buying a 'card' of some sort at stores that do id verification already, like where you'd buy a cigarette or alcohol. You also buy some scratchable card with a verification code on it. They can't argue it's not good enough, because it's good enough for cigs and alcohol. they can't say "what if a minor gets a hold of the card later" because what if a minor gets a hold of cigs or alcohol later as well?

Instead, the rest of us have systems that are both far more vulnerable to privacy beaches, and far easier to circumvent anyway.

An excellent question, which I didn't see the article really get into.

> If you’re given the option of selecting a verification method and are deciding which to use, we recommend considering the following questions for each process allowed by each vendor:

Their criteria implies a lot of understanding on the part of the user -- regarding how modern Web systems work, widespread industry practices and motivations, how 'privacy policies' are often exceeded and assurances are often not satisfied, how much "audits" should be trusted, etc.

I'd like to see advice that starts by communicating that the information will almost certainly be leaked and abused, in n different ways, and goes from there.

> But unless your threat model includes being specifically targeted by a state actor or Private ID, that’s unlikely to be something you need to worry about.

For the US, this was better advice pre-2025, before the guy who did salutes from the capitol was also an AI bro who then went around hoovering up data from all over government. Followed by a new veritable army and camps being created for domestic action. Paired with a posture from the top that's calling harmless ordinary citizens "terrorists", and taking quite a lot of liberties with power.

We'll see how that plays out, but giving the old threat model advice, without qualification, might be doing a disservice.

"We disagree with age gates but our recommendation is to comply". Fuck this.