this post was submitted on 27 Jul 2025
553 points (99.1% liked)
Technology
73379 readers
4723 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
The key doesn't have to be on your phone. You can just send it to some service to sign it, identifying yourself to that service in whatever way.
It's that "whatever way" that is difficult. This proposal merely shifts the problem: now the login to that 3rd party can be shared, and age verification subverted.
A phone can also be shared. If it happens at scale, it will be flagged pretty quickly. It's not a real problem.
The only real problem is the very intention of such laws.
How? In a correct implementation, the 3rd parties only receive proof-of-age, no identity. How will re-use and sharing be detected?
There are 3 parties:
The site (2) sends the request to the user (1), who passes it on to the service (3) where it is signed and returned the same way. The request comes with a nonce and a time stamp, making reuse difficult. An unusual volume of requests from a single user will be detected by the service.