@abacabadabacaba I agree with EFF that using credit cards, driver's licenses, etc is problematic. That's my point, there are well known methods for exchanging authentication privately. That industry has the money to develop software they need.

That industry also has a long and wide track record of all sorts of abuse and exploitation. Instead of earnestly engaging with the real harms, they are just fighting this to protect their profits. EFF should know better to be joining that effort.

@eighthave There isn't a way to verify someone's age without either using some sort of a document (be it a passport, a driving license or a credit card) or using biometrics. Both involve passing identifying information, and both discriminate against some people (either those lacking the necessary documents, or those whose biometrics causes trouble for the current age estimation technology).

Some people claim that if age verification is performed by a different company (i.e. not the company running the website that the user wants to access), the privacy can be preserved. I don't buy it. That company will still have a trove of identifying information, and it is nearly impossible to hide which website the user wants to access (that website is likely paying for the age verification after all). So there is still a list of people's identities together with the adult websites they use, a lucrative target for the hackers and for the data brokers alike.

There are also proposals to shift the function of age verification to some government entity. If the implementation is not sufficiently private, the government could learn which people are using which websites, which sounds even worse than if private companies have this data. Even if that problem is solved, this system will still discriminate against people that lack appropriate legal status, such as undocumented migrants or visitors. And the prospect of the government being able to easily revoke a person's access to a large swath of the Internet is frightening.

Also, the costs of age verification favor large companies over smaller ones, leading to more centralization.

Finally, any age verification system can be trivially bypassed: a minor can just ask some adult to pass verification for them (in fact, current systems can be bypassed even more easily). If the system is private, there is little risk for the adult. Given all that: the costs, the risks and the trouble for the users, I really don't think that age verification systems are worth it. I feel that the negative consequences of the kids having access to porn are exaggerated. After all, they do have access to porn, and the society is not falling apart (or rather it is, but for entirely different reasons). Freedom is more important.

@abacabadabacaba It is pretty clear that most parents around the world do believe that major harms come from the internet and that's why so many are supporting these kinds of measures.

And implementing an age-verification service that is provably private is really not that hard, especially for a $75 billion industry.

Tor and zero-knowledge proofs are well known existing techniques that are enough to do this. It could work in the browser like how WebAuthn does.