By this I mean sites requiring stricter validation for accessing adult content, rather than just a simple checkbox. Stuff like credit card details or photos of government IDs.

This has been something that’s been rattling around in the back of my mind for a while now. And with the place I live passing legislation requiring porn sites to use stricter verification, it’s starting to feel like a real thing that can happen.

And… Honestly, it looks like this is probably going to start to be a thing everywhere, seeing how the world is going. To the point where VPNs are probably not going to stay a good way of bypassing it.

It’s causing me an unhealthy amount of worry, because of all the privacy implications and the fact that it means some sites could pull out of my country entirely.

I figure I may as well ask people’s thoughts and experiences here, rather than reading the same articles on Google over and over.

So, I guess some questions:

  • Have you done any of this kind of verification before? How did you find it? Do you trust them with your identity?
  • Would you consider sending images of your government ID to Discord/Google/Twitter/Bluesky/Furaffinity/esix to access adult content? They promise they use a third party verifier and delete it after use, of course.
  • What about using less “important” forms of ID, like phone numbers, credit card numbers and whatever AI face scanning technology is hot right now?
  • What about verifying for Yiffit and/or your favourite mastodon/lemmy servers? Presumably they’ll also defer to a third party verifier, but I feel they’ll try to go for a privacy focused one.

And let’s not talk too much about specific jurisdictions and whether or not they are “right” to do this kind of thing. Or if it’s going to be effective or not. I’m sure we all have thoughts about this, but that conversation isn’t likely to go anywhere.

@wander , if you have the time, I’d also be interested in hearing your thoughts on this, as a site operator. Especially considering France is one of the places trying to push this.

  • Wander@yiffit.netM
    link
    fedilink
    English
    arrow-up
    14
    ·
    edit-2
    1 year ago

    Hello! Apologies for not seeing this earlier.

    In case anyone’s wondering my position on this matter, it’s this:

    • There is 0.00% chance that yiffit.net or packmates.org will implement any sort of ID verification system. I’d rather host the site in any other different jurisdiction than to jeopardize the privacy of our users or contribute to a version of the internet that’s riddled with surveillance nightmares.

    In the worst case scenario the site would even change owners (if my physical jurisdiction played a role in the matter) or I’d find any other way. This is not something I’m worried about since we have no shareholders, no need to be profitable in any way, and don’t report to anyone but to ourselves.

    Furthermore, if the internet continues going down such a path and there is a legal way to help people circumvent draconian restrictions by offering services such as a VPN, I would definitely look into hosting such a service. If there’s anything I’m afraid of, it’s the amount of time and effort I know I’m capable of recklessly sinking into privacy-oriented projects just to spite anti-queer, authoritarian and surveillance-state political initiatives :P

    So, rest assured that Yiffit and Packmates will not make such ID a verification ever a requirement and I’d even encourage you to find ways to avoid any sites that make such requirements.

    PS. We’re now hosted in Germany by the way!

    • cc@packmates.org
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      @Wander I’d like to think that I have some experience in hosting privacy-based services. I may block tor on my own website (mostly for security purposes), but I totally understand the need for privacy and would happily help set up a wireguard VPN or tor node to help that along.

      • Wander@yiffit.netM
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Thank you for the offer. It’s super appreciated. Right now I don’t think it’s necessary, but who knows what the future of the internet holds. If you have any idea or suggestion yourself, don’t hesitate in letting me know!

  • Pons_Aelius@kbin.social
    link
    fedilink
    arrow-up
    10
    ·
    1 year ago

    There is no way I will ever submit a credit card or any official ID to a website that I have no idea of the data security in place. That is just an invitation to scammers to attack the site.

    Or to cut out the middle man, it could be a great way to set up an identity stealing business.

    Set up site.

    Collect details.

    Announce breach or not and just use the details gained.

    • Laberpferd@sueden.social
      link
      fedilink
      arrow-up
      8
      ·
      1 year ago

      @vlad76 @AwoosWhenClose
      Strongly against this idea

      it might be innocent todays, what you do could be totally fine and legal today,

      But you cant predict what happens tomorrow

      Any pile of data, photos for face identification, verified traces of where you have been on the web and what you did there, could be stored forever any any time decades later used against you

      Keep your online life hygienic

  • ignotum@yiffit.net
    link
    fedilink
    English
    arrow-up
    7
    ·
    1 year ago

    One server i was on required a photo of a drivers license or similar, with my username written next to it, but they encuraged you to blur out everything you could, except date of birth. At that point i’m no longer worried about any privacy issues

    You might say that no longer proves your age, but a photo of the ID with all the detail doesn’t prove anything either (how would you know it was really my ID?) so it works just as well

    • Greyscale@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      Had this issue with a fucking telegram group of all things and just started clowning on them sending obviously fake IDs.

    • Draconic NEO@pawb.social
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Even weak biometrics are somewhat identifiable, even ones that seem somewhat common may still be able to identify you, not very well but still best to just not to take the risk.

  • shani66@burggit.moe
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    1 year ago

    I’ve sent my id to a government run website and will never send it to anywhere else. The government site already knew who i was, being the government and all, but anything else is completely disposable. I’ve even picked up a proton email because it didn’t need any verification.

  • BOLOID@pawb.social
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    It is not technologically possible to verify an internet user’s identity, there’s always a way to bypass it. Best you can do is raise the barrier to entry, which is definitely something but is not equal to it being impossible.

    Having said that, if it was possible to verify an internet user’s identity, it would be necessary to make it illegal. Age verification being possible at all would be a disaster, we would need to invent ways to make it impossible so the internet can continue to exist.

  • Awoos the Kinkwolf@yiffit.netOP
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Okay, wow. Thanks to everyone for responding, I appreciate it. To be honest, I wasn’t expecting it to be quite so negative about the whole thing. I don’t know why I wasn’t expecting that, considering that we are a group of people that moved from a pro-privacy platform because it wasn’t pro-privacy enough. But anyway.

    I think that… Honestly, this being commonplace is going to be inevitable. The global mindset around this is changing, and even though we may fight against it, it feels to me to be an inevitability. Maybe I’m wrong. I hope I’m wrong. But I’m not optimistic.

    I mean, I hate it and it sucks, but honestly at this point I’d probably go through with this kind of verification. Assuming I could trust the sites or third party authentication or whatever. I guess my fear of loosing access beats my desire for privacy… And besides, I already pay for stuff on Patreon, so my identity isn’t exactly secret.

    One way of doing this privately I did see people suggest (and I think was being looked at by my government?) was the following:

    • You buy a card with a code from an IRL shop (who does the age checks with a driving license or whatever), which is valid for 24 hours.
    • You make an account with an identity provider using this code (maybe they’ll also want other information as well, because of course they will).
    • With this account, you can then generate any number of random single use codes to give to adult sites to log in. They won’t be able to see any of your account details, but they can use it to verify only that you are over 18.

    (Of course, I know this isn’t exactly perfect but it’s hopefully good enough)

    Hopefully a standard like that can arise, but I assume most third party identity providers will probably just use images of IDs and photographs. At least they promise to delete them afterwards, and I (perhaps naively) trust that most of them will.

    Still, on the upside, if Telegram and Discord do go through with this and use proper third party identity services, they can hopefully allow you to share that with servers you’re in, which means they don’t have to do their own verification (which they’ll do sloppily).

    Personally, I hope Mastodon and Lemmy integrate support for these third party age verification services rather than pulling out of certain countries on principle.

    Anyway, enough devils advocate and hoping that everything will be fine and work out in the end. Downvote away!

    • Awoos the Kinkwolf@yiffit.netOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      … Yeah, I’m really scared and terrified at what the government will require. Especially when it comes to social media services like Discord and others (which it has in its sights). Hopefully nothing will come of it and the internet can go back to what it used to be…

      Fuck I’m messed up psychologically. ;_;

  • Hillock@kbin.social
    link
    fedilink
    arrow-up
    3
    arrow-down
    5
    ·
    edit-2
    1 year ago

    I am in favor of stricter age verification laws. Certain services and content shouldn’t be easily accesible to children. Fortunately a lot of the more serioues ones, like gambling sites, already have these in place. But there are a lot of things still out there that could really use stricter age verification but isn’t as important to go through the efforts of uploading an ID or linking your bank account. Examples would be: Video games with micro transactions, Social Media, Online Vendors, Dating Sites, and yes Pornographic content as well. Not all of them need to be 18+.

    I really like the propsed solution by the French Government. A double anonymity system is perfect. You have one service that verifies your age and then generates a token for you and you use that token to verify your age. The token doesn’t inlcude any personal information and if done correctly the services that generates the token also can’t link you to a specific site. That sounds perfeclty reasonable, both for the users and the companies involved.

    But I don’t think it will replace uploading your IDs all that much. Sometimes you need to proof your identiy not just age. And I have used plenty of online services that require this in the past.

    • black0ut@pawb.social
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      The double verification idea sounds good on paper, but still has some of the privacy implications uploading your ID has. For starters, you can really easily be tracked along the net for advertising purposes, and you can’t just change a TOR/VPN output node and vanish.

      Then there’s the hacking problem. How can you trust that the verification company will keep your data safe? LastPass (I believe it was called that) lost the passwords of thousands of people, and they’re supposedly a really professional and secure company that is focused on storing passwords.

      And that’s without taking into account the fact that any government or 3 letter organization can just ask this company and easily know where you’ve been.

      I would never trust any system that requires a unique ID to verify your age/existance, and I would never upload an ID, drivers license or anything similar to a company I don’t know.

      • Hillock@kbin.social
        link
        fedilink
        arrow-up
        2
        arrow-down
        3
        ·
        1 year ago

        The service providing the age verification doesn’t know the site you needed the age to be verified for. So the government or anyone else can’t just ask them because they don’t know. There also is no reason for them to store your data so hacking wouldn’t be a problem either. Obviously there is the danger of them ignoring the law/guidelines and storing a copy of your ID anyhow. But with enough oversight and control the risk should be minimized.

        The fear of hacking is also overblown. Worst case scenario they get a copy of your ID and a single picture of your face. That would suck but they can also get that by hacking a bank, the DMV, an airline, a hotel booking site. There are so many places most people have a copy of their ID already that the fear of it being stolen in a hack isn’t really a valid argument against the service. The age verification service isn’t going to increase your risk at all.

        And the entire point of the system is to create a service you can trust enough to upload your ID to. That is similiar to a bank, an airline, or a government agency.

        • black0ut@pawb.social
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          I get that I may sound a bit paranoid about this, but I still wouldn’t trust that system. How can I know for sure they aren’t keeping a track of my whereabouts?

          Every website that verifies you needs to ask the service whether you’re real or not. How can you be sure they’re not telling it who they are? How can you be sure the verification service doesn’t know who the requester is?

          Same thing goes for storing the ID. You really can’t trust when they say they delete the info they get, or that they treat it correctly. But even if they weren’t storing the IDs, it’d allow for possible physing attacks or even man in the middle attacks. Remember, all traffic on the internet can be seen by anyone in between you and the server hosting the service. If someone made a copy of that data, in 15 years time they could be able to decrypt it.

          And no, I’ve never uploaded a photo of my ID to any bank, airline or gov agency. I’ve always done this stuff in person, and if a website asks for a photo of an ID, that’s a big red flag for me.

          But my biggest concern isn’t even the security implications of it all. The internet has been working fine without those restrictions for more than 30 years. Why are they so important all of a sudden?

          If children connecting and accessing porn websites is such a big problem, why don’t we teach parents how to block them in their router? Instead of funding a company that verifies people’s age, the governments could fund the creation of a constantly updated domain blocklist for those pages, and there would be no security or privacy implications.

          • 稲荷大神の狐@yiffit.net
            link
            fedilink
            English
            arrow-up
            3
            ·
            edit-2
            1 year ago

            If children connecting and accessing porn websites is such a big problem, why don’t we teach parents how to block them in their router? Instead of funding a company that verifies people’s age, the governments could fund the creation of a constantly updated domain blocklist for those pages, and there would be no security or privacy implications.

            Don’t get me wrong, I am in full agreement with you on the fact we should trust no one online to send our ID’s in to be verified. The idea is absolutely criminal and reckless. I don’t care if it is being done through a third party that merely gives you a token to access naughty sites.

            It’s all an abuse of power and should be cut off like a cancerous tumor.

            But the problems with teaching parents to use a router means you will be limiting them down to one brand of router because every other brand has a slightly different interface. Or we introduce regulations to have a standardized interface across all routers.

            And if it is anything like the old apple airport routers or even the Google Wifi or Google Nest routers you need a specific app installed to access their features and functionality.

            I am not sure how it is in Europe or the UK, but in the US, not many parents are not technically inclined and not willing to go digging deeper into their router settings or look up ways to use the router to full effect to better shield their own kids from things like pornography.

            All that most people know is that router goes burrr and that is it.

            They look towards more technically inclined people to help them fix their computers, setup Plex, and maybe setup domain Blocklist if they have been informed about it.

            Most people do not want a class teaching them how to use a router to shield their kids from things like pornography. They want the simple and easy solution like a Token system since it takes all the work of protecting their kids off their shoulders.

            It makes governments like the US happy because many parents are lazy, they do not want to really raise their kid, so politicians will introduce laws like this because “it is to protect the children!”

            A dog whistle I am all to sick of hearing…

            • black0ut@pawb.social
              link
              fedilink
              English
              arrow-up
              2
              ·
              edit-2
              1 year ago

              Sadly, I agree with you. Most parents don’t know how to configure routers or networks.

              It’s sad to see, because that was the strategy of big internet corporations. Dumb down the complicated process of using the internet, create proprietary solutions that “just work” and teach people that they don’t need to know what they’re doing anymore, that experts will take care of it.

              And while it was great and brought the mass adoption of the internet, it also created a generation that uses everything while knowing very little. It’s not only routers or network stuff. I’ve met people who use Windows daily and didn’t know how to install an app or even use the file explorer (they just dropped everything on their desktop). Some people don’t even know the difference between the internet and Google.

              But these companies and corporations should be limited. There shouldn’t be any product that, after purchasing it, you need to download an app in order to use. There shouldn’t be any router that purposefully slightly changes GUIs so people are stuck with that brand. Governments should start doing something about it, but most people in power don’t understand technology either.

              And by the way the internet is evolving, privacy will soon be almost impossible to have. You need to give X corporation your data in order to create a user account on your computer, you need to upload your ID to every webaite who asks, you need to have your phone tapped in order to use your washing machine…

              I know it’s a very pessimistic point of view, it’s just a little rambling on my thoughts on the web. But it really feels like the web is devolving lately, specially with Google’s DRM, Manifest V3, Microsoft’s ads in Windows or Apple’s walled garden.

              I don’t want to give up my privacy everytime I connect to the internet, and for now I’ve at least had the option to choose. But if governments start implementing measures like these, I can’t really choose an alternetive, it’s either no social media and limited internet or give up my info to a 3rd party.

              I’ve already accepted that I’ll have to trust some government agency or third party company in order to verify I’m a human or that I’m 18+. But it feels like I’m losing something, not like I’ve contributed to the security of the net.

          • Hillock@kbin.social
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            There is no technological solution proposed yet so I can only speculate. But there are ways to make sure no personal information is exchanged.

            The token doesn’t need to be unique to you. You simply have a global token for each age bracket that changes every 15 minutes or so. Unless you are the only person to use that token they will have a hard time tracking you.

            And there isn’t even the need to send a request to the service. You make the verification self-contained with the site you are signing up to. Kinda how some authenticatiors work. They still work even if you are offline. You just gain the code to the authenticator after verifying your age.

            Then organizations that concern themselves with privacy can monitor the system to see if any unnecessary communication is made. You probably could even track it yourself.

            Saying we where fine for the past 30 years isn’t a good argument. The situation changed, children have more and more access to the internet. Pushing the responsibility on the parents won’t work. Especially not blocking sites in your router. We already see it with piracy related sites that blocking access to them is a lost battle.

            And this doesn’t just concern pornographic sites. It can be implemented in a side range of use. It can be used to limit access to social media sites. It can be used to prevent minors to sign up for dating sites. It’s not too long ago an article came out that certain dating sites are frequently used to groom minors. It can restrict features in certain video games, like the online shop.

            So many things have changed in the internet over the past 30 years. People used to store passwords in clear text. Financial institutions had no oversight at all. Gambling was available to minors. Issues have been resolved as they become more pressing. And a better age verification system for online services is something that will barely inconvenience most adults but protect a bunch of kids. So in my opinion it would be worthwhile.

            Yes it’s not fool proof, yes people will find ways around it, yes sketchy sites will just operate in countries that don’t care. But just because a law and system isn’t perfect doesn’t mean it’s useless.

            • black0ut@pawb.social
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              I’m not really knowledgeable about verification tokens or verificayion algorythms. I don’t know if what you say is possible and secure, as everyone can just copy the “35 years old” token and send it instead of their “14 y o”. But I may be really wrong on this one or missing an important thing.

              I’m sure we can figure something out, and I’m sure a secure and private algorythm can exist. But who controls and makes it? Wouldn’t corporations be incentivized to collect data on their users? They can even anonymize it and sell it. It would technically still be private, because it doesn’t have your name on it. But big enough corporations can still assign that information to you. They know that much about you.

              I know it’s pessimistic, and I totally understand and even agree with you in that blocking domains isn’t really a good solution. It could work with less technically inclined children, but there will always be a way to circumvent it.

              And I also agree that laws and regulations can’t be perfect. There will always be a downside to everything. In this case I’d prefer if they didn’t implement the regulation, but who am I to complain. I just wish there were a better alternative for everyone.

    • OmegaMouse@feddit.uk
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      1 year ago

      That double verification system sounds like a very good solution to this problem!