Optional
I have never understood why people have ever thought or said that bluesky is better than reddit, or decentralized, or somehow not going to be abused as the company takes a very large amount of VC funds.
zoeyPretty sure this is about the new EU legislation afftecting anything from porn sites, through nexusmods, and apparently even shit like bsky.
Not EU, UK. The EU, for now, does not require age verification. They are currently working on a system where your age can be verified using a secure token where Bsky would not get any more info than โthis person is over 18โ, at which point, they will most likely mandate its use.
๐ฐ ๐ ๐ฑ ๐ฆ ๐ณ ๐ฆ ๐ฐ ๐ฎ And how would one obtain such a token?
Your ID and associated government software.
The government will know who you are, but not what you are requesting the token for. The site will know what the token is for, but will not know who is presenting it.
Imagine it like buying an old fashioned paper bus ticket, in places where tickets are anonymous and interchangeable. The ticket vending machine will get your card info, but will not know what youโll do with the ticket. Maybe youโll board a bus, maybe youโll trade it to a vagrant for a blowie. The ticket machine wonโt judge or connect the blowie to your payment info.
Then the vagrant or the bus driver will not get your card payment info either, theyโll only get the ticket, which you could have gotten anywhere, including by blowing someone for it. The bus ticket is the token, it only confirms payment, not identity.
The government will know who you are, but not what you are requesting the token for.
Unfortunately, things donโt work like that. There is a nearly infinite number of ways for the identity provider to figure that out.
The site will know what the token is for, but will not know who is presenting it.
Same as above.
Wherever you go, whatever you do, there are many entities already tracking you that know precisely who you are and what you are doing. All such legislation would do is add governments to the list. There is no safe or anonymous version version of an identity provider.
There are a nearly infinite number of ways for the identity provider to figure that out.
Name one.
Learn.
ValionWhat is there to stop the government from later issuing a request to the service owner/operator, by court order, for a list of those verified and the tokens used to verify them (thus linking the accounts and their data to the individuals and their identities)?
Deleting the tokens after verification, presumably. You donโt need to save the token after verification, you set a flag on either the account or the session and discard the token.
There are, of course, always ways. If the government starts tracking at which times tokens were used, and merchants store a timestamp of purchases of age gated content, which is probably required anyway for all purchases, you could get at least some hints on who bought what by comparing first purchase of account with verification time, since itโs likely for those two to be very close together. And thatโs just off one data point.
Of course, the moment you pay with anything other than a prepaid voucher bought with cash in a place you donโt normally frequent, you can do similar things with the payment data. Or, if you pay with card, your info is right there.
That said, a government going that far will find any excuse to lock you up anyway, so I donโt have an issue with the method per se. However I still donโt think itโs very necessary to go this far to lock 18+ content online. If anything Iโd rather want to see something like this used for spending limits in f2p games and such.
The same thing that stops them from doing the same thing right now to the ISP.
BTW the government will not have the tokens, they will be created on your device, in an auditable way, using OSS.