Sophie Zhang (张学菲)Aug 4, 2025

When I testified to the UK parliament on the #OnlineSafetyAct in 2022, I was very concerned about the possibility of gutting end-to-end encryption and directed some of my testimony in that direction. In retrospect, I should have also found room to voice my serious privacy concerns regarding age verification.

I know that many nations and governments are rolling out mobile ID technology - the UK for instance is in the process of rolling out GOV.UK Wallet, a government-run way to store secure documents such as digital driver's licenses and other credentials. I think people would feel much more comfortable with the idea of age verification if it were done automatically via a government ID app, rather than being forced to provide their identification to thousands of sites of questionable trustworthiness, most of which do not want to be checking user IDs to begin with.

Show threadSophie Zhang (张学菲)Aug 4, 2025
A different alternative could simply be requiring that devices permit parents to set them to "kid mode" or similar, and simply having relevant websites exclude devices with said settings, which would not require ID verification and privacy concerns on anyone's part.
Show threadaxbyAug 4, 2025

@szhang_ds this seems so much better than the current law.

I don’t understand why better technical solutions like this don’t seem to be considered. Like the GDPR cookie popups on every site. Shouldn’t it be easy to block cookies per domain? Firefox can do it, but it’s awkward.

My only guess is because the OS, the browser, and the site all would need to change. And it’s easily defeated by a proxy that removes the header. Maybe an iframe can even do it? Still, it seems worth a try

Show threadSophie Zhang (张学菲)

@axby I want to be clear that I'm not an expert on policy, policy compliance, GDPR, or privacy.

With that said, my personal guess is that businesses are erring on the side of caution because other methods could potentially be spoofed (which depending on specifics could invite lawsuits) and there's no legal consequence to over-warning or repeatedly requesting pop-ups. Also, if they *want* you to give cookies, it may be their hope that you might get tired and eventually click yes - either out of exhaustion or by accident.

Again, this is entirely speculation based on a topic that is not my area of expertise.

Aug 4, 2025 at 6:00amWeb