kuriko

Age Verifications: where do you draw the line?

choose all that applies

boosts appreciated 

against with the idea in principle (no other options applies)
34.8%
a self-certifying checkbox is okay
47.9%
offline verification of ID document is okay (via reading chip or OCR)
7.2%
Credit card verification is okay (if you have one you are >18)
5.9%
Mobile operator verification is okay (if you have a contract you are >18)
2.7%
First party online verification is okay (upload ID or photo to the website you are using)
0.4%
Third party online verification is okay (upload ID or photo to another website)
0.2%
other (write in)
1%
Poll ended at .
Mar 25 at 12:40pmWeb
Show threadkurikoMar 25

Thanks to iOS 26.4 for sponsoring this vote. /s

In this new update, users with UK Apple Accounts are asked to verify their age via a credit card, or an ID scan. (there seems to be an Account age check too — if the Apple Account is old enough then no additional steps are required.)

I don’t know what Apple’s ID verification implementation looks like, and I hope it is either in-house (no third party) or offline (some vision model validates the ID locally, then send a “yeah” bit back to Apple), but this Age Verification flow seems to be designed to be low friction, compared to other flows that require a selfie video to a third party website.

BUT.
BUT.
BUT.

More people would go along with the low friction flow, because, well, it’s easier, it’s faster, there’s fewer unknown shady companies involved. I used to draw the line there — I used to think giving out credit card info or mobile phone number for age verification is fine (since the information is already out there).

Then, a friend who upgraded to iOS 26.4 but have not verified her age could no longer access some websites because the Web Content Filter (and Messages Communications Safety) are automatically turned on until age verification is completed.

 )

mate, if you can’t do what you want on a device unless some server somewhere has to have the “correct” boolean, you don’t own that device.

(this leaves an interesting question, is this a device-level restriction or an account-level restriction? will an iPhone that does not have an Apple Account associated be subject to this limitation?)

Show threadkurikoMar 25

I am still using a US Apple Account so I am not subjected to this just yet; but this is reminding me of the whole CSAM local photo scanning thing again.

keep government out of operating systems

keep government out of operating systems

keep government out of operating systems

Show threadagatha  Mar 25
@kuriko just to add, Brazilian accounts also have to do this, for the same dumb reason
Show thread[Yaseenist] CauseOfBSODMar 25
@kuriko from what i hear their implementation looks like a fucking mess that was rushed out broken
Show threadvavakado Mar 25
@kuriko yay kurikopoll
Show threadErin 💽✨Mar 25

@kuriko I said self-certification only but it really depends upon what you’re doing it for

fwiw the card networks are moving towards offering age verification for debit cards (your bank knows how old you are), which is an interesting development

Show threadchinmay 🐋Mar 25
@kuriko enter the DOB at setup time, only ever answer queries instead of telling apps the actual age (is the user 13/16/18 yet), if it's a child then don't allow factory reset until you get approval from an adult's device
Show threadAlice Mar 25
@kuriko for payment stuff I'm gonna begrudgingly accept the more invasive methods because all of those would still be less bad than what they have right now

everywhere else - local checkbox/text field at most

in an ideal world I'd be against this altogether, but I am sympathetic to the fact that some people live in places with laws like this and can't risk fines, so a checkbox/field is fine. Anything more than that is a no
Show threadTyler K. NothingMar 25
@kuriko They will kick and scream and fuss endlessly about “THE CHILDREN” until they are blue in the face, sowing fear of an unproven threat assaulting unproven countless victims, but all they want is everything that makes us individuals and spin gold from our data. There are certainly victims, but the fault does not lie on the shoulders of operating systems but those of social networks and the American tradition of ignoring it until it gets too big at which point it just “bombs” it. Right now, they’re threatening to bomb OS producers to atone for the sins of the tech bros. Disgusting.
Show threadLight The Unicorn!Mar 25
@kuriko Completely against any of the current proposals. Where currently in place, anything other than credit card or account age verification is the line, I will not be providing any ID documents or face scans to any general online service regardless of the limits imposed.
Show threadCrazazy @ homeMar 25
@kuriko if your government has a digital ID of all their citizens they could be able to certify you are of age in an anonymous way. (If they can hold all that private data inside of their government pants, that is. Which is a big "if")
Show threadMelroy van den Berg5d ago
@crazazy @kuriko yes uh no. That is not if but when such a centralized system got hacked.
Show threadYsegrimMar 25

@kuriko Depends a lot what for I need to do the age verification, and what they need from me anyways – and what information they store.

Online shop getting the information that I'm 18 from my Credit Card company? Fine. Some random social media site getting my full credit card information incl birth date, RL name, etc? Nope.

Convention checking my ID card at on-site registration to make sure they are not bringing a minor into trouble? Fine. Some random phone app asking for a scan of my ID card? Nope.

DHL delivery person checking that they're not handing out my adult toy delivery to a minor? Fine. Me having to do a video call with someone in the US otherwise I can't open a support ticket after updating my phone OS? Nope.

Show threadlunya :neocat_flag_plural::neobot_floof_devil:Mar 25
@kuriko checkbox is the limit. but even a checkbox is just an annoyance.

age verification is at its vest an annoyance and at its worst mass surveillance
Show threadMelroy van den Berg5d ago
@sleepybisexual @kuriko don't get me started on cookie banners!!!
Show threadClariSys   Mar 25
@kuriko A self-certified checkbox is okay, but it should only be used where absolutely neccessary
Show threadMelroy van den BergMar 25

@kuriko the idea is already too much. Trust me if we agree with a checkbox. The next step will become creating a photo of your face.

Then the next step after that, will be uploading your ID. Etc. Etc.

Show threadLukyanMar 25

@kuriko For computers, the person getting the device or registering an account is adult, with no verification to be done. They might setup limitations for themselves or other users. (I think this was the usual before the current changes in some platforms.) The problem of children as property of parents is unrelated and not solvable via technical methods.

I want content warnings, but I don't feel a self-certifying checkbox is that, so I'm not selecting this here.

Generally, if we want identify verification, then we need methods that a random person can verify as private (something like paper-based voting), this is not doable with computers unless trusting the user declaring that they are who they think they are.

If politicians want to protect children, they can enforce existing laws. Maybe there would be no real problem solved by age verification if billionaires and their businesses weren't allowed to commit crimes.

Show threadMaria “indigoviolet” IvyMar 25
@kuriko Self certifying checkbox because there are actually some places on the internet minors should not go
Show threadQueenMar 25
@kuriko If Age Verification has to exist, these are the only forms I will tolerate:
-Self-Certifying Checkbox
-Offline Verification of ID Documents
-Credit Card Verification (should be expanded to Debit Cards as well, Banks know your age)
-Device-Based Verification (i.e. apps and sites only know a user's general age category)
-Zero-Knowledge Verification

Again, I'm not saying these are good, rather they are the least bad. Online scans of ID documents (Government ID, Passport, etc.) are a privacy and security nightmare.
Show threadvalkyrie_pilotMar 25
@kuriko I think the self-certifying checkbox is OK, if there's some way for a parent to prevent people from ticking that checkbox.
Show threadRaymondMar 26

@kuriko Most of those options are data collection systems, and thus should be disliked especially due to leaks. If anything, it could be done at a store or point of sale by requiring an adult to buy the phone (and enabling protected mode if it's for someone young).

Doesn't protect against having an adult authenticate, then passing it to a child, because those verification things look generic at first glance.

The one I might like is the one in Leisure Suit Larry, if it weren't for it relying on now-stale trivia.

Show threadDamage control koboldMar 26

@kuriko

I'm fine with credit card verification in the form of a one time fee, only for things where keeping children out is a service to the other users.