Pornhub and two other adult sites are suing the European Union over a landmark digital content law, the Digital Services Act, which imposes age verification and other obligations on large platforms. The European Commission last year named Pornhub, Xvideos and Stripchat as a category of “very large online platform” under the act, which includes obligations such as age verification measures for minors and creating a library of adverts published on their sites. Companies that fall foul of the law can be fined up to six percent of their global turnover. This lawsuit follows similar legal challenges by online retailers Amazon and Zalando.

  • @[email protected]
    link
    fedilink
    English
    910 months ago

    You can use the German ID card as a way to authenticate yourself via Internet (by using an open source app), including age. Shouldn’t it be possible to provide a limited interface that e.g. only signals if the person is above a certain age? You already have to enter a PIN in the app so it could also easily show which information is asked/transmitted.

    • circuitfarmer
      link
      English
      1710 months ago

      The infrastructure to support such things are naturally anti-privacy. Ultimately it requires someone to simply ignore other info that would otherwise be accessible. There could be a unique governing body for that part which is chartered for only sharing appropriate info, but even then, it’s an ask for people to trust that body and that it wouldn’t leak.

      • @[email protected]
        link
        fedilink
        English
        610 months ago

        Ultimately it requires someone to simply ignore other info that would otherwise be accessible.

        Nah. The ID card says “here, have a proof that I’m an ID card issued by <state>, and I assert that the bearer is 18+”. The crypto involved can be furnished such that nothing but the issuing authority and the fact “18+” gets transmitted, no name, no id number, no nothing. You can’t even match up different times you age auth with the same ID as every time the proof will look different.

        That said I’m still against that kind of auth online, but the crypto is not the issue. Unlike voting it’s actually solvable.

        • circuitfarmer
          link
          English
          39 months ago

          The crypto involved can be furnished such that nothing but the issuing authority and the fact “18+” gets transmitted, no name, no id number, no nothing.

          This is a best-case-scenario implementation. I just think it is extremely likely that any approach actually implemented would not have the privacy of the user in mind.

    • Redjard
      link
      fedilink
      English
      510 months ago

      In essence, if that where possible someone could build an api and donate his ID into it that answers all the authentication requests for everyone. There needs to be a way to ensure different users use different IDs, which necessitates a bunch of tracking.

      And that in the ideal case

      • @[email protected]
        link
        fedilink
        English
        110 months ago

        A system doesn’t have to be perfect to accomplish most of its goals. I mean, mass usage could be easily caught. Smaller scale abuse would be like giving your younger friend a beer - technically against the rules but not really a huge problem.

        • Redjard
          link
          fedilink
          English
          18 months ago

          To be able to catch that, you need tracking. Some identifier to determine if you had 1000 authentications from the same source or different ones.

          • @[email protected]
            link
            fedilink
            English
            18 months ago

            Yes, correct. You have to assume that each party will be tracking everything they can, otherwise it doesn’t make sense. So the age verifier will know that you have requested many authentication in a given time.

    • @[email protected]
      link
      fedilink
      English
      410 months ago

      Yes, and it can be done in a way where the organization validating the age doesn’t know the purpose. They would still know that you requested an age validation and when, but that’s it. So the German government wouldn’t know whether it was for porn or for signing up for a youth hostel.

      I’m not saying that I agree with the restrictions, but it is possible technically.