As a father of three, I think a lot about online safety. Kids need protection, but current age verification mandates are creating a dangerous precedent—not because of their goal, but because of how they’re being implemented.
Texas SB1181 and similar laws in other states require age verification for adult content. The intention is sound. The execution is problematic.
*Today’s verification methods are:*
• Expensive ($0.31–$1.53 per user)
• Privacy-invasive (require uploading government IDs)
• Easily weaponized (complex compliance makes selective enforcement trivial)
Make something costly and risky enough, and you’ve created a de facto ban without ever saying the word.
*There’s a better way.*
I’ve built a demo using passkeys and banks’ existing KYC infrastructure. Banks already verify your age when you open an account. My system lets them attest “this person is 18+” without knowing where you’re going or what you’re accessing.
The site sees: “Valid attestation from trusted institution”
Nobody sees: “John Smith, age 34, visited this specific website”
*Why this matters:*
Age verification isn’t going away. If we don’t build privacy-preserving solutions now, we’ll normalize surveillance infrastructure that gets repurposed for far more than protecting kids.
We can verify age without building databases of who visits which sites. We can protect children without creating tools for censorship. We can meet legitimate safety goals without sacrificing privacy as the cost of access.
If you see flaws in this approach or have ideas to improve it, I genuinely want to hear them. This problem deserves better solutions than we’re currently deploying.
h
Bender•4mo ago
In my opinion an anonymous age verification can not involve a third party in any way. There will be leaks, either because of unforeseen design limitations or due to bad implementations.
The only true anonymous age verification would be simply adding an RTA header [1] to the server/URL and then have laws requiring common user-agents look for said header. An intern could add the check that triggers parental controls at each browser company. Not perfect, nothing is but there are no third parties involved. Tablets and phones can be locked down so that small children can not add new user-agents or change configurations. Teens can and will bypass anything. Teens stream porn and pirated movies in video games rated PG today and that will always be a thing.
For what it's worth, I think it's cool that you created something to give corporations more options. No harm in more options.
I'm not as concerned with preventing kids from accessing adult materials. Thats what parents are for. My main driver here is to offer a free counter punch to tx sb 1181.
Making adult sites verify age with expensive and leaky third parties. Bad. My proposal is free, and helps to take the sting away from being required to perform age verification.
jwally•4mo ago
Texas SB1181 and similar laws in other states require age verification for adult content. The intention is sound. The execution is problematic.
*Today’s verification methods are:*
• Expensive ($0.31–$1.53 per user)
• Privacy-invasive (require uploading government IDs)
• Easily weaponized (complex compliance makes selective enforcement trivial)
Make something costly and risky enough, and you’ve created a de facto ban without ever saying the word.
*There’s a better way.*
I’ve built a demo using passkeys and banks’ existing KYC infrastructure. Banks already verify your age when you open an account. My system lets them attest “this person is 18+” without knowing where you’re going or what you’re accessing.
*Live demo:*
https://app.hornpub.click (a mock bar & grill site)
*Video walkthrough:* https://m.youtube.com/watch?v=MmcUJ5u65Q0
The bank sees: “User needs age attestation”
The site sees: “Valid attestation from trusted institution”
Nobody sees: “John Smith, age 34, visited this specific website”
*Why this matters:*
Age verification isn’t going away. If we don’t build privacy-preserving solutions now, we’ll normalize surveillance infrastructure that gets repurposed for far more than protecting kids.
We can verify age without building databases of who visits which sites. We can protect children without creating tools for censorship. We can meet legitimate safety goals without sacrificing privacy as the cost of access.
If you see flaws in this approach or have ideas to improve it, I genuinely want to hear them. This problem deserves better solutions than we’re currently deploying. h
Bender•4mo ago
The only true anonymous age verification would be simply adding an RTA header [1] to the server/URL and then have laws requiring common user-agents look for said header. An intern could add the check that triggers parental controls at each browser company. Not perfect, nothing is but there are no third parties involved. Tablets and phones can be locked down so that small children can not add new user-agents or change configurations. Teens can and will bypass anything. Teens stream porn and pirated movies in video games rated PG today and that will always be a thing.
For what it's worth, I think it's cool that you created something to give corporations more options. No harm in more options.
[1] - https://www.rtalabel.org/index.php?content=howtofaq#single
jwally•4mo ago
Making adult sites verify age with expensive and leaky third parties. Bad. My proposal is free, and helps to take the sting away from being required to perform age verification.
And, its shovel ready now.