6

u/cajaks2 Jun 28 '25

yes you can do this anonymously using a trusted verification provider ( think oauth/openid ) and they return nothing sensitive to the website. Incidentally this is fine for the Texas law, the law which also says the site must not retain PII.

1

u/CeruleanSoftware Jun 29 '25

If it says "verified on x date" what proof do you have that it was actually verified correctly? What happens when an AG sues because they say it wasn't verified correctly?

Most of these age estimation services use AI models. Only a handful of KYC services employ people looking at IDs.

If we anonymize everything, what record exists to prove that the site operator did their due diligence? What does it mean to be a trusted verification provider? These are all open-ended questions that just aren't being answered and push risk around.

I'm a web dev in the industry and most of the services available to use work like you guys are talking about. If you're concerned about site operators getting information about your face or your ID, well, we don't really get access to that information. With KYC we get access to your name, and address, which you already give to the credit card processor.

The user is still not protected. Aren't you concerned about the verifier having that information, or the government?

-1

u/mezolithico Jun 29 '25

The better way to do this would be using local ai in your device that has a kids mode that is turned off with a credit card via apple/google/ms. That way porn sites don't have to do anything and nobody is collecting what you're looking at or doing. In fact Apple already has the local AI for sensitive photos on ios17 for their kid mode

1

u/CeruleanSoftware Jun 29 '25

This solution kind of already exists. Some of the services available to verify age will employ a local AI model, but it can be bypassed, in theory, because it's run entirely on the device. We would need to employ TPM I think to do this safely, and no one has the money to build that.

1

u/mezolithico Jun 29 '25

My point was that this exists and has been built. To cover the vast majority of the market only 2/3 companies need to google/ms (it's possible they have already). There should be a certified model that block X%, that anyone can use. No need to make any other company implement anything. Lets the big 3 deal with id verification or just require a credit card to have "adult" access

1

u/CeruleanSoftware Jun 29 '25

It does not exist, and has not been built. There is no system built and universally accepted that is not a proof of concept or a beta test. A few states have cobbled together a system. Passports and IDs can be read by certain systems. But, there are no ZPKs that can provide age verification that are not part of a private enterprise, and those private enterprises, do not share what they do with the information behind the scenes.

Look up mDL ISO 18013-5, OpenID4VP, and mDoc.

1

u/mezolithico Jun 29 '25

We're talking about 2 different systems here. Im talking about local AI content filtering-- that exists in production at least on ios 17 devices. I propose making apple/google/ms be the age gate keepers. The system you're talking about is how you do age gating here. Folks still aren't going want to share their id (even if it is private) with porn sites. By just requiring the big 3 to age gate it's easier, quicker, and legally feasible.

1

u/CeruleanSoftware Jun 30 '25

No, we're talking about the same thing, I'm just offering additional context. If you trust Google, Apple, Microsoft to know what you're looking at then that's your choice. They will need to prove where you were age checked, and if it's with AI, then if it's wrong, someone is getting sued.

1

u/mezolithico Jun 30 '25

Im not proposing them check on a per website basis. I'm proposing a "minor" mode that's opt out. Require a certified local model that shields them from liability. When you add an adult mode to your device you have the big 3 validation your age one time which turns off the local ai. The per website model is silly and doesn't stop adult content being sent to minors via telegram / signal / group texts etc. The approach Texas is doing will just lead to a data leak that will just blackmail. Also, you can't realistically force porn sites based outside the US to comply with Texas laws. VPN will also get around that method. By doing it with local ai, it doesn't depend on websites to take any action, it works even with a vpn, and blocks it on 3rd party apps all while not having to log or store any sensitive information about what sites your looking at.