←back to thread

US Supreme Court Upholds Texas Porn ID Law

(www.wired.com)
94 points mikece | 1 comments | 27 Jun 25 15:55 UTC | HN request time: 0.208s | source
Show context
ineptech ◴[27 Jun 25 16:56 UTC] No.44398335[source]
Would it not be reasonable and safe and private to implement age verification through login.gov? An Oauth implementation that knows your identity and age can produce a verifiable token that attests your age but not identity. The only way your identity would leak would be if both the porn site and the oauth retain the tokens (which they would both claim not to do else no one would use this), and the attacker gets access to both.

I know it's unlikely to happen because of America's (misguided IMO) extreme distaste for digital government ID, but it seems like the current solution (people uploading pictures of their driver's license to porn websites) is worse in every possible way.

replies(3): >>44398708 #>>44398763 #>>44399521 #
ahtihn ◴[27 Jun 25 17:37 UTC] No.44398708[source]
You need something like Verifiable Credentials to do this properly imo. You don't want something like OAuth because the login service knows which websites you're requesting the login from.
replies(2): >>44398853 #>>44398881 #
stvltvs ◴[27 Jun 25 18:01 UTC] No.44398881[source]
Whatever technical solution is implemented needs to:

1. Not inform the authentication provider about which websites you're visiting.

2. Not inform the websites about your meat space identity.

replies(2): >>44399017 #>>44399512 #
ineptech ◴[27 Jun 25 18:19 UTC] No.44399017[source]
Unless I'm missing something, what I'm describing satisfies both of these (unless one or both parties are malicious).
replies(1): >>44399443 #
1. Nevermark ◴[27 Jun 25 19:14 UTC] No.44399443[source]
> (unless one or both parties are malicious)

It should be assumed (for the purpose of evaluating if a system is actually secure) that they both are, and are working together.

Validation can be done cryptographically so that assertions (like age) can be verified by one party, and consumed by another party, without either of those parties being able to tie the combination together, even if they are actively cooperating.