New U.S laws designed to protect minors are pulling millions of adult Americans into mandatory age-verification gates to access online content, leading to backlash from users and criticism from privacy advocates that a free and open internet is at stake. Roughly half of U.S. states have enacted or are advancing laws requiring platforms — including adult content sites, online gaming services, and social media apps — to block underage users, forcing companies to screen everyone who approaches these digital gates.
And because someone will probably ask, this is my understanding of how it would work for age verification (I am not an expert):
There are 3 parties in this scenario. The Estonian state, Meta, and a 3rd party (which is currently a real 3rd party, but work is being done to allow this to be a digital wallet on your device, that you control)
The state issues your 3rd party a magic cryptographic cert that has all your personal data like dob
Meta issue an age challenge: Not “what’s your dob” but rather “Are you old enough to use this service?”
3rd party show you exactly what Meta are requesting and give you the option to approve or deny the request
If you approve, the 3rd party generate a new cert that JUST says “Yes I’m of age” and nothing else.
Because it’s been generated from the states magic cert it can be verified with their public key.
Meta don’t get more info than they need, the state can’t see that you’ve logged into Meta, but you’ve successfully proved you’re old enough to use the service.
The current weak point is that the 3rd party can absolutely see all of it, but there’s no reason the 3rd party has to be an external service. It could absolutely be an app on your device.
You still need to prove yourself to the state, but you’d have to do that to get an id card in the first place. It’s WAAAAY better than trusting all the different porn sites and social media services individually to not leak or misuse your data