RSS

What's wrong with EU age verification? Nothing

Zababa2 pts0 comments

What's wrong with EU age verification? · blog.vrypan.net

blog.vrypan.net

There is a lot of chatter about online age verification. When the criticism turns to the EU's approach, it tends to be either uninformed or deliberately misleading.

Do we need online age verification?

This is partly an ideological question.

If you think age verification should not exist at all, the technical details won't matter to you. No implementation will be acceptable, because the objection is to age gates themselves, not to any particular mechanism.

I am not in that camp.

A 9-, 10-, or 14-year-old is not ready to wander the open internet without limits. This isn't just a matter of parental taste. Children and teenagers are still developing the cognitive, emotional, and social skills needed to handle manipulation, addiction loops, sexual content, gambling mechanics, grooming, harassment, algorithmic radicalization, and the rest of what adults themselves often struggle with.

Isn't it the family's job to set the limits?

Yes and no.

When children are very young, parents can set strict boundaries. But as kids move into their teens, parents also have an obligation to loosen them. Teenagers need spaces where they can act independently, make decisions, and talk to others — where they can learn to navigate the world without a parent looking over their shoulder.

The question is whether we can build online spaces where that gradual freedom is possible.

"I raised my kids to be smart and self-confident, and they would never do X."

Maybe. I hope I did too. But not all children are the same. They don't share the same temperament, support, confidence, parents, or protection. And even grounded, intelligent teenagers are vulnerable at times.

We already accept age restrictions elsewhere. Children can't drive, drink, gamble, or enter certain venues before a certain age. It is not absurd to think parts of the internet should be age-restricted too.

The hard question isn't whether age limits can ever be legitimate. It's how to enforce them without turning the internet into an identity checkpoint.

Is age verification the first step to mass online surveillance?

It can be.

Most people assume age verification means scanning an ID, uploading a passport, taking a selfie, or submitting to a face scan — which is exactly what many services already ask for.

Implemented that way, the critics are right to be alarmed.

To prove to a porn site, a gambling site, an online liquor store, or a religious forum that I'm an adult, I should not have to hand over my name, date of birth, ID number, face, address, or passport. That is a dangerous amount of information to give any private website, let alone one dealing with sensitive content.

There is another familiar pattern: sign in with a trusted third party.

A site might ask me to authenticate through my bank, my Google or Apple account, my mobile operator, or a government identity service. That avoids handing the site my documents, but it creates a different problem: now the identity provider learns which age-restricted sites I visit.

That's not much better.

In one version, the website learns who I am. In the other, the identity provider learns where I go. Both are scary.

But neither is the only way to do this.

The better primitive: a signed age attestation

A better design starts from a simple idea: prove only the thing that needs proving.

The website doesn't need my name, my date of birth, my ID number, or whether I'm 19, 37, or 74. It only needs to know whether I clear a threshold:

age >= required_age

The easiest way to picture this is a digitally signed attestation.

Take the offline version:

You go to a government office.

You show your passport or national ID.

They issue a card that says only one thing: "over 18".

The card carries official seals, signatures, and anti-forgery features.

You show that card at the entrance of an age-restricted venue.

The venue can confirm the card is genuine without learning your name, date of birth, or ID number.

The digital version is the same idea, with cryptography. An authorized issuer verifies your age once and issues a signed credential:

"claim": "age_over_18",<br>"value": true,<br>"issuer": "Trusted Age Attestation Provider",<br>"valid_until": "2027-12-31"

The issuer signs it:

signature = Sign(issuer_private_key, attestation)

A website can later verify it:

Verify(issuer_public_key, attestation, signature)

The key property: the website never has to contact the issuer. It only needs to know the attestation was signed by a trusted issuer and is still valid. And the issuer never learns where — or whether — you used it.

This is the core of the EU approach. The EU Age Verification Blueprint describes a system built on Proof of Age attestations, relying parties, attestation providers, age-verification apps, and trust lists. It is aligned with the European Digital Identity Wallet architecture and lets users prove they are over a certain age without...

verification attestation issuer online without whether

Related Articles

(no title)

Risse50 ptstitle

Is AI ruining our skills? Early results are in – and they're not good

Michelangelo1124 ptstools skills during physicians colonoscopies tool

The Anatomy of an AI-Native Org

kiyanwang22 ptstranslated managers business translation language engineering

Apertus – Open Foundation Model for Sovereign AI

T-A16 ptsopen model apertus foundation sovereign fully

Italy's Meloni says Trump 'made up' story that she 'begged' him for photo at G7

root-parent13 ptsmeloni trump italy said italian begged
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.