577
Hackers Expose The Massive Surveillance Stack Hiding Inside Your “Age Verification” Check
(www.techdirt.com)
this post was submitted on 13 Mar 2026
577 points (99.8% liked)
Technology
82581 readers
3574 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This is ridiculous and clearly shows both nefarious intent and complete disregard for the GDPR and it's core principle of data minimisation. There must be a simpler solution to this - maybe through attestation from a trusted third party who has already (legitimately) verified the user's identity - like a bank. Imagine a user creating and providing a token that allows a one-time request through the open banking standards to receive an attestation on whether or not the user is over 18 - without disclosing the users actual dob or any other personal information except who and how the attestation was made. Not sure if it would even be necessary for companies to store precisely when the attestation was made if the banks themselves record the event.
I have posted this a few times before.
Somehow everyone has forgotten about parental controls that have been apart of consumer grade home routers for years.
Parental controls are there specifically to help parents. These settings allow a parent to block everything online only allowing access to "approved lists" of websites, generaly done through a "whitelist" of approved websites.
What is missing at a government level is a "curation effort" of websites, similar to Libraries that classify books by genres and appropriate age levels.
I would propose a government fund where Librarians or similar organizations can start this effort, and make these lists easily accessible within routers for non tech individuals, together with local initiatives and programs for parents that have a interest to learn more.
For power users, lists like these already exists curated by public individuals very similar to pihole block lists and whitelists.
This concept would be the most privacy respectful IMO giving parents the most power to parent, while respecting everyone else's privacy online including children.
But we all know this is not about "protecting the children", but really about mass surveillance for the public at all age groups, and yet this topic keeps coming up.
Yeah, steam determines that someone is an adult if they have a credit card on their account. This seems like a simple and effective method. Although I do still sometimes have an 'Are you over 18?' query, maybe that's from individual games.
good example that works well on a data minimisation basis when they the need is for some indication of age appropriated trust. There are limits to it though. - to actually satisfy age-gates/verification they would also need to tie your identity to the ownership of the card, and ensure the card isn't some kind of under 18 prepaid affair.
Prepaid cards have numbers that identify them.
If we imposed rules that only adults can use regular cards and kids can use the equivalent of a child card, which is available at all major card issuers, this entire problem could be solved by the banks that already use KYC for basically the same reason.
But that wouldnt get us closer to palantirs one world government so it isnt an option
Which, btw, makes perfect sense. As a shop that takes credit cards, I would want to know if someone has signed up for a subscription service with a prepaid card, since the card may run out, prematurely cancelling the service.
There's a big database at the backend of the credit card processor that keeps track of all this stuff. The shop can tell a lot about you based on your card number.
Government could generate anonymous time-limited access tokens for specific scopes like age, citizenship, etc.