this post was submitted on 24 May 2025
692 points (96.9% liked)

Technology

70365 readers
3817 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
692
Mom sues porn sites (Including Chaturbate, Jerkmate, Superporn and Hentaicity) for noncompliance with Kansas age assurance law; Teen can no longer enjoy life after mom caught him visiting Chaturbate (www.biometricupdate.com)
submitted 3 days ago by Pro@programming.dev to c/technology@lemmy.world
252 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] ArchRecord@lemm.ee 5 points 2 days ago (1 children)

The conflict that this often boils down to is that the digital world does not emulate the real world. If you want to buy porn in the real world, you need ID, but online anything goes. I love my online anonymity just as much as everybody else, but we’ll eventually need to find some hybrid approach.

The problem is that because the internet is fundamentally different from the real world, it has its own challenges that make some of the things we do in the real world unfeasible in the digital world. showing an ID to a clerk at a store doesn't transmit your sensitive information over the internet to/through an unknown list of companies, who may or may not store it for an undetermined amount of time, but doing so on the internet essentially has to do so.

While I do think we should try and prevent kids from viewing porn at young ages, a lot of the mechanisms proposed to do so are either not possible, cause many other harms by their existence that could outweigh their benefits, or are trivially bypassed.

We already scan our faces on our phones all the time, or scan our finger on our computer. How about when you want to access a porn site you have to type in a password or do some biometric credential?

Those systems are fundamentally different, even though the interaction is the same, so implementing them in places like porn sites carries entirely different implications.

For example, (and I'm oversimplifying a bit here for time's sake) a biometric scan on your phone is just comparing the scan it takes each time with the hash (a processed version) of your original biometric scan during setup. If they match, the phone unlocks.

This verification process does nothing to verify if you're a given age, just that your face/fingerprint is the same as during setup. It also never has to transmit or store your biometrics to another company. It's always on-device.

Age verification online for something like porn is much more complex. When you're verifying a user, you have to verify:

  • The general location the user lives in (to determine which laws you must comply with, if not for the type of verification, then for the data retention and security, and access)
  • The age of the user
  • The reality of the user (e.g. a camera held up to a YouTube video shouldn't verify as if the person is the one in the video)
  • The uniqueness of the user (e.g. that this isn't someone re-licensing the same clip of their face to be replayed directly into the camera feed, allowing any number of people to verify using the same face)
  • And depending on the local regulations, the identity of the user (e.g. name, and sometimes other identifiers like address, email, phone number, SSN, etc)

This all carries immense challenges. It's fundamentally incompatible with user privacy. Any step in this process could involve processing data about someone that could allow for:

  • Blackmail/extortion
  • Data breaches that allow access to other services the person has an account on
  • Being added to spam marketing lists
  • Heavily targeted advertising based on sexual preference
  • Government registries that could be used to target opponents

This also doesn't include the fact that most of these can simply be bypassed by anyone willing to put in even a little effort. If you can buy an ID or SSN online for less than a dollar, you'll definitely be able to buy an age verification scan video, or a photo of an ID.

Plus, for those unwilling to directly bypass measures on the major sites, then if only the sites that actually fear government enforcement implement these measures, then people will simply go to the less regulated sites.

In fact, this is a well documented trend, that whenever censorship of any media happens, porn or otherwise, viewership simply moves to noncompliant services. And of course, these services can be hosting much worse content than the larger, relatively regulatory-compliant businesses, such as CSAM, gore, nonconsensual recordings, etc.

[–] venusaur@lemmy.world 1 points 2 days ago (1 children)

Do it like this: you have to go to a notary and show your ID and they don’t scan it or anything, but they then authorize you to create an account with biometric credentials. Now only you can use that account to watch porn online. Hybrid approach.

[–] ArchRecord@lemm.ee 2 points 2 days ago (1 children)

they then authorize you to create an account

Authorize you how?

That would involve someone having the ability to see which accounts where made, when, and how they were authorized, not to mention likely being able to track when they're used in the future.

with biometric credentials

What does this mean? Do you mean you verify your biometric data with the notary to prove it's you? Your ID should be enough. Do you mean where your biometric data is your password? This doesn't prove it's you. If processing is on-device like how phone lock screens work, then a simple piece of software could just extract the raw credentials and allow people to use/sell/transfer those, bypassing the biometrics. If it requires sending your biometric data to the company to log in like a traditional password flow, then all my previous issues with biometric verification online become present.

There's still a key difference between this hybrid approach and, like I mentioned previously, buying alcohol by showing your ID to a clerk at a counter, and it's that the interaction ends there. If you show ID, buy alcohol, then leave, the store doesn't do anything after that. There's no system monitoring when or how much you're drinking, or if you've offered some of that drink to someone underage, for example.

But with something like what you're proposing, the unfortunate reality is that it has to have some kind of monitoring for it to functionally work, otherwise it becomes trivially bypassed, and thus the interaction can't end when the person leaves.

Not to mention the fact that not all platforms people find porn on are actually dedicated porn sites. Many people are first exposed via social media, just like how they're exposed to much of their other information and general knowledge nowadays. If we want to age gate social media porn consumption as well, we then need to age verify everyone regardless of if they intend to view porn or not, because we can't ensure it won't end up on their feed.

There's a reason why I'm so strongly against these verification methods, and it's because they always cause a whole host of privacy and security issues, and don't even create a strong enough system to prevent unauthorized porn viewing by minors in the first place.

[–] venusaur@lemmy.world 1 points 1 day ago (1 children)

You show your ID and a notary enters their credentials to allow you to create an account with your fingerprint or FaceID.

Your ID doesn’t get saved. Your biometrics are only saved in the way that your iPhone saves them for a password.

Work with me. What’s a solution that would be acceptable for you? Get creative.

[–] ArchRecord@lemm.ee 2 points 1 day ago (1 children)

You show your ID and a notary enters their credentials to allow you to create an account

The problem then lies in how whoever (likely the government) can ensure that verified accounts are indeed verified by real people.

If any notary can create these accounts by just claiming they saw a proper ID/biometrics, then even one malicious notary could make as many "verified" accounts as they want. If they're then investigated, that would mean there'd be monitoring in place to see who they met with, which would defeat the privacy preservation method of only having them look at it.

This also doesn't solve the problem of people reselling stolen accounts, going to multiple notaries and getting each one to individually attest and make multiple accounts to give out or sell, etc.

with your fingerprint or FaceID Your ID doesn’t get saved. Your biometrics are only saved in the way that your iPhone saves them for a password.

If your biometrics are stored, then there's one of two places they could be stored and processed:

  1. On your own device (i.e. you just use your existing fingerprint lock on your phone to secure your account, say, one that's made via a passkey so as to make fingerprint verification possible)

This can just be bypassed by the user once they log in with their biometrics, since the credentials are then decrypted and they can just export them raw, or just have them stolen by anyone who accesses their device or installs malware, etc.

This doesn't solve the sale, transfer, or multiple creations of accounts.

  1. A hash of your biometrics are stored on a government server, then your device provides the resulting hash of your fingerprint scans to unlock your account to the government server when logging in.

The scanner that originally creates the hash for your fingerprint must be trusted to not transmit any other data about your fingerprint itself, and could be bypassed by modifying network requests to send fake hashes to the government server during account creation, thus allowing for infinite "verified" accounts to be created and sold.

This also doesn't prevent the stealing or transfer of accounts, since you would essentially just be using your hash as a password instead of a different string of text, and then they'd just steal your hash, not a typical password. This also would mean the government would get a log of every time someone used their account, and you could be instantly re-identified the moment you go to the airport and scan your fingerprint at a TSA checkpoint, for example, permanently tying your real identity back to any account you verify with your biometrics in the future.

The fundamental problem with these systems is that if you have to verify your identity, you must identify yourself somehow. If that requires sending your personal data to someone, it risks your privacy and security going forward. If that doesn't require sending your personal data, then the system is easily bypassed, and its existence can't be justified.

What’s a solution that would be acceptable for you?

I've said it before, and I'll continue advocating for it going forward:

  • Parental controls and simple parent-controlled monitoring software on young children's devices
  • Actual straightforward conversations between parents and kids about adult content
  • Sex ed classes.

We already know these things do the most we can reasonably do to prevent underage viewing of adult content. We don't need age verification laws, because they either harm privacy or don't even work, when much simpler, common sense solutions already solve the problem just fine.

[–] venusaur@lemmy.world 0 points 1 day ago (1 children)

I’m convinced this was written by GPT. We disagree on how good or bad porn is for society and the youth, so the rest doesn’t even matter.

[–] ArchRecord@lemm.ee 2 points 1 day ago (1 children)

I’m convinced this was written by GPT.

I'm a human being. I know my writing style can often come off weird to some people, but I can assure you I don't outsource my thinking to a word prediction program to make my points for me.

We disagree on how good or bad porn is for society and the youth, so the rest doesn’t even matter.

I haven't seen any evidence that light or moderate consumption of porn by legal adults produces significant negative consequences for them or society at large, so long as the porn doesn't involve non-consenting parties, underage individuals, etc. Thus, I don't think it's reasonable to heavily monitor and restrict access to every single individual in our society.

As for kids, research is obviously lacking since it's somewhat of a touchy subject for researchers to study, but since we know sex ed, conversations between kids & parents, and even the most basic of parental controls and monitoring can prevent the vast majority of the negative effects, and even the whole of the initial consumption while underage, then that's what I advocate for.

Until I see evidence to the contrary, that demonstrates larger harms from general consumption trends than the surveillance of the online media consumption of every single citizen, on top of the possible risks to online censorship, while other methods we already know work well still can't reduce that risk below the possible harms of a monitoring/access control system, then I'm not going to support such a system.

[–] venusaur@lemmy.world 1 points 18 hours ago

If you’re a man I would propose the notion that you only have the perspective of the part of society that is predominantly watching porn and who is predominantly sexual abusers. Your perspective is limited and it’s evident by arguments you make. For example, limiting the support for your opinions to light or moderate porn viewing and that the porn doesn’t include non-consenting individuals or underage, etc. you’re completely ignoring the problem areas the maintain your point of view. Try thinking outside your bubble just as an exercise. Don’t mean this in an offensive way. I can understand your perspective and as such the narrow-sightedness of it.