I am wondering what are some age verification alternatives that could be better a way instead of asking for ids or biometric verification? Any ideas? It is not really about the kids though but opposition needs an argument and they are quite dumb to come up with something and I am exhausted.
If I had to choose a method, it would involve an authentication site - one it would have its security validated by a trusted entity and guarantee that you will be fully compensated should they be hacked. Even better if that’s backed up by a large insurance policy.
You verify your identity with them. Then they verify information requested by other sites. The risk of hacking is minimized to that one company. They should collect your IP and information about your browser, operating system, and hardware. Then issue you a cookie stored on your browser.
Subsequently, when you use a website that needs to verify your age, they read your identification cookie and validate it with the identification company, asking if you are of majority age and providing the information they collected. The identification company gives a yes or no response. They do not give out any other information about you, preserving your privacy. As long as you are using the same computer on the same IP you don’t have to revalidate. A hacker would need access to your computer if they wanted to impersonate you.
The identifying site doesn’t need to record IP or other identifying information. It just needs to answer “yes” or “no” when queried about the current user. It could use a similar handoff mechanism to oauth.
The cost of a hack turns into getting a list of people in the region, rather than people who use a given service. Arguably, that’s less problematic.
Could easily be countered by arguments like everything gets hacked, who’ll insure it, which department’s problem will it be, or all states have their own jank, and every piece of work will want that level of access