Age verification seems inevitable, and I'd prefer it to be done at the operating system level. I trust them to both have better security and not need/keep my individual data. Just tell a website or location if I'm old enough. That's it.

@jsonbecker Yeah, verification at the OS level is really the only way to go. I could also see trusting a small number of providers like ID.me, just so we don’t exclusively give Apple and Google all the control.

@jsonbecker you need to account for the who, not the what - age verification is about verifying the age of the person on the site, not the machines admin - AND ideally not just online.

@JohnPhilpin I am comfortable with it working like a passkey. If you have biometric-style verification of an identity that’s as good as it gets on the internet. Sending someone my passport when I register my account doesn’t stop a minor from using my password. It’s about balance, always.

@jsonbecker oh yes - agreed - sending credentials is wrong and lazy. The worry is this idea of 100% ‘absolutism’ that is being assumed for internet verification that we don’t even pretend to have in real life. I would also like to see insistence on corporate identity - not oft talked about - but ID should go both ways - it can’t just be dear person please identify yourself to we the mighty corporation - I should be able to ask the caller to prove that they do indeed officially represent the company that they say they are from.

</stands_down_from_soapbox>

</end>