126
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 01 May 2026
126 points (98.5% liked)
Canada
11931 readers
412 users here now
What's going on Canada?
Related Communities
🍁 Meta
🗺️ Provinces / Territories
- Alberta
- British Columbia
- Manitoba
- New Brunswick
- Newfoundland and Labrador
- Northwest Territories
- Nova Scotia
- Nunavut
- Ontario
- Prince Edward Island
- Quebec
- Saskatchewan
- Yukon
🏙️ Cities / Local Communities
- Anmore (BC)
- Burnaby (BC)
- Calgary (AB)
- Comox Valley (BC)
- Edmonton (AB)
- East Gwillimbury (ON)
- Greater Sudbury (ON)
- Guelph (ON)
- Halifax (NS)
- Hamilton (ON)
- Kingston (ON)
- Kootenays (BC)
- London (ON)
- Mississauga (ON)
- Montreal (QC)
- Nanaimo (BC)
- Niagara Falls (ON)
- Niagara-on-the-Lake (ON)
- Oceanside (BC)
- Ottawa (ON)
- Port Alberni (BC)
- Regina (SK)
- Sarnia (ON)
- Saskatoon (SK)
- Squamish (BC)
- Thunder Bay (ON)
- Toronto (ON)
- Vancouver (BC)
- Vancouver Island (BC)
- Victoria (BC)
- Waterloo (ON)
- Whistler (BC)
- Windsor (ON)
- Winnipeg (MB)
Sorted alphabetically by city name.
🏒 Sports
Baseball
Basketball
Curling
Hockey
- Main: c/Hockey
- Calgary Flames
- Edmonton Oilers
- Montréal Canadiens
- Ottawa Senators
- Toronto Maple Leafs
- Vancouver Canucks
- Winnipeg Jets
Soccer
- Main: /c/CanadaSoccer
- Toronto FC
💻 Schools / Universities
- BC | UBC (U of British Columbia)
- BC | SFU (Simon Fraser U)
- BC | VIU (Vancouver Island U)
- BC | TWU (Trinity Western U)
- ON | UofT (U of Toronto)
- ON | UWO (U of Western Ontario)
- ON | UWaterloo (U of Waterloo)
- ON | UofG (U of Guelph)
- ON | OTU (Ontario Tech U)
- QC | McGill (McGill U)
Sorted by province, then by total full-time enrolment.
💵 Finance, Shopping, Sales
- Personal Finance Canada
- Buy Canadian
- BAPCSalesCanada
- Canadian Investor
- Canadian Skincare
- Churning Canada
- Quebec Finance
- Canada Grown Business
🗣️ Politics
- General:
- Federal Parties (alphabetical):
- By Province (alphabetical):
🍁 Social / Culture
- 2 North American 4 You (Shitposting & Memes, North America focus)
- Ask a Canadian
- Bières Québec
- Canada Francais
- Canadian Gaming
- Eh Buddy Hoser (Shitposting & Memes, Canada focus)
- EhVideos (Canadian video media)
- First Nations
- First Nations Languages
- Indigenous
- Inuit
- Logiciels libres au Québec
- Maple Music (music)
Rules
- Keep the original title when submitting an article. You can put your own commentary in the body of the post or in the comment section.
Reminder that the rules for lemmy.ca also apply here. See the sidebar on the homepage: lemmy.ca
founded 5 years ago
MODERATORS
Age verification would be fine if it was an OAuth type thing - I sign in with the government on the government's website, they report back that I have the 18+ grant. I don't know why they're going in this direction of just requiring that private companies collect a bunch of personal information to "verify" me
Is there anything to stop the government side from compiling a list of users and the sites that request verification? Because that just makes a centralized target for hacking or internal crime. There's got to be a way that allows for both verification and zero trust :/
Or just the next government comes in and targets gay/trans people based on the websites they use.
I mean...yeah...but it sounds really bad on the surface.
Crypto. Namely, certificates or smartcards.
Imagine if your driver's license were a smartcard. It'd essentially just be a cryptographic key pair that asserts that you are "you" because the card says you are and you both have the card and know the unlock PIN.
Now, that sounds like the government could easily track you, but not quite. All that really matters is that the certificate is valid. Not expired, not revoked, and there is a mutual trust in a third party (the issuer).
This doesn't require a query to the issuer. It can, and should, i.e. using OCSP or CRLs. CRLs, in particular, are a bit better here...instead of the service going back to the issuer and saying "is this certificate still good", instead, the issuer periodically publishes a list of all revoked serial numbers that get downloaded by anybody who wants them.
The important thing is, the service provider (i.e. the website) never has to ask about you by name. They know you are you, because you possess your private keys, and they trust that the issuer of your certificate (a corresponding public key, signed by the issuers private key) is thorough in verifying your identity.
I think a mutual-third-party trust model (basically, certificates) is about as good as it can get. I don't think you can verify without trust. That's not how the proverb goes. Not at all.
If age verification was an inevitability, you might be right here. I do not think we should accept age verification as an inevitability. This is a cynical attempt to 1984 us.
I really do feel that there should be an official means to verify your identity online. And it 100% should not be this shady bullshit we are being sold of uploading a video of your face and drivers license. Government-issued cryptographic identifies are about as good as you can get for something thats universally trusted (enough) to issue and validate IDs. That's...kind of their thing.
But...it needs to be reserved for when you need to do "official" stuff, like accessing your health records, banks, interacting with the government, signing forms as legally required, signing emails (at senders discretion), etc.
Needing to provide your ID to shitpost on reddit or search yandex for femboy dwarves is a bridge too far.
But it was always about identifying everyone in seeing who is jerking off to what, and so forth. You are saying we need we need to bring the Trojan Horse Behind the Walls, I am saying we don't.
That has the same issue as a lot of privacy-protecting age verification services, which is that there's never actually a moment when someone verifies that you are you.
Like, if someone sold their key and password to a few people, it would still work everywhere and there would be no obvious reason for the key to be revoked. All it takes is one poorly implemented (or malicious) website to capture everyone's keys and passwords, and then they sell them to kids.
I don't think there's a way to avoid that issue. You can either implement privacy or verifiability, but not both, and governments are going to trend towards verifiability.
This just demonstrates a common misconception of smartcards. The private keys are non exportable. They never leave the card. They can't. Leaving the card destroys them.
The PIN may be compromised, but without physically having the card, the PIN is worthless. Likewise, without the PIN, the card is worthless. You have to have both.
Now, yeah, people could sell them...but the only people who would are the very same whose identity is already practically "worthless" (in the capitalist sense) to begin with, so the market sort of solves itself there. If a person's identity were of any value, they wouldn't need to sell it.
It can be used for authentication, but it should be thought of more as a signature (but in many ways more secure and verifiable)
Can you explain how I'd use my smartcard to verify my age on a website? Does everyone need to buy a card reader for their computer?
That's the thing, you shouldn't have to.
But it could be used that way. The problem is, the types of certificates that I'm suggesting would offer no privacy at all, as they would have your real name associated with them, and they'd be issued by the government...essentially, the exact same idea as DoD "CAC" cards.
If it's the type of business that you want to supply with that info, that's one thing. But it would eventually, be compulsory, and that's not really what anybody wants.
There could be a happy medium, where you have to get validated in-person that you are 18+ by a mutually trusted agency, and get an 18+ "badge", through some sort of trusted medium.
Plenty of legitimate, innocent, reasons to be getting an 18+ badge..and technically no real reason to record a persons information, except for anti-fraud measures.
I doubt there would be much more of a black market for that than there is already existing for getting nicotine and alcohol to kids. Shady people gonna shade. And of course, parents can slip one under their (teenage) kids pillow if they think they can be responsible with it.
Either way has a dystopian end...but that doesn't dismiss the value of having an "official" digital identity for "official" purposes (for whatever is deemed "official" by the holder).
Gotcha. That was my misunderstanding then. I've seen people talk about something similar: a government issued "id" (potentially tied to your driver's license or whatever) that digitally identifies that the holder is of a certain age, but nothing more. That's what I thought you were proposing here as well.
I don't think there's anything wrong with your idea, but it also seems unnecessary, and makes it easier for businesses to track you - not harder. If the purpose isn't to obfuscate information, they can just look at a driver's license and see their birth date and that the picture matches the person using it. It also doesn't really have anything to do with the subject of the post (online age verification).
There should be no reason that any website gets access to your private key.
Seems reasonable. Lets see how our political dinosaurs fuck it up!
This is the way. There are many cryptographic ways to make this possible without sharing any personal or usage information with any party. Too bad our legislators as a group are too fucking stupid to understand any tech more complicated than two cans with a string.
Such is the problem. IME, most people in tech can't wrap their heads around PKI, I have zero faith in legislatures to do so.
Regulate algorithms, beef up moderation and dns filtering is the proper way to protect kids.