Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
autoexec 2 hours ago

> So do extremely simple systems like selling age-verification scratchcards in grocery stores

Which stores sell age-verification scratchcards? How do you make sure they can't be traced back to the person who paid for them or where they were purchased from? How would a website know the person using the card is the same person who paid for them? It may be a simple system, but it still sounds ineffective, dangerous, and unnecessary.

triceratops 2 hours ago | parent [-]

> Which stores sell age-verification scratchcards?

Stores that sell other age-restricted products.

> How do you make sure they can't be traced back to the person who paid for them

How would they be traced? Pay cash. I've never had my ID scanned or recorded when I buy alcohol. And now I look old enough that I don't even have to show ID.

If someone can trace the store they're bought from and you're that paranoid, rotate between stores. Buy them from a third-party. Drive to another state and buy them there. So many options.

> How would a website know the person using the card is the same person who paid for them?

They don't. How does Philip Morris know the person who bought the cigarettes is the same person lighting up? It's clearly not that important when selling actual poisons so why would it matter for accessing a website? The system works well enough to keep most kids from smoking.

Rate-limit sales in a store (one per visit) and outlaw selling or transferring them to a minor (same penalties as giving alcohol or tobacco to a child). Require websites to implement one code per account policies with a code TTL of 6 months or a year, and identify and disallow account sharing. It's Good Enough verification with nearly perfect anonymity.

autoexec 2 hours ago | parent [-]

> Stores that sell other age-restricted products.

So far, I've never seen an age verification scratch card sold anywhere

> How would they be traced?

Your ID is collected at retail and its barcode scanned along with a barcode on the card, your personal data and card ID get uploaded to a server operated by the entity that created the cards and/or the state. ID barcode scan can be replaced or used alongside facial recognition, data collected (directly or passively) from your cell phone, your credit card info, etc. Even just being able to link a used card back to the time/place it was purchased could be enough to ID someone and put them at risk.

> It's clearly not important when selling actual poisons so why would it matter for social media?

The main difference is that I can't upload 1 million cigarettes to the internet for anyone of any age to anonymously download and smoke, but I could upload a spreadsheet of 1 million unredeemed scratch off codes to the internet for anyone to use. It seems highly likely that codes would get sold, shared online, generated, or leaked which means cards would be ineffective at keeping children from using them.

Why should we be okay with jumping through a bunch of hoops that don't even do what they're supposed to in the first place while costing us money and opening ourselves up to new risks in the process? I reject the premise that proving my identity to a website is necessary let alone being worth the costs/risks. Scratch cards seem likely to fail at being private or effective. Of course, "Think of the children" is really only the excuse. Surveillance and control is the real motivation and any system that doesn't meet that goal is doomed to be replaced by one that does.