The difference is that at the strip club, you show your ID to the bouncer, who makes sure its valid and that the photo matches your face, and then forgets all about it. Online, that data is stored forever.

The principle of online ID checks is completely sound; the implementation is not.

▲

ibejoeb 7 hours ago | parent | next [-]

That's pretty much over, too. PatronScan and others collect and share data as a first-class feature, e.g., to broadly 86 people.

https://www.sacbee.com/food-drink/article231580393.html

▲

delusional 8 hours ago | parent | prev [-]

The implementation is sound. Instead of getting an ID, the bouncer gets a serial number from you, he calls his government contact who tells him you are of age. The serial number is meaningless to him.

This would be impractical in meatspace, but works perfectly fine on the internet.

▲

subscribed 4 hours ago | parent | next [-]

Instead of checking your ID, the bouncer sends you over to the shady broker, who takes a video of your face, photograph of your ID, checks you in the various databases (who knows, maybe you've been a bad boy previously), and only then gives you the permission slip to enter the club.

The data stays with them[1].

I think you grossly underplay the current practices.

[1] there's no hard, irrefutable proof companies like Persona (intimately connected with known law abusers, ie US government) keep their promises or obey the law.

▲

debugnik 6 hours ago | parent | prev | next [-]

Where in your metaphor are the club next door using Persona instead of that implementation, and the EU's reference implementation requiring a Google Play integrity check to acquire a serial number in the first place?

▲

fluoridation 7 hours ago | parent | prev | next [-]

You're proposing that every porn site on the planet pings a user's government's API to see if they're adult or not? In other words, that any random site is able to contact hundreds of APIs.

	▲	9dev 7 hours ago \| parent [-]
		Absolutely, yes. They don’t ping to see that you are of age, but that the random challenge generated by your ID checks out.

▲

Gracana 7 hours ago | parent | prev [-]

Where is it implemented that way?

▲

delusional 7 hours ago | parent [-]

In the proposal from the European Union, and in the implementation in Denmark.

▲

Gracana 7 hours ago | parent [-]

Huh, interesting. Do you know if the government sees the identity of the company and the person being verified?

[edit] I did a little reading and it sounds like the company does not query the government with your ID. You get the cryptographic ID from the government, and present it to a company who is able to verify its validity directly. My source is mostly this: https://www.eff.org/deeplinks/2025/04/age-verification-europ...

	▲	delusional 4 hours ago \| parent [-]
		If you're technically inclined I suggest you look at the Technical documentation for the implementation we're rolling out in denmark (It's in english): https://digst.dk/media/5gybwsaq/implementing-age-verificatio...