I am so surprised by the comments on this thread. I was not expecting to see so many people on Hacker News in favor of this. As is typically the case with things like this, the reasoning stems from agreeing with the goal of age verification, with little regard to whether age verification could ever actually work. It reminds me in some sense to the situation with encryption where politicians want encryption that blocks "the bad guys" while still allowing "the good guys" to sneak in if necessary. Sure, that sounds cool, it's not possible though. I suppose DRM is a better analogue here, an increasingly convoluted system that slowly takes over your entire machine just so it can pretend that you can't view video while you're viewing it.

To be clear, tackling the issue of child access to the internet is a valuable goal. Unfortunately, "well what if there was a magic amulet that held the truth of the user's age and we could talk to it" is not a worthwhile path to explore. Just off the top of my head:

1. In an age of data leaks, identity theft, and phishing, we are training users to constantly present their ID, and critically for things as low stakes as facebook. It would be one thing if we were training people to show their ID JUST for filing taxes online or something (still not great, but at least conveys the sensitivity of the information they are releasing), but no, we are saying that the "correct future" is handing this information out for Farmville (and we can expect its requirement to expand over time of course). It doesn't matter if it happens at the OS level or the web page level -- they are identical as far as phishing is concerned. You spoof the UI that the OS would bring up to scan your face or ID or whatever, and everyone is trained to just grant the information, just like we're all used to just hitting "OK" and don't bother reading dialogs anymore.

2. This is a mess for the ~1 billion people on earth that don't have a government ID. This is a huge setback to populations we should be trying to get online. Now all of a sudden your usage of the internet is dependent on your country having an advanced enough system of government ID? Seems like a great way for tech companies to gain leverage over smaller third world companies by controlling their access to the internet to implementing support for their government documents. Also seems like a great way to lock open source out of serious operating system development if it now requires relationships with all the countries in the world. If you think this is "just" a problem of getting IDs into everyone's hands, remember that it a common practice to take foreign worker's passports and IDs away from them in order to hold them effectively hostage. The internet was previously a powerful outlet for working around this, and would now instead assist this practice.

3. Short of implementing HDCP-style hardware attestation (which more or less locks in the current players indefinitely), this will be trivially circumvented by the parties you're attempting to help, much like DRM was.

Again, the issues that these systems are attempting to address are valid, I am not saying otherwise. These issues are also hard. The temptation to just have an oracle gate-checker is tempting, I know. But we've seen time and again that this just (at best) creates a lot of work and doesn't actually solve the problem. Look no further than cookie banners -- nothing has changed from a data collection perspective, it's just created a "cookie banner expert" industry and possibly made users more indifferent to data collection as a knee-jerk reaction to the UX decay banners have created on the internet as a whole. Let's not 10 years from now laugh about how any sufficiently motivated teenager can scan their parent's phone while they're asleep, or pay some deadbeat 18 year-old to use their ID, and bypass any verification system, while simulateneously furthering the stranglehold large corporations have over the internet.

▲

Noaidi 7 hours ago | parent [-]

Whatever happened to all the innovation the tech world was capable of? This is 100% a solvable problem. It only needs the will and good law.

1) Person signs up with discord with fake name and fake email.

2) Discord asks (state system) for an age validation.

3) In pop up window, state validates the persons age with ID matching with face recognition.

3) State system sends token to discord with yes or no with zero data retention in the state records.

4) Discord takes action on the account.

What is so hard about this?

▲

tolmasky 7 hours ago | parent [-]

I want to sincerely ask whether you read my post, because your response is so unrelated I believe you might accidentally be responding to another post? If so, please ignore the rest, which is only intended in the case where you are actually responding to what I wrote.

Your system seems to address none of the issues I listed. For example, I argue that one difficulty is in the fact that these systems would be highly phishable -- a property that is present in your described "easy" solution. Your system trains users to become accustomed to being pestered by pop up windows that ask to see their ID and use their camera. Congrats, I can now trivially make a pop up a window that looks like this UI and use it to steal your info, as the user will just respond on auto-drive, as we have repeatedly shown both in user studies and in our own lived experiences. I also explained how a system like this would assist in the practice of trapping migrant workers by confiscating their government credentials [1]. This is a huge problem today in Asia, and one of the few outlets captive workers can use to escape this control is the internet -- a "loophole" your system would dutifully close for these corporations.

I am happy to have a discussion about this -- it's how we come up with new solutions! But that requires reading and responding to the concerns I brought up, not assuming that my issue is that I can't imagine implementing a glorified OAuth login flow.

1. There's tons of articles about this, here is one of the first ones that comes up on Google: https://www.amnesty.org/en/latest/news/2025/05/saudi-arabia-...

▲

Noaidi 4 hours ago | parent [-]

> these systems would be highly phishable

Well this is true of all of the internet, yes?

https://bankingjournal.aba.com/2025/08/report-financial-inst...

https://www.cyberdefensemagazine.com/the-rise-in-phishing-sc...

Your example about migrant workers is not an internet problem, it is a government problem. And a capitalism problem. I mean migrant workers? Why do these workers need to migrate? Usually because the U.S. has probably decimated their country.

But never mind, I agree that this is an unsolvable problem, not from lack of capability, but because we are ruled by sociopaths and most humans have been hacked by their addiction pathways. And I do not care about Saudi Arabia or Asia because I do not live there. And I do not care if they block all of the internet. We do not need it for anything, even less so for organizing.

Maybe we should just leave the internet, which is only a capitalist and government collusion to make people spend money. All the internet did was concentrate power to a few oligarchs. For everything good that the internet has provided I can show you ten things that are not only bad, but 1000 times worse, like monkey torture video sharing.

If I had kids today they would not even use the internet until they were out of my care. I only have six accounts on the internet. Including HN. I do not view porn, gamble, have any social media, and in fact I am trying to became un-homeless so I can go back to a flip phone.

IMHO, the answer is not a fee internet, the answer is leaving the internet. But it seems you made and make a nice living at all of this so I see what a sacrifice that would be for you. You are probably part of the reason I am homeless today, with the separation for wealth and all that. I see that you dnated to a bunch of neoliberal types and that fits. Seems you had over $17,000 to give to politicians. That is more than I survive on for a year. I mean, you do not need to do any work at all today. You could retire right now.

Sorry for the unrelated rant, but needed to get that off my chest for myself. Just tired of wealthy people trying to perfect a horrible system and technology that keeps making them money. You pretend like you care about the poor, like the migrant worker, but that is just laughable. If you did you would be against capitalism. You would give up all you own and follow Christ or Buddha or whatever. I mean you got $20 million and what did you do? You started making addictive games. And then you donate to these neoliberals who are no different than the neoconservatives.

Love, a old homeless guy who left Cisco in 1999 because he saw where all of this was going and who is currently sitting in a hotel he cannot afford because the 2002 minivan he lives in just lost its water pump.

	▲	tolmasky 2 hours ago \| parent [-]
		If you need help (monetary or otherwise), please email me at tolmasky \|at\| gmail \|dot\| com. This is a sincere offer. I can't tell how much is hyperbole in your post, but if you're going through that and I can help, I'd be happy to. > I mean you got $20 million and what did you do? You started making addictive games. I refrained from responding to the rest since it seems that there is a deeper issue, but I could not help setting the record straight here. I think everyone who has ever played Bonsai Slice will firmly attest to it being the opposite of addicting. My parents never let me own a game console so I never really wrapped my head around games, and made exactly the kind of game someone like that would come up with: a deep tech exploration, to hopefully make progress on two problems that were plaguing me at the time: 1) how little mobile UI had seemed to progress (instead getting stuck in one-tap local maxima), and 2) building an app that is generally considered to be the worst candidate for a pure immutable language... in a pure immutable language in order to serve as a forcing function to surface new ideas in the space. I've always believed that if you wanted to make a general purpose programming language, you should probably try to have as much varied experience as possible, or otherwise you'll end up with a domain-specific language that is misused for every other domain (this is how I would describe most programming languages. In fact, I'd say most programming languages are written for the niche use case of writing a compiler, since they are written by compiler writers. Ironic that that is the last thing most get used for.). As such, I made a decision to start actually writing a wide variety of apps.