Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
almosthere 5 hours ago

I think this should work like OpenID connect but with just a true/false.

PS = pr0n site

AV = age verification site (conforming to age-1 spec and certified)

  PS: Send user to AV with generated token
  AV: Browser arrives with POST data from PS with generated token
  AV: AV specific flow to verify age - may capturing images/token in a database. May be instant or take days

  AV: Confirms age, provides link back to original PS
  PS: Requests AV/status response payload:

  {
    "age": 21,
    "status": "final"
  }
No other details need to be disclosed to PS.

I don't know if this is already the flow, but I suspect AV is sending name, address, etc... All stuff that isn't needed if AV is a certified vendor.

EmbarrassedHelp 5 hours ago | parent [-]

That solution still violates user privacy.

A better solution would be a simple "minor" flag that is only included on the devices of minors. No third party verification required for adults.

almosthere 2 hours ago | parent [-]

That works until minor-removing-flag proxys start popping up.