While we’re posting honest opinions that run against the consensus on this site:

In my view, freedom of speech is a natural right that no government can take away. But no such guarantee exists that you can do so anonymously.

Now before you immediately flame me to death, please read a bit further:

We already have a hodgepodge of laws in basically every jurisdiction around logging IP addresses, cooperating with law enforcement when there’s a warrant, being able to track down who is (say) organizing violence, posting csam, etc. Like it or not, the government is entitled to search and seizure if there is a warrant signed by a judge to do so, and if you run an online service where can people can post things publicly, you better damn well keep logs of who’s posting things and you better cooperate if a law enforcement officer with a warrant asks you to.

So what I propose is that we streamline all of this. At age 16 you get a digital ID that works something like a FIDO chip that can be used to prove your identity to a government authentication server. Sub in/out whatever tech you want, it can be a passkey (blech), something resembling a yubikey, etc. You get them at your local post office, where you can actually prove your identity in person. There’s post offices everywhere, and they’re already meant to serve everyone in the country.

But critically, this key isn’t used to auth to any sites except a government-run signin service. The service itself would be a modified form of OAuth/OIDC that preserves privacy from the site you’re making an account on. They don’t know who you are, they just get a signed payload from the government signin site saying “this is a user over the age of 16”, and via a pre-established relationship between the website in question and the government auth site, a UUID is minted for that legal person. It will be the same UUID for that website for the same person, so you can’t just pretend you’re multiple people when you create multiple accounts.

With this system, and using Reddit as an example site that may leverage this:

- Reddit can’t know who you actually are, they only get a UUID and a signed payload indicating you’re over 16 (or whatever other set of properties are legally salient for the account.) In the event of a breach, all you’d get is a list of Reddit-specific UUID’s. You’d have to also hack the government auth service to know who these people actually are.

- The government doesn’t know who owns your username on Reddit, they only know the list of citizens that have Reddit accounts at all.

- In the event of a crime with a warrant, the government can compel Reddit to inform them which UUID corresponds to some account. Reddit continues to not know who the account belongs to.

- Every site using this system gets a completely different UUID for the same legal person and has no ability to correlate them

- Every legal person using this system has no idea what their UUID is for any site

- Every site using this doesn’t have to worry at all about proving identity. They get working auth for every legal person in $country, streamlining signups and onboarding, and doesn’t have to worry about asking the user to prove they’re over 16.

- You still get pseudo-anonymity in that you can use an alias (as many as the site allows, too), the site can remain blissfully ignorant as to who you really are, as well as everyone who reads your posts, etc.

- The government can find out who owns an account, but only with a warrant. They don’t have a list of account/UUID mappings anywhere.

This system is probably the most closely aligned to how I would do things if I was somehow “in charge”… you have a right to pseudo-anonymity, but you don’t have a right to cover your tracks so thoroughly that the government can’t track you down with a proper warrant.

With such a system, saying “social media is for ages 16 and up” is a simple checkbox in the signup flow. Done.

You can argue all day about whether a government should be able to uncloak your accounts with a warrant, but to me that question is already settled: yes, they absolutely can do that, they do so today all the time. Except today we have messy data breaches where everyone’s identity gets leaked because every site has to reinvent their own form of proving your legal identity (in the case of Facebook/etc) or simply proving you’re a certain age (uploading ID, etc.). I’d take a centralized government-run approach to what we have today any day.

You could ask “but should government be in the business of electronic authentication and identity?” And my answer is: “YES.” It’s basically the primary function of a working government! We trust them to issue passports for chrissake. To me this is basic table stakes in the 21st century. If we did government all over again, having the government provide a service to prove online identity is basically right up there with “collects tax revenue.”

Now, in the current government up to the challenge of doing this, and not fucking it up? Yeeesh, probably not. You got me there. But one can dream…