alt Hacker NewsOk, let's assume for today that age gating is the thing to to.
Requiring ID is not entirely the right approach here I think. You're forcing people to reveal PII for limited gain, and building systems you can't knock down later.
The EU is working on a zero knowledge proof system for exactly this purpose, but it doesn't quite seem to be ready for prime time yet.
https://ageverification.dev/Technical%20Specification/annexe...
Replies
The restricting law is mostly concerned with the age gating, not the how.
You can expect another law or directive to explain how it has to be done. In the EU, GDPR does apply so you can be sure that poorly storing ID copies for this purpose will not fly.
But, I think it's clearly what ID is for and a legitimate use case for electronic ID. ID is the tool the state uses to give you a way to prove you are who you pretend to be.
I think there's something a bit funny in worrying about giving a copy of your IDs to companies who already know everything about you from your full social graph to your political leanings and interests.
> Requiring ID is not entirely the right approach here I think
It is in the sense that it entices the industry to come up with a better approach.
Otherwise they'll just sit on their piles of gold saying that it can't be done, as they have been doing for far too long.