Pornhub and two other adult sites are suing the European Union over a landmark digital content law, the Digital Services Act, which imposes age verification and other obligations on large platforms. The European Commission last year named Pornhub, Xvideos and Stripchat as a category of “very large online platform” under the act, which includes obligations such as age verification measures for minors and creating a library of adverts published on their sites. Companies that fall foul of the law can be fined up to six percent of their global turnover. This lawsuit follows similar legal challenges by online retailers Amazon and Zalando.

  • ominouslemon@lemm.ee
    link
    fedilink
    English
    arrow-up
    79
    ·
    10 months ago

    I generally like the spirit of the DMA and the DSA, but the age verification policy is utterly garbage. Privacy and age verification are mutually exclusive

    • homoludens@feddit.de
      link
      fedilink
      English
      arrow-up
      10
      arrow-down
      1
      ·
      10 months ago

      You can use the German ID card as a way to authenticate yourself via Internet (by using an open source app), including age. Shouldn’t it be possible to provide a limited interface that e.g. only signals if the person is above a certain age? You already have to enter a PIN in the app so it could also easily show which information is asked/transmitted.

      • circuitfarmer@lemmy.world
        link
        fedilink
        English
        arrow-up
        19
        arrow-down
        2
        ·
        10 months ago

        The infrastructure to support such things are naturally anti-privacy. Ultimately it requires someone to simply ignore other info that would otherwise be accessible. There could be a unique governing body for that part which is chartered for only sharing appropriate info, but even then, it’s an ask for people to trust that body and that it wouldn’t leak.

        • barsoap@lemm.ee
          link
          fedilink
          English
          arrow-up
          6
          ·
          10 months ago

          Ultimately it requires someone to simply ignore other info that would otherwise be accessible.

          Nah. The ID card says “here, have a proof that I’m an ID card issued by <state>, and I assert that the bearer is 18+”. The crypto involved can be furnished such that nothing but the issuing authority and the fact “18+” gets transmitted, no name, no id number, no nothing. You can’t even match up different times you age auth with the same ID as every time the proof will look different.

          That said I’m still against that kind of auth online, but the crypto is not the issue. Unlike voting it’s actually solvable.

          • circuitfarmer@lemmy.world
            link
            fedilink
            English
            arrow-up
            4
            arrow-down
            1
            ·
            10 months ago

            The crypto involved can be furnished such that nothing but the issuing authority and the fact “18+” gets transmitted, no name, no id number, no nothing.

            This is a best-case-scenario implementation. I just think it is extremely likely that any approach actually implemented would not have the privacy of the user in mind.

      • Redjard@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        5
        ·
        10 months ago

        In essence, if that where possible someone could build an api and donate his ID into it that answers all the authentication requests for everyone. There needs to be a way to ensure different users use different IDs, which necessitates a bunch of tracking.

        And that in the ideal case

        • iknowitwheniseeit@lemmynsfw.com
          link
          fedilink
          English
          arrow-up
          1
          ·
          10 months ago

          A system doesn’t have to be perfect to accomplish most of its goals. I mean, mass usage could be easily caught. Smaller scale abuse would be like giving your younger friend a beer - technically against the rules but not really a huge problem.

          • Redjard@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            1
            ·
            9 months ago

            To be able to catch that, you need tracking. Some identifier to determine if you had 1000 authentications from the same source or different ones.

            • iknowitwheniseeit@lemmynsfw.com
              link
              fedilink
              English
              arrow-up
              1
              ·
              9 months ago

              Yes, correct. You have to assume that each party will be tracking everything they can, otherwise it doesn’t make sense. So the age verifier will know that you have requested many authentication in a given time.

      • iknowitwheniseeit@lemmynsfw.com
        link
        fedilink
        English
        arrow-up
        4
        ·
        10 months ago

        Yes, and it can be done in a way where the organization validating the age doesn’t know the purpose. They would still know that you requested an age validation and when, but that’s it. So the German government wouldn’t know whether it was for porn or for signing up for a youth hostel.

        I’m not saying that I agree with the restrictions, but it is possible technically.