alt Hacker NewsI agree only in the sense that Meta wants the OS to tell them the user’s age - BOTH for the ulterior motive of better ad targeting / fingerprinting, but also because shifting the liability gets the numerous current and future child safety lawsuits off the back.
This would be fine if it was actually done perfectly - ie. Devices get a signed ticket from the government identity provider, device can provides a cryptographically verifiable ticket to the site that its a valid identity and their age is within the $x age range but not tied to the user’s actual identity / document, and the device doesn’t ask the government identity provider to mint a new ticket each time it needs to attest (maybe 500 tickets are minted at a time and you auto renew 500 more each month)
However the likelihood of this actually being done correctly is slim to none.
There is no "done correctly". Intrinsically you simply cannot do this, and you have to accept this as almost axiomatic.
If the online age token is not attached to a human identity in a strong way, then it can be transferred to others without friction. The only way we can make it sticky is a mix of technological solutions (how we tie to identity) and real-world systems -- having the ability to prosecute misuse and to link to a physical identity.