We Built a Resource Hub to Fight Back Against Age Verification
Key topics
The age verification debate is heating up, with the EFF launching a resource hub to fight back against the impending requirements. Commenters are sharing their concerns and insights, pointing out that third-party verification companies will likely become the norm, and that some countries like India already have strict internet regulations in place, requiring cyber cafes to verify user identities and maintain browsing logs. As some users highlighted examples of invasive age verification methods, like Switzerland's SMS code requirement for public WiFi, others questioned the effectiveness of such measures, noting that anonymous VOIP numbers can easily circumvent them. The discussion reveals a complex landscape of age verification, with varying approaches and concerns around privacy and enforcement.
Snapshot generated from the HN discussion
Discussion Activity
Very active discussionFirst comment
10m
Peak period
45
0-12h
Avg / period
16
Key moments
- 01Story posted
Dec 11, 2025 at 1:58 PM EST
22 days ago
Step 01 - 02First comment
Dec 11, 2025 at 2:09 PM EST
10m after posting
Step 02 - 03Peak activity
45 comments in 0-12h
Hottest window of the conversation
Step 03 - 04Latest activity
Dec 17, 2025 at 8:17 PM EST
16 days ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
You can't receive the text message without cellular service.
I had to show my passport to get a SIM card.
[1] https://www.gva.ch/Site/Passagers/Shopping/Services/Business...
This is not compelling. The internet I know and love has been dying for a long time for unrelated reasons. The new internet that is replacing that one is an internet that I very much do not love and would be totally ok to see lots of it get harder to access.
Extrapolate that how you will.
No, its legal (in some jurisdictions) pornography. Prostitution on the platform, as well as whatever the legal status is in the set of jurisdictions involved, is also, from what I understand, explicitly against the platform ToS.
Prostitution obviously cannot physically happen on an online platform, but it sure is a convenient way to advertise and attract customers, and serve as the payment processor.
Well, no, violating a binding legal agreement is illegal.
> Prostitution obviously cannot physically happen on an online platform, but it sure is a convenient way to advertise and attract customers, and serve as the payment processor.
Which is explicilty prohibited by the law in many places OF operates, and judging from the number of people who are creators on the platform I've seen complaining about people jeopardizing their status with the platform by soliciting it on the platform, also by the actively-enforced terms of the platform. OF is simply not “legal prostitution”, and it is ridiculous to describe it that way
Not touching the rest of this thread's arguments, but that isn't really true. Breaking ToS, or any other contract, is not "illegal"-- it's not a crime. It opens you up to civil (not criminal) penalties if the other party sues, but that's it.
Not in principle
See the limits on curse words on TV. Or MPAA ratings for movies.
(IANAL) That demonstrates the opposite: that's a voluntary system with no force of law behind it—the private sector "self-regulating" itself, if you will.
The film rating systems were created under threat of legislation in the first half of the 20th century (so, in lieu of actual legislation). The transformative 1st Amendment rulings of the Warren Court would have made such laws unconstitutional after the 1960's, but the dynamic that created these codes predates that—predates the modern judicial interpretation of the 1st Amendment.
https://en.wikipedia.org/wiki/Hays_Code (history background)
https://en.wikipedia.org/wiki/Motion_Picture_Association_fil... ("The MPA rating system is a voluntary scheme that is not enforced by law")
What the ZKP does is let you limit the information the site collects to the fact that you are under 18, and nothing else. It’s an application of the principle of least privilege. It lets you give the website that one fact without revealing your name, birthdate, address, browsing history, and all your other private data.
After all - if it doesn't share anything other than the "age" of somsone who is authenticating with the website then how would the website know there's re-use of identifiers?
And you don’t sss a problem with this part?
Some proposed implementation do this. Without the requirement there is no chance of your ID or age being leaked, with zero knowledge proof, there is a chance they leak but can be made small, potentially arbitrarily so. Other implementations come with larger risks.
There were major Supreme Court rulings on the topic recently, see
https://news.ycombinator.com/item?id=44397799 ("US Supreme Court Upholds Texas Porn ID Law (wired.com)"—5 months ago, 212 comments)
https://en.wikipedia.org/wiki/Free_Speech_Coalition_v._Paxto...
- If I can do a zero knowledge proof with an arbitrary age, I can determine anyone's birthday.
- If the only time people need to verify their age is to visit some site that they'd rather not anyone know they visit and that requires showing identity - even if it's 100% secure, a good share of people will balk simply because they do not believe it is secure or creating a chilling effect on speech.
- If the site that verifies identity is only required for porn, then it has a list of every single person who views porn. If the site that verifies identity is contacted every time age has to be re-registered, then it knows how often people view porn.
- If the site that verifies identity is a simple website and the population has been trained that uploading identity documents is totally normal, then you open yourself up to phishing attacks.
- Whatever verifies identity may not be secure - given the track record of online security, that seems likely.
- If the site that verifies identity is not secure or keeps records of tokens/certs/whatever it issues, then it may be possible to piece together every single site someone visits that requires age verification (via subpoena or hacking).
And at the end of all of this, none of it will prevent access to a child. Between VPNs, sharing accounts, getting older siblings/friends to do age verification for them, sites in jurisdictions that simply don't care, the darkweb, copying the token/cert/whatever from someone else, proxying age verification requests to an older sibling/rando, etc. there are way, way too many ways around it.
So one must ask, why does taking all this risk for so little reward make any sense?
It doesn't prevent one person from prohibiting speech... I can tell a pastor to stop preaching on my lawn. But, the government cannot tell a pastor not to preach in the publicly-owned town square (generally, there are exceptions).
There are arguments that certain online forums are effectively "town squares in the internet age" (Twitter in particular, at least pre-Musk). But, I always found that analogy to fall apart - twitter (or whatever online forum) is more like an op-ed section in a newspaper, IMO. And newspapers don't have to publish every op-ed that gets submitted.
Also, the 1st Amendment does not protect you from the consequences of your speech. I can call my boss an asshole to his face legally - and he can fire me (generally, there are labor protections and exceptions).
If people care enough, they will build a new internet.
there's a great game being played out by these users of force against the advocates of desire. everything about the bureaucracies pushing digital ID is unwanted. this isnt about age verification tech, its about illegitimate power for unwanted people who are actuated by forcing their will on others. we should treat these actions with the open disgust they deserve.