This is how I think about the UK’s Online Safety Act, and similar laws in Texas that introduce new rules for checking a website visitor’s age before showing adult content.
Most people agree that it’s reasonable for someone working behind the counter at an old-fashioned adult video store to ask to see an ID before a young person checks out with their purchase. Glance at the ID, notice they’re old enough, hand the ID back, all good. For buying alcohol at a grocery store, maybe the employee also keys in the birthday on the point-of-sale system.
But it would be a huge overreach to also photocopy the ID and file it away in the store, forever, where nearly anyone could get access to it, and where it was connected to a database of purchases. Customers would be very anxious about that. That is what it’s like to be asked to show an ID online. We need to be extra careful with privacy online because the default is to store way more information than in the real world.
Last week when working on our discount for teachers and nurses, I started by implementing support with ID.me, a service that is already common in the United States for some industries, such as nursing. By delegating verification to ID.me, Micro.blog could avoid any risks with transferring or storing private information. Unfortunately, ID.me doesn’t currently work with small companies like mine, so I had to scrap that work and go with a much simpler setup.
For the Online Safety Act, I expect that apps will want to delegate verification to trusted third parties, like the App Store and Google Play. Bluesky has rolled out compliance by using a service from Epic Games:
We’ll use Epic Games’ Kids Web Services (KWS) to give our UK community choices about how to verify their age. If you’re in the UK, you can choose between methods like credit card verification and face scans.
There are trade-offs, for sure. Centralized platforms risk exposing large amounts of private data if hacked. But it’s just not realistic or safe for every website to be in charge of something as sensitive as an ID card.
