Would you mind elaborating on the specific methods you're referencing? To me, the entire problem is framing the issue as "age verification" in the first place - this implies the web company is responsible for knowing and controlling who uses their service. Whether this is a full-on demand for drivers' license / face scan / verification can, or whether there can be a technical process that obscures some details doesn't change this underlying dynamic!
The other problem you're up against is in the low-friction online environment, 90% easily turns into a much lower percentage. Which will actually manifest itself as the initial methods that achieved "90%" being declared insufficient in favor of stronger methods of identity verification.
I say this as a parent staring down having to deal with the dumpster fire that is the modern web in the next short year or two - the only sane way to address this problem is through client-side parental control software that works based on website/app tags supplied by the server / app creator / etc. There is indeed a market failure here, so the sensible regulation is to make websites over a certain size publish labels about the suitability of their content for age brackets, whether a site is social media, contains user generated content, has algorithmic feeds, and so on - affirmative assertions about the content that carry legal weight and liability for them not being true. Device manufacturers over a certain size would need to include parental control software that can be enabled during the setup process.
If parental controls are enabled and a website has not published tags (too small, foreign jurisdiction, misconfiguration, etc), then it simply fails closed and refuses to display the site. This keeps decisions about content suitability in the hands of parents where it belongs, rather than putting it in the hands of corporate attorneys who will often make decisions directly contrary to what parents want! Remember this whole topic is being pushed by big tech to absolve themselves of liability for pushing harmful products!
>Would you mind elaborating on the specific methods you're referencing?
well, i mean, you put a decently reasonable one in your own comment: "client-side parental control software that works based on website/app tags supplied by the server / app creator / etc."
another sibling comment mentions alcohol sales. government could issue a scratch card with UUID that's valid for some time, sold at anywhere alcohol/tobacco is already sold. most people are already comfortable with flashing an id at the beer store.
read any other the other dozen similar threads with hundreds of comments, and there are a handful of other neat ideas usually voted pretty high up.
Isn't getting around showing ID for alcohol about as easy as clicking "Yes I'm above 18"? All you need is to know someone that would buy it. Or know someone that knows someone that would buy it. Or know someone that had it bought for them.
Or I guess in the case of the US... maybe even just steal it considering how lax people seem to be with theft.
>Isn't getting around showing ID for alcohol about as easy as clicking "Yes I'm above 18"? All you need is to know someone that would buy it.
and yet, most kids aren't walking around hammered. the penalties of underage possession and supplying to underage kids deters most people.
i will reemphasize that literally no law is 100% effective, so its silly to talk about age verification as if it has to be the first one to be 100% effective.
Note that what I outlined is decidedly not "age verification" or "identity verification" - rather it relies on on-device parental controls, where the decision process is still completely under the control of the end users (ie parents). The main point of the legislation would be to prime the network effects to overcome the current market failure.
The details of the setup are very important as they lay out which way the situation will be pushed as the calls invariably continue. There are many other neat ideas that are voted high up, that still fundamentally still just boil down to identity verification! This why we need to talk specifics - even most programmers are bad at designing secure systems, as it requires the additional skill of adversarial thinking.
For instance, the scratch card idea you bring up fails with the same problem - it still puts the onus for yes/no decisions on the companies, meaning when the scratch cards are declared not good enough, those companies will then move on to additional methods - and it would be a tall order to craft legislation that prohibited companies from employing any other identity verification methods beyond the scratch cards. And in case it's not obvious, the scratch cards will readily be seen as not good enough - if they're truly private, it's easy for anyone to make a couple extra bucks by buying some (up to the limit), and then selling the tokens online.
(never mind that many beer stores have moved to online verification of licenses where they scan your ID# and it gets backhauled to some centralized database, so even buying beer isn't appropriately described as "flash your ID" any more)
(also note that any "age verification" or "identity verification" scheme does not merely absolve big tech of liability, rather it moves that legal liability on to parents themselves! )