Hacker News new | past | comments | ask | show | jobs | submit login

Basic age verification is pretty easy, no? I’m not sure about the details but this seems like a pretty low bar for a site like this. Not that I’m advocating it be required but just that if it were me I would not make something like this without at least making the best possible attempt at age verification.



Age verification in a way that is both robust and privacy respecting is an impossibility.

Pick one.


Why wouldn't something based on unlinkable blind signatures work? Basically site issues a token to user, user gets token unlinkably blindly signed by some recognized age verification entity (government agency, bank) that already has their personal information, user returns signed token to site, site verifies it was signed by the recognized age verification entity.


What is the "best possible attempt"? There's was a checkbox added (possibly after this suit was filed) that was a "I'm over 18 and understand I'm meeting random people". That's something every teen already clicks past constantly to see increasingly large swathes of the internet. Any actual "verification" seems quite difficult beyond just relying on self-attestation.


> What is the "best possible attempt"? There's was a checkbox added (possibly after this suit was filed)

It was after the suit was filed (prior to the suit, AIUI, Omegle had an over-18 warning (with no confirmation) on the Unmoderated chat option, and a stated policy that users had to be 18+ or 13+ with parents permission.

Also, it may not have been because of this suit, there is at least one other suit that was found not to be barred by Section 230 (this one avoided S230 immunity because it is a product liability suit, not one contingent on their role as a publisher; the other one I've seen, IIRC, was found to raise a triable question of fact regarding whether Omegle's behavior was within the category of knowing involvement in trafficking that brought it out of S230 protection.)


How is age verification easy?


"I’m not sure about the details"


Why isn’t having an “over 18?” checkbox enough to have lawsuits brought by children (at the time or later) thrown out unceremoniously?


Because kids can check checkboxes no problem? And it’s not even a real attempt at verification?

Is this a real question?

If someone showed up at a bar, would a bouncer accept that?


It’s because the cops can show up and demand ID from everyone inside, they have to make sure everyone has one.

In this case, they have no obligation to ensure everyone has ID on their person.

Can you sue a bar you used fake ID to get into?

My real question wasn’t if there are kids on the system or not, but why are they allowed to sue when they themselves and nobody else have lied about the age verification question?


Yes, kids can and have sued because they got served alcohol while underage - even if they asked for it. The whole premise is as minor they couldn’t understand the consequences, and weren’t fully responsible for their actions.

And establishments get shut down all the time for it.

[https://ftxidentity.com/blog/abc-laws-if-minor-is-served/]

Next question?


Your link from an ID verification company says “it depends” wrt fake id liability. I suppose there are sane places and crazy places in the world, for a limited time at least



Even he mentions that the shop is not liable if they ask for ID.

Anyway, it’s really twisted my original point your leaning into alcohol laws that do not apply.

If I make a service that says nobody named Bob can use it, have a checkbox Not Bob? - how can I get sued by someone named Bob?


Only if they ask for ID, check it, and it looks so good no one could tell it was fake. That’s about as far from checkbox in a random website pop up as we can get though, right?

In your new example:

- is there a regulatory reason that it is illegal for them to serve someone named Bob? Or is there a real risk/harm that people named Bob would suffer that they know about and is predictable?

- did they do any of the checks they are legally required to do to prevent someone named Bob from accessing the service and therefore suffering that injury? Or make a good faith effort to not just injure any Bob’s, at a minimum?

If they didn’t, then yet a Bob could sue if he managed to get through and get injured.

Pretty weird example though.


Because that’s not really verification, probably.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: