- cross-posted to:
- tech@kbin.social
- news_tech@lemmy.link
- cross-posted to:
- tech@kbin.social
- news_tech@lemmy.link
Pornhub has shut off access in Mississippi and Virginia to protest age verification laws that can involve checking government IDs. It previously blocked access in Utah.
Doesn’t the (government?) site that provided the token learn which site it was for when that site requested the token be verified?
@Hillock
No, if done correctly the site verifying the token should only need to verify it was signed by the authority token provider.
Right now the system is still just theoretical so the specifics are undefined. But the idea is that they wouldn’t. I assume they could still figure it out by tracking the IP addresses of those who access the token and matching it to a company. But the company doesn’t have to send a request. I assume you are just generating a link that says “This person is age X”. So the link itself serves as the verification. The link would only be valid for 5-15 minutes, so you can’t just steal it to impersonate someone else.