My Age Verification Solution Proposal

Questions
125

Yes. The problem with the poll in My Age Verification Solution Proposal - #122 by Terrance is that the people being polled are not experts and have no idea what they are talking about or what they are being asked.

People think the question being asked is “do you support stopping children from accessing pornography?” However, that is not the question actually being asked here.

Governments are abusing the “children safety” angle in all recent legislation precisely because it gives poll results like these.

3 Likes
126

There are so many problems with online polls, even when weighted, the sample is not an accurate representation of a cross section of the population because of regression of data quality (bogus respondents, bots, unequal access, subpar and non standard methodology). They do not reflect informed opinions, and the people who generally participate have an incentive to influence the results. They might publish factual information but not provide context or use loaded or charged words in attempt to appeal to emotions or stereotypes to favor a particular cause.

I completely agree.

128

The issue for the study is that is what they are being asked. You are changing the study to your own ideas and ideology of what you think the government will do once age verification is implemented.

The study is about age verification for porn sites. That is what the people answered about. It also isn’t the only study done.

What the government does after it is implemented without any safety or privacy checks is an issue as there are no checks to prevent abuse. But that study was about one thing and the citizens answered it. As they are in favor for it even if they don’t take in all the ramifications that you think of.

The issue is people expect everyone to be an expert or to listen to every expert and to vote their way. That isn’t a democracy. Everyone in a democracy is going to vote on their opinions either being educated, being an expert or not.

As, some don’t believe experts. As, sometimes experts are the one that caused the issues in society.

129

So long as you can buy second user phones on eBay for peanuts any law making isn’t gonna make a scrap of difference. Of course diligent parents will obey the law and the authorities will claim a success but they were never the problem in the first place.

130

I have heard it and going to continue anyways. Because it is being implemented and I think private solutions should be thought of and discussed.

Didn’t say he was. Just said he was not convicted in court of what you said. I also said in the court of the public opinion that may not be the case. But everyone is still innocent until proven guilty under the law and was just saying that also applied to Trump. Even if you liked it or didn’t.

I didn’t even want to comment on the Trump stuff as it didn’t pertain to my proposal. But it was related to what you wrote here and then what I answered:

Because not every parent can be trusted with that responsibility. That is the whole issue.

Not every kid has the maturity to understand and even kids who do. They are still kids. To sit here and think they are not something other than children who are growing, need structure and different tools to keep them safe. Then Idk.

I worked as a gas station employee at night alone and you should have seen the amount of kids 9-13 out at 2am and asking for vapes/cigarette (get pissed when I told them no it’s illegal) and everything in between. Then girls 16 coming in with only a bra on. As it looks like they just got out of bed (When I told them they couldn’t be in there and their answer would be “why it is late and you are the only one here who is going to tell”. Which then puts me in a dangerous situation. They know it is wrong hence “who’s gonna tell” argument they say. But at least there were cameras at my job recording everything).

Kids are kids. Even ones who appear good they are still growing and learning. When alone and with friends they could be totally different kids.

131

But the poll wasn’t bias as you fail to mention this:

It seems their research comes to the conclusion that all you people come to (about supposed issues) As you have disagreementable about censorship, how could it be done etc. Still doesn’t mean citizens are not in favor of it. No, matter how you try to spin the facts.

132

Someone has brought to my attention e-ID’s. I will post it here for everyone to view and decide. How they see the system.

ID systems analysed: e-Estonia

ID systems analysed: e-Estonia | Privacy International
Our third research piece on some of the world’s most used foundational ID systems looks into e-Estonia. This analysis is part of PI’s wider research into the tech behind ID systems around the world. Click here to learn more.

ID systems analysed: e-Estonia

Our third research piece on some of the world’s most used foundational ID systems looks into e-Estonia. This analysis is part of PI’s wider research into the tech behind ID systems around the world. Click here to learn more.
Case Study
Post date
12th January 2022
Id card dummy
Overview

Estonia is widely considered one of the most digitally advanced countries in the world. Its e-ID is the gateway through which e-citizens are able to access most public services. Estonia’s e-ID is both designed and operated by a collection of private companies, and overseen by the Police and Border Guard agency.
X-Road® (implemented in Estonia as X-tee) is the free and open-source data exchange layer which provides a standardised method for transferring information between the data systems of private and public sector organisations. X-Road has recently been made available on GitHub under the MIT License, one of the most permissive Free and Open Source Software (FOSS) licenses available.
The data held by the Estonian government is decentralised and duplicated through the use of data embassies. These are essentially data centres that, despite sitting outside Estonia’s borders, remain fully under Estonia’s control and have the same rights as physical embassies such as immunity.
The X-tee pilot project was initiated in 2000 from the budget of the Ministry of Transport and Communications, Ministry of the Interior and the Government Office and co-ordinated by the state information system department (RISO) of the Ministry of Economic Affairs.
A two-stage public procurement was organised in April and May 2001 and it was won by Estonian IT company AS Assert. Several Estonian companies were then sub-contracted to develop different components of the project:

AS Cybernetica – architecture, protocols and security solutions;
AS Andmevara – test queries to the population register, Estonian Registry of Buildings;
Reaalsüsteemide AS – test queries to Commercial Register;
AS Datel – test queries to electronic Land Register;
Estonian commercial banks - authentication of users.

Gemalto (now part of Thales Group) was contracted to manufacture the physical ID cards used to authenticate against e-Estonia citizen services, and was later ordered to pay €2.2 million to the Police and Border Guard Board in compensation over security vulnerabilities in the manufactured cards. Since 2019, Oberthur Technologies has been in charge of manufacturing ID cards and maintaining their functionality.
Infrastructure makeup

In designing their identity system, Estonia harnessed widely-used technologies and applied them, in a novel way, to the state governance context. X-tee (Estonia’s version of X-Road) was the outcome of this application of existing technologies. This is one of the major reasons behind X-Road’s success; it is in fact a data-exchange layer modelled on tried and tested technologies, ambivalent to the authentication mechanism implemented.
Technically the X-Road ecosystem consists of Central Services, Security Servers, Information Systems, Time-Stamping Authority(ies) (TSAs), and Certificate Authorities (CAs):
X-Road architecture
X-Road architecture. Source: X-Road® — X-Road® Architecture

From X-Road’s documentation we can see that Central Services consist of a Central Server and Configuration Proxy. This Central Server contains the registry of X-Road members and their Security Servers as well as the security policy of the X-Road instance. This security policy includes a list of trusted certification authorities, a list of trusted time-stamping authorities, and configuration parameters. Both the member registry and the security policy are made available to the Security Servers via HTTP protocol. This distributed set of data forms the global configuration that Security Servers use for mediating the messages sent via X-Road.
A Security Server is the entry point to X-Road, and it is required for both producing and consuming services via X-Road. The Security Server mediates service calls and service responses between Information Systems and handles the security aspects of the X-Road infrastructure such as:

Managing keys for signing and authentication;
Sending messages over a secure channel;
Creating the proof value for messages with digital signatures;
Time-stamping and logging.

X-Road Security Architecture
X-Road Security Architecture. Source: X-Road® — Security

The Information System produces or consumes services via X-Road and is owned by an X-Road member. X-Road supports both REST and SOAP as communication methods, however X-Road does not provide automatic conversions between different types of messages and services. The Information System is capable of discovering registered X-Road members and their available services by using the X-Road metadata protocol.
All messages sent via X-Road are time-stamped and logged by the Security Server. The purpose of the time-stamping is to certify the existence of data items at a certain point in time. The Time-Stamping Authority (TSA) provides a time-stamping service that the Security Server uses for time-stamping all the incoming/outgoing requests/responses. Only trusted TSAs that are defined in the Central Server can be used.
The certification authority (CA) issues certificates to Security Servers (authentication certificates) and X-Road member organizations (signing certificates). Authentication certificates are used for securing the connection between two Security Servers. Signing certificates are used for digitally signing messages sent by X-Road members. Only certificates issued by trusted certification authorities defined in the Central Server can be used.
Encryption used

From X-Road’s publicly available documentation we can get a grasp of the encryption algorithms used within the different components of the platform. All the protocols mentioned in the documentation are widely used and well documented. In addition, X-Road has regular third-party security assessments, with a public bug bounty programme.
Estonia’s e-ID system, however, had fundamental implementation failures when in 2011 the government distributed 120,000 faulty ID cards that were found to have programming errors allowing the card to be used by whoever was physically holding it without the need of knowing the respective PIN code.
More worrying, and not limited to 120,000 faulty cards affected, is a core design feature regarding the way private encryption keys were generated and handled. The ID card’s private encryption key used to authenticate digital signatures should be generated inside the card chip to ensure only that card knows it - a good example of privacy by design. Instead, keys were generated in a server operated by the card manufacturer and copied to the card over the internet.
Another software bug was reported in which the same private key was copied to several different ID-cards, allowing cardholders that were assigned non-unique private keys to use one another’s identity.
These above bugs’ origins have been tracked down to Gemalto, the contractor tasked with manufacturing and maintaining functionality within Estonia’s ID cards. This resulted in Gemalto being ordered to pay €2.2 million compensation to the Police and Border Guard Board. Since 2019 another company called Oberthur Technologies has been in charge of manufacturing ID cards and maintaining their functionality.
De-duplication

Very little is publicly available about the deduplication undertaken in e-Estonia, except that the processes of verification and deduplication during identification are overseen by the Police and Border Guard Board (PBGB), according to the Identity Documents Act. Where the applicant for the digital ID has not previously been issued any ID under the Act, it is the PBGB that conducts the process of verification/deduplication. The Identity Documents Act also allows the Authority, who collects the personal data, to transfer it to third parties for the “identification and verification of facts relevant to the issue” and for the “issue and revocation of an identity document.”
The use of biometrics when registering is optional, but there are talks of turning to fingerprints for authentication when using ID cards instead of PIN codes.
Principles of Engagement

Estonia’s e-governance principles were published as follows:
e-estonian engagement principles
Estonia’s e-governance principles. Source: https://e-estonia.com/wp-content/uploads/eas-eestonia-vihik-a5-180404-view.pdf
Where

The story of the Nordic Institute for Interoperability Solutions (NIIS) is one of two European countries that throughout history joint forces to collaborate and face challenges together. In 2013, the challenge to overcome was data sharing in and between national governments. Estonia and Finland decided to find mutually beneficial solutions together. The framework for the collaboration was set up in 2017 and called the Nordic Institute for Interoperability Solutions, using X-Road as its underlying technology. Iceland joined NIIS on 1st June 2021 and became the third member government in the international consortium after initial founders Estonia and Finland.
NIIS partners are countries which implemented X-Road and have signed a partnership agreement with the NIIS aiming to deepen their cooperation, meaning they can one day may become members.
The remaining countries where X-Road is implemented have deployed the technology while not being tied to NIIS.
X-Road usage map
Implementation is based on the X-Road® open-source software and has full protocol-level compatibility with the official X-Road core. Both public and private implementations are included. Source: X-Road® — X-Road World Map

Estonia’s e-ID: The Cornerstone of a Seamless Digital Society

ID-card - e-Estonia

e-Identity

Estonia’s e-ID: The Cornerstone of a Seamless Digital Society

Every Estonian, no matter where they live, has a state-issued digital identity—known as e-ID. In use for over 20 years, the e-ID is a cornerstone of Estonia’s e-state, enabling secure digital transactions in both the public and private sectors.

People use their e-ID daily to:

  • Vote online

  • Sign documents digitally

  • Access healthcare records

  • Manage banking and business

  • Shop securely and more

Multiple formats, one secure identity

The e-ID ecosystem includes:

  • ID-card (chip-based)

  • Mobile-ID (SIM-based for smartphones)

  • Smart-ID (app-based authentication)

Each option offers strong security and legal validity for digital interactions.

Digital inclusion beyond borders: e-Residency

Since 2014, Estonia offers e-Residency—a unique program allowing non-residents to access Estonian e-services and build borderless businesses. Over 100,000 e-residents now benefit from Estonia’s trusted digital ecosystem.

Saving time, enhancing trust

Thanks to digital signatures, each Estonian saves an average of five working days annually. These tools make public administration faster and reduce bureaucracy—without sacrificing trust or transparency.

Shaping Europe’s digital future

Estonia has actively shaped the EU eIDAS regulation, ensuring cross-border recognition of electronic identities and signatures. As part of eIDAS 2, Estonia champions identity wallets—secure mobile apps for identification, signing, and document storage.

Pushing boundaries: Identity wallet & split-key technology

Estonia is exploring next-generation identity wallets and split-key technology, offering a more secure alternative to traditional mobile systems—especially where European certification is required.

These innovations make digital identity:

  • More mobile

  • More secure

  • Easier to use—without compromising on privacy

Driving European interoperability

Through initiatives like POTENTIAL, Estonia is helping develop interoperable digital driver’s licenses and other identity solutions across the EU, fostering both legal alignment and technical progress.

Conclusion

Estonia’s e-ID system isn’t just a technical solution—it’s a visionary model for digital governance. By fully integrating e-identity into daily life, Estonia has created a secure, efficient, and inclusive digital society that sets the global standard.

ID-card

Estonia has by far the most highly-developed national ID-card system in the world. Much more than just a legal photo ID, the mandatory national card also provides digital access to all of Estonia’s secure e-services.

The chip on the card carries embedded files, and using 384-bit ECC public key encryption, it can be used as definitive proof of ID in an electronic environment.

for digital signatures
for i-Voting
to check medical records, submit tax claims, etc.
to use e-Prescriptions

To learn more about the ID-card, visit its webpage.

Here are some examples of how it is regularly used in Estonia:

as a legal travel ID for Estonian citizens travelling within the EU
as a national health insurance card
as proof of identification when logging into bank accounts
for digital signatures
for i-Voting
to check medical records, submit tax claims, etc.
to use the e-Prescription service

Developers of e-Identity:

eID, Mobile-ID, Smart-ID, time-stamping by SK ID Solutions
SplitKey by Cybernetica
Digital Identity by RaulWalter
eID Remote Maintainance by RaulWalter
Online verification by Veriff  
m-Residency by B.Est Solution

99% of Estonian residents have ID card
800M Digital signatures given so far
5 Days per year saved with digital signature

e-ID Cyber security

Secure data sharing - e-Estonia
Cyber security

As one of the world’s most advanced digital societies, Estonia knows that digital innovation must go hand-in-hand with strong cybersecurity. After facing coordinated cyberattacks in 2007, Estonia turned crisis into capability—becoming a global leader in cyber resilience.

Today, Estonia hosts the NATO Cooperative Cyber Defence Centre of Excellence and the European Union Agency for large-scale IT systems, reflecting its status as a trusted partner in international cybersecurity.

To secure its digital infrastructure, Estonia developed a blockchain-based technology to protect critical data in government systems from internal and external threats. This scalable and tamper-proof solution ensures the integrity of national data across services—from healthcare to justice.

Secure data sharing

It is often said that “data is the new oil” that fuels e-government services and private sector solutions alike. But there is more than meets the eye!

To stay with the oil analogy, you need infrastructure and transport vehicles to distribute the valuable resource around the world. And it’s the same for data: without a proper legal framework and the right technology for secure data sharing, the various ministries and government authorities would simply sit on the data that they amassed in their own “silos”.

For that reason, many Estonian companies have specialised in secure data sharing, whether it’s about the base infrastructure for encrypted data exchange between public sector organisations or privacy mechanisms that enable patients to decide what kind of medical data they want to share with their doctors.
Developers of secure data sharing:

Government Cloud by Proud Engineers
Sharemind by Cybernetica
MIDA by Guardtime.
Other e-ID Articles

Estonian e-Health Records

School management systems - e-Estonia

X-Road - e-Estonia

e-Services & registries - e-Estonia

Smart freight transportation - e-Estonia

https://e-estonia.com/solutions/ease_of_doing_business/

After taking a look at this what solutions or possiblies do you see that could come about.

133

Isn’t it time to stop going round and round in circles trying to find a solution when you (nor anyone in this thread) are nowhere near an expert or even close to an authority on this issue?

I know you’re trying to, and that’s how this thread started but what else is left unsaid?

The sheer volume of edits, deleted comments, etc that you have in your own thread (and even before where you made 15 edits in the first place you posted this) trying to sound rational is only making you out to seem a pseudo intellectual at best (that I believe is high time people start realizing here with you and this particular topic at-least). All this activity is not inspiring confidence in you or your idea (which again is not the real issue at hand but is being made one as distractions).

What else is left Terrance?

134

Don’t need to be an expert to look for solutions.

You don’t know me but thanks for the slander. How about trying to be better in your debating skills, instead of trying to discredit me with baseless attacks. And have an honest debate.

The 3 deleted comments were articles that I then formed into one comment and hid them under a menu. So, it didn’t make things longer than it had to be.

The edits were grammar/typo mistakes maybe I forgot to add link and it was also to fix the flow structure of the comments. Most of these edits are also before people comment me. As, I notice them after I click reply.

Also my offline voice dictation isn’t accurate and my fat fingers don’t necessarily hit the right keys and when I am having a conversation in the moment I want to keep the conversation going instead of spending an hour trying to get everything exactly written perfect just to satisfied your crave for perfection.

So, the edits are just so people don’t misinterpreted me or trying to make baseless claims that I didn’t say or mean or they inferred otherwise with those mistakes. So, I do small fixes. Just to fix them. But kept the structure and what I was saying the same to the original intent.

You can be critical about my topic and in a way without being rude. There is no way to discuss with you appropriately. No where have I called you pseudo intelliectual. Nor have I stated I am more smart than anyone else. Any one can decide for themselves on that subject. Idc any other way. I have also said my solution isn’t perfect or foolproof. I am no expert just someone who want to discuss solutions to a problem I see not being discussed.

But you do you JG

135

Well I guess this is coming down to what I already mentioned once before - having different opinions on what different words & sentences mean and what the point of each comment and opinion is at large.

Eh, I was just wondering to what end you’re still trying to debate this. But this comment may be offtopic as I don’t really have anything else to add to the topic of discussion.

136

I didn’t say you were either. I said you seem like one. You appear to be. But it wasn’t a claim. For example and following this logic: if it walks like a duck, talks like a duck, is it a goose? No. It’s a duck!

Understood. But my OG contention was also whether or not this is truly the real issue or was there something else. You seem to believe this is the real issue. And I don’t. And that’s why I am on a personal level discounting your views in this as they feel flawed from various angles.

1 Like
137

Just looking. For other people who are willing to chat. Not necessarily looking for my mind to be changed in this topic thread (that can be another topic or a personal private message feel free to send me links or articles that can change my mind).

I also still need to see what Jonah wrote. I haven’t had the time to digest it as I am responding here.

I am just trying to focus on a hypothetical private solution that people could see that could be implemented to prevent abuses or so, and what can be incorporated into a system. Doesn’t mean it will happen or ever happen. I am not famous or super popular and not a expert. But maybe it might make some people who are experts and have better finances than me and more power to look outside the box and maybe say, “Let’s check this out and improve upon it.” But isn’t it better to think of some form of solution just in case the future becomes dire?

Like the EFF said:

This discussion can be a future precursor to something where people can look back and find solutions that others have thought of, or some systems that seem to be working but are still flawed in their implementation.

1 Like
138

There is no problem in doing that. But can you calm with the attacks please (as in questioning the critical thinking skills etc). Keep criticizing my proposal all you want. I want you too. As it is better to have both opinions out there. But just know I am going to defend it as it is my solution after all. People have already highlighted issues and it is something I want to work on to make better.

I understand you don’t like what I am discussing. I am not trying to be malicious here I am just trying to talk about something I believe in.

139

Nobody is attacking you. They are pointing out that you are being unreasonable. This is not a debate Terrance. You are ignoring the logic that people have patiently been trying to explain to you because you are afraid. I don’t even know why I wasted my energy when you are refusing to listen to reason. Why are you on a privacy forum if you don’t care about privacy?

That is not a good enough reason to move forward with invasive policies.

Yes he was.

Ahhh… there it is… you want to police people because they can’t be trusted. And somehow you know better… hypocrisy…

Yes it was for the reasons I explained that you ignored.

I’m not going to bother wasting my breath anymore so I’m not going to reply to your rage bait. You are wrong, and your proposal won’t keep kids safe. This is not a debate, nor is it even a conversation about privacy. You just want to argue your narrow perspective.

I’m out.

2 Likes
140

A point of a debate isn’t always trying to sway the mind of the person who made the proposal. It is about having the conversation to change the minds of the readers or listeners. But if you don’t think the conversation is worth it. You don’t have to continue.

You seem to be raging. I am fine with your opinion if you are not in favor of it. Doesn’t mean I have to agree. It is the pure dismissive tone as soon as you get in this form. and outrageous claims that I can’t work with. As it is all Whataboutisms about how you think the government is going to take and strip your rights away. You can’t debate with that. As there is no way to discuss anything.

I am trying to have a productive conversation around the use of private technology and advocating for legislation that will diminish governmental control.

I have already said multiple times that the solution doesn’t need to be age verification. Just think of any solutions giving parents more resources, more education. Just talk about solutions. If you don’t want my proposal to be one.

No, one is discussing just saying I am wrong and the proposal not to be discussed.

(Though there are some reasonable people that have interacted with me publicly and privately on the matter even if they disagree and are having honest discussions with me). Can’t say the same for most

As, some have strong convictions that it is not a real issue.

No, he clearly wasn’t. The court of public opinion is clearly different than actually being convicted in court. Still innocent until proven guilty.

The anchor falsely said “judges and two separate juries have found him liable for rape”.

But really your opinion on Donald Trump is just to conflate an argument and create a political uproar so that the solutions and discussions that could happen don’t happen.

Also you just cherry picking what I say to then to slander me is just another attempt, you don’t know me (how about instead of going to personal attacks try to stick towards the discussion at hand please).

You keep making me out to be unreasonable. But I am willing to listen. You just don’t like it if I disagree. I am sorry I don’t agree with a lot of you. But I am fine with you disagreeing with me and I am still here discussing.

1 Like
141

Buddy, read the room. And then the entire thread again. We have been trying to make you listen (and understand).

To still say I’m willing to listen means jack given your clear and obvious unwillingness to entertain the idea that this solution or any such solution is even remotely close to a problem that we should not have in the first place.

This still you?

Then what the fuck are you even on about the fact that you’re willing to listen? Do you not see the very obvious logical fallacy from your own statements?

I don’t understand you Terrance. Neither do most people on here.

2 Likes
142
My reason for posting my requested proposal:

I have seen others who agree with me. Small few they may not agree with everything but at least they are talking with me honestly. I can’t say the same for some.

I have honestly told you what I feel and why I made this post you still clearly want to change my mind which I’ve already told you I didn’t make this post to change my mind it was to have discussion with others to come up with proposed solutions with other people.

The discussion to change my mind is in Charlie Kirks post that Jonah responded too. Maybe that is where the confusing is. I haven’t gotten around to digesting it yet.

You can clearly disagree you have multiple times and nowhere have I said do not disagree with me. I said keep disagreeing with me it’s fine. But I will continue to defend my proposal as it is something came up with. Sorry I don’t agree with you.

Here

143

I’m talking about your words and comments, not trying to argue other other people’s words and comments.

Again, you’re deviating from what’s being said in each comment to keep this going for some reason.

144

Ok feel how you feel idc.

Continue to be you JG. I don’t understand you.

I wish you well! Take care!

EDIT: This will be my last comment on this thread. As, I am tired and can’t keep up with all the replies. I thank everyone for the discussion. Hope y’all take care.

145

Here’s my age verification solution: Bring back when parents policed the content their children consumed.

6 Likes