What is there to stop the government from later issuing a request to the service owner/operator, by court order, for a list of those verified and the tokens used to verify them (thus linking the accounts and their data to the individuals and their identities)?
Deleting the tokens after verification, presumably. You don’t need to save the token after verification, you set a flag on either the account or the session and discard the token.
There are, of course, always ways. If the government starts tracking at which times tokens were used, and merchants store a timestamp of purchases of age gated content, which is probably required anyway for all purchases, you could get at least some hints on who bought what by comparing first purchase of account with verification time, since it’s likely for those two to be very close together. And that’s just off one data point.
Of course, the moment you pay with anything other than a prepaid voucher bought with cash in a place you don’t normally frequent, you can do similar things with the payment data. Or, if you pay with card, your info is right there.
That said, a government going that far will find any excuse to lock you up anyway, so I don’t have an issue with the method per se. However I still don’t think it’s very necessary to go this far to lock 18+ content online. If anything I’d rather want to see something like this used for spending limits in f2p games and such.
What is there to stop the government from later issuing a request to the service owner/operator, by court order, for a list of those verified and the tokens used to verify them (thus linking the accounts and their data to the individuals and their identities)?
Deleting the tokens after verification, presumably. You don’t need to save the token after verification, you set a flag on either the account or the session and discard the token.
There are, of course, always ways. If the government starts tracking at which times tokens were used, and merchants store a timestamp of purchases of age gated content, which is probably required anyway for all purchases, you could get at least some hints on who bought what by comparing first purchase of account with verification time, since it’s likely for those two to be very close together. And that’s just off one data point.
Of course, the moment you pay with anything other than a prepaid voucher bought with cash in a place you don’t normally frequent, you can do similar things with the payment data. Or, if you pay with card, your info is right there.
That said, a government going that far will find any excuse to lock you up anyway, so I don’t have an issue with the method per se. However I still don’t think it’s very necessary to go this far to lock 18+ content online. If anything I’d rather want to see something like this used for spending limits in f2p games and such.