I am certain that Pornhub isn't doing this because they actually care about PII. However, I can think of a number of reason why they are taking this stance:
* They don't want the work to do the verification to be their problem, and to be legally responsible when (not if) it goes wrong.
* They know that age restricted devices are few and far between, so this is just an effort to kick the can down the road another decade.
* Even if all new devices support age restrictions, there will be a myriad of legacy devices that will continue to have access.
* They know people in the affected states will just use a VPN to another state anyway. If all the US eventually adopts these laws, they'll block the site entirely from the US and secretly fund and post informational videos on how to use VPNs to get around the restrictions.
* By blocking the states, they get more publicity for themselves, but also potentially anger a group of people into arguing their cause.
One thing that I think is interesting is that they are placing a lot of trust on reliable state-level geo-IP. They're only a few bad DB records or a BGP failure that routes people from these states to other servers away from a potentially costly fine. But maybe given the benefits above, this is just another cost of doing business for them.
I guess I didn't phrase that quite right. My meaning was that I'm sure they don't actually care about protecting the privacy of your PII. I'm pretty certain that they'd sell it if they had the chance and/or use it to sell adverts.
In fact, I'd hazard a guess that the only reason they have the ability to block users from certain states is because they already had that information as it made their data more valuable to advertisers. They're probably already sharing information down to the city or district level with advertisers.
It's really sad to me that our politicians (and other people pushing for this kind of regulation) think that viewing naked people online, even having sex, is more damaging to "the children" than seeing people's guts splayed out all over the place on TV and video games, heads chopped off with blood spurting everywhere, getting limbs chopped off, using machine guns to kill people, seeing kids severely bullied at school, and so on.
Of course, I don't really think the politicians give much of a shit about porn. They just want the mechanisms in place to monitor everyone's activities online, and porn is the easiest place to start. Then it will expand to everything else.
Why not allow liquor stores and other establishments that check IDs anyway issue a digital certificate that you are of age? Here's my ID, here's my pornhub account name, here's a service fee, digitally attest to the fact that I proved that I'm of legal age.
Seems like the real motive here is deanonymization.
When someone of age consistently buys liquor for minors, they'll eventually get caught in many cases, due to the likely rambunctiousness of inexperienced drinkers. Would the same be true here?
Maybe, but most of these purchases are by someone 21 (US Age) or a bit older to buy for friends. Very unlikely they will get caught. When I was young, everyone knew this was happening and these people were called "rum runners". And nothing was done. I doubt much as changed.
Back to pornhub. There is no way to verify age, have security and anonymity at the same time on the internet. What would be stopping a "rum runner" from sharing his ID with a friend ?
I think this is the main reason pornhub is blocking these states. They know it is really impossible to comply with the laws. They also know their customers want both security and anonymity. Once that trust is breached, customers will leave. For a good example there was that "affair" site a few years ago that had a breach and I think ended up folding.
I feel like there are three places that you can conceivably do age restrictions, each with their respective pros and cons.
On the client: The typical parental controls situation with a blocklist. Responsible adult sites could send an HTTP header like X-Adult-Content or something to ensure they would be blocked by clients with the controls on. This could be enforced by regulation, with devices for children required to respect that header in addition to shipping with a blocklist. This couldn't be bypassed with something like a VPN (which you probably couldn't install with parental controls on anyway), because it would be baked into the client.
In the network: Similar blocklist style situation - this already exists to a certain extent in some countries. Mobile phone providers and ISPs would be required to block adult content (via dns or similar) by default, with a toggle to switch it off available to the adult account owner. We already block illegal content this way.
On the server side: This requires adult websites to be cooperative, which they will only be if they care about the jurisdiction in question. This potentially pushes kids/others to access sketchier sites which wouldn't be blocked.
I am strongly for pushing this down the stack to the client. I don't have kids, but I'm pretty sure iOS and Android as well as MacOS and Windows all have robust parental control systems. I'm sure people use them, and we can safely encourage people to use them more. If they aren't on by default already for children, they could be.
Short of biometric verification with presence detection I don't see how it's possible to do remote age verification in a good enough way that you couldn't just use an adult's credit card or device to bypass it.
Anyone who knows anything about tech knows this is just a wedge issue, and people aren't interested in solutions to the actual problem of kids accessing inappropriate material, only soundbites.
I will never understand American culture. Titty visible - bad, dead schoolkids - ok. In many ways the country is spiralling into Gliead-esqe state from Handsmaid Tales and I can't stop watching it.
It's really quite simple. Guns are protected by the constitution so citizens have a fighting chance to overthrow a tyrannical government, porn is not. Whether or not guns are a net positive to society is a different discussion, but the reasoning is clear and simple.
> In many ways the country is spiralling into Gliead-esqe state from Handsmaid Tales
After having more progressive abortion and trans care laws than Europe (where parties like the "Christian Democrats" in Germany rule), how exactly?
The Republicans want to performatively participate in their moral panic by asking for (stupid) age verification; meanwhile, the Democrats control tech and media, AI stonecolds prompts with "Trump" as "dangerous content", they want to ban everything off the Internet they don't like, and would oppress free speech with Canada's new hate speech laws if they could.
Is there a way to prove your age without being identified/logging in? Surely some kind of OpenID style protocol can be invented for this with zero knowledge of personal information ending up with pornhub or which sites were being given age verification?
Even if every state started putting contactless chips into drivers licenses to provide anonymous age attestation, you'd still have the problem a kid can just use a parent's or older sibling's card.
And even if such cards did exist and they were considered legally adequate, you've still got the problem that nothing except smartphones can read them. And you've got the problem browsers don't support them, and app stores don't welcome porn-viewing apps.
Of course, this is all intentional - the religious anti-pornography groups that push for these laws consider it a good thing that complying with the law is essentially impossible. They want a full ban on pornography, but that would get struck down as unconstitutional, so they have to get a ban by indirect means.
> Is there a way to prove your age without being identified/logging in?
This comes up every time, but the purpose of the identity check is to ascertain (to the extent possible) that the person logging in is the person whose age you’re verifying.
If you completely separate identity from age checking using some cryptographic method, the loophole is that a single identity token with an adult age can now be used by everyone, everywhere to tell websites that they are above a certain age. So as soon as you did that, someone would just share (or steal) a token of valid age and post it online for everyone to use. Entire system subverted.
You could try to use a 3rd-party service that handles age check functions and implements some level of rate limiting to prevent this, but then you’re trusting that party to know about all of the porn websites and other places the person is trying to log in to. If that 3rd party is the government, well you’ve just created a convenient place for the government to collect stats about people logging in to porn websites.
> If you completely separate identity from age checking using some cryptographic method, the loophole is that a single identity token with an adult age can now be used by everyone, everywhere to tell websites that they are above a certain age
There a two counter techniques used to address that problem. Tokens can get time limited down to a number of seconds (10-30?), and a single token is only valid for one session at a given website (assuming the website honor those restriction on their side).
In addition, token providers may rate limit how many tokens a person may generate, and the application that request tokens may require a bit of work from the user (like typing a pin). Any person who need to do more age verification could be required to contact customer support to unlock such features, which also mean the provider can keep a closer eye on accounts that generate tokens in strange or abnormal patterns. Depending on how the market for identity providers are, different providers may provide different service and different levels of authentication.
In Sweden currently we are in a situation where there are multiple competing identify providers. They have to follow a certain certification, but the exact details of the technology varies a lot. There is a bit of talk to make those an open standard, including defining exactly what information the provider and the recipient should get. There is also the hope that the user application could be made generic, so switching/choosing provider becomes easy.
The problem with the technology in term of privacy is not so much in the protocols or cryptographic methods, but rather a social one. You can not create an fair identification system if all it does is ID control for porn sites, just as one can not create a VPN if all it can access is porn sites.
Most systems would require you to anonymously prove ownership of a the credential, not have an unchanging bearer token.
So yes, you could steal the private key I guess. But that is no worse than if you have to prove your identity; someone could get your password to your account.
One thing all the crypto coins show is that a central authority has its uses. What if you want to fix a bug in the protocol or upgrade it? What if due to some mistake you are identified as underage when you are over, or over when you are underage? There's nobody to reach out to.
A zero-trust protocol or computer system is all well and good, for some uses at least. A zero-trust society will not work. Or at least it will be significantly worse than societies with trust.
There are definitely components from the cryptocoin realm that could be repurposed in trust based systems.
zk proofs could be used to solve this problem.
- Govt runs a zk-prove-ident service
- User goes to PH and starts verification process
- PH does proof with Govt, this could be anonymous
Ideally the user's keys are part of their ID, if you lose your ID, you can get a new one. It's still a permissioned system, so no miners/stakers needed, we can make it possible to change/replace keys behind the scenes so the UX for the common people does not amount to "lose your keys, lose your money"
Someone would have to gather that data. It's not like a password that can be detached from physical reality. Your date of birth is somewhat inherent to your identity.
Setting aside the feasibility of an amendment and whether an administration would follow it, even just the ability to say yea or nay to anyone accessing information is chilling.
The government is not saying yea or nay, they are just providing proof of age or identity (not necessarily both, whatever the vendor website asks for, and the person allows).
Suppose I want to start a business where I don’t want the liability of having to deal with all the laws about minors. Then I can use the government API to only allow people over whatever age.
That's the intent of course, but it's just as easy to refuse to verify age for certain endpoints or provide incorrect verification. I'm trying to think how an authoritarian government would use this.
Any government can become authoritarian and start messing things up anytime. It’s not like identity/age verification API is cutting edge technology, any group in power that wants to use can use it now or anytime in the future.
That is not a reason for the government to not do something. We entrust them with nuclear weapons and aircraft carriers. Not to mention Snowden already proved the government has back doors into all the big tech companies, so it’s already not a secret who is visiting what website. And FISA courts and secret warrants under gag order and blah blah.
Whether that solves it just depends on who you're worried about having your data. Something like OpenID would keep your identifying data away from PornHub but it would allow the OpenID provider know when you visit PornHub.
For PornHub that also gives other companies, the OpenID providers, the power to censor PornHub but refusing to verify age or identity.
I dare say this would actually be even more harmful than Pornhub holding people's IDs, as it would then give OpenID immense power to track not only the fact that you watch porn, but also what other services you use as well...
That's my main gripe with OAuth and SSO logins. It's such an obvious tradeoff between convenience and centralizing power.
I don't really want GitHub knowing everything I sign into, but in some cases like Tailscale my only option is to tell GitHub about it or not use Tailscale.
Verifiable Credentials can be used in place of OpenID to allow a user to make verifiable attestations about themselves without the authority having to be present.
It would still have many of the same flaws as OpenID, but at least you accessing a site wouldnt notify the authority.
1. Introduce a X-PEGI HTTP header that sites can use to change the content. This would also be useful for other contexts such as cybercafes and whatnot.
2. Mandate that porn website abide by these headers.
3. Have responsible parents, lock their children's computers and add the appropriate header.
The adults then have access to the adult internet with no extra restrictions.
Yes. Apple has the tech already with their digital driver's license initiative. It's probably more secure at stopping kids from accessing porn because it involves the on device FaceID authentication of the ID holder and could be verified and attested to each session vs just punching in a DL or CC number.
We need only look at... (checks notes) every other profit driven company (thats all of them) to see how this will go when quarterly earnings are flat and/or falling
You can either have a zero knowledge system where the tokens are immediately compromised and widely shared that provides no authentication whatsoever, or you can have a system that has the ability to revoke compromised tokens that is not zero knowledge.
Or as we are likely to get, you can have a system that is both easily compromised and does not have zero knowledge, and the age verification industry is simply engaged in industrial scale lying to try and get themselves written into law...
The problem is that authority would be central, and that authority would know who you are. I think the questioner was looking for solutions that have no authority. Least of all centralized authority.
The problem will probably be adoption by services. It's a lot more tempting to get more information than just age, if you go through the hassle in the first place.
It's the whole of the EU, it's the new EU ID card standard, with biometrics and NFC on the card itself.
I'm not aware of any large scale user implementations of the protocol though (people have been getting compatible ID cards for years, but I don't know any software that uses them outside of probably cigarette vending machines in Spain). Do you know any?
> I'm not aware of any large scale user implementations of the protocol though (people have been getting compatible ID cards for years, but I don't know any software that uses them outside of probably cigarette vending machines in Spain). Do you know any?
I don't know if that's what you're talking about but, in Belgium for example, to fill taxes online and to do various other types of pointless administratrivia you must use your EID card, which you put in an EID card reader (typically connected by USB).
Now the EU-wide biometrics, a sheer horror (the EU court of justice ruled that the biometrics data can be used for other uses and stored in databases outside the card... although at first it was supposed to be private), isn't implemented all around the EU yet.
My EID car was emitted in 2016 and is valid until 2026 and definitely doesn't have any biometrics data in it. I don't know if the system shall already be put in place in 2026 when I'll have to renew it for another ten years.
My point being: biometrics and NFC are probably not present on a lot of EU citizens' ID cards... Yet. So, atm, it probably doesn't make much economical sense to support that system for random usecases like selling cigarettes or alcohol.
Filing my taxes is the only thing I use my EID for.
Then there are some EU countries using their own "2FA" authentication system for anything "government related" (taxes, car registration, company filings, banks login, social security, etc.), complete with physical devices, phone apps, webapps, etc. which aren't using the EU EID at all. Basically: an entire ID system, using 2FA, but bypassing the EID entirely.
I'd say overall it's still pretty much the wild west.
If your EID card has a photo on it, it has biometrics. The biometrics are the photo and fingerprints (if your country required them). The fingerprints are not accessible to terminals without a government certificate on them, but the photo can be read trivially. You can download one of many apps (ReadID or Regula Forensics are good options) to see what's on the card.
The standard is ICAO 8303 for how the data structures work. It's the same as ePassports. EU cards implement EAC for the fingerprints, which has a whole mutual auth PKI system.
This seems to be a Trojan horse for even further "personalizing" (de-anonymizing) the internet.
If one site can require FaceID (or any sort of attestation) then either some, all, or arbitrary sites can require the same.
I'm in the same boat... banking would be nice to support "non-anonymously", but why are they chasing against porn sites vs finance sites?
It's such a slippery slope imagining requiring "age verification" for dating sites/apps, then same-same for access to email, then it's only going to be news sites that don't require age verification.
(Whoops! Except NYT, WaPo, and the rest all have paywalls, and there's Fox ~News~ propaganda waiting in the wings to be "free, but needs your identity")
Slippery slippery slopes here, and it must be intentional.
>but why are they chasing against porn sites vs finance sites?
They view pornography as a purely or at least sufficiently negative presence, justifying going after it. Legislating to withhold it from children is more straightforward and politically palatable than an outright ban. The deanonymization of the internet is probably an acceptable risk more than a desired outcome.
I assume it's the same mindset as people who end free speech to crusade against hate speech.
In other news, residents of these states are reminded of the fact that Pornhub is perhaps among the most vanilla porn and above board porn sites out there compared with the likes of heavy-r, motherless, efukt, and no doubt far more depraved content a simple click away, and under the radar of these morality crusaders.
Don't assume that just because Pornhub doesn't include scat, drugged, zoophilic, voyeur, nonconsentual, and other more frowned upon content that it isn't still entirely available if you're foolish enough to let your kid on the Internet without monitoring.
Because this is not like ID’ing for cigarettes and alcohol.
Largely speaking, people do not want there highly personal, sensitive activity and preferences to be attached to their identity and maintained by some entity that either may get hacked or may use it in any number of nefarious ways.
Once again, porn may be on the forefront of pushing technology (VPNs) mainstream.
I’m
(Much more nuanced takes in the article. Ars is one of my favorite publications for this reason)
They're not saying age verification is wrong, but dozens of skeezy sites taking in personally identifiable information who should have no business in taking in personally identifiable information is a bad idea.
Pornhub advocate for devices to do authentication of ID (i.e. Apple has FaceID and a bunch of stuff for reading IDs already as part of their digital ID initiative) and then attesting the user is of age. This could remain entirely anonymous and more secure than a kid inputting his dad's drivers license number that he stole from the dad's wallet.
Sure, that’s reasonable. Let’s implement this. In fact Pornhub could have implemented this on its own and staved off the “need” for a government imposed solution. It knew there was a problem and did nothing.
I am going to make an interpretation that you think age restrictions are good public policy in general, and asking why others disagree. In the edit you say that "we all appear to agree that age verification is an acceptable goal", but I would disagree with that.
I find age restrictions to be good public policy in general if-and-only-if the target of the restriction has a clear cost that is shared socially. Abuse of tobacco products and alcohol has a clear link to medical health care and the government is responsible to fund health care. The link between tobacco and cancer is an established fact. Alcohol has a more fuzzy link with poor health, but I suspect it get less fuzzy regarding children.
The research that links porn and health is very much in dispute, similar to research that links violent movies and crime. At best it is inconclusive. Some countries has age restrictions on movies, others do not. There is also research on violent music and crime, violent games and crime, and the quality of all the research seems to be beyond poor. I do not think its good policy at all to construct laws using those.
My conclusion is that governments should not make laws without having good ground to stand on. Until the quality of the research improve I find it better to let parents and schools determine when a specific child is mature enough to view specific media, be that movies, music, games, porn, or any other media.
The vast majority of the people I've interacted with don't think hardcore porn should be viewable by children. Those who disagree and welcome to advocate for changing of the law in this regard. It is indisputable though that age verification laws regarding porn have been in place in the country for many decades. The internet is not special in that such laws/social mores do not apply. Such is my opinion.
In my country (Sweden) we do not have a specific age restricting law regarding purchasing porn. What we do have a generic law that forbid any film in cinema and TV broadcast from being viewed by children under 7, 11 and 15 years old if viewing that film is considered harmful for that age group. What is harmful is then delegated to a government department of censorship.
A funny thing however is that the department of censorship was closed down in 2010, being at the time one of the worlds oldest with a creation date of 1911. With the closure, the above law has no longer any practical effect but the cinema industry and TV broadcast still volunteer to honor it to some degree.
Historically, the department of censorship focused mostly on violent movies, but a famous examples was the cartoon Darkwin Duck which was deemed too violent for viewing by children. Teenage violence was often connected back in the days with violent scenes in specific movies.
Public support for government censorship is currently in minority. The vast majority of people seems to think that publisher, cinema owners, parents and schools do a better job in deciding what should be viewable by children. Occasionally a specific film or game jumps into the news (like GTA 5), but they tend to die down fairly fast. Porn discussions also pop up once in a while, but they die down similarly fast since support for a return of government censorship is really low and the political parties generally know this.
The only specific law about porn we do have is displaying of porn towards people without their consent in a way that can be seen as off putting. This target behaviors like people sending nudes to others without their consent.
That's a potentially reasonable argument, however there are a couple of issues mapping from the physical precedent to the digital world. In the physical world you would show your ID to the store clerk, or (more likely) not even be asked for ID at all if you were sufficiently old-looking.
In the digital world, everyone has to show proof of age, as there's no quick sanity check. Further, none of these states have a privacy preserving way of demonstrating age. All of them require either passing payment details or identity details to an intermediary or the website. The recipient of the identity then gets to hold onto whatever details you provided for the rest of time, and may use them for stuff like ad targeting. This is in an industry that is well-reputed for being scammy.
I literally cannot remember the last time I had to show proof of age to buy tobacco or alcohol. I'm middle aged - mid 40s, in fact - and places don't ask.
If I order alcohol, the reason I'm showing ID is to prove that yes, it was me that ordered it instead of someone else (and I'm showing my ID at the liquor store).
I've only bought porn twice - once a video and once a magazine full of naked men. I didn't get carded either time and this was back in the 90s. One of those times, I was 17.
And if I needed to verify ID online (for payments, etc), I have a secure way of doing that, which folks in these states simply do not have. The websites don't need to keep any information on file either. And this is the very thing that pornhub is objecting to. If they were rolling out age verification that already has some of this in place, it'd be a different story.
And a sidenote: I don't think it is all that wrong for a 17 year old to see what naked people look like. The rest of us need to be mature enough to make sure that young folks have a reasonable view of porn, including things like 'this isn't realistic and physically difficult for these reasons." A lot of so-called 'harm' is simply that we - the adults in the room - haven't held up our end of teaching.
I'm middle aged - mid 40s, in fact - and places don't ask.
Your appearance is the age verification. One can obviously tell you are of age to buy the products in question by looking at you. That’s the age verification.
Communities are permitted to determine what constitutes age appropriate materials and at what age those materials can be consumed. Such standards ought to apply to web content too. There is nothing special about online that indicates it should be exempt.
I may be in the minority, but the community does not raise my child. I do. As such, I will talk to them, set our family’s standards after consultation and monitor appropriately. If it turns into a discipline situation, I have no qualms about going there. Or if it turns into a praise situation, I have just as few qualms about going there.
Government regulation cannot and will not replace parenting. If government regulation worked, groups like Mothers Against Drunk Driving would not have to exist.
Moral is - talk to your kids. If porn is too hard to talk about, you weren’t ready to have children. It’s time to start building relationships with trustworthy adults who can talk about porn, sex, consent and all those other wonderful things with them. Because guess what dude? If parents don’t, someone will and their intentions may not be good.
Communities set some standards of behavior. This has been always been true. While the government doesn’t replace parenting it does enforce standards of conduct. Like requiring parents to feed their kids or preventing businesses from selling porn to your child.
If government regulation worked, groups like Mothers Against Drunk Driving would not have to exist.
MADD is precisely the kind of community action that is successful. They made people aware of a problem and government stepped in to help provide a solution. Drunk driving fatalities were reduced as a result.
…you weren’t ready to have children.
Lots of people are ready to have kids and have them. A healthy society tries its best to prevent such kids from suffering too greatly from the misfortune of being raised by a moron. A healthy society tries its best to prevent morons from enticing kids of good parents such as yourself to do things that are harmful. Hence we try to keep people from selling drugs to kids. We don’t have 100% success at this but this isn’t a valid reason to not try.
I might be too cynical, but when I see governments roll out initiatives like this, all I see are campaign slogans.
Meanwhile, we’ve got kids living in poverty or in foster houses of horror and those topics don’t get the same attention.
In our family, porn is a gateway topic for us to start talking about issues like revenge porn, sexting and all that other stuff that is right around the corner for us.
So this is a tricky one for me and I guess I don’t understand why porn is so important. Its existence is helpful for me because of the topics it can help bring up, but we talk about everything from periods to child birth so I know that’s likely rare.
I’m maybe trying to impose my attitudes too much on others so I just can’t understand. I apologize if I’ve been obtuse - I am so I don’t really have an excuse. :)
> I literally cannot remember the last time I had to show proof of age to buy tobacco or alcohol. I'm middle aged - mid 40s, in fact - and places don't ask.
I'm older than you and I'm carded every single time I buy tobacco or alcohol. The policy on showing identification varies widely depending on region, both due to the actual law and store policy.
Typically because there are incredibly poor laws around retention and use of private information collections and I typically loathe having any company retain my personal information without a really good reason (and this isn't a good reason).
> It is already the case that for the most part whatever we do online is known by some third party entity. Online privacy is essentially dead and has been for many years. I’m not implying this is good or desirable but that it is just the reality of things.
This is a very defeatist point of view. It is still possible to choose not to share the majority of your online activity with third parties.
Online privacy is essentially dead for people who don't bother maintaining it.
My online privacy is still largely intact, and I will do my best to keep it that way.
Verification maybe? I don't like the idea that a porn website could tie my real identity to the watch history (I assume you have to be logged in once you verified) and sell that to whomever.
According to TFA they don't oppose age verification, they oppose the required method of age verification, namely submitting personal information and IDs.
They say they would support secure verification, I guess like having a digital signature from an authority, like the government.
I wonder if PornHub is doing anything to help this happen, though. I doubt it...
They do oppose age verification because despite knowing there was a problem of underage people viewing their content they did nothing to stop this. Now a government solution has been imposed they are acting as if they are now some how a responsible business.
I don’t know the answers or the right way to implement things but age verification is not an unreasonable requirement.
Maybe you're right, but in the real world I'm already getting multiple letters a year from companies that have my PII and have had an unexpected breach. The issue isn't policy, it's implementation.
We have a few different things going on here. First, age verification requires sharing a lot of PII with some of the dodgier companies on the web. Pornhub’s business past is shady…and they may be the least shady of the lot. Second, things like gay rights aren’t a solved problem. The most awful fact in all of this is that people can be killed for watching gay porn in many countries. If a country changes its policy dramatically, porn sites will have a database of people who have watched gay porn in their country.
When someone physically checks my ID, I can be reasonably sure that it’s not going to be in a database. You could do age verification without a database, but it would be one hell of a lot easier with a database. And again, we’re looking at some of the dodgiest businesses on the web.
Strawman. PornHub doesn't argue against age verification, it criticizes the poorly designed implementation.
Showing my ID at the liquor store to buy alcohol is not comparable to having to put my ID and PII in a poorly secured database. Databases that get breached again and again with virtually no consequences for the owner.
Sadly this is a feature not a bug for the lawmakers who wrote the laws. They want databases of PII to be breached in order for porn consumers to be publicly named and shamed without the political blowback or getting their hands dirty.
The question isn't so much does a person look at porn, it's more what porn do they like. If pornhub is storing the personal information, it could be matched to specific videos, which if it's at all fetish-specific could be blackmail material.
I’m sure they are thinking of certain colleagues to expose. That is why they passed the law. The kinds that could be threatened into compliance with rank and file.
And future congressmen too. Jeffrey Epstein was known for playing with this kind of power.
Pornhub could have implemented age verification a long time ago and didn’t. It didn’t suggest such a thing despite knowing underage kids were viewing their content. Now they try to act all reasonable. They aren’t a victim in this. They waited until a political solution was imposed to propose reasonable steps to combat the problem.
I’m all for reasonable solutions and don’t know the best way forward. I do know there is a problem with kids viewing content on these sites and I do know that these sites don’t care about that because none of them ever tried to do anything to prevent this.
Do you really think they give a damn about privacy? If they care so much about privacy, wouldn’t they also be proclaiming how their website doesn’t track you and gobble identifying data? Or is it they are just hiding behind that argument because it sounds noble and their real concern is a business one?
Also, how secure do you think the state systems are that provide those ID’s?
* They don't want the work to do the verification to be their problem, and to be legally responsible when (not if) it goes wrong.
* They know that age restricted devices are few and far between, so this is just an effort to kick the can down the road another decade.
* Even if all new devices support age restrictions, there will be a myriad of legacy devices that will continue to have access.
* They know people in the affected states will just use a VPN to another state anyway. If all the US eventually adopts these laws, they'll block the site entirely from the US and secretly fund and post informational videos on how to use VPNs to get around the restrictions.
* By blocking the states, they get more publicity for themselves, but also potentially anger a group of people into arguing their cause.
One thing that I think is interesting is that they are placing a lot of trust on reliable state-level geo-IP. They're only a few bad DB records or a BGP failure that routes people from these states to other servers away from a potentially costly fine. But maybe given the benefits above, this is just another cost of doing business for them.