Why are people so bothered with govt requiring a single photo for some websites when private companies already have all the data of almost all humanity?
As a Brit I don't really care too much about the age verification aspect. It's stupid and easily circumvented but I'm happy to just ignore sites that expect it.
I'm far more bothered by this being yet another nail in the coffin of web forums. The issue is the burden the regulations place on any site which hosts user-generated content. For small low-risk sites the burden isn't all that great - OFCOM have some guidance on their website - but it's still enough to be offputting. A 100-user web forum isn't going to want to bother with it, so those run by UK nationals are just pulling the plug, while those run elsewhere are just blocking UK users because it's the easiest solution.
Which reminds me, I should go and disable comments on my blog...
Because it could end up with the government blocking access to websites critical of it, or going after individuals accessing such websites as they will now have all "proof" they'd need for that.
In an extreme case, they could potentially blacklist your ID to prevent you from spreading "harmful" political opinions, cutting you off the web entirely.
The OSA doesn’t make any provision for the government blocking access to websites that are critical of it. This is a pretty long slippery slope that you’re talking about, where the government directly enforces the rules instead of OFCOM, and the rules are substantially different from those currently in force. In other words, you are basically just saying that “things might get worse”. This is true, but it’s not really a very strong criticism of the OSA (which I do not support).
Also, any hypothetical attempt to abuse the OSA to rein in political dissent would almost certainly be subject to legal challenges under the ECHR.
There are many reasons that you could research with a quick search but simply put, it breaks the anonymity of web use and has huge implications for intentional and unintentional surveillance and data misuse. What is asked for here is much more and much more strongly linked to an individual than the data you refer to.
It requires everyone to upload either ID and/or high quality photos & videos of themselves to a random company. Not just one company one whomever a website chooses for age verification, which can include doing it themselves. This creates multiple massive treasure troves of IDs that will attract hacking attempts (for example the Tea app breach). It creates opportunity for blackmail from this data (for example the Ashley Madison breach but much worse). For those age verification services that require a photo/video, that creates a resource for deep fakes. Plus any 15 year old boy worthy of their digital device will be able to get around age verification using fake id/photos or a VPN, whilst a less savvy adult trying to access information about quitting drinking or drug abuse will face a barrier.
And this is for ANY website that has a very broad range of content that the OSA mandates age verification for. It's easier for a website to err on the side of caution and just block the UK. That especially includes websites that have zero reporting back to Meta/Google/etc... for usual marketing profiling. If anything it pushes more people into the limited, monitored and advertising driven Meta/Google web.
Most of the 3rd parties being used for this are based in the US. You're sending your photo and details to a foreign entity. That same foreign entity is likely used by lots of sites.
Oh look, that foreign entity now has a profile of you, and what sites you've visited.
Fast forward a year, they get hacked (or maybe even just sold), a copy of your personally identifiable details are pinched along with your browsing history.
I really really hope you weren't being naive enough to go down the utterly stupid "nothing to hide" route with your line of thinking.
