Other approaches are possible. I'm particularly keen on ones that treat attestations as anonymous digital currency and use cryptographic penalties like slashing to discourage copying post-hoc instead of relying on EU-style implementation certification.
There's a huge literature on the subject I don't want to reproduce here. The point is that yes, we do have the technology to do attestation without sacrificing privacy, which makes all the calls for non-privacy-preserving attestation awfully curious.
I'm surprised anyone considers this viable.
It would limit access to those sites to a limited set of acceptable devices and operating systems.
I couldn't use my laptop, desktop, or a jailbroken phone.
Or make it so that tokens cannot be tested except by spending/burning them, which would significantly reduce (but not eliminate) a black market because it would be hard for any buyers to trust any sellers.
The best outcome here is going to rest on getting people to agree that "good enough" is the best outcome. We want a system that gets the broad social results (e.g. less brain-rot in the kids) without being so impossibly strict and overbuilt that it leads to an even-worse problem (e.g. authoritarian hellhole tools.)
I'm not talking about minimizing effort or deferring decisions.
What I mean is that there are conflicting and competing goals, where you need to accept that one of them must not be prioritized over all the others, because the overall outcome will be worse.
If so, this stuff is already broken, and imagine it would be pretty simple to apply the same principles here.
I'm probably wrong on this though I'm out of my depth
Yes, that can eventually be worked around, but not really that different than doing the verification today on someone else's device.
So I'm constantly grabbing new tokens from the government every time I go from work WiFi to my cellular internet to the train WiFi and then home?
Sounds like a fantastic point for capturing more tracking data.
> /geolocation.
Which means I have to send my geolocation data to apps to confirm I can use my token?
Don't want that either.
> It would also throttle the number of identifications,
And if I move around too much in one day or change networks too often, I'm unable to log into anything until tomorrow?
No, you don't need to send it there.
Every time you set up an account, would generally be the idea. So relatively infrequently.
"Use this exact tor/vpn server"
>It would also throttle the number of identifications
So I can only wank off 5 times a day, or grant access to porn sites for 5 kids?
The anonymous crypto token scheme does not have any trace-back mechanism like this at all. If there's no way to track those tokens back to you, why not sell them for $1 each on the internet to make some extra money?