Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> Regardless, this wouldn't run afoul of this. This is similar to restricting who can buy alcohol, based purely on age; the identification process is just digital. MitID - the Danish digital identification infrastructure - allows an service to request specific details about another purpose; such as their age or just a boolean value whether they are old enough. Essentially: the service can ask "is this user 18 or older?" and the ID service can respond yes or no, without providing any other PII.

> That's the theory at least; nothing about snooping private communication, but rather forcing the "bouncing" to actually check IDs.

Hopefully the theory will reflect the real world. The 'return bool' to 'isUser15+()' is probably the best we can hope for, and should prevent the obvious problems, but there can always be more shady dealings on the backend (as if there aren't enough of those already).





Given the track record of digitalization in Denmark, you can be rest assured this will be implemented in the worst possible way.

This is Denmark. The country who reads the EU legislation requesting the construction of a CA to avoid centralizing the system and then legally bends the rules of EU and decides it's far better to create a centralized solution. I.e., the intent is a public key cryptosystem with three bodies, the state being the CA. But no, they should hold both the CA and the Key in escrow. Oh, and then decides that the secret should be a pin such that law enforcement can break it in 10 milliseconds.

I think internet verification is at least 10 years too late. Better late than never. I just lament the fact we are going to get a bad solution to the problem.

reply




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: