I dont see how the second cert that goes to the site is useful if it isnt still associated with the first, but I also wouldnt trust the state to abide by an untraceable standard to begin with because identifying individuals by their accounts is in their interest.

I get where the enthusiasm for cryptography is coming from, but I think it’s misplaced.

A state issuing a cert file has to be able to verify that it goes to the intended person. The state would have to know the ID of the person they’re issuing it to, otherwise it wouldn’t function as intended. Similar to blockchain wallets - they are anonymous all the way up to the point of fiat exchange, where most state actors can still end up ID’ing wallet owners.

Even if you try obscuring that information via encryption, it still gets signed by a ‘trusted’ authority at the end of the chain.

Even in theory this is a shit idea.

The problem is that it’s stored outside of your control and accessible without your consent. This system addresses those issues.

Sorry, I just don’t agree with this, either. It isn’t just that it’s a third party, it’s that verification necessarily ties your device to your personal identity at all. No matter how you store the actual identity data, there needs to be an identifier associated with every device/account. I’d be fine if the OS just asked for my age and didn’t verify it with my state-issued ID - but if there’s any cross-checking involved that’s a dealbreaker.

If there were any possibility that a state actor had interest in identifying my personal identity of this account, and there was a record that pointed to my name, SSN, or other unique personal identifiers, i’d be absolutely fucked. There are really good reasons not to want social media accounts tied to real, verifiable identities - even if you think social media should be limited to adults (i’m not on willing to concede this, for what it’s worth).

It doesn’t matter if the data is stored on your local device - if it’s being verified by a state authority at all, that’s a huge problem.

The problem isnt just that the third party can abuse their access to your information, it’s that it is digitally stored and certifiable at all

The most secure data providers in the world have all basically had data breaches by now - including the IRS and US government. There is no party that can guarantee data security, even if they themselves are benevolent.

And for what purpose are we willing to gut privacy online? So it’s marginally more difficult for minors to obtain porn?

GTFO. De-anonymization has always been the goal, not ‘protecting the children’.