Making the certs short-lived (a few minutes) and single use and having a rate limit for users could make it difficult enough with serious risks (if you make it a crime) for little profit (I doubt many kids will pay serious amounts of money to watch porn; definetly not drug-scale amounts of money).
homoludens
joined 11 months ago
“Kids shouldn’t be driving cars, it isn’t safe!” Yes, but somehow we have made it 100 years without requiring proof of age/license to start the car.
Driving is a much more visible activity than looking at your phone in a locked room though.
Signups + random checks to prevent reselling accounts.
They can only subpoena your data if it is stored. Make the code open source (by law) and only store the cert, no connection to the user.
How do you prevent valid certs from being sold?
Sold by whom? The created cert can be time limited and single use, so the service couldn't really sell them. You could rate limit how many certs users can create and obviously make it illegal to share them in order to deter people from using them. That's not enough to prevent it completetly, but should be an improvement for the use cases I hear the most about: social media (because it reduces the network effect) and porn (because kids will at least know that they're doing some real shady shit).
I was using the wording of OP who seems to be talking about tokens. The service asks the trusted entity if the token is valid, the trusted entity deletes the token after the first time.