> The loophole that every kid everywhere would instantly figure out is that they just need to borrow their mom’s ID, their older brother’s ID, or a pay some Internet service $1 to use their ID.
Do most kids have their parents' ATM card and PIN? Their Gmail credentials and 2FA device? Tons of stuff today relies on a secret the parents aren't supposed to share with their kids. When logging in on a device that wasn't marked "remember this next time" it should be requiring 2FA. Yes, your 19 year old bro can get you porn, but that's been true for like 60 years buying Penthouse at the liquor store.
Of course all this is academic, since the fact is that because things like oAuth are not intuitively grokkable by non-computer people, so no one would accept "having to sign into <porn site> with GovSSO" even if everything was verifiably privacy-respecting.
Do most kids have their parents' ATM card and PIN? Their Gmail credentials and 2FA device? Tons of stuff today relies on a secret the parents aren't supposed to share with their kids. When logging in on a device that wasn't marked "remember this next time" it should be requiring 2FA. Yes, your 19 year old bro can get you porn, but that's been true for like 60 years buying Penthouse at the liquor store.
Of course all this is academic, since the fact is that because things like oAuth are not intuitively grokkable by non-computer people, so no one would accept "having to sign into <porn site> with GovSSO" even if everything was verifiably privacy-respecting.