One of the projects I am currently involved with features erotic content. For the time being we have eliminated all pictures that could be illegal (at least in our country), but it would be so much nicer to have a reliable age verification system.
Are there any good solutions for that, preferably covering as many countries as possible? For example, I am pretty sure that for Germany the standard "credit card check" is insufficient, as the law will just argue that "the child might borrow the credit card". Would it be sufficient for the USA, and is there a way to check the country of origin that our users are coming from?
I noticed on a few commercial sites (I believe it was an Anheuser-Busch site) that asked for your name and city, state (and possibly email for unique identifier?). Then, it magically age verified you. It was pretty nifty.
I suspect just verifying by name and address would be too easy to hack by the kids? Just enter their neighbour's address and name...
Personally I would consider credit card ownership as sufficient, as I think they are only handed out to adults? If a kid steals the credit card it is probably so spoiled already that some erotica won't do much further harm... But the law doesn't agree everywhere.
Most companies are using Maxmind GeoIP database for IP-Location lookup.
In general there is almost no practical way to verify age. Credit cards are the best filter, and even that has flaws.
Have a legal disclaimer that must be accepted before any content is available (cookie-based). Ensure your obeying your local laws regarding distribution of pornography.
I have googled, but it is difficult to judge the services that come up. (Edit: just found that Idology seems to verify based on street address - good enough for a mail order company, I guess, but probably not for access restrictions to a web page?).
It is of course a legal question, but also a technical one. For example it is a technical question if I can determine the country my user is coming from. I suspect not, though (user could use proxy in other country) - or at most, one could determine a probability and then it would again become a legal question.
I am fairly certain that it is possible to determine country by IP. I have seen this done before in several cases: some products with encryption are illegal to "export", and thus restrict the IPs that can access them. Also, I have seen the same for content providers who only have a license for a certain market (specifically I have seen a Japanese company restrict their content to "Japanese IPs").
You make a good point about proxying through different countries, but I don't think in you would be liable for that. Often these things work on some sort of a "reasonable effort" type clause, because its impossible to verify with complete certainty someones age programmatically.
Perhaps asking them trivia about music that was in style two decades ago...
Are there any good solutions for that, preferably covering as many countries as possible? For example, I am pretty sure that for Germany the standard "credit card check" is insufficient, as the law will just argue that "the child might borrow the credit card". Would it be sufficient for the USA, and is there a way to check the country of origin that our users are coming from?