EU parliament accepted a last minute amendment, mandating age verification for pornographic (whatever that is) content online, punishable with up to one year prison sentence.
This was rolled into a directive concerning CSAM. Because adults accessing porn need to be de-anonymised to avoid child exploitation?
the provider knows who’s asking because of the IP address and API key of the requester. if it uses a form with a redirect, they even know your IP and what page you were on, tied to your legal identity. if the provider makes any API requests to a government registry, now that knows the when, the how, and (categorically) the what. short of a statement of ‘no logs’ and an audit to confirm as such, there is definitely logs. hackers love this information. data brokers love this information.
the problem is not the service knowing. it’s anyone knowing. the provider deänonymised you the moment you gave your id. the precise implementation details are important here.