In some states stores are required to scan IDs. I'd be surprised if e.g. Kroger weren't storing that information. All of these porn laws I've read at least ban any storage. As far as I know digital ID standards are also at least designed to allow only sharing "over18" without other identifying information.
Kroger is most definitely storing this information. I rarely shop any Kroger store, but when they started doing IDs scans, I shop there less and no longer buy anything that requires my ID.
Similarly, Wal-Mart seems to know who I am based on my card transactions. When I swipe my card they ask if I would like a paper or an SMS receipt. I’m still not sure how they got that number association.
You don't actually provide it to the porn site. Everything goes through a 3rd party escrow. The site you're trying to access only gets a message from the trusted ID partner that you are indeed the age you say you are.
Now, I still hate the idea that any corporation is storing my ID, but it's not every Tom Dicken' Harry porn site you might be viewing.
How could they be separate issues when the submission of an ID image obviously enables both the subsequent storage of the ID and also the presentment of the ID to others.
We know that very few organizations are capable of effectively controlling confidential information that they're legally bound to keep confidential. Requiring things that are going to lead to large stores of ID images is asking for trouble.
When you show your ID in a store, the clerk generally doesn't retain a copy of it, and if they do, it's apparent because they take the card to scan it... regardless, they can't take the scanned copy and present it at another store, because the other store will detect that it's not an original.
Birthday attack: most places punch the eight digits MMDDYYYY into the keypad. You think you're safe, but that's 1 in over 20,000 uniqueness practically. Each store has how many local regulars? Sure sometimes there's overlap in birthdays, but it's unique enough.
