acoolusersknee t1_iuf33lx wrote
Reply to comment by Poltras in Online age-verification system could create ‘honeypot’ of personal data and pornography-viewing habits, privacy groups warn by Lakerlion
So the problem I see is the only way to verify age is via some form of identification. That identification is going to be stored and sold whether the website admits to it or not. You shouldn't expect to have a quality discussion with anyone on the internet until they display that they are capable of having one.
685327593 t1_iufc1oj wrote
Exactly. Only way to verify age is to verify identity. The two can't be separated.
Uristqwerty t1_iug996y wrote
Pretty much everyone has a phone, right? And pretty much every phone has a TPM that can store cryptographic keys and self-destruct rather than ever let them leak, right? So, you need two keys: One proof-of-age key that's the same for everyone, perhaps generated fresh each month by the government, for which simply having access to the key says that you're over the threshold and nothing more. Then, a unique-to-you key generated by your phone that is only used once a month on a fixed date to fetch the latest proof-of-age key. Setting that one up may require visiting a government office in-person once to verify your identity. Then, everyone over 18 in a single nation looks alike to the websites asking for your identity. To ensure they don't sneakily swap out the proof key for targeted individuals, each month's public half would be made public, for all users and websites alike to see. Perhaps have the TPM verify a fingerprint or face match before unlocking the proof key.
And if that's a scheme that a cryptography amateur can come up with in minutes, based on a high-level understanding of TPMs and SSL certificates, imagine what someone who properly understands M-of-N secret sharing, zero-knowledge proofs, and all sorts of other clever mathematical tools could do, given months to refine their design and peers to identify and help correct flaws all along the way!
KonChaiMudPi t1_iufekys wrote
This is the biggest problem, and this is entirely why I’m against it. Either A.) Your age cannot be rigidly/effectively verified, because it’s a gameable system, or B.) Your age is directly tied to information that is far too personal to disclose in this way.
As an aside, a big problem with this proposed system is that exposing minors online as minors makes them even bigger targets for exploitation, all while someone who manages to impersonate a young person is given the perfect sheep’s-clothing to do it in. It is an extremely dangerous concept.
Bhraal t1_iufuqvd wrote
> all while someone who manages to impersonate a young person is given the perfect sheep’s-clothing to do it in. It is an extremely dangerous concept.
If the system is based on positively identifying someone as a minor I can totally see someone having/getting access to the credentials of their own or a relative's kids and using that to set up a profile. Hell, if they are controlling enough they could probably use a kids actual account and pressuring them to stay silent.
On the other end parents let their guard down because they believe everyone else their kid can interact with is verified.
KonChaiMudPi t1_iufxf3z wrote
> On the other end parents let their guard down because they believe everyone else their kid can interact with is verified.
This is the biggest problem even today with online safety is parents who don’t take accountability for protecting their kids. With the current state of the internet, it needs to be treated a lot like a public place. Would you let your young children just free roam in public and interact with whoever with no supervision?
It’s challenging because I see both sides of that conversation, I’ve been a minor who often felt monitored, and who escaped into online communities, and it is important that kids can have some sense of privacy. In a broad sense though, I think parents still need to be aware of roughly how their children spend their time online and roughly who they are interacting with.
I’ve seen a few different stories lately about parents suing major tech companies because their children got hurt by people online or through an online platform. I understand the desire to lash out in a challenging situation but the truth is as a parent you need to be responsible for protecting your children online, because the world won’t do it for you.
[deleted] t1_iufiffd wrote
Agreed, I am against this as well. This doesn't have to be inevitable, we can fight against it, and we will.
leopard_tights t1_iufdpzh wrote
You set up a trusted partner (like with the new passkeys) that verifies that you're of age, or over X years old, not the exact number. And that's it. Easy peasy lemon squeasy.
Viewing a single comment thread. View all comments