Comment by zevv
4 months ago
So, what will be the proper technology to apply here? I have no problem with verification of my age (not the date of birth, just the boolean, >18yo), but I do have a problem with sending any party a picture of my face or my passport.
Discord got me to do this about 2 weeks ago (I'm Australian so they seem to be rolling this out here too), at least for the face scan the privacy policy said it occurred on device, so if you believe that you're not sending anyone images of your face.
Fascinating. If it really isn't sending the face images, spoofing the verification could be as simple as returning a boolean to some API.
we don't store your face [just the unique biometric metadata weights]. a computer doesn't need a picture to identify you, just store the numbers and you can legally claim you aren't "storing the picture".
Maybe someone like apple will make a "verify user looks over 18" neural net model they can run in the secure enclave of iphones, which sends some kind of "age verified by apple" token to websites without disclosing your identity outside your own device?
Having said that, I bet such a mechanism will prove easy to fake (if only by pointing the phone at grandad), and therefore be disallowed by governments in short order in favour of something that doesn't protect the user as much.
Apple lets you add IDs to your wallet in some jurisdictions. I wouldn't be surprised if they eventually introduce a system-wide age verification service and let developers piggyback on it with safe, privacy-preserving assertions.
This is a social problem and as such cannot be solved with technology. You would have to make social media so uncool that young people didn't use it. One of the easiest ways of doing this is associating it with old people. Therefore the fastest way to get young people off discord is to get geriatric on discord and en-mass.
Underage drinking is a social problem.
The issue isn't social media is bad, the issue is that social media has no effective moderation. If an adult is hanging out at the park talking to minors, thats easy to spot and correct. there is a strong social pressure to not let that happen.
The problem is when moving to chat, not only is a mobile private to the child, there are no safe mechanisms to allow parents to "spot the nonce". Moreover the kid has no real way of knowing they are adults until it's too late.
Its a difficult problem, doing nothing is going to ruin a generation (or already has), doing it half arsed is going to undermine privacy and not solve the problem.
OIDC4VCI(OpenID for Verifiable Credential Issuance)[0] is what I think has the most promise.
My understanding is that an issuer can issue a Credential that asserts the claims (eg, you are over 18) that you make to another entity/website and that entity can verify those claims you present to them (Verifiable Credentials).
For example, if we can get banks - who already know our full identity - to become Credential Issuers, then we can use bank provided Credentials (that assert we are over 18) to present to websites and services that require age verification WITHOUT having to give them all of our personal information. As long the site or service trust that Issuer.
[0] https://openid.net/specs/openid-4-verifiable-credential-issu...
You mean without giving them any personal information other than where to find your bank account.
It doesn't have to be your bank if you don't want, have the DMV be an issuer or your car insurance, or health insurance or cell phone service etc.
You choose which one you want you want to have assert your claim. They already know you. It's a better option than giving every random website or service all of your info and biometric data so you can 'like' memes or bother random people with DM's or whatever people do on those types of social media platforms
6 replies →
Variation of PassKeys could work well.
Especially if it was tightly integrated into the OS so that parents could issue an AgeKey to each of their children which sites would ask for.
Parents?