← Back to context

Comment by fluidcruft

10 days ago

I'm pretty sure all you need is the ability to login to a website and for that site to vouch for your age based on having examined your identification documents (or something like a network of PGP web-of-trust type notaries). I have a hunch that using a hardware token and biometrics is required to prevent fraud (FIDO and passkeys etc should work). The trick is preventing simulated tokens from existing/working which is where secure boot etc enter the picture.

4 comments

fluidcruft

Reply
Aachen  10 days ago

Can you clarify what fraud you're thinking the "secure boot" (which I take to mean: being denied the access to control your own device) would prevent? Since the identity documents you already have, have this chip that works the same as your bank card, you really don't need a relaying party (your phone, your ISP, etc.) to be trusted for the receiving website to be able to verify the cryptographic signature on the data

  • fluidcruft  10 days ago

    Fraud would be someone who is not you using your identity.

    • Aachen  9 days ago

      So the scenario this is needed for, is where someone does a physical and technical attack on your phone just to extract the key from this app that says you're 18+. That would be why nobody can have access to their own data anymore

      I'm sorry but that cure is definitely worse than the disease. This is not an attack you see outside of spy movies

      1 reply →