← Back to context

Comment by PunchyHamster

1 day ago

The problem is that there is nothing done to protect privacy.

There is already plenty of entities that not only have reliable way of proving it's you that have access to account, but also enough info to return user's age without disclosing anything else, like banks or govt sites, they could (or better, be forced to) provide interface to that data.

Basically "pick your identity provider" -> "auth on their site" -> "step showing that only age will be shared" -> response with user's age and the query's unique ID that's not related to the user account id

1 comment

PunchyHamster

Reply
zdragnar  1 day ago

I don't disagree that the implementation is all kinds of wrong. I'm just surprised it took them this long to compel it.