Comment by cocoto

Discord does have a problem with grooming.

How about just requiring browser, OS vendors, and phone makers to give parents real child accounts that are easy to use and keep kids off the Internet?

[dead]

You're not wrong, but I have had to do video verification over a phone once, and it seemed quite advanced. It would flash through a number of colors and settings and take probably 30 frames of you. I presume they're checking for "this came from a screen and not a human", but of course I have no idea how it works, so I don't know if it's truly sophisticated or not.

As I understand it, 'Windows Hello' requires a near-IR image alongside the RGB image.

It's not the fancy structured light of phone-style Face ID, but it still protects against the more common ways of fooling biometrics, like holding up a photo or wearing a simple paper mask.

Windows Hello cameras are all "depth" cameras so a flat photo won't pass muster.

I do like the idea of the “this is a child” taint (ok, terrible name but I really think it should be a near-unremovable thing on a platform like Apple’s that’s so locked down/crypto signed etc).

Like, you’d enroll it by adding a DOB and the computer/phone/etc would just intentionally fail all compatible age checks until that date is 18 years in the past. To remove it (e.g. reuse a device for a non-child), an adult would need to show ID in person at Apple.

Government IDs could be used to do completely privacy preserving, basically OpenID Connect but with no identifying property, just an “isEighteenOrMore” property. However, i agree it’ll never happen in the US because “regular” people still don’t know how identity providers can attest without identifying, and thus would never agree to use their government ID to sign into a pornsite. And on top of all that yeah nobody trusts the government, basically in either party, so they’d be convinced the government was secretly keeping a record of which porn sites they use. Which to be fair is not entirely unlikely. Heck, they’d probably even do it by incompetence via logs or something and then have people get blackmailed!

> where the platform doesn’t see your ID

ID checks aren't very worthwhile if anyone can use any ID with no consequences.

How long would it take for someone's 18 year old brother to realize they can charge everyone $10 to "verify" everyone's accounts with their ID, because it doesn't matter whose ID is used?

this is already how the EU infrastructure for digital ID works, basically. Using public/private keys on your national id, the government functions as a root authority that you (and other trusted verifiers downstream) can identify you with and commercial platforms only get a yes/no when you want to identify yourself but have no access to any data.

South Korea also has had various versions of this even going back to ~2004 I think.

I see this currently being pushed by some politicians in the EU. And I have a slight suspicion that some of these politicians are literally lobbyists.

The "oh my god, think of the children" is similar to "oh my god, think of the terrorists". I am not saying all of this is propaganda 1:1 or a lie, but a lot of it is and it is used as a rhetoric tool of influence by many politicians. Both seems to connect to many people who do not really think about who influences them.

In functioning states, the ID contains a chip with a private key that can be used to sign a message, and ID verification would not be an image of the ID card, but rather holding your phone's NFC reader to the card and signing a message from the site.

In Japan, there are already multiple apps which use something like this to verify user's age via the "my number card" + the smartphone's NFC reader.

It's more or less impossible to forge without stealing the government's private keys, or infiltrating the government and issuing a fraudulent card.

Of course, the US isn't a functioning state, the people don't trust it with their identity and security and would rather simply give all their information to private companies instead.

When I had to prove my passport for my bank over a video call they told me to rotate it around in the sunlight to show that it had the holo-whatever ink. So I wouldn't put it past them.

Don't you have to be over 18 to get a credit card in the US? How many wouldn't be able to present a CC or ID?

Those without driver's licenses or passports can get a state ID card instead, if I'm not mistaken. A pain, but an option.

Yeah that’s not true. It’s a lie. And we all know why it’s a lie. Adults in the US with ID is 99%

wat. the majority of Americans have a DL, ID, or Passport. What a silly thing to say.

For DL alone:

>Data indicates that approximately 84% to 91% of all Americans hold a driver's license, with roughly 237.7 million licensed drivers in the U.S. as of 2023.

Add in an ID and Passport and we are likely closer to 99%

This is extremely dangerous, and would only work with hardware/software that is nonfree (i.e., not under the user's control, or any attestation could be spoofed).

> Personal Identity Verification (PIV) and Common Access Card (CAC) credentials used by US government & military via NFC already work on web browsers. States should just move to digital IDs stored on smartphones, with chain of trust up through the secure element...

I think you're... missing the point of the pushback. People DO NOT WANT to be identified online, for fear for different types of persecution.

Is there any data on what kind of hits to enrollment were taken by facebook, gmail etc when they added requirements like a phone #? Maybe it's buried in their sec filings. Anyway, this "cat and mouse" game is probably irrelevant. They're not looking for and don't need a perfect system. Bc 99% of the public couldn't care less about handing over their information.

I think you massively overestimate how many people actually care.

My guess is that 95% or more of all Discord users do not care and simply upload their selfie or ID card and be done with it. I know I will (although they did say that they expect 80%+ to not require verification since they can somehow infer their age from other parameters)

Is there any data on what kind of hits to enrollment were taken by facebook, gmail etc when they added requirements like a phone #? Maybe it's buried in their sec filings.

They're getting worse with attested and validated environments. This one of the reasons that google is trying to kill sideloaded apps and checking for root access.

Weird thing.. the people who want this validation fully expect for you to pay for, maintain, keep it valid, and pay for upkeep/service for their desires. Honestly, this is something that SHOULD get very aggressive pushback.. but most people accept for no reason.

yes, avoiding EU fines and ensuring availability there is most likely the motivating factor behind the change.

You can just use a video from YouTube there are people that do it that just don't care

Show me such a model.

It would be interesting to see a model completely indistinguishable from a real human in behavior, as well as real-time reflection off different surfaces, etc.

The next step would be to make a complete digital clone of a person based on surreptitiously recording them with hidden cameras. I doubt it's possible.

The concept of identity doesn't necessarily have to be embodied by a piece of physical plastic that goes into a wallet.

Ad-hoc identification can occur via other means like dynamic knowledge based authentication. The sources of this mechanism can be literally anything. Social media itself being one obvious source for the target cohort.

You can walk into many US financial institutions without an ID and still get really far using KBA workflows. The back office will hassle you for a proper scan of a physical ID, but you can often get an account open and funded with just KBA.

Well, certainly not for linking all of your online activities with your real life identity of course, not sure where you got that idea from. It's to protect children. And of course, just in some very limited anti-terrorism cases...

I've heard a politician explicitly request a real name policy on all internet platforms in Germany. Obviously the goal is always mass surveillance.

Because governments really want people to think about children with naughty stuff.

Gross.

(I'm not verifying anywhere unless required for official business. Still have my non-KYC sim for people)

Manufacturing consent at work

You have to show ID to buy beer?

Why should anyone inclined to want to buy beer have to show ID to do it?

Not my call, it’ll be the law of the land. Some may leave, but most won’t, and that’s good enough for corporate and enterprise value purposes.

Pornhub is fighting state age verification and keeps losing state by state, for example.