Comment by HeckFeck
12 days ago
They aren't comparable. Showing an ID to a staff member isn't stripping my anonymity. I know the retailer won't have that on file forever, tied to me on subsequent visits. Also they stop ID'ing you after a certain age ;)
There isn't any way to achieve the same digitally.
Actually there is, various age verification systems exist where the party asking for it does not need to process their ID, like the Dutch iDIN (https://www.idin.nl/en/) that works not unlike a digital payment - the bank knows your identity and age, just like they know your account balance, and can sign off on that kind of thing just like a payment.
I hope this becomes more widespread / standardized; the precursor for iDIN is iDEAL which is for payments, that's being expanded and rebranded as Wero across Europe at the moment (https://en.wikipedia.org/wiki/Wero_(payment)), in part to reduce dependency on American payment processors.
The privacy issue has two facets, when I show ID to get in to a club or buy alcohol, the entire interaction is transient, the merchant isn't keeping that information and the issuer of the credential doesn't know that happened (i.e. the government).
Just allowing a service provider to receive a third party attestation that you "allowed" still allows the third party to track what you are doing even if the provider can't. That's still unacceptable from a privacy standpoint, I don't want the government, or agents thereof, knowing all the places I've had to show ID.
> Just allowing a service provider to receive a third party attestation that you "allowed" still allows the third party to track what you are doing even if the provider can't. That's still unacceptable from a privacy standpoint, I don't want the government, or agents thereof, knowing all the places I've had to show ID.
Isn't this solvable by allowing you to be the middle man? A service asks you to prove your age, you ask the government for a digital token that proves your age (and the only thing the government knows is that you have asked for a token) and you then deliver that to the service and they only know the government has certified that you are above a certain age.
The service gets a binary answer to their question. The government only knows you have asked for a token. Wouldn't a setup like that solve the issue you're talking about?
We have a similar system in Italy so the age verification process itself doesn't personally concerns me that much since the verification process is done by the government itself and they obviously already have my information.
I'm personally more interested in the intuition people have when it comes to squaring rejecting age verification online while also accepting it in a multitude of other situations (both online and offline)
My main issue is trust.
In real world scenarios, I can observe them while they handle my ID. And systematic abuse(e.g. some video that gets stored and shows it clearly) would be a violation taken serious
With online providers it's barely news worthy if they abuse the data they get.
I'm not against age verification (at least not strongly), but I'd want it in a 2 party 0 trust way. I.e. one party signs a jwt like thing only containing one bit, the other validates it without ever contacting the issuer about the specific token.
So one knows the identity, one knows the usage But they are never related
1 reply →
[dead]
I know they're not compatible. I'm asking if you're also ok with those. There are also plenty of situations where you are asked to provide an ID, digitally, when above a certain age. For example booking hotels and other accommodations.
Personally I'm still trying to figure out where my position is when it comes to this whole debate because both camps have obvious pros and cons.
Which hotel asks for id online..? I've only ever had to provide it once on-site and checking in.
And when then, only when I'm in foreign countries.
Happens quite often with Airbnb for example. You often don't meet the host in person so there's no way to show them a physical ID.
1 reply →