Comment by cjs_ac
1 day ago
The difference is that at the strip club, you show your ID to the bouncer, who makes sure its valid and that the photo matches your face, and then forgets all about it. Online, that data is stored forever.
The principle of online ID checks is completely sound; the implementation is not.
That's pretty much over, too. PatronScan and others collect and share data as a first-class feature, e.g., to broadly 86 people.
https://www.sacbee.com/food-drink/article231580393.html
The implementation is sound. Instead of getting an ID, the bouncer gets a serial number from you, he calls his government contact who tells him you are of age. The serial number is meaningless to him.
This would be impractical in meatspace, but works perfectly fine on the internet.
Instead of checking your ID, the bouncer sends you over to the shady broker, who takes a video of your face, photograph of your ID, checks you in the various databases (who knows, maybe you've been a bad boy previously), and only then gives you the permission slip to enter the club.
The data stays with them[1].
I think you grossly underplay the current practices.
[1] there's no hard, irrefutable proof companies like Persona (intimately connected with known law abusers, ie US government) keep their promises or obey the law.
Where in your metaphor are the club next door using Persona instead of that implementation, and the EU's reference implementation requiring a Google Play integrity check to acquire a serial number in the first place?
You're proposing that every porn site on the planet pings a user's government's API to see if they're adult or not? In other words, that any random site is able to contact hundreds of APIs.
Absolutely, yes. They don’t ping to see that you are of age, but that the random challenge generated by your ID checks out.
Where is it implemented that way?
In the proposal from the European Union, and in the implementation in Denmark.
3 replies →