Comment by hellojesus
21 hours ago
To date I haven't seen an implementation that preserves privacy and doesn't allow for easy bypass because person A generated infinite tokens and hands them out via a rest request.
21 hours ago
To date I haven't seen an implementation that preserves privacy and doesn't allow for easy bypass because person A generated infinite tokens and hands them out via a rest request.
I have seen implementations that preserve privacy. But fundamentally it means that an adult could give a token to a kid, as you say. But how bad is that? We don't need a perfect system, we just need it to be good enough that it prevents most kids from accessing stuff they shouldn't access. Some kids will always find a way anyway.
A simple solution to "generate infinite token and hands them out via a rest request" could be one of:
* Rate-limit the token generation. Nobody needs thousands per day, right?
* Make it illegal to distribute tokens. The server sees if you request an abnormal amount of tokens, and... it knows who you are. Not too hard to investigate.
* Make "honeypots" that scare the children when they try to access/buy the token.
I don't think it makes the concept completely useless.