Online chat service Discord has announced it will begin testing age verification for some users, joining a growing list of platforms trying to work out who is actually behind the screen.
Honestly the more important point to me is that age verification isn’t even desirable.
Teenagers have been accessing adult content since forever. It’s normal to do and we shouldn’t be restricting normal human sexuality. The entire point of the age of consent is to protect kids from predators, not to restrict teenagers from having perfectly normal and healthy sexual interactions.
There is no technical barriers which will protect vulnerable kids from predators. That is a far deeper social issue - mainly that there are kids who don’t have trustworthy adults who care enough about them to prevent it from happening.
Absolutely agree with this. Any age verification mechanism is always about censorship and control, not about helping kids. The only thing that helps kids is them being taken good care of and provided guidance at all levels: in the family, in the school, in the society. But that’s a deeper social problem and no one gives a damn about solving that problem.
Thank you for saying this. It is a point I see too often ignored. Censorship is bad, even if you can do it ‘privately’
No it can’t.
Any cryptographic “solution” relies on some magical disconnect between a picture of your ID and the verification. There’s no way to ensure this if the verification service is actively malicious. This is similar to the cryptographic properties of Signal’s sealed sender.
Are you referring to a verification service running on the user’s device, or on a third party providers’ server?
Running a verification service on the user’s device can’t work, regarless of the approach. The software on the user’s device can be altered to give fake results.
Relying on a third party service to do remote verification imply trusting that third party isn’t giving fake results, regarless of the approach.
The company/org that needs to verify age should run the actual age verfication, ideally using a privacy-friendly method and a free reference implementation that got scrutiny from the public. It requires only trusting the gov issues acvurate ids, and trusing the math.
Some civilian approaches to be mentioned is how the verification is handled in Lithuania, Latvia, and Estonia, for example:
Smart-ID is the easiest, safest and fastest way to authenticate yourself online, register in e-services and sign documents…
Using Smart-ID for personal identification is free, totally unlimited and you can download the app on all of your Android and iOS smart devices…
Or, if you feel more comfortable doing it in a bank, take your national identification document like a passport or an ID-card with you and visit your local bank office for identity validation…What’s more, you can use Smart-ID to access e-services from your other devices too. Say you prefer to use a computer for your online banking and you have Smart-ID on your smartphone. No worries, you can use Smart-ID on both. You can login to e-services using your computer and the smart device, or the smart device only…
Smart-ID can be used to log in to e-services, for online banking and for signing documents.
Source: https://www.smart-id.com/
-–
Smart-ID itself has no age restrictions for its users – but age limits have been set by identity providers and depend on the Smart-ID account type and authentication method chosen…
Creating a Smart-ID account for a minor requires a parent/legal guardian to authenticate their account…
Don’t just click “continue”: read the instructions on the screen carefully and double check that all the information you enter is correct, and the whole process will be easy and stress-free… The child cannot continue with their registration until we’ve got one parent approval…
The real choice is not between safety and privacy. It is between two very different technical paths. One path normalizes biometric (face, fingerprint, and similar) checks, expanding the amount of sensitive data handed to private companies.
Seeing how it’s currently done, the market has chosen expanding the amount of sensitive data collected by private companies, which I assume is more profitable.
“The market” is captured. Consumers don’t really have a choice. Businesses have to follow the law, no matter how terribly written.
If those laws are effectively being written and pushed through by a tiny handful of billionaires with their own agenda, consumers don’t have a choice at all.
