The verification could make sense with something like a physical gift card.
Go to a store or kiosk, show them your ID card or driver’s license, and they’ll give you a card randomly chosen from the shelf with a code to activate the +18 version of any social network of your choice.
Each code could only be used once. People would have to buy more, at a symbolic cost, for each social network they wished to activate.
I would tend to be against this on principle in the same way, but at least it would be something I could understand where the objective is actually what is being presented (protecting the children), albeit misguided, because to me it is clear that what is currently being promoted and proposed has nothing to do with age verification, but rather with mass surveillance, marketing and censorship. Fascistic authoritarianism.
It would still be made by the government and distributed by third parties and the government. What matters here to give me confidence is that it would be physical and only one person at the counter would know my age which would obviously be much safer and would ensure that no other information would be passed on.
The government derives the token from the id, which it created and knows, so there’s no privacy loss there.
Nothing is distributed to third parties, the third party just verifies the token with the government service and gets ok / not ok. It never sees any id data.
In your example, how do you know that the third party is not storing the data when scanning it? And how do you deal with online services?
The issues described in the article are serious, but not fundamental design flaws of the protocol, and it depends on how they’ve presented the app: did they say it can be used already? if it’s just a prototype it’s ok to e.g not store the token/pin in the security enclave yet. And the issues being easily found is facilitated by the project being released as open source, which is good. Not saying that everything is perfect, and there might be actual issues with the protocol, but this isn’t it. It’s in any case better than having to share your id with N third parties.
In my proposal, there is no need for them to scan your ID, they would only see your age written on the citizen card, just like they do when you want to buy cigarettes. Don’t pretend you didn’t understand the spirit of the suggestion.
P.S.: Nothing is safer than paper. I’m also against electronic vote.
And how does that process guarantee that your token identifies only you? It seems that an adult can go to the store at different times and get n tokens, which they can then give to minors.
Yes, an adult could give them, just as nowadays an adult can forge fake IDs to sell to kids, but it would be a crime. If they were caught, they would suffer appropriate consequences.
And what about online-only services (which is the majority)? Seems a partial and error prone solution not worth the effort over no verification at all.
The verification could make sense with something like a physical gift card.
Go to a store or kiosk, show them your ID card or driver’s license, and they’ll give you a card randomly chosen from the shelf with a code to activate the +18 version of any social network of your choice.
Each code could only be used once. People would have to buy more, at a symbolic cost, for each social network they wished to activate.
I would tend to be against this on principle in the same way, but at least it would be something I could understand where the objective is actually what is being presented (protecting the children), albeit misguided, because to me it is clear that what is currently being promoted and proposed has nothing to do with age verification, but rather with mass surveillance, marketing and censorship. Fascistic authoritarianism.
But now you’re giving your id to third parties. Why do you trust them more than your government, which has that data anyway?
It would still be made by the government and distributed by third parties and the government. What matters here to give me confidence is that it would be physical and only one person at the counter would know my age which would obviously be much safer and would ensure that no other information would be passed on.
Also,
https://cybernews.com/security/eu-age-verification-app-hack/
LoL
The government derives the token from the id, which it created and knows, so there’s no privacy loss there.
Nothing is distributed to third parties, the third party just verifies the token with the government service and gets ok / not ok. It never sees any id data.
In your example, how do you know that the third party is not storing the data when scanning it? And how do you deal with online services?
The issues described in the article are serious, but not fundamental design flaws of the protocol, and it depends on how they’ve presented the app: did they say it can be used already? if it’s just a prototype it’s ok to e.g not store the token/pin in the security enclave yet. And the issues being easily found is facilitated by the project being released as open source, which is good. Not saying that everything is perfect, and there might be actual issues with the protocol, but this isn’t it. It’s in any case better than having to share your id with N third parties.
In my proposal, there is no need for them to scan your ID, they would only see your age written on the citizen card, just like they do when you want to buy cigarettes. Don’t pretend you didn’t understand the spirit of the suggestion.
P.S.: Nothing is safer than paper. I’m also against electronic vote.
And how does that process guarantee that your token identifies only you? It seems that an adult can go to the store at different times and get n tokens, which they can then give to minors.
Yes, an adult could give them, just as nowadays an adult can forge fake IDs to sell to kids, but it would be a crime. If they were caught, they would suffer appropriate consequences.
And what about online-only services (which is the majority)? Seems a partial and error prone solution not worth the effort over no verification at all.