The UK's new act blocks access to adult content without identification. Turns out, you only need a copy of Death Stranding and a phone to get around it.
The first thing I thought when I heard about this facial recognition to verify age was now easy would be to trick the system with a game with photo mode. And for what I just read, it’s really that easy.
The fun thing is that, since they claim to not save the pictures, they can’t prove that you verified with a videogame… Unless they retire the claim, admit that they save the pictures and get in huge trouble with the data privacy laws.
Sigh… all this trouble to make an age verification system when the state could simply issue digital certs including simply your adult status (meaning you are not underage) that could be used in every website and that would not leak any personal data. And it would really work, as the authority issuing the cert is the state (which already knows your age) it could be automatically trusted on the internet and would keep your data safe.
A state-issued cert used pervasively across all interactions on the internet and uniquely tied to a particular individual?
If the cert only includes a single data, whioh is if the user is or not underage, without any identification other than that, i’m not sure what can you do with it. No name, no data of any kind… just a true/false statement indicating if the user (without a name or any other identification) has reached the legal age.
If the cert is not unique to a person, it’s not a viable way of verifying age. Anyone could use one issued to anyone else, and the whole thing is DOA.
So then we have to assume it is uniquely tied to a person. Then, it can be used by the verification service to track a person, building a profile of what websites they visit and when, even what they do there, depending on how the age verification is set up.
Advertisers don’t really care about your name, just about your profile so they can target you with ads, so it gives them everything they want.
Presumably the cert would be a smart card (similar to credit card chips) protected with a pin. And they can use revocation lists to remove cards that are reported stolen.
There would have to be a serial number at the least but that would change every time your card expired, and the government would certainly know who is issued what serial.
Another downside is users would need smart card or NFS readers to use them. Smart cards have been around for digital identification for decades now, it’s really surprising that more government haven’t pushed their use. From a user perspective though it would be pretty quick that every online service would start requiring them and any online anonymity would erode pretty quickly.
The first thing I thought when I heard about this facial recognition to verify age was now easy would be to trick the system with a game with photo mode. And for what I just read, it’s really that easy.
The fun thing is that, since they claim to not save the pictures, they can’t prove that you verified with a videogame… Unless they retire the claim, admit that they save the pictures and get in huge trouble with the data privacy laws.
Sigh… all this trouble to make an age verification system when the state could simply issue digital certs including simply your adult status (meaning you are not underage) that could be used in every website and that would not leak any personal data. And it would really work, as the authority issuing the cert is the state (which already knows your age) it could be automatically trusted on the internet and would keep your data safe.
A state-issued cert used pervasively across all interactions on the internet and uniquely tied to a particular individual?
Some exec at Google just creamed his pants.
Could make it so it’s possible to create an unique certificate for each site, though most people probably wouldn’t bother
If the cert only includes a single data, whioh is if the user is or not underage, without any identification other than that, i’m not sure what can you do with it. No name, no data of any kind… just a true/false statement indicating if the user (without a name or any other identification) has reached the legal age.
If the cert is not unique to a person, it’s not a viable way of verifying age. Anyone could use one issued to anyone else, and the whole thing is DOA.
So then we have to assume it is uniquely tied to a person. Then, it can be used by the verification service to track a person, building a profile of what websites they visit and when, even what they do there, depending on how the age verification is set up.
Advertisers don’t really care about your name, just about your profile so they can target you with ads, so it gives them everything they want.
Presumably the cert would be a smart card (similar to credit card chips) protected with a pin. And they can use revocation lists to remove cards that are reported stolen.
There would have to be a serial number at the least but that would change every time your card expired, and the government would certainly know who is issued what serial.
Another downside is users would need smart card or NFS readers to use them. Smart cards have been around for digital identification for decades now, it’s really surprising that more government haven’t pushed their use. From a user perspective though it would be pretty quick that every online service would start requiring them and any online anonymity would erode pretty quickly.