Protecting children online is crucial, but forcing every user to hand over their ID is a privacy nightmare waiting to happen, according to the head of the Swiss privacy firm
What is being pushed for implementation is better described as identity verification, not age verification.
I would have little issue with a solution that purely gated services on age in a secure and privacy respecting manner. This OS level garbage is not that, its creating an oligarchy run identity gate to control access to personal computing.
Sorry but I fundamentally disagree. Privacy respecting solutions do not collect unnecessary information.
The packaging of identity validation in the OS breaches this principle by collecting more information than necessary and by collecting that information prior to the existence of a necessitating use case.
It is not necessary to prove my age to do things not restricted by age, nor is it necessary to know who I am, or to prove my exact age, to prove I am older than a certain age.
Even in the efforts I have seen to verify threshold rather than current age instead of identity, I’m not aware of any attempts or solutions that protect against timing attacks or inference attacks as users transition from failing the threshold verification process to passing it.
Most OS code is proprietary and not auditable so any baked in solution cannot possibly pass a zero trust requirement. Access gates should only be applied at the point of need, as such things have always been done in all other scenarios and environments.
Thank you. Now I just wish somebody at the government level would understand this and the implications of what this entails. Like maybe mention that all their weird online fetishes could be tracked back to them. It’s like this one company doing the “verification “ would be rolling in kompromat.
it’s all by design. they don’t want the general public to put it together that these are identify tracking surveillance system, just a carefree age verification to keep kids away from the baddies 🙄
Agreed. The eu model is a good start, but the security of it’s implementation woefully inadequate… And I agree this MUST use post quantum cryptography.
Dox-gating (yes I just made that up lol) operating systems will result in people not updating security patches.
What is being pushed for implementation is better described as identity verification, not age verification.
I would have little issue with a solution that purely gated services on age in a secure and privacy respecting manner. This OS level garbage is not that, its creating an oligarchy run identity gate to control access to personal computing.
OS-level is the only privacy respecting way (except maybe browser-level). The alternative is some cloud service who’s code you can’t audit.
Sorry but I fundamentally disagree. Privacy respecting solutions do not collect unnecessary information.
The packaging of identity validation in the OS breaches this principle by collecting more information than necessary and by collecting that information prior to the existence of a necessitating use case.
It is not necessary to prove my age to do things not restricted by age, nor is it necessary to know who I am, or to prove my exact age, to prove I am older than a certain age.
Even in the efforts I have seen to verify threshold rather than current age instead of identity, I’m not aware of any attempts or solutions that protect against timing attacks or inference attacks as users transition from failing the threshold verification process to passing it.
Most OS code is proprietary and not auditable so any baked in solution cannot possibly pass a zero trust requirement. Access gates should only be applied at the point of need, as such things have always been done in all other scenarios and environments.
Thank you. Now I just wish somebody at the government level would understand this and the implications of what this entails. Like maybe mention that all their weird online fetishes could be tracked back to them. It’s like this one company doing the “verification “ would be rolling in kompromat.
it’s all by design. they don’t want the general public to put it together that these are identify tracking surveillance system, just a carefree age verification to keep kids away from the baddies 🙄
It’s never about the kids
deleted by creator
Agreed. The eu model is a good start, but the security of it’s implementation woefully inadequate… And I agree this MUST use post quantum cryptography.
Dox-gating (yes I just made that up lol) operating systems will result in people not updating security patches.
I like that word. I may use it later.