Do it like this: you have to go to a notary and show your ID and they don’t scan it or anything, but they then authorize you to create an account with biometric credentials. Now only you can use that account to watch porn online. Hybrid approach.
Do it like this: you have to go to a notary and show your ID and they don’t scan it or anything, but they then authorize you to create an account with biometric credentials. Now only you can use that account to watch porn online. Hybrid approach.
ArchRecord@lemm.ee 2 days ago
Authorize you how?
That would involve someone having the ability to see which accounts where made, when, and how they were authorized, not to mention likely being able to track when they’re used in the future.
What does this mean? Do you mean you verify your biometric data with the notary to prove it’s you? Your ID should be enough. Do you mean where your biometric data is your password? This doesn’t prove it’s you. If processing is on-device like how phone lock screens work, then a simple piece of software could just extract the raw credentials and allow people to use/sell/transfer those, bypassing the biometrics. If it requires sending your biometric data to the company to log in like a traditional password flow, then all my previous issues with biometric verification online become present.
There’s still a key difference between this hybrid approach and, like I mentioned previously, buying alcohol by showing your ID to a clerk at a counter, and it’s that the interaction ends there. If you show ID, buy alcohol, then leave, the store doesn’t do anything after that. There’s no system monitoring when or how much you’re drinking, or if you’ve offered some of that drink to someone underage, for example.
But with something like what you’re proposing, the unfortunate reality is that it has to have some kind of monitoring for it to functionally work, otherwise it becomes trivially bypassed, and thus the interaction can’t end when the person leaves.
Not to mention the fact that not all platforms people find porn on are actually dedicated porn sites. Many people are first exposed via social media, just like how they’re exposed to much of their other information and general knowledge nowadays. If we want to age gate social media porn consumption as well, we then need to age verify everyone regardless of if they intend to view porn or not, because we can’t ensure it won’t end up on their feed.
There’s a reason why I’m so strongly against these verification methods, and it’s because they always cause a whole host of privacy and security issues, and don’t even create a strong enough system to prevent unauthorized porn viewing by minors in the first place.
venusaur@lemmy.world 1 day ago
You show your ID and a notary enters their credentials to allow you to create an account with your fingerprint or FaceID.
Your ID doesn’t get saved. Your biometrics are only saved in the way that your iPhone saves them for a password.
Work with me. What’s a solution that would be acceptable for you? Get creative.
ArchRecord@lemm.ee 1 day ago
The problem then lies in how whoever (likely the government) can ensure that verified accounts are indeed verified by real people.
If any notary can create these accounts by just claiming they saw a proper ID/biometrics, then even one malicious notary could make as many “verified” accounts as they want. If they’re then investigated, that would mean there’d be monitoring in place to see who they met with, which would defeat the privacy preservation method of only having them look at it.
This also doesn’t solve the problem of people reselling stolen accounts, going to multiple notaries and getting each one to individually attest and make multiple accounts to give out or sell, etc.
If your biometrics are stored, then there’s one of two places they could be stored and processed:
This can just be bypassed by the user once they log in with their biometrics, since the credentials are then decrypted and they can just export them raw, or just have them stolen by anyone who accesses their device or installs malware, etc.
This doesn’t solve the sale, transfer, or multiple creations of accounts.
The scanner that originally creates the hash for your fingerprint must be trusted to not transmit any other data about your fingerprint itself, and could be bypassed by modifying network requests to send fake hashes to the government server during account creation, thus allowing for infinite “verified” accounts to be created and sold.
This also doesn’t prevent the stealing or transfer of accounts, since you would essentially just be using your hash as a password instead of a different string of text, and then they’d just steal your hash, not a typical password. This also would mean the government would get a log of every time someone used their account, and you could be instantly re-identified the moment you go to the airport and scan your fingerprint at a TSA checkpoint, for example, permanently tying your real identity back to any account you verify with your biometrics in the future.
The fundamental problem with these systems is that if you have to verify your identity, you must identify yourself somehow. If that requires sending your personal data to someone, it risks your privacy and security going forward. If that doesn’t require sending your personal data, then the system is easily bypassed, and its existence can’t be justified.
I’ve said it before, and I’ll continue advocating for it going forward:
We already know these things do the most we can reasonably do to prevent underage viewing of adult content. We don’t need age verification laws, because they either harm privacy or don’t even work, when much simpler, common sense solutions already solve the problem just fine.
venusaur@lemmy.world 1 day ago
I’m convinced this was written by GPT. We disagree on how good or bad porn is for society and the youth, so the rest doesn’t even matter.