Comment

Comment on EU age verification app to ban any Android system not licensed by Google

General_Effort@lemmy.world ⁨1⁩ ⁨month⁩ ago

The key doesn’t have to be on your phone. You can just send it to some service to sign it, identifying yourself to that service in whatever way.

Sort:hotnew top

iii@mander.xyz ⁨1⁩ ⁨month⁩ ago
That merely shifts the problem: now the login to that 3rd party can be shared, and age verification subverted.

source
- General_Effort@lemmy.world ⁨1⁩ ⁨month⁩ ago
  A phone can also be shared. If it happens at scale, it will be flagged pretty quickly. It’s not a real problem.
  
  The only real problem is the very intention of such laws.
  
  source
  - iii@mander.xyz ⁨1⁩ ⁨month⁩ ago
    
    If it happens at scale, it will be flagged pretty quickly.
    
    How? In a correct implementation, the 3rd parties only receive proof-of-age, no identity. How will re-use and sharing be detected?
    
    source
    General_Effort@lemmy.world ⁨1⁩ ⁨month⁩ ago
    There are 3 parties:
    
    the user
    
    the age-gated site
    
    the age verification service
    
    The site (2) sends the request to the user (1), who passes it on to the service (3) where it is signed and returned the same way. The request comes with a nonce and a time stamp, making reuse difficult. An unusual volume of requests from a single user will be detected by the service.
    
    source
    -> View More Comments