Comment on EU age verification app to ban any Android system not licensed by Google
iii@mander.xyz 2 days agoThat merely shifts the problem: now the login to that 3rd party can be shared, and age verification subverted.
Comment on EU age verification app to ban any Android system not licensed by Google
iii@mander.xyz 2 days agoThat merely shifts the problem: now the login to that 3rd party can be shared, and age verification subverted.
General_Effort@lemmy.world 2 days ago
A phone can also be shared. If it happens at scale, it will be flagged pretty quickly. It’s not a real problem.
The only real problem is the very intention of such laws.
iii@mander.xyz 2 days ago
How? In a correct implementation, the 3rd parties only receive proof-of-age, no identity. How will re-use and sharing be detected?
General_Effort@lemmy.world 2 days ago
There are 3 parties:
The site (2) sends the request to the user (1), who passes it on to the service (3) where it is signed and returned the same way. The request comes with a nonce and a time stamp, making reuse difficult. An unusual volume of requests from a single user will be detected by the service.
iii@mander.xyz 1 day ago
Neither 2 nor 3 should receive information about the identity of the user, making it difficult to count the volume of requests by user