Comment on EU age verification app to ban any Android system not licensed by Google
General_Effort@lemmy.world 3 days agoThere are 3 parties:
- the user
- the age-gated site
- the age verification service
The site (2) sends the request to the user (1), who passes it on to the service (3) where it is signed and returned the same way. The request comes with a nonce and a time stamp, making reuse difficult. An unusual volume of requests from a single user will be detected by the service.
iii@mander.xyz 3 days ago
Neither 2 nor 3 should receive information about the identity of the user, making it difficult to count the volume of requests by user
General_Effort@lemmy.world 2 days ago
Strictly speaking, neither needs to know the actual identity. However, the point is that both are supposed to receive information about the user’s age. I’m not really sure what your point is.
iii@mander.xyz 2 days ago
General_Effort@lemmy.world 2 days ago
The site would only know that the user’s age is being vouched for by some government-approved service. It would not be able to use this to track the user across different devices/IPs, and so on.
The service would only know that the user is requesting that their age be vouched for. It would not know for what. Of course, they would have to know your age somehow. EG they could be selling access in shops, like alcohol is sold in shops. The shop checks the ID. The service then only knows that you have login credentials bought in some shop. Presumably these credentials would not remain valid for long.
They could use any other scheme, as well. Maybe you do have to upload an ID, but they have to delete it immediately afterward. And because the service has to be in the EU, government-certified with regular inspections, that’s safe enough.
In any case, the user would have to have access to some sort of account on the service. Activity related to that account would be tracked.
If that is not good enough, then your worries are not about data protection. My worries are not. I reject this for different reasons.