Comment on EU age verification app to ban any Android system not licensed by Google

<- View Parent
General_Effort@lemmy.world ⁨3⁩ ⁨days⁩ ago

There are 3 parties:

  1. the user
  2. the age-gated site
  3. the age verification service

The site (2) sends the request to the user (1), who passes it on to the service (3) where it is signed and returned the same way. The request comes with a nonce and a time stamp, making reuse difficult. An unusual volume of requests from a single user will be detected by the service.

source
Sort:hotnewtop