Comment

Comment on EU age verification app to ban any Android system not licensed by Google

General_Effort@lemmy.world ⁨2⁩ ⁨days⁩ ago

The reverse is also a necessity: the government approved service should not be allowed to know who and for what a proof of age is requested.

It would send the proof to you. It would not know what you do with it. I gave an example in the previous post how the identity of the user could be hidden from the service.

If the middle man government service knows when and who is requesting proof-of-age, it’s easy to de-anonymise for example users of gay porn sites.

It would be a lot easier to get that information from the ISP.

source

Sort:hotnew top

iii@mander.xyz ⁨2⁩ ⁨days⁩ ago

I gave an example in the previous post how the identity of the user could be hidden from the service.

In both your examples the government service has your full identity, then pinky promises to forget it.

Unless I’m misunderstanding something?

It would be a lot easier to get that information from the ISP.

Not quite the same, as IP addresses are shared through NAT, VPNs exist, etc. With the proposed legislation it is illegal for website operators to deliver content to known VPN ips, as they cannot confirm that the end user isn’t a EU subject.

source
- General_Effort@lemmy.world ⁨1⁩ ⁨day⁩ ago
  
  In both your examples the government service has your full identity, then pinky promises to forget it.
  
  It can be like buying alcohol in a store. They look at you and see your age. Or if it’s unclear, the store clerk asks your idea and promptly forgets all about it. Except you’re not buying alcohol but a login for some age verifier.
  
  source
  - iii@mander.xyz ⁨1⁩ ⁨day⁩ ago
    That’s a worst of both worlds solution: it makes it trivial to deanonymise people, and it doesn’t solve the replay attacks.
    
    source
    General_Effort@lemmy.world ⁨1⁩ ⁨day⁩ ago
    Maybe buying alcohol works differently where you live.
    
    source
    -> View More Comments