Comment

Comment on Colorado proposing Bill to move age verification to Operating System rather than web site

SnotFlickerman@lemmy.blahaj.zone ⁨1⁩ ⁨day⁩ ago

How do they secure age data?
How do they ensure no one who is a different age ever uses the device?

However, if a developer has clear and convincing information that a user’s age is different than the age indicated by an age signal, the developer shall use that information as the primary indicator of the user’s age range.

How do they determine age other than self-reporting other than wholesale spying on user habits?

source

Sort:hotnew top

UnspecificGravity@piefed.social ⁨1⁩ ⁨day⁩ ago
1) You don’t. 2) Easy. The device constantly captures images of the user and checks them against the user image on file 3) By scanning a government issued ID and checking against an online database with poor security.

source
- SnotFlickerman@lemmy.blahaj.zone ⁨1⁩ ⁨day⁩ ago
  Image
  
  source
baronvonj@piefed.social ⁨1⁩ ⁨day⁩ ago
I feel like #1 and #2 are problems whether its client side or server side. As for #3 I would lean in the direction of there being a one-time check with no persistent knowledge. Like when you flash your ID to the bartender to order a drink. A client app that scans the ID and returns the answer to the requestor.

But I don’t think there is any way to reliably implement this sort of thing. I think it should really just be left to parental control and monitoring.

source
- SnotFlickerman@lemmy.blahaj.zone ⁨1⁩ ⁨day⁩ ago
  I think part of the problem is there shouldn’t be a server-side to this. Because that’s opening the door to all kinds of intrusive data-collection to determine age, even if they claim it should be done “minimally.” Define “minimal.” That seems to fly in the face of “clear and convincing information that a user’s age is different than the age indicated by an age signal” which is a direct quote from the Bill.
  
  And as for number 3, I don’t see how no persistent knowledge could work. If the client app has read the data (“scanned the ID”) that means the client-app can now store that data anywhere the client-app has write access.
  
  Further, it’s not like in real life when the bartender can scan the person up and down, look at the ID and make the assessment that McLovin is clearly underage.
  
  source
  - baronvonj@piefed.social ⁨1⁩ ⁨day⁩ ago
    If it’s open source it can be verified that it’s not storing the data.
    
    And I 100% agree that software scanning an ID is an overall bad way to verify. With a CC# validation at least that shows up on my statement, but if my kid is sneaky enough to get mine out of my wallet I have no way of knowing.
    
    source