Comment

Comment on Online age-verification tools spread across U.S. for child safety, but adults are being surveilled

anarchiddy@lemmy.dbzer0.com ⁨22⁩ ⁨hours⁩ ago

The problem isnt just that the third party can abuse their access to your information, it’s that it is digitally stored and certifiable at all

The most secure data providers in the world have all basically had data breaches by now - including the IRS and US government. There is no party that can guarantee data security, even if they themselves are benevolent.

And for what purpose are we willing to gut privacy online? So it’s marginally more difficult for minors to obtain porn?

GTFO. De-anonymization has always been the goal, not ‘protecting the children’.

source

Sort:hotnew top

Kraiden@piefed.social ⁨21⁩ ⁨hours⁩ ago

it’s that it is digitally stored and certifiable at all

I fundamentally disagree with this. First off, that ship has sailed. Your data is already digitally stored. The problem is that it’s stored outside of your control and accessible without your consent. This system addresses those issues.

The most secure data providers in the world have all basically had data breaches

There is no technical reason your data ever needs to be on a device that is outside of your control. The 3rd party is just a local app, with local data storage. In other words there shouldn’t BE a massive database that can be breached. Sure, your device can still be breached, or stolen, but so can your physical wallet. Your device being stolen shouldn’t leak my data.

for what purpose are we willing to gut privacy online

I’m not. I’m trying to explain that giving up privacy is NOT a requirement for age verification

So it’s marginally more difficult for minors to obtain porn?

I’m actually thinking about social media. There’s plenty of data to suggest that underage access causes severe harm, that can and has led to suicides. This is a problem with a body count.

De-anonymization has always been the goal, not ‘protecting the children’.

100% agree. I just want people to understand that it IS a smokescreen. “Age verification” is a GOOD IDEA that is being used as a cover. Recognize the underlying threat, absolutely, but also recognize the good idea that’s being used to hide it.

source
- anarchiddy@lemmy.dbzer0.com ⁨18⁩ ⁨hours⁩ ago
  
  The problem is that it’s stored outside of your control and accessible without your consent. This system addresses those issues.
  
  Sorry, I just don’t agree with this, either. It isn’t just that it’s a third party, it’s that verification necessarily ties your device to your personal identity at all. No matter how you store the actual identity data, there needs to be an identifier associated with every device/account. I’d be fine if the OS just asked for my age and didn’t verify it with my state-issued ID - but if there’s any cross-checking involved that’s a dealbreaker.
  
  If there were any possibility that a state actor had interest in identifying my personal identity of this account, and there was a record that pointed to my name, SSN, or other unique personal identifiers, i’d be absolutely fucked. There are really good reasons not to want social media accounts tied to real, verifiable identities - even if you think social media should be limited to adults (i’m not on willing to concede this, for what it’s worth).
  
  It doesn’t matter if the data is stored on your local device - if it’s being verified by a state authority at all, that’s a huge problem.
  
  source
  - Kraiden@piefed.social ⁨17⁩ ⁨hours⁩ ago
    
    verification necessarily ties your device to your personal identity
    
    needs to be an identifier associated with every device/account
    
    I think you’ve misunderstood. Neither of these statements is true
    
    If there were any possibility that a state actor had interest in identifying my personal identity of this account, and there was a record that pointed to my name, SSN, or other unique personal identifiers
    
    That’s the whole point. This isn’t possible. There are NO identifiers ANYWHERE that link your account to your real world credentials.
    
    if it’s being verified by a state authority at all
    
    It’s not. At least not in the way you’re thinking. You are issued a file, like you are issued an id. This could be done from any device anywhere, and could theoretically be copied and moved around to other devices. This file is cryptographically SIGNED by the state.
    
    Meta then send you a request with their own cert.
    
    The third party then generates a 3rd cert that JUST verifies that you are of age, and contains NO other PII. It uses a combination of signatures from the request and your credentials file to generate this.
    
    The result is that Meta can verify that this new cert was generated in response to their request, that it was based off of an authentic state credentials file, and that the user is of age. That’s it. Not the exact date of birth, no names, addressses, ssns or anything. JUST “user is >16.” There are no identifiers, and no way to tie it back to you IRL.
    
    The state get absolutely no indication that any of this has gone down at all. The 3rd cert is verified off of a universal public key
    
    source
    anarchiddy@lemmy.dbzer0.com ⁨16⁩ ⁨hours⁩ ago
    A state issuing a cert file has to be able to verify that it goes to the intended person. The state would have to know the ID of the person they’re issuing it to, otherwise it wouldn’t function as intended. Similar to blockchain wallets - they are anonymous all the way up to the point of fiat exchange, where most state actors can still end up ID’ing wallet owners.
    
    Even if you try obscuring that information via encryption, it still gets signed by a ‘trusted’ authority at the end of the chain.
    
    Even in theory this is a shit idea.
    
    source
    -> View More Comments