Age Verification isn't a technical problem to solve.

@Azarilh I do not have the time to review and speak about this specific product sadly. But in general, even if the token handed to the application requesting it is fully anonymized, the application collecting the initial data is still a potential attack vector and point of failure.

If it's proprietary, then it entirely relies on blind trust. If it's open source, then it must be fully audited regularly and built and reviewed with independent experts. But even if it was perfectly secure and private, the piece of ID showing the age must be uploaded somehow. Is the whole system secure? Where is this data stored? Does it get fully purged after or is the "deleted" information only flagged as deleted but kept in a database somewhere?

If all identifiable information is fully deleted, then what shows this token is reliably only used by an adult and not shared with a child? Where is this token stored? Can it be sold to others online? People have already done that with the supposedly secure and supposedly private World App. If identifiable information is kept to prevent this, then all the other problems mentioned above remain.

And regardless of all of this, having to upload an official ID, even in the imaginary scenario where we would magically have a perfectly privacy-preserving technology, gatekeeps the use of devices and access to information and communication from many people who, for various reasons, cannot have this official ID. It closes down the internet. We should never agree to that, let alone contribute to facilitating it. More information here: https://www.eff.org/issues/age-verification

@Azarilh I do not have the time to review and speak about this specific product sadly. But in general, even if the token handed to the application requesting it is fully anonymized, the application collecting the initial data is still a potential attack vector and point of failure.

If it's proprietary, then it entirely relies on blind trust. If it's open source, then it must be fully audited regularly and built and reviewed with independent experts. But even if it was perfectly secure and private, the piece of ID showing the age must be uploaded somehow. Is the whole system secure? Where is this data stored? Does it get fully purged after or is the "deleted" information only flagged as deleted but kept in a database somewhere?

If all identifiable information is fully deleted, then what shows this token is reliably only used by an adult and not shared with a child? Where is this token stored? Can it be sold to others online? People have already done that with the supposedly secure and supposedly private World App. If identifiable information is kept to prevent this, then all the other problems mentioned above remain.

And regardless of all of this, having to upload an official ID, even in the imaginary scenario where we would magically have a perfectly privacy-preserving technology, gatekeeps the use of devices and access to information and communication from many people who, for various reasons, cannot have this official ID. It closes down the internet. We should never agree to that, let alone contribute to facilitating it. More information here: https://www.eff.org/issues/age-verification

@Em0nM4stodon So your point is that "no system is safe"? I would agree with that, but vaccines are not 100% safe either yet we should still take them. The importance is to make it as safe as possible, and it has to be safe enough. Everything is corruptable, with physical ID too ( they could be taking photos for all i know ).

@Azarilh I would also recommend watching this amazing video by Carissa Véliz. It's short and might help you understand the dangers better: https://infosec.exchange/@Em0nM4stodon/116031435192287968

@Em0nM4stodon So your point is that "no system is safe"? I would agree with that, but vaccines are not 100% safe either yet we should still take them. The importance is to make it as safe as possible, and it has to be safe enough. Everything is corruptable, with physical ID too ( they could be taking photos for all i know ).

@Azarilh I would also recommend watching this amazing video by Carissa Véliz. It's short and might help you understand the dangers better: https://infosec.exchange/@Em0nM4stodon/116031435192287968

@Em0nM4stodon I promise i will check it. Thanks.

@Azarilh No, this isn't like vaccines at all. Vaccines do not facilitate mass surveillance.

@Em0nM4stodon What i hate about age checks in social media is that they say it's to protect children from the toxicity of social media.

How about governments try to actually regulate social media instead of outright banning children? Social media can be a good source of social integration and information ( being a queer child that lives with queerphobe parents, for instance, may only get queer support from people on the internet ). 1/2

@Em0nM4stodon Plus... do adults not matter? Regulating social media would make it healthier for everyone, child or adult. 2/2

Age Verification isn't a technical problem to solve. If you think that, you're missing the point.

It's a social problem used by authoritarian governments as an excuse for population control and censorship.

It's a fundamental attack on free speech and democracy.

It must not be accommodated.
It must be stopped.

#MassSurveillance #AgeVerification #Privacy #Democracy #HumanRights

@Em0nM4stodon True, they don't facilitate surveillence, but someone can get a very bad reaction from it. What i meant is that it's impossible to make anything 100% safe.

@divVerent @Em0nM4stodon No there are not. This is a fundamental fact of mathematical logic. Given a proposed age verification system you can prove that it's either trivially bypassed (doesn't actually verify age) or violates key privacy properties.

Em's point is spot-on. If you think of this as a problem to be solved, you are going to be wrong and you are going to be a useful fool for fascists.