I’m asking for public policy ideas here. A lot of countries are enacting age verification now. But of course this is a privacy nightmare and is ripe for abuse. At the same time though, I also understand why people are concerned with how kids are using social media. These products are designed to be addictive and are known to cause body image issues and so forth. So what’s the middle ground? How can we protect kids from the harms of social media in a way that respects everyone’s privacy?

  • Kissaki@feddit.orgEnglish
    1·
    3 days ago

    The German passport allows services to verify age through you NFC reading your passport on your phone and confirmation of validity through intermediates state service. All they see is a confirmation of age requirement met. No name, no age, no address, no face.

    Some other countries have similar systems. It’s already a EU directive to be implemented on a broader European level.

    • ageedizzle@piefed.caOPEnglish
      1·
      3 days ago

      This sounds like a much better strategy than the Australian model of simply scanning your face and using AI to guess your age

    • PeriodicallyPedantic@lemmy.ca
      0·
      3 days ago

      How would that work online? How would they confirm it’s your passport, and that it’s a real passport that was really scanned (instead of a browser plugin)?

      • Kissaki@feddit.orgEnglish
        1·
        11 hours ago
        1. Register as a service, with justification why you need to be able to read the fields or properties you say you need
        2. Upon acceptance, aquire a digital permission certificate
        3. Set up a server, that handles communication with the ID
        4. For a request, prove you own the permission cert through a challenge sent by the ID document
        5. ID document proves through a challenge to the server that it is what it is (a set of produced ID documents use the same private and public keys so they are not personally identifiable / associatable to an individual)
        6. User enters PIN so that this process can proceed
        7. Open secured connection between server and ID document
        8. Server can request/challenge age verification, and the ID document answers with “is met”

        At least the Wikipedia page is not detailed/technical on step 8, but if you were to attempt to man-in-the-middle, you could not because you can’t fake identifying as a valid ID document, which is ensured by the challenge and private/public key cryptography.

        • PeriodicallyPedantic@lemmy.ca
          1·
          5 hours ago

          I’ll need to look into it a bit more, but I’m skeptical that this will work in practice:

          How can they confirm that I’m the owner of the passport? How do you prevent them from selling the fields they requested, that have been uniquely linked to you? How do you prevent the government from keeping track of all the services you’re using?