this post was submitted on 30 Nov 2024
128 points (99.2% liked)

Programming

17672 readers
107 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities [email protected]

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
128
How could digitial age verification be possibly implemented with privacy in mind? (programming.dev)
submitted 3 weeks ago by [email protected] to c/[email protected]
84 comments fedilink hide all child comments
 

Many might've seen the Australian ban of social media for <16 y.o with no idea of how to implement it. There have been mentions of "double blind age verification", but I can't find any information on it.

Out of curiosity, how would you implement this with privacy in mind if you really had to?

you are viewing a single comment's thread
view the rest of the comments
[–] incogtino 21 points 3 weeks ago (6 children)

A joke answer, but with the kernel of truth - IRL age verification often requires a trusted verifier (working under threat of substantial penalty) but often doesn't require that verifier to maintain any documentation on individual verification actions

https://chinwag.au/verification/

[–] [email protected] 5 points 3 weeks ago (4 children)

As in, you have to roll up to an "age verification bureau" and say "I'd like to sign up to $platform, please verify that I'm of legal age to use it and tell them so", then you buy a "token" that you can enter upon signing up? Am I understanding that correctly?

Anti Commercial-AI license

[–] incogtino 3 points 3 weeks ago* (last edited 3 weeks ago)

I wasn't thinking in detail, just addressing an assumption I think a lot of age verification discussions include, which is that the verifier would have to be trusted to maintain some sort of account for you, retaining your data etc.

I have no idea what the legislation says, but I'd be a happier privacy-conscious user if the verification platforms were independent (i.e. not in any other data business) and regulated, with a requirement they don't retain my personal data at all (like the liquor store example)

So the verifier gathers data from you, matches it with a request from the platform, provides confirmation that some standard has been met, and deletes almost all personal information - I acknowledge that this may not rise to the double-blind standard of the original request

Edited to add:

  • you don't have to 'buy' a token, the platform needs to pay verifiers as a cost of business

  • some other comments are asking how you prevent the verifier knowing the platform - to my mind you don't, instead the verifier retains a request id record from the platform, but forgets entirely who you are

load more comments (3 replies)
load more comments (4 replies)