What I don’t understand is, have these people never heard of OAuth? I don’t know what it is, we have decades of this and people act like it doesn’t exist and don’t see the value in it. Even Lemmy, try to suggest why it might be valuable to separate identity versus community hosting, it’s like you have to walk people through it step by step.
There’s no way I’m giving platforms like this even more private information, but if governments put forth both publicly available OAuth servers along with the possibility of privately purchasable OAuth servers for this sort of thing, I would have no problem with it because then you have the possibility of vetting age authenticators like you would VPN providers, and the data would never leak into the social networks that abuse it. It’s like the regulators and the Internet has conveniently forgotten about OAuth and certificate authorities and has just said, “Yeah, let’s just have users leak their data all over for this” as if there were no better way. Maybe that’s the point, because I suspect organizations like Palantir will be quite happy at things like this.
They have and they don’t want it because it doesn’t give them access to everyone’s biometric data.
I could see this coming a long way off with Discord. It’s a honey trap. They swallow entire communities whole like some gargantuan leviathan of antiquity.
Honestly, we should start doing hardware-based age verification instead. Have the government run a simple yes/no service for individuals to be able to verify their age. The service simply asks if you’re over 18, and the government responds with a simple yes/no.
You verify your identity on the device once when setting it up, it asks the government if you’re over 18, and then your user account is verified as an adult when the “yes” response is returned. The only time it would need to be repeated is when someone turns 18, which would be something the user would need to manually prompt their device to retry. And notably, the government isn’t being pinged for every site you visit, they only got pinged for the initial device setup. So they don’t get access to any of your browsing data.
Now your phone can automatically send a “yes, I’m over 18” signal to any site or service that asks. And kids won’t be verified, meaning they won’t even be able to see the “are you over 18” prompts; they’ll simply be booted off the site (or in Discord’s case, restricted) as soon as it automatically asks their device for an age verification. No action is required on the user’s part, and the site/service didn’t need any invasive info about who you are. As far as an adult is concerned, they got direct access to the site without any kind of annoying “are you over 18” prompt. And as far as a child is concerned, they got automatically redirected right back to Google’s home page as soon as they clicked the porn link.
For shared devices (like computers) it could be handled on a per user basis. You verify your age on Windows/Linux/MacOS when creating the account, and then whenever you’re logged in, any site can simply ask if you’re over 18. Don’t want your kid to stumble across porn? Don’t verify their account. Now safeguarding kids on the internet is as simple as parents safeguarding their computer password and refusing to verify their child accounts.
It’s basically the best of all worlds:
The government/private data brokers don’t get free access to your browsing data, like what would happen if every individual site asked the government for verification. This is our current reality, with data brokers hoovering up photos of IDs to feed to their data scientists.
The adult user only needs to take action once to verify their age, and then after that the age gates are automatically opened. You don’t need to verify independently with each site, because your device handles that automatically during the initial handshake.
Sites don’t get any additional personal info about you, except for the automatic pass/fail hardware response saying that you’re over 18. They don’t need to collect your info to pass to a third party verification system. They don’t need to ask the government, because that has already been done. And they don’t need to worry about things like GDPR compliance for collected info, because there is no additional collected info.
Your browsing info isn’t shared with third parties, because the sites/services you use have no need to ask third parties for verification.
Of course it’ll never happen though, because it would restrict what kinds of info data brokers could collect and sell.
What I don’t understand is, have these people never heard of OAuth? I don’t know what it is, we have decades of this and people act like it doesn’t exist and don’t see the value in it. Even Lemmy, try to suggest why it might be valuable to separate identity versus community hosting, it’s like you have to walk people through it step by step.
There’s no way I’m giving platforms like this even more private information, but if governments put forth both publicly available OAuth servers along with the possibility of privately purchasable OAuth servers for this sort of thing, I would have no problem with it because then you have the possibility of vetting age authenticators like you would VPN providers, and the data would never leak into the social networks that abuse it. It’s like the regulators and the Internet has conveniently forgotten about OAuth and certificate authorities and has just said, “Yeah, let’s just have users leak their data all over for this” as if there were no better way. Maybe that’s the point, because I suspect organizations like Palantir will be quite happy at things like this.
America has left the chat.
They have and they don’t want it because it doesn’t give them access to everyone’s biometric data.
I could see this coming a long way off with Discord. It’s a honey trap. They swallow entire communities whole like some gargantuan leviathan of antiquity.
Honestly, we should start doing hardware-based age verification instead. Have the government run a simple yes/no service for individuals to be able to verify their age. The service simply asks if you’re over 18, and the government responds with a simple yes/no.
You verify your identity on the device once when setting it up, it asks the government if you’re over 18, and then your user account is verified as an adult when the “yes” response is returned. The only time it would need to be repeated is when someone turns 18, which would be something the user would need to manually prompt their device to retry. And notably, the government isn’t being pinged for every site you visit, they only got pinged for the initial device setup. So they don’t get access to any of your browsing data.
Now your phone can automatically send a “yes, I’m over 18” signal to any site or service that asks. And kids won’t be verified, meaning they won’t even be able to see the “are you over 18” prompts; they’ll simply be booted off the site (or in Discord’s case, restricted) as soon as it automatically asks their device for an age verification. No action is required on the user’s part, and the site/service didn’t need any invasive info about who you are. As far as an adult is concerned, they got direct access to the site without any kind of annoying “are you over 18” prompt. And as far as a child is concerned, they got automatically redirected right back to Google’s home page as soon as they clicked the porn link.
For shared devices (like computers) it could be handled on a per user basis. You verify your age on Windows/Linux/MacOS when creating the account, and then whenever you’re logged in, any site can simply ask if you’re over 18. Don’t want your kid to stumble across porn? Don’t verify their account. Now safeguarding kids on the internet is as simple as parents safeguarding their computer password and refusing to verify their child accounts.
It’s basically the best of all worlds:
Of course it’ll never happen though, because it would restrict what kinds of info data brokers could collect and sell.