Honestly? It’ll probably be an amalgamation of different tech to do it. That’s at least part of the reason I’m not sure it should work. Using identity to certify age or age gate products in this way when so much data is being collected already about users kind of doesn’t make sense in and of itself. It either leads to a database of data that’s dangerous to store, or it leads to government entities using such services to spy on people. Or both.
If the data that’s already out there about me being collected by data brokers can’t prove what age I am (and it absolutely can even when it’s anonymized) then I suspect no other system by itself will work. Because really what were talking about here is four things.
Linking access to age verification.
Linking identity to age verification.
Anonymizing that data so the service/or anyone with access can’t store it or use it for anything other than age verification.
Verifying that the person who device/token/certificate/verified medium is linked to is the person using the device.
So, say you were to use the block chain method. And say the device was verified. How would I verify it’s me using the device (me being the person who certified their age via block chain or some other method). What prevents me from unlocking the device and handing it to my kid? What prevents my kid from using the device without my knowledge (circumventing the password etc).
That’s at least part of the reason Roblox want to use facial recognition to verify users. But how often are we doing that check? Once isn’t enough. It’s not a hard barrier to cross. And say it’s twice, three times. Once a week. Say you use AI generated pictures to bypass that. Then Roblox or the service they contract with for verification has to maintain a database and compare pictures to each other etc.
Databases can be hacked. That information can be stolen. And linked to driver’s licenses, used for reverse image searches etc. If you or your child has ever posted a picture to the internet etc that can be used against you or your kid. It could be used to verify further accounts outside your control etc.
Following this to it’s logical conclusion you’d need to use a combination of things. Something you have (yubikee or some kind of authenticator, ID, credit card). There’s nothing stopping a person from selling this with the account credentials.
Something you know (password, passphrase etc). The account credentials to be sold.
Something you can’t change about yourself (iris scan, fingerprint, voice clip, etc). The dangerous to store information that when leaked or breached would cause damage to the life of the user in question.
Someone somewhere is going to need to keep a record of that to prove you are you which means it can’t by design be anonymous. And it means that there’s a database and it there that’s dangerous to the users but had to be maintained for the purpose of authentication. And that’s why this doesn’t work.
There’s nothing to stop them selling that email address with cert.
Very true. What is the method for this to work
Honestly? It’ll probably be an amalgamation of different tech to do it. That’s at least part of the reason I’m not sure it should work. Using identity to certify age or age gate products in this way when so much data is being collected already about users kind of doesn’t make sense in and of itself. It either leads to a database of data that’s dangerous to store, or it leads to government entities using such services to spy on people. Or both.
If the data that’s already out there about me being collected by data brokers can’t prove what age I am (and it absolutely can even when it’s anonymized) then I suspect no other system by itself will work. Because really what were talking about here is four things.
So, say you were to use the block chain method. And say the device was verified. How would I verify it’s me using the device (me being the person who certified their age via block chain or some other method). What prevents me from unlocking the device and handing it to my kid? What prevents my kid from using the device without my knowledge (circumventing the password etc).
That’s at least part of the reason Roblox want to use facial recognition to verify users. But how often are we doing that check? Once isn’t enough. It’s not a hard barrier to cross. And say it’s twice, three times. Once a week. Say you use AI generated pictures to bypass that. Then Roblox or the service they contract with for verification has to maintain a database and compare pictures to each other etc.
Databases can be hacked. That information can be stolen. And linked to driver’s licenses, used for reverse image searches etc. If you or your child has ever posted a picture to the internet etc that can be used against you or your kid. It could be used to verify further accounts outside your control etc.
Following this to it’s logical conclusion you’d need to use a combination of things. Something you have (yubikee or some kind of authenticator, ID, credit card). There’s nothing stopping a person from selling this with the account credentials.
Something you know (password, passphrase etc). The account credentials to be sold.
Something you can’t change about yourself (iris scan, fingerprint, voice clip, etc). The dangerous to store information that when leaked or breached would cause damage to the life of the user in question.
Someone somewhere is going to need to keep a record of that to prove you are you which means it can’t by design be anonymous. And it means that there’s a database and it there that’s dangerous to the users but had to be maintained for the purpose of authentication. And that’s why this doesn’t work.