The UK's new act blocks access to adult content without identification. Turns out, you only need a copy of Death Stranding and a phone to get around it.
A state-issued cert used pervasively across all interactions on the internet and uniquely tied to a particular individual?
If the cert only includes a single data, whioh is if the user is or not underage, without any identification other than that, i’m not sure what can you do with it. No name, no data of any kind… just a true/false statement indicating if the user (without a name or any other identification) has reached the legal age.
If the cert is not unique to a person, it’s not a viable way of verifying age. Anyone could use one issued to anyone else, and the whole thing is DOA.
So then we have to assume it is uniquely tied to a person. Then, it can be used by the verification service to track a person, building a profile of what websites they visit and when, even what they do there, depending on how the age verification is set up.
Advertisers don’t really care about your name, just about your profile so they can target you with ads, so it gives them everything they want.
Presumably the cert would be a smart card (similar to credit card chips) protected with a pin. And they can use revocation lists to remove cards that are reported stolen.
There would have to be a serial number at the least but that would change every time your card expired, and the government would certainly know who is issued what serial.
Another downside is users would need smart card or NFS readers to use them. Smart cards have been around for digital identification for decades now, it’s really surprising that more government haven’t pushed their use. From a user perspective though it would be pretty quick that every online service would start requiring them and any online anonymity would erode pretty quickly.
A state-issued cert used pervasively across all interactions on the internet and uniquely tied to a particular individual?
Some exec at Google just creamed his pants.
Could make it so it’s possible to create an unique certificate for each site, though most people probably wouldn’t bother
If the cert only includes a single data, whioh is if the user is or not underage, without any identification other than that, i’m not sure what can you do with it. No name, no data of any kind… just a true/false statement indicating if the user (without a name or any other identification) has reached the legal age.
If the cert is not unique to a person, it’s not a viable way of verifying age. Anyone could use one issued to anyone else, and the whole thing is DOA.
So then we have to assume it is uniquely tied to a person. Then, it can be used by the verification service to track a person, building a profile of what websites they visit and when, even what they do there, depending on how the age verification is set up.
Advertisers don’t really care about your name, just about your profile so they can target you with ads, so it gives them everything they want.
Presumably the cert would be a smart card (similar to credit card chips) protected with a pin. And they can use revocation lists to remove cards that are reported stolen.
There would have to be a serial number at the least but that would change every time your card expired, and the government would certainly know who is issued what serial.
Another downside is users would need smart card or NFS readers to use them. Smart cards have been around for digital identification for decades now, it’s really surprising that more government haven’t pushed their use. From a user perspective though it would be pretty quick that every online service would start requiring them and any online anonymity would erode pretty quickly.