Fuck off with your device based verification system. That’s just the same service, but as a more invasive app installed on your phone.
Instead of scanning a face or ID and uploading it to a service, we’re expected to run unverified closed source code on the device we carry everywhere in our pockets?!
Fuck off with your device based verification system. That’s just the same service, but as a more invasive app installed on your phone.
not necessarily. you give a phone to your children. you partly lock it down by setting it up as a child account, with its age. you make sure to install a web browser that supports limiting access to age appropriate content according to the age set in the system, maybe taking a parent allowed whitelist. the website is legally obliged to set an appropriate age limit value in a standard HTTP header.
that way, the website does not know your age. the decision is on the web browser.
the web browser checks the configuration in the system, that only the parent can change. it does not send it anywhere, only does a yes/no decision. if the site is not ok, it’ll show a thing like when the connection is not secure or it was put on the safebrowsing list, except that you can’t skip it, only option is to request parent permission.
and finally the age is set in the operating system, without verifying its truthiness, but once again requesting lock screen authentication.
oh and app installs need parent approval for kid accounts, like it should almost always be.
this way it’s as private as it can get. the only way a website can find out information about you from this, is to log if your browser loaded the html but not any other resources, because that means you were caught in the age filter. but that’s it.
there’s multiple pieces in this that is not yet implemented, but they should be possible with not too much work.
this is all possible with open source code, if you make sure the kid can’t install anything without parent approval. stores like fdroid could have some badge or something if a browser supports this kind of limitation.
Experience, most proposal for “age and identity verification” being badly implemented mostly closed-source solutions that only works on devices they deem trusty, meaning (seemingly) non-rooted phones with specific OSes.
Fuck off with your device based verification system. That’s just the same service, but as a more invasive app installed on your phone.
Instead of scanning a face or ID and uploading it to a service, we’re expected to run unverified closed source code on the device we carry everywhere in our pockets?!
not necessarily. you give a phone to your children. you partly lock it down by setting it up as a child account, with its age. you make sure to install a web browser that supports limiting access to age appropriate content according to the age set in the system, maybe taking a parent allowed whitelist. the website is legally obliged to set an appropriate age limit value in a standard HTTP header.
that way, the website does not know your age. the decision is on the web browser.
the web browser checks the configuration in the system, that only the parent can change. it does not send it anywhere, only does a yes/no decision. if the site is not ok, it’ll show a thing like when the connection is not secure or it was put on the safebrowsing list, except that you can’t skip it, only option is to request parent permission.
and finally the age is set in the operating system, without verifying its truthiness, but once again requesting lock screen authentication.
oh and app installs need parent approval for kid accounts, like it should almost always be.
this way it’s as private as it can get. the only way a website can find out information about you from this, is to log if your browser loaded the html but not any other resources, because that means you were caught in the age filter. but that’s it.
there’s multiple pieces in this that is not yet implemented, but they should be possible with not too much work.
this is all possible with open source code, if you make sure the kid can’t install anything without parent approval. stores like fdroid could have some badge or something if a browser supports this kind of limitation.
Who said the device based service has to be closed source?
It doesn’t have to be, but the businesses making it claim it needs to be.
Experience, most proposal for “age and identity verification” being badly implemented mostly closed-source solutions that only works on devices they deem trusty, meaning (seemingly) non-rooted phones with specific OSes.