I’m asking for public policy ideas here. A lot of countries are enacting age verification now. But of course this is a privacy nightmare and is ripe for abuse. At the same time though, I also understand why people are concerned with how kids are using social media. These products are designed to be addictive and are known to cause body image issues and so forth. So what’s the middle ground? How can we protect kids from the harms of social media in a way that respects everyone’s privacy?

  • tatterdemalion@programming.dev
    6·
    10 hours ago

    The vendor/site does not need to know a name.

    The idea is that people already trust the government with their identifying info. So what the government can do is issue, for example, an opaque “age ID” that is only to be used with an “over 18?” service hosted by the government. Then anyone visiting a website with age-restrictions would provide their age ID, which tells the site nothing about the user. The site checks the “over 18?” service. At no point do arbitrary websites need to collect identifying info.

    Now obviously as I’ve described it, there are multiple problems:

    1. People could easily publish their age ID for anyone to use.
    2. If people aren’t careful (they aren’t) then they will give too much identifying info away to sites anyway, and then those sites could correlate the age ID with their identity.

    One solution is to make the age ID into a “one time password” (OTP). Much like an authenticator app, you could have an app provided by the government which generates a new random OTP on request, and it would expire in a minute or so. Then users provide that instead of a constant age ID. Like before, the site checks the “over 18?” service using the OTP.

    It’s still not perfect, but you’ll never solve the “adult buying beer for kids” trick without counterproductive measures. There are probably some additional tricks to make it better, but I don’t want to get too far into it.

    • chux@feddit.orgEnglish
      2·
      7 hours ago

      As far as I know the german e-passport function does provide good way already. You basically use your passport to make a corresponding app only send the information “over ‘certain age’ or under”, technically no information needs to go to the government of when and where you try to vefify your age since it can all be done locally with your passport. The app is also open source if i recall correctly. It would definitely be a better option than any third party age verification but its not really used at all.

      But i am not too familar with the actual working procedure of this function so it may not be entirely accurate.

    • ageedizzle@piefed.caOPEnglish
      3·
      9 hours ago

      The OTP solution seems like a really good idea actually

      There are apparently solutions to this problem involving zero-knowledge proofs

      If something like this could work, that would be the best solution in my opinion