This is the future those who push for age verification want for us.
-
@mischi2000 @Gargron Just leave parenting to parents, the world does not need 'nanny states'.
@harib_murshidi@mastodon.social
Yes, I agree with you there, but I also feel I must and want to hold politicians and governments accountable. Proper legal frameworks must be established for large social networks. It must be possible to hold these networks accountable much more easily and quickly.
@Gargron@mastodon.social -
@Gargron In denmark, Datastyrelsen (the state office caring for data) released an "altID" app, which can be used as an ID, IRL or online. After creation, data stays on your device, and what clients get is an age or identity verification, and you get to choose what to share. They failed to make it open source, but given it does what the say it does, it at least better than scanning passports etc, I believe. It is derived from an EU model afaik. And I was able to install it on my google-free /e/os fairphone. FWIW.
@anderslund Maybe I'm thinking way too far into this, but it seems to me that any data given that verifies you, is a form of ID that can be stolen. Your "altID" is still ID.
-
RE: https://post.lurk.org/@shibacomputer/116827981116605348
This is the future those who push for age verification want for us.
@Gargron I am so fed up with ID being passed to external companies with no understanding or validation of what they do with it. One of the main companies used in the UK, Persona, was co-founded by Thiel. How on earth can *any* trust be put in any of his companies.
Lots of arguments about the how, but actually I strongly question the why. I simply do not believe the "protect the children" mantra. The goal is worthy, the method is not.
-
@anderslund Maybe I'm thinking way too far into this, but it seems to me that any data given that verifies you, is a form of ID that can be stolen. Your "altID" is still ID.
-
@Gargron The scary part is the structural pattern: a high-value credential gets press-ganged into a low-value auth system that has zero incentive to secure it. Passports prove citizenship — they shouldnt be a cookie for pot shops.
Age verification needs an architectural boundary: prove you are old enough without proving who you are. Its solvable. The political will is the bottleneck.
-
There is a case to be made for a safe age verification for online communities for minors.
Back in the good times when the US government tried to be part of a solution, president Obama’s Cyber Czar put out a proposal for a brokered verfication service to keep adults (potential groomers and pdfs) out of online games and services designed for school kids.
The student registries would’ve served as a source for identity and age verification and the individual app or an endpoint device would then be minted an anonymous proof of age.
It never materialised but the idea was compelling.
-
RE: https://post.lurk.org/@shibacomputer/116827981116605348
This is the future those who push for age verification want for us.
@Gargron I wonder if there is a future ahead of us in which all forms of identification documentation are so devalued as to be useless.
-
There is a case to be made for a safe age verification for online communities for minors.
Back in the good times when the US government tried to be part of a solution, president Obama’s Cyber Czar put out a proposal for a brokered verfication service to keep adults (potential groomers and pdfs) out of online games and services designed for school kids.
The student registries would’ve served as a source for identity and age verification and the individual app or an endpoint device would then be minted an anonymous proof of age.
It never materialised but the idea was compelling.
The search word would be ”National Strategy for Tusted Identities in Cyberspace”.
I see the paper was released ten years ago, when the US presidents still adhered to record-keeping requirements and preserved official documents for posterity.
https://obamawhitehouse.archives.gov/sites/default/files/rss_viewer/NSTICstrategy_041511.pdf
-
@Gargron I wonder if there is a future ahead of us in which all forms of identification documentation are so devalued as to be useless.
@Gargron
Is there also in that future a requirement for a difficult to obtain high value form of identification required to participate in elections? -
@anderslund What I'm trying to say (probably not well, it's hard to put into words) is that having your altID leaked/stolen doesn't feel functionally different to me than, say, this passport leak.
It's an ID masking your ID, but still has the whole value of any set of credentials.
Of course, as you said, physical possession of the device... which is also true of any credentials.
-
@pantheonw All I can think of that would be left if documentation was devalued, would be biometrics.
And *that's* a whole 'nother can of worms.
-
@harib_murshidi@mastodon.social
Yes, I agree with you there, but I also feel I must and want to hold politicians and governments accountable. Proper legal frameworks must be established for large social networks. It must be possible to hold these networks accountable much more easily and quickly.
@Gargron@mastodon.social@mischi2000 @Gargron Depends on what kind of accountability we are asking, some of the 'parental concerns' remind me of the Satanic Panic, #heavymetal scare of the 80s when the PMRC (Parent Music Resource Centre) in the US started a witch-hunt against musicians because some parents decide to sue Ozzy Osbourne for 'Suicide Solution', Judas Priest for 'Better by You Better than Me' (which was a cover of another band, they did not even wrote the song)
No social network can filter out creeps !
-
@anderslund What I'm trying to say (probably not well, it's hard to put into words) is that having your altID leaked/stolen doesn't feel functionally different to me than, say, this passport leak.
It's an ID masking your ID, but still has the whole value of any set of credentials.
Of course, as you said, physical possession of the device... which is also true of any credentials.
@solitha @Gargron I'd say that the ID solution we use in Denmark to identify to banks, public authorities and also private companies in some cases - MitID ("MyID") has had few issues. It is a 2FA soultion, where the 2nd factor is either an app or a physical device. AltID is less secure, but also provides less information to clients.
-
@mischi2000 @Gargron Depends on what kind of accountability we are asking, some of the 'parental concerns' remind me of the Satanic Panic, #heavymetal scare of the 80s when the PMRC (Parent Music Resource Centre) in the US started a witch-hunt against musicians because some parents decide to sue Ozzy Osbourne for 'Suicide Solution', Judas Priest for 'Better by You Better than Me' (which was a cover of another band, they did not even wrote the song)
No social network can filter out creeps !
@harib_murshidi@mastodon.social
No, of course there shouldn't be a witch hunt.
But there must be a way to stop bullying, self-harm, fake profiles, and things like that as quickly as possible.
Only then will social networks be safe for young people.
And believe me, I know what I'm talking about.
It should be clear to everyone that you can't filter out the weird people and creeps.
But you can create other conditions.
@Gargron@mastodon.social -
@solitha @Gargron I'd say that the ID solution we use in Denmark to identify to banks, public authorities and also private companies in some cases - MitID ("MyID") has had few issues. It is a 2FA soultion, where the 2nd factor is either an app or a physical device. AltID is less secure, but also provides less information to clients.
@anderslund I guess I'm just feeling like there are no good answers. Any security created by humans can be broken by humans.
And we've arrived in this world where one's individual identity is so valuable... and yet, third parties who mishandle that information are slapped on the wrist. Meanwhile, that data has slipped any containment.
There is so much more money behind stealing the data than there is in protecting it. We're steadily losing the battle.
-
@harib_murshidi@mastodon.social
No, of course there shouldn't be a witch hunt.
But there must be a way to stop bullying, self-harm, fake profiles, and things like that as quickly as possible.
Only then will social networks be safe for young people.
And believe me, I know what I'm talking about.
It should be clear to everyone that you can't filter out the weird people and creeps.
But you can create other conditions.
@Gargron@mastodon.socialWhat exactly is a 'fake profile' ? When the internet was introduced to kids earlier on, it was specifically considered the most important rule that you should not divulge any real information and put anything like that on the internet and now we are going into the opposite direction !
And if somebody does harass someone at some social media network, they are responsible... even at this place some creep can creep in and try to doxxx or blackmail someone, i
-
RE: https://post.lurk.org/@shibacomputer/116827981116605348
This is the future those who push for age verification want for us.
@Gargron anything included in a database gets leaked eventually because it cannot be adequately secured.
The old paper system was fairly secure. The occasional fire would destroy data but, at least it wouldn't leak it.
It was not impossible to access private personal data maliciously but, it was far more time consuming.
What is left after all identifying information is leaked? It's no longer viable for identification...
-
@Gargron I wonder if there is a future ahead of us in which all forms of identification documentation are so devalued as to be useless.
-
@Gargron In denmark, Datastyrelsen (the state office caring for data) released an "altID" app, which can be used as an ID, IRL or online. After creation, data stays on your device, and what clients get is an age or identity verification, and you get to choose what to share. They failed to make it open source, but given it does what the say it does, it at least better than scanning passports etc, I believe. It is derived from an EU model afaik. And I was able to install it on my google-free /e/os fairphone. FWIW.
@anderslund
In NL we have @yivi_privacybydesign, which is even on F-Droid. I've yet to encounter something that uses it (so it's not on my phone anymore), but I'm happy we have something decent ready in case age verification becomes mandatory.
@Gargron -
@anderslund
In NL we have @yivi_privacybydesign, which is even on F-Droid. I've yet to encounter something that uses it (so it's not on my phone anymore), but I'm happy we have something decent ready in case age verification becomes mandatory.
@Gargron@kainisenni @yivi_privacybydesign @Gargron Yes, yivi. In Denmark, the app is prepared for buying alcohol, tobacco and such, and can display a QR code (confirming that you are old enough) that can be scanned in stores, for example. I havent tried to use it yet, it will take some time I believe
