|
|
|
|
|
|
by WarOnPrivacy
874 days ago
|
|
|
> I'm curious how this will be implemented The only way to determine age is to compile a database of gov-issued IDs and related data. Which is an unconstitutional barrier to speech. Which is why this will get struck-down like each similar law. The part about ID data eventually being shared with 3rd parties, agencies - and/or leaked - is a bonus. |
|
|
That would indeed allow the site to compile a database of government issues IDs and give that information (willfully or via leaks) to third parties.
Those issues can be fixed by using a three party system. The parties are the user, the site that they need to prove their age to, and a site that already has the information from the user's government ID.
Briefly, the user gets a token from the social media site, presents that token and their government ID to the site that already has their ID information, and that site sign that token if the user meets the age requirements. The user presents that signed token back to the social network which sees that it was signed by the third site which tells it the third site says the user meeds the age requirement.
By using modern cryptographic techniques (blind signatures or zero knowledge proofs) the communication between the user and the third site can be done in a way that keeps the third site from getting any information about which site they are doing the age check for.
With some additional safeguards in the protocol and in what sites are allowed to be the ID checking sites it can even be made so that someone who gets records of both the social media site and the third site can't use timing information to match up social media accounts with verifications and so could work with sites that allow anonymous accounts.