Hacker News new | ask | show | jobs
by CaptainOfCoit 269 days ago
You don't, it's up to citizens to make sure whatever authentication they use can only be used by them, just like how it works for other services today where you authenticate online somehow and the government service assumes you're you since you were able to authenticate.
1 comments
sleepychu 269 days ago
My point is that this is either a bearer token (in which case it will be obtainable by proxy) or tied to your identity.

What is the incentive for the citizen to make sure their authentication isn't shared?

link
CaptainOfCoit 269 days ago
On the government endpoint, which returns X that the platform uses as "evidence" for you being an adult, yes, that's tied to your identity, as the certificate/whatever is tied to your identity.

But as long as the platform who need to validate that you're an adult don't get your identity, but just the proof, I don't see what the problem is?

> What is the incentive for the citizen to make sure their authentication isn't shared?

What incentives do people today have for keeping their identifications to themselves? Why aren't we all sharing CC numbers? Because we realize some data is "personal" and isn't to be used by others, like our username+passwords or whatever. This isn't exactly a new concept, just look at how it works for anything else that is tied to you.

link
mrmanner 269 days ago
> On the government endpoint, which returns X that the platform uses as "evidence" for you being an adult, yes, that's tied to your identity, as the certificate/whatever is tied to your identity.

In this scenario the government knows all the age-restricted sites I've visited. I'd argue that is worse than if all the age-restricted sites I've visited know who I am...

(FTR I don't know what I think about age restrictions in general, but I'm pretty sure there's no implementation that comes without negative side effects)

link
Ajedi32 269 days ago
Not necessarily. The age verification proof doesn't need to be site-specific. But again, that reduces the incentive "for the citizen to make sure their authentication isn't shared" because there's nothing tying it to them.

I also kinda hate the whole idea of needing explicit permission from the government to access the open web, regardless of whether or not they know which specific sites they're giving me permission to access.

link
immibis 269 days ago
There's actually a much better idea that's been floating around. Require over-18 sites to set a certain header. Then anyone who wants to can install a browser on their kid's device that will block pages with the header. There's no privacy implications, no surveillance implications, no need to make VPNs illegal as long as they pass it through; it's just a plain old parental block with a regulation keeping it always up to date. Yes, you may have to stop your kid installing random software on the device to bypass whatever blocking you set up, but you had to do that anyway. If it's Apple or Google they could easily enough require everything in the app store to respect the flag when the device is set to kid mode.

(If the government does the incredibly overbearing thing and does not do the simple and effective and unintrusive thing, it proves their motivations are surveillance)

link
gjsman-1000 269 days ago
Already exists; the industry called it RTA (Restricted To Adults). Nobody used it... and it's 19 years old. Complete failure categorized under "we already tried that."

https://www.rtalabel.org

You can use it too, just put this in as a meta tag:

<meta name="RATING" content="RTA-5042-1996-1400-1577-RTA" />

Or send the following header:

Rating: RTA-5042-1996-1400-1577-RTA

link
namibj 268 days ago
Germany let's the ID cards themselves mint such proofs in a way similar to how Intel's attestation doesn't leak the CPU's serial number.
link
wasabi991011 269 days ago
> What incentives do people today have for keeping their identifications to themselves?

Not being liable for loans they didn't take out themselves, being the recipient of government benefits they are owed, etc. I'm sure you have heard of identity theft before, but it sounds like you haven't heard of why it's a bad thing. It's not just a privacy thing.

link
Ajedi32 269 days ago
If you share your CC number, someone could steal your money. If you share your anonymous age verification token... someone could pretend to be 18? And by design that token is anonymous and there's no way to prove you were the one they got it from? Doesn't seem like much of a disincentive.
link
owisd 269 days ago
> obtainable by proxy

So no different to the rules around buying an 18+ DVD.

link
ashdksnndck 269 days ago
How do they solve this for e-voting?
link