The UK's new act blocks access to adult content without identification. Turns out, you only need a copy of Death Stranding and a phone to get around it.
I’ve seen this suggested elsewhere and it seems like the least intrusive suggestion to me - why not simply use the device as the age verification. Almost every phone/tablet/computer already knows your age through it’s own sign-up/activation method, so why not allow the device to offer an API that provides age verification to sites that require it.
It could simply be a permissions-based answer where an adult site requests a yes/no answer to the question “is this user an adult” from the device and the user is prompted to provide the permissions for the site to have that data.
This would solve the problem for the vast majority of iphone/android/windows/macos consumers.
No, the site wouldn’t know the account, it’s the device providing the verification.
I think it’s worth remembering that this is a suggestion, and not even originally mine. If you’re happier to use the current multitude of age verification services that differ on a per-site basis, with all the security vulnerabilities, risk, and inconvenience that entails, then feel free. Or bypass them using the methods suggested.
I’m literally just providing a better technical solution than has been implemented. What I’m not suggesting is “this is the answer to everyone’s problem”.
Do you actually believe the government care about people not watching porn? The whole point is mass surveillance and to extend ID verification to the internet.
Whether or not that’s the case, I think the proposed technical implementation above is a better way of enforcing the actual law than what’s been applied so far.
Yeah I do too, but so would anyone who was seriously thinking about this in terms of keeping kids from looking at porn rather than restricting access to “adult content” (whatever that means) more broadly. Any programmer worth their salt would have immediately suggested “hey this is a bad idea we should do it this other way” when asked about the viability of the current solution and yet this was ignored.
My entire experience as a software engineer for the last 15 years has been being ignored by the non-exprerts in charge. It goes like this:
MBA: I want to solve this problem using this solution
Me: that won’t solve the problem well, how about-
MBA: I don’t care for the laws of reality. Do it my way [or find another job]!
They say they want our expertise but really they want validation of their own terrible ideas and they think coercing experts with threats of unemployment is as valuable as actually listening to those experts.
This applies as much to the public sector and the absolute clowns we vote in to govern us as it does to the private sector where the clowns hold the purse strings. Frankly it makes me want to give up the subject I have a PhD in and grow potatoes on a remote island somewhere.
The goal is to introduce general surveillance and censorship mechanisms. Whether they be technical, legal precedence, tested boundaries, or changes in laws and government positions.
Porn age stuff is just a convenient entry point. Solving just that without the survellance mechamisms is pointless to these people.
There absolutely is a minimum age requirement to set up a Google account, which you can see from their Ts & Cs. Whether that is enforced is an entirely different question.
No you don’t, but like I say, I’m talking about the majority of users.
Again though, and I’m copying this from a previous response, I think it’s worth remembering that this is a suggestion, and not even originally mine. If you’re happier to use the current multitude of age verification services that differ on a per-site basis, with all the security vulnerabilities, risk, and inconvenience that entails, then feel free. Or bypass them using the methods suggested.
I’m literally just providing a better technical solution than has been implemented. What I’m not suggesting is “this is the answer to everyone’s problem”.
Except there is no ID/age verification when you create a Google or Microsoft account (no idea about Apple, don’t use that crap), so you’re suggesting that the “birthday” field where I can set whatever date I want should be a standard age verification method?
Jesus Christ, no, I’m not suggesting that nothing changes from exactly what we do now. I’m suggesting a new, more secure, less intrusive method, and it’s not even an original suggestion. Just try a little bit of thought.
If it’s going to be implemented by law anyway, the age verification should be at the device level. The device accounts already do ask your age - directly or indirectly - although it’s not stringently enforced, however each of the big 3 already have a minimum age requirement to set up an account as per their terms and conditions.
It’s not a big leap to suggest that true age verification is done at that point seeing as you already often have to provide an age or payment information to set up on-device payment details, meaning there’s no need to involve a third party at any other subsequent point.
Honestly, I’d rather see official governmental third parties that handle ID verification and guarantee to discord and any service needing age verification that the user is over the required age. Not comfortable with sharing any sort of verifying data with private companies, even less american companies. I have to for some stuff, but… Not liking it one bit.
There is already a few countries here in Europe with an official governmental identity verification system, and I’m pretty sure age verification can be done through them. I think the EU is also working on a system covering the entirety of Europe, but not certain.
The difficulty you might end up with there is governments not permitting their age verification system for certain sites if they desired. Meaning even greater governmental control of what sites you can access.
Well then the site uses a different system that complies with regulations. I don’t see this as a problem, it doesn’t have to be the only service that can verify your age.
The problem is that would be incredibly easy to bypass at multiple levels. You could set your age as >18 when configuring your device’s account (they don’t check ID) or modify the OS/browser/client-side webpage itself (the latter of which a simple browser extension could accomplish).
As we’ve seen, the current system is incredibly easy to bypass. There are plenty of ways to game or avoid the age checks.
The current implementation also uses multiple different age verification services, on a per-site basis. This proposed one reduces data exposure vulnerabilities to a fraction.
I’ve seen this suggested elsewhere and it seems like the least intrusive suggestion to me - why not simply use the device as the age verification. Almost every phone/tablet/computer already knows your age through it’s own sign-up/activation method, so why not allow the device to offer an API that provides age verification to sites that require it.
It could simply be a permissions-based answer where an adult site requests a yes/no answer to the question “is this user an adult” from the device and the user is prompted to provide the permissions for the site to have that data.
This would solve the problem for the vast majority of iphone/android/windows/macos consumers.
Great! Now everyone is identifiable through their Google or Apple account.
Also people like me where the phone has no clue about my age are out too.
No, the site wouldn’t know the account, it’s the device providing the verification.
I think it’s worth remembering that this is a suggestion, and not even originally mine. If you’re happier to use the current multitude of age verification services that differ on a per-site basis, with all the security vulnerabilities, risk, and inconvenience that entails, then feel free. Or bypass them using the methods suggested.
I’m literally just providing a better technical solution than has been implemented. What I’m not suggesting is “this is the answer to everyone’s problem”.
That works too. Then Google knows that you are using this porn site.
If only the phone itself does the verification, it is just like klicking yes with extra steps.
I’d recommend Googling “device-based age verification” to get more information. I’m not here to convince you of anything.
Spoiler alert- the point isn’t to keep kids from looking at porn, it’s to keep adults from looking at it too.
Do you actually believe the government care about people not watching porn? The whole point is mass surveillance and to extend ID verification to the internet.
Whether or not that’s the case, I think the proposed technical implementation above is a better way of enforcing the actual law than what’s been applied so far.
Yeah I do too, but so would anyone who was seriously thinking about this in terms of keeping kids from looking at porn rather than restricting access to “adult content” (whatever that means) more broadly. Any programmer worth their salt would have immediately suggested “hey this is a bad idea we should do it this other way” when asked about the viability of the current solution and yet this was ignored.
My entire experience as a software engineer for the last 15 years has been being ignored by the non-exprerts in charge. It goes like this:
MBA: I want to solve this problem using this solution
Me: that won’t solve the problem well, how about-
MBA: I don’t care for the laws of reality. Do it my way [or find another job]!
They say they want our expertise but really they want validation of their own terrible ideas and they think coercing experts with threats of unemployment is as valuable as actually listening to those experts.
This applies as much to the public sector and the absolute clowns we vote in to govern us as it does to the private sector where the clowns hold the purse strings. Frankly it makes me want to give up the subject I have a PhD in and grow potatoes on a remote island somewhere.
The goal is to introduce general surveillance and censorship mechanisms. Whether they be technical, legal precedence, tested boundaries, or changes in laws and government positions.
Porn age stuff is just a convenient entry point. Solving just that without the survellance mechamisms is pointless to these people.
Yeah, I’m not getting involved in the politics or reasoning of the assumed end goal, I’m just talking from a technical standpoint.
That is important. Pointing out sane alternatives helps make it clear this isn’t an acceptable solution.
None of my devices required any kind of sign-up/activation.
I mean, great? Most mainstream devices do however, whether it’s an AppleID, Google account or Microsoft account.
It’s not a requirement on Android. Like at all. My Windows 10 also isn’t signed into Microsoft Account.
There absolutely is a minimum age requirement to set up a Google account, which you can see from their Ts & Cs. Whether that is enforced is an entirely different question.
You don’t need a google account to use android.
No you don’t, but like I say, I’m talking about the majority of users.
Again though, and I’m copying this from a previous response, I think it’s worth remembering that this is a suggestion, and not even originally mine. If you’re happier to use the current multitude of age verification services that differ on a per-site basis, with all the security vulnerabilities, risk, and inconvenience that entails, then feel free. Or bypass them using the methods suggested.
I’m literally just providing a better technical solution than has been implemented. What I’m not suggesting is “this is the answer to everyone’s problem”.
Wow now the site knows my google account, way better than sending a picture of myself.
No, I don’t know where you’ve got that idea from.
So hows this gonna verify anything?
You’re welcome to Google “device-based age verification” to get any answers you need, from wiser minds than mine.
Except there is no ID/age verification when you create a Google or Microsoft account (no idea about Apple, don’t use that crap), so you’re suggesting that the “birthday” field where I can set whatever date I want should be a standard age verification method?
Jesus Christ, no, I’m not suggesting that nothing changes from exactly what we do now. I’m suggesting a new, more secure, less intrusive method, and it’s not even an original suggestion. Just try a little bit of thought.
If it’s going to be implemented by law anyway, the age verification should be at the device level. The device accounts already do ask your age - directly or indirectly - although it’s not stringently enforced, however each of the big 3 already have a minimum age requirement to set up an account as per their terms and conditions.
It’s not a big leap to suggest that true age verification is done at that point seeing as you already often have to provide an age or payment information to set up on-device payment details, meaning there’s no need to involve a third party at any other subsequent point.
Honestly, I’d rather see official governmental third parties that handle ID verification and guarantee to discord and any service needing age verification that the user is over the required age. Not comfortable with sharing any sort of verifying data with private companies, even less american companies. I have to for some stuff, but… Not liking it one bit.
There is already a few countries here in Europe with an official governmental identity verification system, and I’m pretty sure age verification can be done through them. I think the EU is also working on a system covering the entirety of Europe, but not certain.
The difficulty you might end up with there is governments not permitting their age verification system for certain sites if they desired. Meaning even greater governmental control of what sites you can access.
Well then the site uses a different system that complies with regulations. I don’t see this as a problem, it doesn’t have to be the only service that can verify your age.
The problem is that would be incredibly easy to bypass at multiple levels. You could set your age as >18 when configuring your device’s account (they don’t check ID) or modify the OS/browser/client-side webpage itself (the latter of which a simple browser extension could accomplish).
As we’ve seen, the current system is incredibly easy to bypass. There are plenty of ways to game or avoid the age checks.
The current implementation also uses multiple different age verification services, on a per-site basis. This proposed one reduces data exposure vulnerabilities to a fraction.