I dunno, I was imagining much simpler ways before I clicked through. Or maybe easier ways. Having to buy something and then configure it is a real barrier.
Age limits on buying cigarettes are easily thwarted by finding a corner shop that needs the sale and will sell to kids. Height restrictions on fairground rides are easily thwarted by putting bits of wood in your shoes. None of this matters.
The point is that this kind of control will drastically reduce under 18s consuming content that they shouldn't. We don't need the all of society's controls to be flawless.
The most disturbing thing about this saga is that websites that have no physical/legal/business presence in the UK are proactively geoblocking UK-origin IPs.
Censorious governments have always been a thing since the beginning of the internet. Websites (especially non-corporate ones like 4chan or R34) preemptively surrendering to a foreign government that has no jurisdiction over them is what's new.
Is this hysteria about sex a new thing? I feel like I grew up in an age where it was pretty normal to see these things as soon as you were old enough to be interested in them.
Wouldn't age verification without revealing identity be solved with a service that acts as an identity authority?
1) Site that needs to verify age generates a globally unique id, creates requested data array ["is_over_18"], valid_until property and hmac signature of this message.
2) Client forwards just the id and requested data array to identity authority. Identity authority returns the id, map of data {"is_over_18": true}, public key information, and signature of returned message.
3) Client returns original message with message received from identity authority to the site. Site verifies that id's and requested data match in both messages, original message authenticity via HMAC and signature of message from identity authority using public key cryptography.
User hasn't revealed any PII data besides "is_over_18" value to the site and identity authority doesn't know which site user is accessing.
Requirements: User registers and verifies identity at identity authority. Site trusts identity authority.
Limitations: Site could, behind the scenes, send the generated ID to the identity authority, informing it which site was accessed using this ID.
According to the article, Ofcom are encouraging "parents to block or control VPN usage by their children to keep them from dodging the age checkers."
This might be stupidest advice I've ever heard. If parents aren't willing to block or control access to porn sites, there's even less chance of them blocking or controlling VPN usage. But if nothing else, it does show up this law for the nonsense that it is.
Are people still thinking a face image can be used to verify age? That's absurd. Former globally leading facial recognition developer here, and the article lightly mentions using a face image and age verification face analysis - that's not age accurate at all. Ask many ethnicities with experience, "age verification" image analysis is so unreliable it is fraud used in this context.
the most confusing thing about this is, do people think there's just one porn site on the internet? Nobody needs a vpn, they can literally type "porn" into any search engine and land on one of fifteen million sites sitting in Russia or some random island nation
if there's one thing the internet doesn't have a shortage of it's bootleg streaming sites
Also I just the Reddit age test thing. It just wanted me to look at the webcam, so anyone who has access to an older person to do that can get verified.
19 comments
[ 2.8 ms ] story [ 38.0 ms ] threadThe point is that this kind of control will drastically reduce under 18s consuming content that they shouldn't. We don't need the all of society's controls to be flawless.
Censorious governments have always been a thing since the beginning of the internet. Websites (especially non-corporate ones like 4chan or R34) preemptively surrendering to a foreign government that has no jurisdiction over them is what's new.
We can debate all day, but I feel very sad to be in the technology sector in the UK right now.
1) Site that needs to verify age generates a globally unique id, creates requested data array ["is_over_18"], valid_until property and hmac signature of this message.
2) Client forwards just the id and requested data array to identity authority. Identity authority returns the id, map of data {"is_over_18": true}, public key information, and signature of returned message.
3) Client returns original message with message received from identity authority to the site. Site verifies that id's and requested data match in both messages, original message authenticity via HMAC and signature of message from identity authority using public key cryptography.
User hasn't revealed any PII data besides "is_over_18" value to the site and identity authority doesn't know which site user is accessing.
Requirements: User registers and verifies identity at identity authority. Site trusts identity authority.
Limitations: Site could, behind the scenes, send the generated ID to the identity authority, informing it which site was accessed using this ID.
This might be stupidest advice I've ever heard. If parents aren't willing to block or control access to porn sites, there's even less chance of them blocking or controlling VPN usage. But if nothing else, it does show up this law for the nonsense that it is.
if there's one thing the internet doesn't have a shortage of it's bootleg streaming sites