alt Hacker NewsOne aspect of this normalization of photo uploading is that, if a platform allows user-generated content that can splash a modal to kids, a bad actor can do things like say “you need to re-verify or you’ll lose all your in-game currency, go here” and then collect photo identification without even needing to compromise identity verification providers!
I truly fear the harm that will be done before legislators realize what they’ve created. One only hopes that this prevents the EU and US from doing something similar.
Replies
> I truly fear the harm that will be done before legislators realize what they’ve created.
Not defending the legislation as I overwhelmingly disagree with it, but if I recall, I don't think any of the age verification legislation specifies a specific implementation of how to verify age.
Requiring photos, or photo ID, or any other number of methods being employed, were all decided on by the various private companies. All the legislators did is tell everyone "you must verify age." The fault here is on Roblox as much as it is on the legislature and they should equally share blame.
I’m sorry to say that a number of US states have instituted age verification laws over the past year
i call this slipstreaming, it can even occur during the signup yeah, once the bouncing around to many domains / uploading photos is psychologically normalized havoc can ensue. this is the greater evil.
I'm optimistic actually. I think "Gen Alpha" is gonna be alright and sufficiently wary of Internet sharing and privacy. Unlike the previous few generations, esp. Milleneals and to a somewhat lesser extent Gen Z and Boomers, who have massively over-shared and are now reaping some of the horrible harvest that comes from that oversharing. Today's teens and tweens seem to finally be getting the message.
I also actually think AI might be a savior here. The ability to fake realistic 18+ year old selfies might help put the nail in the coffin of these idiotic "share a photo with the Internet" verification methods.
The fundamental question that needs answering is: should we actually prevent minors below the age of X from accessing social media site Y? Is the harm done significant enough to warrant providing parents with a technical solution for giving them control over which sites their X-aged child signs up, and a solution that like actually works? Obviously pinky-swear "over 13?" checkboxes don't work, so this currently does not exist.
You can work through robustness issues like the one you bring up (photo uploading may not be a good method), we can discuss privacy trade-offs like adults without pretending this is the first time we legitimately need to make a privacy-functionality or privacy-societal need trade-off, etc. Heck, you can come up with various methods where not much privacy needs trading off, something pseudonymous and/or cryptographic and/or legislated OS-level device flags checked on signup and login.
But it makes no sense to jump to the minutiae without addressing the fundamental question.