Many might’ve seen the Australian ban of social media for <16 y.o with no idea of how to implement it. There have been mentions of “double blind age verification”, but I can’t find any information on it.

Out of curiosity, how would you implement this with privacy in mind if you really had to?

  • MimicJar@lemmy.world
    link
    fedilink
    arrow-up
    2
    arrow-down
    1
    ·
    25 days ago

    This gives them hardly any information beyond what they already have.

    Except now they know the individuals using your Internet.

    Sure if you live alone they already can easily put that information together. However if you have a partner, a relative and children all living in one house they now know who is in that home.

    Plus maybe no one in the house uses Twitter and Aunt Alice the Twitter user came to visit, does she need to reverify? Your ISP knows that now.

    ISPs would be gaining a lot of new information.

    • General_Effort@lemmy.world
      link
      fedilink
      arrow-up
      1
      arrow-down
      2
      ·
      24 days ago

      It’s not necessary to expose the identities of the users. The age confirmation could happen via a password, PIN, or even a physical USB dongle. Tying such methods to a particular identity adds nothing to the age verification.

      If that is not enough, then one would need a permanent, live webcam feed of the user. It could be monitored by AI, and/or police officers could make random checks.

      Granted, one would have to make sure that not everyone behind the same router can use age-restricted services; eg with a VPN. That would let them assign connections to individual, anonymous adults. But I’d guess you could do that anyway with some confidence by analyzing usage patterns. Besides, information on who is in a home can also be found in other places such as social media or maybe company websites. So I do not think this is much new information.

      But thinking about it, one could compartmentalize this.

      The ISP only allows connections to whitelisted servers, including 1 or more government approved VPNs. The ISP refuses connection to these VPNs without age confirmation. The VPN provider does not need to be told the identity of the customer. There needs to be no persistence across sessions. The ISP need not know what sites are visited via VPN. While the VPN provider need not know about sites visited without.

      If you do it that way, the ISP ends up knowing less than before.

      Since both ISP and VPN servers and offices would be physically located in the country, one would have no problem enforcing prohibitions on data sharing, if desired by lawmakers.

      Anyway, this is the only realistic approach in the whole thread. Everything else assumes that Australian law will be followed globally. And then the ISP still has all that usage data. Why not just use a blockchain…