Dave Robinson
I'm going to say something controversial: I don't have a problem with age verification. I don't think anyone can dispute that some digital services should be age-restricted, just like we restrict access to other things like cigarettes and alcohol based on age.

I do, however, have a problem with the implementation of it. In the UK, there is no official government id service (yet), and leaving things to AI guesswork or an unregulated 3rd party is inadequate. Of course, many people will not trust the government not to misuse the id information anyway, but unless you're a complete anarchist you have to accept that the government will know stuff about you, such as your entitlement to benefits and how much tax you've paid

I have had to prove my age online, and it's easily done via my bank account. The bank doesn't know anything about the service for which verification is being requested, and none of my personal banking details are leaked. It's just a small inconvenience when you sign up for the service, and then it's business as usual. So what's the problem?

#AgeVerification
Jun 18 at 3:12pmWeb
Show threadTim Ward ⭐πŸ‡ͺπŸ‡ΊπŸ”Ά #FBPE3d ago
@dave Sure the government knows stuff about me, but at present it's not all exposed on a single API for any hacker who can be arsed to try hard enough.
Show threadTim Ward ⭐πŸ‡ͺπŸ‡ΊπŸ”Ά #FBPE3d ago
@dave And there's no single key (such as a government digital ID) that any hacker can acquire that will get them into all the disparate government databases about me.
Show threadTim Ward ⭐πŸ‡ͺπŸ‡ΊπŸ”Ά #FBPE3d ago
@dave Worse still would be if commercial organisations, either through choice or government dictat, started using government issued digital IDs - then you could lose all your bank accounts in one hack.
Show threadDave Robinson3d ago
@TimWardCam
But it would be possible (I presume) to control access to your own digital ID? For example, if anyone tries to get a copy of my front door key cut I get emailed and I have to give permission.

Digital ID has worked very well in Estonia, I believe, where it's widely used and pretty much universally accepted and used on a daily basis. That does require a private key (on a physical card) and as associated PIN, but it does make ID theft pretty difficult.
Show threadTim Ward ⭐πŸ‡ͺπŸ‡ΊπŸ”Ά #FBPE3d ago

@dave I'm pretty sure anyone with a bit of training (eg watching a few YouTube videos and some hours practice with some tools easily bought online) could open your front door lock without a key, so if anyone really cares about getting into your house they're unlikely to bother trying to get a key.

Any system will get hacked sooner or later. If that opens access to *everything* that's worse than if it only opens access to a single system.

And, a complicated system that needs a physical private key and a PIN is going to need a recovery system for people who lose or forget them, plus a backup system for people who can't cope with that level of technology at all, and these systems might prove to be weaker points to attack.

Show threadDave Robinson3d ago
@TimWardCam
I think the biggest problem here is social engineering threats. However, if your ID is a physical device (such as a NitroKey kind of thing) together with a PIN or would be harder. I think you're conflating general cyber security hacking threats with privacy worries. Both of which are valid, of course.
Show threadTim Ward ⭐πŸ‡ͺπŸ‡ΊπŸ”Ά #FBPE3d ago
@dave Yes, it's the social engineering threats ("I've lost my card / PIN etc") that might prove to be the weak point.
Show threadDave Robinson3d ago
@TimWardCam
It is possible to make systems hacker-proof. Before I retired very recently, I worked for a company selling very expensive (six figures) network boxes that very tightly control the data flowing through them using physical hardware (so-called 'hardsec'). Popular amongst government agencies, but really should be in use much more extensively. Combine that with very restrictive APIs and the risk is manageable, I would think.

However, subcontracting the whole system to Fujitsu or one of the usual suspects would be a bad idea!
Show threadohmrun3d ago

@dave
They've taken to the rubric: government doing things is socialism, and if the government does a lot of things, that's communism.

Finding out how their lobbyist friends make money would be rude, you know.

Show threadmethchild3d ago

@dave

some thoughts
1) there are so many ways to circumvent restrictions and where there is a will , there is a way.
2) entrusting any personal data to another is always a risk and it has been shown time and again that many third parties do not sufficiently secure that data , case in point , Nottingham University only last week

https://westbridgfordwire.com/university-of-nottingham-warns-personal-data-may-have-been-exposed-in-cyber-incident/

There is a line in a Dead Kennedys song that comes to mind
'who will babysit the babysitters?'

University of Nottingham warns personal data may have been exposed in cyber incident | West Bridgford Wire

The University of Nottingham has warned that personal data may have been exposed following a data security incident involving its student records platform.

West Bridgford Wire
Show threadij3d ago
@dave It is quite easy to show your age in a pub or shop just by showing your face, there is no need to exchange documents or upload files. The government just hasn't given any thought to it, because in truth they are not interested. #ageverification
Show threadSyd II πŸ‡ͺπŸ‡Ί2d ago
@dave The problem is not the government knowing stuff about you, it’s them selling the information off to a third party. Health information for instance, which was sold to a rogue state, aka America.
I’m in favour of a properly run and protected national ID system, as long it is protected from the party in power, whoever that it.
Show threadDave Robinson2d ago
@missingbrighton
πŸ’―