undefined | Better HN

0 pointsjbjbjbjb7mo ago0 comments

Apple, Google etc are already implementing the Digital Credentials API standard which would make this type age verification much more secure.

0 comments

codedokode7mo ago

No, "digital credentials" is an awful idea because it requires to store your ID on your phone and thus make it accessible to Apple and Google and secret courts. What I suggest is simply to store a single "isAdult" bit on device, without revealing any identity, and make apps like browser do the censorship on device, without sending any data to a webite. The algorithm is as follows:

    if isAdult == 0 and website doesn't send a "safe-content" header, then:
        browser refuses to display content
    if isAdult == 0 and photo in a messenger doesn't contain a "safe-content" metadata, then
        photo viewer refuses to display content
    if isAdult == 0 and the app is not marked as safe, then
        app store refuses to download the app and OS refuses to launch it

With my approach, you don't need to store your ID on your device, you don't need to send your ID anywhere, and website operators and app developers do not need to do anything because by default they will be considered not safe. So my solution's cost is ZERO for website operators and app developers. As a website operator you don't need to change anything and to verify the age.

jbjbjbjbOP7mo ago

I think you misunderstood how the digital credentials api works. It keeps it in your phone’s secure element and lets you share just a “yes/no” proof like “over 18” without revealing anything else. It’s basically the cryptographically secure version of the isAdult bit you’re describing. It also has trust by cryptographically signing the proof and it can handle different jurisdictions.

codedokode7mo ago

Not keeping the ID in a phone is better than keeping it in a "secure element" and having to upload it there using closed-sourced software with unclear functionality.

1 more reply

_Algernon_7mo ago

What stops the under age user from setting isAdult = 1?

imtringued7mo ago

Their parents. The alternative is complete government surveillance of literally everything and I mean literally everything, starting from resource extraction and knowledge needed to manufacture electronics and the policing of every planet in the universe that is capable of giving rise to sentient intelligent life.

codedokode7mo ago

Proprietary closed-sourced OS, the same thing that prevents you from installing Debian on your phone (unless it is Google Pixel).

1 more reply

j / k navigate · click thread line to collapse

0 comments

codedokode7mo ago

    if isAdult == 0 and website doesn't send a "safe-content" header, then:
        browser refuses to display content
    if isAdult == 0 and photo in a messenger doesn't contain a "safe-content" metadata, then
        photo viewer refuses to display content
    if isAdult == 0 and the app is not marked as safe, then
        app store refuses to download the app and OS refuses to launch it

jbjbjbjbOP7mo ago

codedokode7mo ago

Not keeping the ID in a phone is better than keeping it in a "secure element" and having to upload it there using closed-sourced software with unclear functionality.

1 more reply

_Algernon_7mo ago

What stops the under age user from setting isAdult = 1?

imtringued7mo ago

codedokode7mo ago

Proprietary closed-sourced OS, the same thing that prevents you from installing Debian on your phone (unless it is Google Pixel).

1 more reply

j / k navigate · click thread line to collapse