With many jurisdictions introducing age verification laws for various things on the internet, a lot of questions have come up about implementation and privacy. I haven’t seen anyone come up with a real working example of how to implement it technically/cryptographically that don’t have any major flaws.
Setting aside the ethics of age verification and whether or not it’s a good idea - is it technically possible to accurately verify someone’s age while respecting their privacy and if so how?
For an implementation to work, it should:
- Let the service know that the user is an adult by providing a verifiable proof of adulthood (eg. A proof that’s signed by a trusted authority/government)
- Not let the service know any other information about the user besides what they already learn through http or TCP/IP
- Not let a government or age verification authority know whenever a user is accessing 18+ content
- Make it difficult or impossible for a child to fake a proof of adulthood, eg. By downloading an already verified anonymous signing key shared by an adult, etc.
- Be simple enough to implement that non-technical people can do it without difficulty and without purchasing bespoke hardware
- Ideally not requiring any long term storage of personal information by a government or verification authority that could be compromised in a data breach
I think the first two points are fairly simple (lots of possible implementations with zero-knowledge proofs and anonymous signing keys, credentials with partial disclosure, authenticating with a trusted age verification system, etc. etc.)
The rest of the points are the difficult ones. Some children will circumvent any system (eg. By getting an adult to log in for them) but a working system should deter most children and require more than a quick download or a web search for instructions on how to circumvent.
The last point might already be a lost cause depending on your government, so unfortunately it’s probably not as important.
That’s what the router setting to block adult websites is for… you don’t have to monitor 24/7, have some idea that bad sites are blocked, and you can just be doing regular checkups on your child then.
There is and was never a need to involve IDs, other than more control over us as a whole and being able to extract more data.
I think maybe the barrier could be a little higher than just disconnecting from your home’s network.
If we were to accept the premise that there is currently an issue with child internet safety, then clearly this still an issue despite the existence of router controls. But now the question of if this premise is valid. What do you look at to determine whether “internet safety for children” is adequate? I don’t really know, and so I guess I have more reading to do.
I was gonna say something about PSAs, but no time.
I mean at the same time if we accept the premise that parents are unable or unwilling to use the mountains of currently available tools, why would we assume that “just one more tool, bro” is actually a solution to the “problem.”
You could accept that premise, and I’d argue that in that case if child internet safety is an issue, then the only solutions are either to force safety protocols or to leave kids in jeopardy.
I think if you as a parent have router controls and block adult content on their mobile plan if they have one (which I have seen as an option), then you are already doing a lot.
Most routers from ISPs come with “adult” content filtering enabled by default I think, at least the ones I’ve had have had this on.
VPNs already work and I can’t see them not working, so that’s always an option I guess, but they are also still an option with ID laws (ie connect to a region where they have no such laws).
Children’s safety online can’t involve limiting access and tracking everyone who ever goes online with their national ID attatched to every request (basically).
I think it’d be better if we explored the option that involves a parent blocking websites either on your network or on a device they give to you.
Not that I’m doubting you, but is this a common thing? I’ve never even seen it as an option here in Canada, both on ISP supplied devices and on separate routers. Is it just because I’m using cheaper devices, or because on my region?
Hm I know it’s common for me. If it isn’t in canada or elsewhere, then that’s just lazyness and a lack of care by your isp/router manufacturer (which makes sense cuz theres a monopoly on internet over there right? (Rip)).
Anywho, adult filter blocks on routers are a really easy thing to implement. If it isn’t then they simply don’t care to help explore the simplest of options for parents restricting access to bad sites.
I’ve heard of apps you can get for child devices that do a similar thing and let parents track their kids, which might be better anyways, assuming they arent a privacy nightmare (if parents dont prefer buying a smarter router).