"We’ve been saying this for years now, and we’re going to keep saying it until the message finally sinks in: mandatory age verification creates massive, centralized honeypots of sensitive biometric data that will inevitably be breached.
-
"We’ve been saying this for years now, and we’re going to keep saying it until the message finally sinks in: mandatory age verification creates massive, centralized honeypots of sensitive biometric data that will inevitably be breached. Every single time. And every single time it happens, the politicians who mandated these systems and the companies that built them act shocked—shocked!—that collecting enormous databases of government IDs, facial scans, and biometric data from millions of people turns out to be a security nightmare."
-
"We’ve been saying this for years now, and we’re going to keep saying it until the message finally sinks in: mandatory age verification creates massive, centralized honeypots of sensitive biometric data that will inevitably be breached. Every single time. And every single time it happens, the politicians who mandated these systems and the companies that built them act shocked—shocked!—that collecting enormous databases of government IDs, facial scans, and biometric data from millions of people turns out to be a security nightmare."
@TheLastOfHisName Or: you have a zero knowledge protocol where the user presents a certain encrypted dataset, and the service can just check if that user is above a certain age or not, and if the name matches or not. This can be leveraged with Blockchain technology. And yes, initially needs the public authority to register your birth date and name, but that happens everywhere already.
But private companies do not need to store any data about you in this case -
@TheLastOfHisName Or: you have a zero knowledge protocol where the user presents a certain encrypted dataset, and the service can just check if that user is above a certain age or not, and if the name matches or not. This can be leveraged with Blockchain technology. And yes, initially needs the public authority to register your birth date and name, but that happens everywhere already.
But private companies do not need to store any data about you in this case@flohack It isn't a technological problem. -
R relay@relay.mycrowd.ca shared this topic
-
@flohack It isn't a technological problem.
@hypolite this data is already well known to the state authorities so it's too late already to complain
and better only the state has it than every private company builds their own datasets -
@hypolite this data is already well known to the state authorities so it's too late already to complain
and better only the state has it than every private company builds their own datasets@flohack I agree with you but "the user presents a certain encrypted dataset" is load-bearing and not straightforward at all, mostly for non-technological reasons. -
@flohack I agree with you but "the user presents a certain encrypted dataset" is load-bearing and not straightforward at all, mostly for non-technological reasons.
@hypolite I was surprised to find that Austria's electronic driving license can be presented in 2 ways, to the police and to non-authorities. Both option just display a QR code the cannot be used directly. The other party needs an (authorized) app to see if this driving license is valid. So there are already applications that work I guess.
-
R relay@relay.infosec.exchange shared this topic
