Lately there has been a lot of controversy about age verification and it’s implementation in places such as UK and US.
The main critic to this mechanism is due being done through facial recognition or a government ID which are privacy invasive.
So here is my question as someone who comes from IT, wouldn’t it be possible to create a device which just gives out true or false depending if the person is of age, given some kind of piece of DNA (hair, blood, nails) ?
I known there is carbon dating, but from what I understand is a bit of complicated process. The human body however shows it’s age visually and I would be interested to know if genetically there are some signs as well that could be somewhat used in a automatic process.
Again I come from IT, just curious about the implications and your takes on the problem.
Oh that makes sense an age certificate that only gov can generate. No ties to your identity whatsoever, still one could easily borrow someone else’s. Maybe it could work like JWT or OTPs, go to gov platform generate it being only valid for a couple mins and paste it in the website.
Literally tied to your identity by the government
I was mentioning the token payload witch would be only the age or a boolean value.
the only way to borrow it is physically taking the phone, and even then, if the phone is locked, you need to unlock it. The cert by itself is bound to a device, if you give that device to someone else, that’s on you. It’s not a fault in the system but in the user.
Think of how 2fa apps work. They generally are locked under a code or biometrics, if someone else access to them, it’s because you gave them access, so it’s your responsibility.
Yeah . . . Now being devil’s advocate faceID would prevent that.
But still if instead of bounding a cert to a device we went to a gov platform for a limited time token/OTP it would work too. It could be shared too but so could u ask ur brother to show up in the facescan before entering a website.
Yes, but then, to generate the code, the gov has to know who’s asking for it. If the cert is locally stored in your phone, nobody can know who’s asking for it.
At least here in Portugal we have a eletronic ID platform that provides some services that could be one of them.
What I was saying was going to that platform or app ( they have a app I think too ) grab a token generated for that website specifically and paste it.
Than the website would receive the token and given a key received by the gov to operate in the contry gets the playload and checks if the person is of age.