EU chief calls for a bloc-wide push on an age verification app to protect children online. If enforced, users will have to prove their age to access legally restricted sites.
This authority will provide you with tokens indicating you are 18+ (or whatever age verfication you may need)
These tokens are stored locally, and contain no identifying information other than a simple “is this guy 18+?”
So they’re reusable? One token can be used for multiple age checks, right?
If not, then think about what that means.
The token gets sent back to the authority for revocation.
The token is authorised by the central authority as still valid.
The token is uniquely identifiable
The central authority knows who it issued each token for
The central authority knows who has asked it the verify age.
Sure, the company you’re purchasing from may have no new information, but the central authority now has everything it needs to know:
How often you buy tobacco, alcohol or medications
What discussion boards you are a member of
Have you purchased anything age restricted from any store (e.g. propane from a DIY store)
Not sure that’s necessarily true. I don’t see why it couldn’t work like this:
request personal token from authority. it works similar to a certificate chain, your token is derived from a central certificate
you store your token locally
you visit an age-restricted website. you send your token (or a challenge encrypted with that token) back to the website
the website verifies your token with the certificate from the authority, (like how literal Certificate Authorities work) . the CA doesn’t know when or why your token was used.
(fwiw I am sure governments will try their best to make this process less private)
Your step 4 will make the token reusable, or at least reusable within a time frame. If a token can only be used once there has to be some information flow back to a central approval authority.
So they’re reusable? One token can be used for multiple age checks, right?
If not, then think about what that means.
Sure, the company you’re purchasing from may have no new information, but the central authority now has everything it needs to know:
Not sure that’s necessarily true. I don’t see why it couldn’t work like this:
(fwiw I am sure governments will try their best to make this process less private)
Your step 4 will make the token reusable, or at least reusable within a time frame. If a token can only be used once there has to be some information flow back to a central approval authority.