Meta is supporting proposals to establish a common Digital Majority Age across EU member states, whereby parents need to approve their younger teens' access to digital services, including social media.
I’ve been thinking of possible ways that you could prove you’re of legal age to access a site through a government service without the government being able to know who the user is, and I can’t really come up with a clean solution.
The best idea that came to my mind was that you could e.g. have a challenge system where the government service challenges the user to return an encrypted randomly generated value. Each user has e.g. an AES key assigned to them that corresponds to the year they were born in, e.g. everyone born in the year 2000 has the same encryption key in ther ID card, and they just use that to return an answer to the challenge. The government website can know all of the secret keys and just check if it can unencrypt the result with the correct one. This means that the government service won’t know anything about the user other than their year of birth, but can confirm their age.
Now two main problems are that, as everyone with the same year of birth has the same key, it could be possible to somehow leak one key and make it so that anyone can pretend to be born at that age, but considering this is for kids, exploiting that sort of problem is probably enough of a barrier to use. Another problem is that this would require you to scan your ID card with every use. Maybe you could accomplish this with a mobile app but idk if that’s possible to do in the same way.
There is no way. If identity is involved in any way, shape, or form it is a major privacy and security risk. Meta supports it only because it shifts responsibility and liability off themselves. In other words, it benefits them financially. Endangering the public for profit is their whole M.O.
How about parents just do their job and make sure their kids aren’t accessing stuff they shouldn’t? I’m a parent, and I’m already doing that, I don’t need the government to violate my privacy in order to be a decent parent…
I’ve been thinking of possible ways that you could prove you’re of legal age to access a site through a government service without the government being able to know who the user is, and I can’t really come up with a clean solution.
The best idea that came to my mind was that you could e.g. have a challenge system where the government service challenges the user to return an encrypted randomly generated value. Each user has e.g. an AES key assigned to them that corresponds to the year they were born in, e.g. everyone born in the year 2000 has the same encryption key in ther ID card, and they just use that to return an answer to the challenge. The government website can know all of the secret keys and just check if it can unencrypt the result with the correct one. This means that the government service won’t know anything about the user other than their year of birth, but can confirm their age.
Now two main problems are that, as everyone with the same year of birth has the same key, it could be possible to somehow leak one key and make it so that anyone can pretend to be born at that age, but considering this is for kids, exploiting that sort of problem is probably enough of a barrier to use. Another problem is that this would require you to scan your ID card with every use. Maybe you could accomplish this with a mobile app but idk if that’s possible to do in the same way.
There is no way. If identity is involved in any way, shape, or form it is a major privacy and security risk. Meta supports it only because it shifts responsibility and liability off themselves. In other words, it benefits them financially. Endangering the public for profit is their whole M.O.
How about parents just do their job and make sure their kids aren’t accessing stuff they shouldn’t? I’m a parent, and I’m already doing that, I don’t need the government to violate my privacy in order to be a decent parent…