xxx
As we wrote last year, KOSA’s original language would have effectively required covered platforms to verify the age and thus the identity of every user.
From: Congress Pretends It’s Fixed All The Problems With KOSA; It Hasn’t | Techdirt.
I can see why people would be uncomfortable with having to reveal their real name, address, social security number and goodness know what other personally identifiable information to to a porn site, or having their children provide their personal details to some online messaging service. But there is a world of difference between requiring age verification and requiring identification.
Remember that the porn site doesn’t need to know your age or anything else: It only needs to know that you are over 18. Your bank, amongst a great many other institutions, could easily provide your with a verifiable credential to achieve this. Similarly, the messaging site might need to know that your child is aged from 13-18 and some other site might need to know that the user is under 13 or over 65. It doesn’t matter: the point is that age verification does not need identification.
If you are wondering how this might work in practice, consider the practical example of a smart wallet. You want to obtain the IS_OVER_18 credential, so your smart wallet generates a key pair. The private key remains hidden in the secure element of your mobile phone, which it never leaves. The public key is sent to your bank where it is turned into a verifiable credential by adding the IS_OVER_18 credential that is then signed by the bank. The credentail contains nothing else. No personal information. Nothing.
Now, you show up at a porn site and the site needs to know that you are over 18, so it requests a credential that it can verify. Your present the credential from your bank, the porn site checks the digital signature (easy, because the bank’s public key is, well, public). But how does the porn site know that it is your certificate? Well, the credential (as noted above) contains a public key. So the porn site encrypts soem random data using that public key and sends it to your phone. Since your phone, and only your phone, contains the corresponding private key then the porn site knows that it was your phone that created the public key and (since the smart wallet must send the encrypted to the secure element to be decrypted, because that’s where the private key is, and the phone won’t decrypt the data unless you authenticate yourself (with FaceID or whatever) it knows and you are using the phone.
If you are launching nuclear missiles, you might want to add a biometric liveness check, but for OnlyFans that kind of 2FA is adequate. If you let a minor access porn using your phone, then you are comitting a criminal offence and deserve to be punished.
It is time to stop shying away from demanding full age verification, all the time.
Snippings 