Protecting children online is crucial, but forcing every user to hand over their ID is a privacy nightmare waiting to happen, according to the head of the Swiss privacy firm
Sorry but I fundamentally disagree. Privacy respecting solutions do not collect unnecessary information.
The packaging of identity validation in the OS breaches this principle by collecting more information than necessary and by collecting that information prior to the existence of a necessitating use case.
It is not necessary to prove my age to do things not restricted by age, nor is it necessary to know who I am, or to prove my exact age, to prove I am older than a certain age.
Even in the efforts I have seen to verify threshold rather than current age instead of identity, I’m not aware of any attempts or solutions that protect against timing attacks or inference attacks as users transition from failing the threshold verification process to passing it.
Most OS code is proprietary and not auditable so any baked in solution cannot possibly pass a zero trust requirement. Access gates should only be applied at the point of need, as such things have always been done in all other scenarios and environments.
Sorry but I fundamentally disagree. Privacy respecting solutions do not collect unnecessary information.
The packaging of identity validation in the OS breaches this principle by collecting more information than necessary and by collecting that information prior to the existence of a necessitating use case.
It is not necessary to prove my age to do things not restricted by age, nor is it necessary to know who I am, or to prove my exact age, to prove I am older than a certain age.
Even in the efforts I have seen to verify threshold rather than current age instead of identity, I’m not aware of any attempts or solutions that protect against timing attacks or inference attacks as users transition from failing the threshold verification process to passing it.
Most OS code is proprietary and not auditable so any baked in solution cannot possibly pass a zero trust requirement. Access gates should only be applied at the point of need, as such things have always been done in all other scenarios and environments.