We’ve been saying this for years now, and we’re going to keep saying it until the message finally sinks in: mandatory age verification creates massive, centralized honeypots of sensitiv…
This is ridiculous and clearly shows both nefarious intent and complete disregard for the GDPR and it’s core principle of data minimisation. There must be a simpler solution to this - maybe through attestation from a trusted third party who has already (legitimately) verified the user’s identity - like a bank. Imagine a user creating and providing a token that allows a one-time request through the open banking standards to receive an attestation on whether or not the user is over 18 - without disclosing the users actual dob or any other personal information except who and how the attestation was made. Not sure if it would even be necessary for companies to store precisely when the attestation was made if the banks themselves record the event.
Yeah, steam determines that someone is an adult if they have a credit card on their account. This seems like a simple and effective method. Although I do still sometimes have an ‘Are you over 18?’ query, maybe that’s from individual games.
good example that works well on a data minimisation basis when they the need is for some indication of age appropriated trust. There are limits to it though. - to actually satisfy age-gates/verification they would also need to tie your identity to the ownership of the card, and ensure the card isn’t some kind of under 18 prepaid affair.
If we imposed rules that only adults can use regular cards and kids can use the equivalent of a child card, which is available at all major card issuers, this entire problem could be solved by the banks that already use KYC for basically the same reason.
But that wouldnt get us closer to palantirs one world government so it isnt an option
Which, btw, makes perfect sense. As a shop that takes credit cards, I would want to know if someone has signed up for a subscription service with a prepaid card, since the card may run out, prematurely cancelling the service.
There’s a big database at the backend of the credit card processor that keeps track of all this stuff. The shop can tell a lot about you based on your card number.
This is ridiculous and clearly shows both nefarious intent and complete disregard for the GDPR and it’s core principle of data minimisation. There must be a simpler solution to this - maybe through attestation from a trusted third party who has already (legitimately) verified the user’s identity - like a bank. Imagine a user creating and providing a token that allows a one-time request through the open banking standards to receive an attestation on whether or not the user is over 18 - without disclosing the users actual dob or any other personal information except who and how the attestation was made. Not sure if it would even be necessary for companies to store precisely when the attestation was made if the banks themselves record the event.
Yeah, steam determines that someone is an adult if they have a credit card on their account. This seems like a simple and effective method. Although I do still sometimes have an ‘Are you over 18?’ query, maybe that’s from individual games.
good example that works well on a data minimisation basis when they the need is for some indication of age appropriated trust. There are limits to it though. - to actually satisfy age-gates/verification they would also need to tie your identity to the ownership of the card, and ensure the card isn’t some kind of under 18 prepaid affair.
Prepaid cards have numbers that identify them.
If we imposed rules that only adults can use regular cards and kids can use the equivalent of a child card, which is available at all major card issuers, this entire problem could be solved by the banks that already use KYC for basically the same reason.
But that wouldnt get us closer to palantirs one world government so it isnt an option
Which, btw, makes perfect sense. As a shop that takes credit cards, I would want to know if someone has signed up for a subscription service with a prepaid card, since the card may run out, prematurely cancelling the service.
There’s a big database at the backend of the credit card processor that keeps track of all this stuff. The shop can tell a lot about you based on your card number.
Government could generate anonymous time-limited access tokens for specific scopes like age, citizenship, etc.