| ▲ | anon_shill 8 hours ago | |||||||
From the second paragraph: > And the only way to prove that you checked is to keep the data indefinitely. This is not true and made me immediately stop reading. If a social media app uses a third party vendor to do facial/ID age estimation, the vendor can (and in many cases does) only send an estimated age range back to the caller. Some of the more privacy invasive KYC vendors like Persona persist and optionally pass back entire government IDs, but there are other age verifiers (k-ID, PRIVO, among others) who don't. Regulators are happy with apps using these less invasive ones and making a best effort based on an estimated age, and that doesn't require storing any additional PII. We really need to deconflate age verification from KYC to have productive conversations about this stuff. You can do one thing without doing the other. | ||||||||
| ▲ | 0x000xca0xfe 7 hours ago | parent [-] | |||||||
If you don't keep and cross-reference documents it is really easy to circumvent, e.g. by kids asking their older siblings to sign them up. I don't think a bulletproof age verification system can be implemented on the server side without serious privacy implications. It would be quite easy to build it on the client side (child mode) but the ones pushing for these systems (usually politicians) don't seem to care about that. | ||||||||
| ||||||||