zlacker

LOL, what? My (teenage) kids use my phone all the time, especially in the car, when I'm driving, but also at home. It's not like I have porn or banking apps on it, but what is the age verification going to help there? If the kids would install an app or used browser to see naked people, then my face would be available to these services, right? Better mine than the kids', I suppose!

(We're not in Denmark, but I wonder how it is going in our jurisdiction ...)

>>taneli+(OP)
The Danish MitID identity "service" is actually pretty clever, except for the app used to approve actions or requests on your behalf. It's designed in a way that ensure that it can verify your age, but reveal nothing else about you. It isn't going to be used for "Porn ID" though. Instead it will provide your age information, basically 15+ or 18+ (I think those are the options), to an identity wallet, which in term will validate your age to the porn sites. Unlike the UK version there's no reason to have your face scanned, because the Danish government already knows your age and can provide that information via a trusted channel, MitID.

That's probably the issue the other post aludes to. The identity wallet will only be available via Google Play or the Apple App Store (as far as we know). So without a phone and a Google or Apple account, you're won't be able to provide your age information to e.g. PornHub.

>>mrweas+6r
Exactly this. Except the new service is not released as part of MitID but as part of the new digital wallet app (den digitale tegnebog). This is a separate and "voluntary" app which is meant to be offered as a convenience. Except it isn't really voluntary when the app is introduced together with new regulation that requires you to verify your age in places where you were previously anonymous, and the only way to actually stay anonymous and retain access is via the app.

>>mrweas+6r
it looks like MitID is basically country-wide SSO, isn't it? then isn't MitID collecting every website you authenticate to via the redirect uri?

>>sterli+eY2
Ah, yeah, that actually makes sense: now that the USA no longer shares intelligence information with some countries it previously did (or can't be trusted to do so), they have to implement alternatives.

>>sterli+eY2
Yes, but MitID is also only intended to be used in places where you are not anonymous to begin with, so this is actually OK and also gives you access to a central audit log of where your MitID credentials were used.

MitID is different from the proposed app-based solution for age verification which is designed to not leave a trail. The age verification app will initially be enrolled using MitID (or perhaps by a physical visit to a citizen service point where you can show physical credentials and answer security questions), but subsequent presentations of age verification proofs to service providers will be done without involving a central party.

All in all it is a good design from a privacy perspective. The major issue with it is that ONLY a smartphone based solution is planned, and that there is a high likelihood that it will depend on Play Integrity attestation. This will force everyone to be customers of Google or Apple if they want access to the full internet. I think it is technically possible to also offer alternative solutions based on secure hardware tokens which would still enable people without smartphones to verify their age in a privacy preserving way, but this is not planned.

>>ulrikr+Ai7
When it comes to age verification - I still don't understand how you'd make it subpoena-proof? Like, the ones I've seen proposed protect you from the site itself getting more data than it should. But what about a government agency subpoenaing the website to see what credential this account was verified with and then comparing with the age-assuring agency's logs?..