Post · bonfire.cafe

@neil@mastodon.neilzone.co.uk · 2 months ago

Today - 25 July - is the deadline for user-to-user services subject to the UK's Online Safety Act to have "highly effective age assurance" in place for UK users, if the site's content requires it. (Not all sites/content require age assurance.)

Please be careful, especially if you are in the UK.

Think before handing over ID documents, and be especially mindful of mistyped URLs and other scams, trying to obtain your personal data for phishing or blackmail purposes.

#OnlineSafetyAct

David Njoku

@davidnjoku@mastodon.world replied · 2 months ago

@neil A tech journalist that I have a lot is respect for, @acedtect, has always been an advocate for Tim Berners Lee's Solid as a means of identification that allows the citizen retain a modicum of control. I wish the UK government had taken this opportunity to push it.

https://en.m.wikipedia.org/wiki/Solid_(web_decentralization_project)

tautology

@tautology@infosec.exchange replied · 2 months ago

@neil A discussion came up today in the work chat, if I use a false ID (e.g. AI generated image) to bypass this check to allow me to access a service which I am old enough to access anyway, would I commit an offence under the identity documents act 2010 or the fraud act 2006?

Would even testing this lead be in a postion where I could be prosecuted (like testing for vulnerabilities under the CMA)?

How is this different from me using a fake date of birth on sites?

Do we all just need to wait for an actual judgement or will the age verification vendors actual care?

happyborg

@happyborg@fosstodon.org replied · 2 months ago

@neil
If they wanted to protect children - and adults - they would ban or tackle algorithmic feeds.

That's what caused the problem and the solution is simple, easy to police and enforce, if a bit more difficult politically.

Instead they are driving small communities onto those corporate platforms which cause the ham. 🤔

chrisp

@chrisp@cyberplace.social replied · 2 months ago

@neil Really think about which services you use, with which accounts need verification. Remember that password breach you were in 2 years ago? What if it were an ID breach? Or use a VPN to a sane country.

Dog Noise Generator

@Buster@woof.group replied · 2 months ago

@neil uk Reddit is going nuts. Also, Reddit now insisting that LGBT subs are all 18+ and need verification.
Yeah, hand over your ID to an American company subject to the patriot act and be on their list of known queers? No thanks.

🌱@ambiguous_yelp:ahimsa.chat

@ambiguous_yelp@social.coop replied · 2 months ago

@neil Im concerned how this will affect decentralised social media like #simplex https://simplex.chat #briar https://briarproject.org & #cwtch https://docs.cwtch.im these services r so decentralised there aren't even servers that facilitate users directly its more like a participatory network infrastructure, its undeniably user-to-user but what are they going to do charge every simplex relay operator? Or every node in a briar mesh? Or r group moderators liable instead?

G-Squirrel

@gsquirrel@cupoftea.social replied · 2 months ago

@neil I've absolutely no intention of agreeing to use any of these age verification services. It'll be interesting to see (a) how much this affects my experience of the web, and (b) how trivial it'll be to circumvent the checks where they do get in the way of what I'm doing.

jaz :twt: :wales_flag:

@jaz@toot.wales replied · 2 months ago

@gsquirrel @neil when I were a lad the age verification was "can I reach the top shelf" and "will Tony the News let me take this out".

I must have put a lot of trust in Tony. I bet he never shared what mags and electric blue videos I was into with his mates.

Peter Brett

@krans@mastodon.me.uk replied · 2 months ago

@neil I'm still struggling to work out what the absolute minimum service that would qualify as “highly effective age assurance” would look like

#OnlineSafetyAct

Peter Brett

@krans@mastodon.me.uk replied · 2 months ago

@neil I guess this isn't a completely hypothetical question, because I'm now considering building a minimally invasive age assurance service, if I can figure out how to meet the minimum requirements

#OnlineSafetyAct

Ret

@ret@furry.engineer replied · 2 months ago

@krans @neil I think it’s impossible. Either you protect user privacy adequately and build a client side solution (which implicitly trusts the client and is therefore spoofable and able to be bypassed). Or you build a server-side solution where the user has to blindly submit images and believe your promises about how they are processed.

We’re in this situation because hapless, lazy MPs believed techbro promises that they can solve this intractable societal problem (for money). No amount of code can fix this. This isn’t a computer problem. This is a society and people problem.

Paul Fenwick

@pjf@cloudisland.nz replied · 2 months ago

@neil : Australia is trying to follow suit. I can't wait for even more of the internet to try and grift my PII. 😢

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.0-rc.3.1 no JS en

Automatic federation enabled