Erik van Straten<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@bob_zim" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>bob_zim</span></a></span> : apart from the fact that online age verification can be easily bypassed, I expect online authentication (proving your identity as known by your government) to lead to massive numbers of identity fraud.</p><p>Reliable authentication necessitates that the VERIFIER is trustworthy. If not, they can impersonate you to a third party, using the digital proof that you provided.</p><p>Suppose you prefer watching sex with elderly women, and google "milf sex".</p><p>And suppose google comes up with rollatorbabes dot com. You go there and they demand that you prove you're old enough by sunmitting your electronic ID - and perhaps also a selfie "to prevent fraud". This may happen:</p><p> You &lt;-&gt; RollatorBabes &lt;-&gt; Visa</p><p>RollatorBabes forwards all auth details, except your home address (RollatorBabes changes that) to Visa - in order for them to obtain a creditcard - showing your name.</p><p>To prevent this, the first thing you need to know is WHO the verifier is. Not who they say they are, but reliably verified by a third party who deserves YOUR trust. So you can sue RollatorBabes if they fsck you.</p><p>Do you trust THEM, shown below?</p><p>See also <a href="https://infosec.exchange/@ErikvanStraten/113880125384919871" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/113880125384919871</span></a>.</p><p><span class="h-card" translate="no"><a href="https://mastodon.social/@nazokiyoubinbou" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>nazokiyoubinbou</span></a></span> <span class="h-card" translate="no"><a href="https://hachyderm.io/@evacide" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>evacide</span></a></span> </p><p><a href="https://infosec.exchange/tags/GooglsIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GooglsIsEvil</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/DVcerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DVcerts</span></a> <a href="https://infosec.exchange/tags/GTS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GTS</span></a> <a href="https://infosec.exchange/tags/BrowsersAnonimizingWebSites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BrowsersAnonimizingWebSites</span></a> <a href="https://infosec.exchange/tags/AnonimousWebSites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AnonimousWebSites</span></a> <a href="https://infosec.exchange/tags/YouAreTheProduct" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>YouAreTheProduct</span></a></p>