Lately there has been a lot of controversy about age verification and it’s implementation in places such as UK and US.

The main critic to this mechanism is due being done through facial recognition or a government ID which are privacy invasive.

So here is my question as someone who comes from IT, wouldn’t it be possible to create a device which just gives out true or false depending if the person is of age, given some kind of piece of DNA (hair, blood, nails) ?

I known there is carbon dating, but from what I understand is a bit of complicated process. The human body however shows it’s age visually and I would be interested to know if genetically there are some signs as well that could be somewhat used in a automatic process.

Again I come from IT, just curious about the implications and your takes on the problem.

  • AbsolutelyNotAVelociraptor@sh.itjust.worksEnglish
    6·
    9 days ago

    Yeah, my idea comes from them. We are trying to find a “new” solution to a problem when there has been one ready for years and we only need to adapt it to this system.

    As long as the key to create new certs is kept safe (and given that the auth is the govern itself, I’d say they will be kept safe), you don’t need to worry about false certs. And even if the key got stolen somehow, all you need to do is change it and deprecate the old one so new certs using the old key won’t be valid.

    • TCB13@lemmy.worldEnglish
      5·
      9 days ago

      Not sure if you know this but in a lot of EU countries people have identity cards that are already smart cards and are used to digitally sign documents (with full legal validity) and login into public services.

      Adding an extra certificate for the age verification would be very easy. They already have all the certification infrastructure in place and are used to it. However… like I said before it looks they really want to control where you validate your identity so they won’t do it in this way.

      There’s also another thing to consider: a US citizen would never agree to have a unique digitally signed ID issued by the local state with an intermediate certificate issued and controlled by the federal govt. Note that if they implement the same model the EU is following both the local state and the federal govt would be able to revoke those ID (certificates) at any time.

      People say that the US is turning into surveillance / china-like state but in reality the EU is way, way closer than that. Just look at what was done with the EU Digital COVID Certificate (EUDCC) recently:

      The EUDCC was a digitally-signed document.[1] It was usually supplied in the form of a QR code, either contained in a PDF file, or as a printout. There are various mobile apps available to store and display the EUDCC (such as the Corona-Warn-App); alternatively, the EUDCC can be presented on paper.

      Technically, the QR code contains a JSON document with the information payload. This JSON document is serialized using Concise Binary Object Representation (CBOR), and digitally signed according to CBOR Object Signing and Encryption (COSE). The resulting data is compressed with zlib and encoded into the final QR code

      And yes, there were countries blocking you from going into a store to buy basic stuff without showing a valid COVID certificate. No vax or no proof of recovery = starve out. Add the inability to move between cities to that and you’re very, very close to the “democratic” China.

      More here: https://github.com/ehn-dcc-development/eu-dcc-hcert-spec