• Commiunism@beehaw.org
    link
    fedilink
    arrow-up
    15
    ·
    28 days ago

    Wonder how it’s actually going to be enforced. Judging from the article, it’ll all be up to the tech companies themselves which historically didn’t turn out to be that effective (examples: age fields on services like Discord and Gmail and porn).

    The only effective way I can think of is having to send a picture of your ID but that’s hella invasive

    • DdCno1@beehaw.org
      link
      fedilink
      arrow-up
      6
      ·
      27 days ago

      There are existing systems that use a digital token created with the ID document. Only this token that confirms the user’s age is sent to the social media site, which means its minimally privacy invasive. Unfortunately, it seems like nothing like this is planned to be used in Australia.

      • Amju Wolf@pawb.social
        link
        fedilink
        arrow-up
        2
        ·
        27 days ago

        Someone still needs to create that digital token from your ID, which means someone’s still using and storing your data, and potentially selling it or having it leaked.

        • shastaxc@lemm.ee
          link
          fedilink
          arrow-up
          3
          ·
          edit-2
          27 days ago

          And you need a central online API to validate the token, like oauth, which means any system using it needs to be connected to the Internet, and that API needs to be very reliable, kept up-to-date, and DDOS resistant.

          Or require the user to enter a PIN like with x509 certs, but then you also need a way for people to reset their PIN when it gets forgotten or compromised which means a huge bureaucratic burden and expense. And between the time of needing a reset and getting it, you’ll be unable to access any services requiring your ID token which will almost definitely cause some people from making payments (if banks change to requiring a digital ID token) and who knows what else.

          There will also be a requirement for hooking this death records in order to disable people’s tokens when they die to prevent identity theft. That’s going to require cooperation from private corporations (hospitals) and the government. I get that this is already done to an extent, but there are likely other processes like this that need to be established for this system to work and it’s not trivial.

        • DdCno1@beehaw.org
          link
          fedilink
          arrow-up
          2
          ·
          27 days ago

          That’s just the reality of doing business on the Internet. This is by far the best way of doing it right now, not that this information appears to have made it down under so far.

          While Australia’s new legislation is ham-fisted and poorly thought out, the intent isn’t wrong and there’s broad consensus for it (77% approval in Australia). We need to do something about the uncontrolled exploitation, manipulation and endangerment of minors by social media services. Corporations are clearly not interested in protecting them and parents are obviously incapable of it as well (although I could have told you the same thing 20 years ago). That’s precisely the kind of issue where the government is supposed to step in with regulation of some sort.