1/4 Today, 64 orgs & experts urge the @EU_Commission to halt proposals for using #AgeVerification tools when implementing #DigitalServicesAct & #eIDAS.
-
1/4 Today, 64 orgs & experts urge the @EU_Commission to halt proposals for using #AgeVerification tools when implementing #DigitalServicesAct & #eIDAS.
Evidence & lived experiences show these tools are dangerous, discriminatory & unsafe.
-
2/4 #AgeVerification tools can't be trusted. They're:
Exclusive: Document-based verification excludes those without IDs, worsening the digital divide
Invasive: Their ‘accuracy’ relies on processing vast amounts of personal data, threatening our right to online anonymity
-
3/4 #AgeVerification tools are proven to:
Pose privacy risks: Age estimation methods often use sensitive data like biometrics, which are prone to errors & bias.
Be discriminatory: Biometric-based approaches can be biased, based on gender, race, or disability.
-
@edri : apart from the privacy risks you describe, the internet is way to insecure for citizens to strongly authenticate online.
The reason is that internet users have no reliable means to distinguish between fake and authentic websites [1].
This makes AitM (Attacker in the Middle) attacks easy: the citizen is made to believe that they have to prove their minimum age (and probably more PII) on fake website F.
When they do that, software on F will forward their identity proofs to real website R and obtain a grant to access R.
If that grant is a webbased cookie or anything else that can be copied, it will be sold to children and people who want to remain anonymous - while using someone else's identity.
BTW, the same will happen to users of EDIW/EUDIW [2]. Credit cards and loans will carry their name while they won't receive even a Eurocent themselves, but likely they will have to pay "back".
From [0]: «Authentication mandates a trustworthy verifier. The first step to find out whether a verifier is trustworthy, is to know *who exactly* they are. A domain name simply does not suffice.»
[2] https://ec.europa.eu/digital-building-blocks/sites/display/EUDIGITALIDENTITYWALLET/Security+and+privacy
[1] https://infosec.exchange/@ErikvanStraten/113079966331873386
[0] https://infosec.exchange/@ErikvanStraten/113138678307912960#Authentication #Impersonation #OnlineAuthentication #WeakAuthentication #Verifier #AitM #MitM #DV #Certificates #Trust