To ensure compliance with upcoming Australian government regulations, Chinwag services qualifying as “social media” will have a minimum age restriction of 18 years for account holders, going forward. A verification process may be required for new accounts on creation, or retroactively for existing accounts if flagged. We will be working with a number of third-party age verification partners to implement our processes, many of whom have been operating in this space for a very long time.
If your account with a Chinwag service is flagged for verification, we are going to need you to bring us a bottle of gin (henceforth referred to as a “verification token” or “token”).
As the supply and sale of alcohol in Australia is well regulated and familiar to most citizens, we expect that this will pose a minimum of technical challenge to our users. Any of our age verification partners (such as Dan Murphy’s) will be more than capable of validating any person as over the age of 18 years and should have a readily available supply of verification tokens acceptable to Chinwag Communications, the possession of which will be considered as evidence that the account holder is a legal adult.
This is unironically a good method. It ensures privacy by breaking any traceability between a person getting verified and the verification being provided to a site. The verifier sees your ID and declares that yes, you are of legal age. They give you a token that says “the bearer of this token was verified”. The token is provided to a site. The site can see that you were verified, but learns nothing more about you.
It’s literally how blinded digital signatures would work, which should be the only way that this kind of thing gets done, if it really has to get done at all. Not uploading your photo ID directly to a site, or to a verifier who partners directly with the site. Certainly not completely unreliable face recognition bullshit. Or to make the analogy slightly more accurate, it would be like if you signed your username on an empty bottle, put the bottle in an opaque brown paper bag, took the bottle to the bottle-o, and they filled up the bottle with alcohol without removing it from the bag (so they can’t read the username), after verifying your age. Obviously filling up empty containers isn’t a thing bottle-os do, but hypothetically if it were, this would be the analogy.
This is unironically a good method.
Agreed. I think the age verification laws are a rubbish idea but if one has to comply with them this is actually one of the better options for doing so - particularly for smaller sites. Something similar is worth considering as an option for this site when necessary as it’s both something I’d actually consider doing (unlike a licence photo) and does not set the admins up for potential issues regarding having to store sensitive personal information.
My main criticism would be that it’s a money gate. It’s a one-time cost and only about $10 for a tiny 50ml bottle, but there might be users who can’t just throw money around that easily.
WTF happened to the whole SSO/Identity/federated identity industry?
Wasn’t it originally meant to cater for this type of issue? I’m sure it was at least in a commercial context. You could have any levels of disintermediation in a trust chain/network, and as long as one said “age verified > 16”, you were good.
I never paid attention on a personal basis, because I would never use google or facebook as a source to sign in to anything…
SSO/federated identity would be terrible for this. One of the biggest things people are criticising this idea for is the privacy implication. Somebody, in the current law, has to obtain private information on the user, such as footage of their face or their driver’s licence. Depending on how it’s implemented, the verifier might or might not be able to see details about your accounts on other sites or which sites you have accounts on. But in SSO, the verifier (or “identity provider”) must necessarily have that information. It would require whoever the identity provider is to have properly verified your age, and then every social media site (or, if this were a porn thing like in the US and UK, every porn site—in either case, this is the “service provider”) would redirect you via the identity provider, so the IdP knows which SPs you’re visiting.
This is satire I presume from the jokiness of the whole thing, but being able to obtain a token in person by just showing an ID (without any storage of data) would be a less intrusive method then the “have your ID and/or face collected and stored for an undisclosed period of time” approach. The latter of which has very obvious privacy and security risks.
ZK methods. Popular on blockchain.
(Zero knowledge)
Finally a sensible approach
Lovely page. I didn’t know about Chinwag before.
I forget who was chatting to our admin a few months ago about Alcohol as a Verification if the government clamp down on Aussie Zone.
Elegant
