- cross-posted to:
- privacy@programming.dev
- cross-posted to:
- privacy@programming.dev
Newgrounds, a gaming forum, has some clever ways for non-intrusively complying with the shambling disaster that is the “UK Online Safety Act”.
For years, I’ve been doing something similar to this when generating internal reports on DNA Lounge demographics: e.g., if someone bought a ticket for an 18+ event 5 years ago, they must be at least 23 years old now.
Newgrounds: Here is our current plan for UK users:
If your account is more than ten years old, we will assume you are currently over 18. This is in line with one of the methods of effective age assurance, which involves paying a third party to match your email address against some sort of database of scraped data, which determines if your email has been in use for a long time. We have our own long-term data, so we’ll use that instead.
If your account ever bought Supporter status with a credit card and we can confirm that with the payment processor, we will assume you are over 18 because you need to be 18 in the UK to have a credit card.
If your account ever bought Supporter status more than two years ago, we will assume you are over 18 because you need to be at least 16 to have a Paypal or debit card in the UK (assuming we are right about this).
If none of the above applies, you will have the opportunity to pay a small one-time fee via credit card as confirmation of your age.
We are not planning to offer things like ID checks or facial recognition because these require us to pay a third party to confirm each person.
You must log in or # to comment.
Sounds like a recipe for account sharing. Also, what happens if a parent buys a kid something on the site or the kid steals the parent’s card? The transaction doesn’t imply that the card holder and the account owner are the same person.
Sounds like a recipe for account sharing.
Any reasonable form of age verification can be bypassed by account sharing - even if a site makes people reconfirm their identity every time they log in (eg, facial recognition or prints) the user can just hand their device to a child after logging in.
Which is one of the many, many flaws of age verification laws.
Sure, there are ways to bypass Newgrounds’ policy. But the goal of this policy is to comply with UK law while still respecting user privacy. So the relevant question isn’t “will this policy 100% confirm the age of account holders” but “is this policy effective enough to comply with the law”.
My point is that the law is just going to keep creeping up in severity because of workarounds like this.
We are not planning to offer things like ID checks or facial recognition because these require us to pay a third party to confirm each person.
Ohh so close.
do you mean they should object to sync user data with that third party, instead of just objecting to paying them? your comment is very enigmatic.
