This just demonstrates a common misconception of smartcards. The private keys are non exportable. They never leave the card. They can’t. Leaving the card destroys them.
The PIN may be compromised, but without physically having the card, the PIN is worthless. Likewise, without the PIN, the card is worthless. You have to have both.
Now, yeah, people could sell them…but the only people who would are the very same whose identity is already practically “worthless” (in the capitalist sense) to begin with, so the market sort of solves itself there. If a person’s identity were of any value, they wouldn’t need to sell it.
It can be used for authentication, but it should be thought of more as a signature (but in many ways more secure and verifiable)
But it could be used that way. The problem is, the types of certificates that I’m suggesting would offer no privacy at all, as they would have your real name associated with them, and they’d be issued by the government…essentially, the exact same idea as DoD “CAC” cards.
If it’s the type of business that you want to supply with that info, that’s one thing. But it would eventually, be compulsory, and that’s not really what anybody wants.
There could be a happy medium, where you have to get validated in-person that you are 18+ by a mutually trusted agency, and get an 18+ “badge”, through some sort of trusted medium.
Plenty of legitimate, innocent, reasons to be getting an 18+ badge…and technically no real reason to record a persons information, except for anti-fraud measures.
I doubt there would be much more of a black market for that than there is already existing for getting nicotine and alcohol to kids. Shady people gonna shade. And of course, parents can slip one under their (teenage) kids pillow if they think they can be responsible with it.
Either way has a dystopian end…but that doesn’t dismiss the value of having an “official” digital identity for “official” purposes (for whatever is deemed “official” by the holder).
Gotcha. That was my misunderstanding then. I’ve seen people talk about something similar: a government issued “id” (potentially tied to your driver’s license or whatever) that digitally identifies that the holder is of a certain age, but nothing more. That’s what I thought you were proposing here as well.
I don’t think there’s anything wrong with your idea, but it also seems unnecessary, and makes it easier for businesses to track you - not harder. If the purpose isn’t to obfuscate information, they can just look at a driver’s license and see their birth date and that the picture matches the person using it. It also doesn’t really have anything to do with the subject of the post (online age verification).
This just demonstrates a common misconception of smartcards. The private keys are non exportable. They never leave the card. They can’t. Leaving the card destroys them.
The PIN may be compromised, but without physically having the card, the PIN is worthless. Likewise, without the PIN, the card is worthless. You have to have both.
Now, yeah, people could sell them…but the only people who would are the very same whose identity is already practically “worthless” (in the capitalist sense) to begin with, so the market sort of solves itself there. If a person’s identity were of any value, they wouldn’t need to sell it.
It can be used for authentication, but it should be thought of more as a signature (but in many ways more secure and verifiable)
Can you explain how I’d use my smartcard to verify my age on a website? Does everyone need to buy a card reader for their computer?
That’s the thing, you shouldn’t have to.
But it could be used that way. The problem is, the types of certificates that I’m suggesting would offer no privacy at all, as they would have your real name associated with them, and they’d be issued by the government…essentially, the exact same idea as DoD “CAC” cards.
If it’s the type of business that you want to supply with that info, that’s one thing. But it would eventually, be compulsory, and that’s not really what anybody wants.
There could be a happy medium, where you have to get validated in-person that you are 18+ by a mutually trusted agency, and get an 18+ “badge”, through some sort of trusted medium.
Plenty of legitimate, innocent, reasons to be getting an 18+ badge…and technically no real reason to record a persons information, except for anti-fraud measures.
I doubt there would be much more of a black market for that than there is already existing for getting nicotine and alcohol to kids. Shady people gonna shade. And of course, parents can slip one under their (teenage) kids pillow if they think they can be responsible with it.
Either way has a dystopian end…but that doesn’t dismiss the value of having an “official” digital identity for “official” purposes (for whatever is deemed “official” by the holder).
Gotcha. That was my misunderstanding then. I’ve seen people talk about something similar: a government issued “id” (potentially tied to your driver’s license or whatever) that digitally identifies that the holder is of a certain age, but nothing more. That’s what I thought you were proposing here as well.
I don’t think there’s anything wrong with your idea, but it also seems unnecessary, and makes it easier for businesses to track you - not harder. If the purpose isn’t to obfuscate information, they can just look at a driver’s license and see their birth date and that the picture matches the person using it. It also doesn’t really have anything to do with the subject of the post (online age verification).