Slashdot Mirror
Verisign Develops Token for Age Verification
FirstTimeCaller writes "A Reuters article is reporting that Verisign in conjunction with an unnamed children's safety group, will release a USB token that can be plugged into a PC to verify the age and gender of a person participating in online chat rooms. According to the article, the token will be available free to students in a handful of schools this fall. School administrators will provide a list of students, with their ages and genders, and VeriSign will encode that information onto the tokens."
In most countries, credit card authentication was used to ensure one had reached the legal age...
In which situations wasn't it enough, besides the goatse ?
Trolling using another account since 2005.
. . . why is there a "list of students" involved? And seriously, do they not know these tokens are lent? Either this is an insidious attempt at a pilot of some sort of "internet ID" or a completely dumb idea.
CEE5210S The signal SIGHUP was received.
Now instead of just faking up my ID, I can steal someone elses. All it takes is enough drink and the right students.
Still this security thing is jsut a laugh really isn`t it?
sigh.....
CJC
Who's going to run the betting pool on how many minutes it takes someone to crack the keys and modify the information?
Better yet, how many kids will lose their tokens?
Not to mention the possibility of the breaching of the privacy of minors.
On paper this sounds like a good way to protect children, but somehow I think the execution of the idea is not going to be as easy as Verisign and Co. think it might be.
SCREW THE ADS! http://adblock.mozdev.org/ Proud user of teh Fox of Fire - Registered Linux User #289618
Just check the online ID before persuing the child??
That's gonna cut into the FBI's stake-outs, isn't it?
I wont have to get these.. it would keep me out of the bar!
gShares.net
-------
artlu.net
And what is stopping a dubious individual from borrowing one of these tokens?
Excellent! I figure by about noon tomorrow I'll download a patch that "officially" makes me a 16 year old girl.
Selling his or her token to some freak on ebay!
terpmotors.com
Wow, that's great. Now Verisign can track people Internet usage from an early age. They should team up with Amazon and by the time those kids actually have money, they'll be able to by exactly what they were looking for.
Does this mean that "she looked 18" is no longer a valid defense?
Cheers,
IT
Power corrupts. PowerPoint corrupts absolutely.
Whats the point of Proving they are underage?
Shouldn't the reverse be required MUCH more frequently?, proof of adulthood?
unless this is just a hopefully harmless test before the start selling the things in adult bookstores.
Coming from Verisign, most likely this is just an X.509 certificate on a hardware token.
Nothing new, except for the addition of birth date and gender to the certificate subject.
A personal x509.3 certificate and a crypto key.
So when he's 21 he won't complain when the barcode on his forearm will be used to 'strenghten e-vote security'.
Train them while they are still young, the older they get, the harder for you to teach them new tricks...
Oh, wait, this only works with pkcs#11-enabled chat applications? I guess IRC will have to be outlawed then. You don't want untagged pedophile commies subverting little Tommy on IRC now, do you?
"... unnamed children's safety group ..."
:
So? Which business is this that is marketing something which basically says
"OK Parents! Using our technology, it will be safer for your kids to be additional consumers on the internet now"
Please tell me this is not the case.
It seems completely obvious to the millions of people who visit /., so why isn't obvious to the people who implement these things.
The only thing that these USB tokens verify is the information on the token!
Untill they surgically graft these fobbles to the children and make them unstealable (ooops not possible), then they are pointless.
hehe WON'T SOMEBODY THINK OF THE CHILDREN!
har, I thought I would never say that.
"The price good men pay for indifference to public affairs is to be ruled by evil men." ~Plato (427-347 BC)
This is the dumbest idea in the history of mankind: verifyably identifying children as such on the Internet. Unless, of course, they are trying to help pedophiles find targets that they *know* are too young to be FBI agents.
ByteMyCode.com: A Web 2.0 code sharing community.
So assuming you put this system in place and it actually works. What happens when someone hacks your school's shitty computers and is able to verify that yes, that person in the chat room is a real 12 year old girl.
Not good.
The GeekNights podcast is going strong. Listen!
That takes care of the huge problem of 14 year old girls prentending to be 50 year old women.
The non-issue of 50 year old men prenting to be 14 year old boys (or girls) is probably not worth the investment!
I could see this working if the token was strongly encrypted....and possibly referenced to an online database
Imagine the kind of money a 16-year old girls ID tag would bring in.
When the black market for these things gets up to speed, the situation will be as silly as it is today .
So, not only are students going to be forced to carry yet another form of ID, but they'll also have to give a third-party company (Verisign in this case) detailed personal information.
What about student's rights - they have the right to enter chat rooms, etc.
I can envision the next step - restricting web sites based upon age, then it will be restricting web pages based upon being a student, finally, just restricting overall.
Luckily, we won't have to worry about this being a wide-spread problem - the system is too flawed to go very far; however, I feel for those that WILL be made to use it.
Bottom line is that NOBODY should HAVE to use this system - somehow it should infringe upon their right to freedom of assembly. Albeit, a *virtual* assembly, it's an assembly!
Unless the article is leaving out some, dare I say key piece of information... in about a week, students will have figured out that the computer doesn't know whether the USB token belongs to the person who inserts it or not.
In about two weeks, they will be borrowing them from older siblings.
In about three weeks, there will be a brisk trade in USB tokens issued to older students who have no interest in the school-approved content that is actually linked to the key, but great interest in money.
In about three months, forged adult-ID USB token will be for sale on eBay.
Even a plain old ID card has a signature and a photo on it, so someone can see whether it matches the holder of the card or not. But these anonymous bits of colored plastic are just an invitation to abuse.
In a corporate setting, I suppose you've signed something that says you're responsible for all use made of the token, and you would be suspiciously unable to do your job if you loaned it to someone else... and subject to dismissal if someone finds out. I don't see how that can be applied in a school context.
Unless they were planning to Superglue the token to the kid?
"How to Do Nothing," kids activities, back in print!
~~~
see their site... they are the makers of the device
every day http://en.wikipedia.org/wiki/Special:Random
some type of law? I would want that information to be authenticated that way. If I remember right, parents will have to consent to it first if it is a public school.
What are the students doing in chat rooms during school anyway? Seems that Verisign just wants another way to make money.
... it's all encrypted on a Lexar JumpDrive
"School administrators will provide a list of students, with their ages ..."
Surely, it will be with their birth date. In any case, how is this administered? Can we guarantee no administrator will be a paedophile?
Did he inhale?
Clearly in some cases it might be necessary or desirable to prove your age, but unless the chatroom is supposed to be an online matchmaking service I fail to see what the presence of a Y chromosome has to do with anything.
Gosh. If I was a student, I would be snatching these things up like gold, then pawning them on ebay to teh pedofiles.
This only adds a false sence of security, without biometric identification on these usb things, anyone can become a 16 year old male. Lets go chat up NAMBLA and ask them what they think!
In nature, there are neither rewards or punishments, there are only consequences.
If they really want to make a ton of money and have this product take off, try selling it to adults. Please. Then build it into gamespy and various game servers. There's nothing more annoying than playing an FPS when some 12-year-old bowl-of-brain-mush comes in and decides to use all of the latest words he's picked up before they go out of style. "Hey, you Nazi-licking (%black slang%) baby (%illegal activity%) roosterface! Yeah, I'm talking to you!"
Okay, so we all know they don't use caps and punctuation, but you get the point. I'd pay good money to know that other people I'm playing against aren't as likely to be mentally damamged, even if it means locking out the good teen gamers.
Have to do with this???
Posted with a 'bi' mac (as you like to call them)
school admins will put student data and email accounts and hand them over to verisign.
As someone who works for a school, I can't possibly see how this could be abused. I mean, students NEVER share their login passwords or anything.
School administrators will provide a list of students, with their ages and genders, and VeriSign will encode that information onto the tokens.
I'm guessing it will probably store the birthdate and not the age, or the data will be wrong within a year. Although, I'd expect nothing less from the fine people who brought us Site Finder...
Why is it that so many Slashdotters piss and moan when any kind of system is released by commercial industry that isn't 100% flawless?
Now maybe I have it all wrong, but I'd say that when it comes to protecting children on the Internet (and yes, it's needed), this is a step in the right direction. Sure it has its flaws, but it's certainly better than nothing at all.
But it seems around here that if something isn't perfect right out of the gate, it's garbage (unless it's Open Source, in which case it gets free pass after free pass...).
"Ask not what your country can do for you." --John F. Kennedy
Surely they should be encoding their date of birth on there and not age?
Otherwise, come the kids birthday, the token will need updating again.
Avantslash - View Slashdot cleanly on your mobile phone.
Once someone figures out how to crack it, he or she would be able to fool everyone who believes that the system is reliable.
Today most people are sceptical to people online, with this system it could actually get really easy for the scumbags to convince someone of their (fake) age.
"Hi, I'm a pedophile. Would you mind proving that you are underage before I start grooming you for sex?
Ok, that's great. Now what's your address, little girl?"
As a technology concious teenager, I would like to say FUCK OFF VERISIGN. I WILL NOT BE PLUGGING SOMETHING INTO MY OWN HARDWARE JUST TO LET PEOPLE KNOW WHO I REALLY AM. If I want to disclose my identity in full, thats my own decision.
Of course, they're are a whole lot of teens out there who spend the whole night talking to friends on MSN (blame Micro$haft for capturing this market by bundling it with WinXP).
I would like to call on parents reading this to frag all traces of MSN and other chat networks from their teens computers so the quality of english spoken worldwide does not decline within the next decade. I stopped wasting my time talking to losers on such chat networks because I simply can't bear the quality of english OR SHOULD I SAY SMSlish being driven around by people who think 500 millisecond responses are critical. Spoken to your kids english teacher recently? Doesn't come as a suprise to me that I am one of the only students in the english class that can maintain good spelling with no cutbacks to save time.
Also think what else such USB Keys could do. Enable sitefinder instead of Google? Spy on students in cases where X person is under agreement to lease equipment from the school? Erase traces of non-DRM music to keep their friends at the **AA happy? Hmm, better speed up development of my RFID disk wipe module ASAP. I think I'll need it when school IT staff think they can blackmail me into violating californian breakin disclosure law again. They've already tried to break into my own blog to see what dirt I have marked private on them.
It doesn't matter if you're doing something useful, or even something that's noncounterproductive, as long as you're doing something.
After hearing this story on the radio this morning, I was thinking that this system would work well if it had a web-of-trust component, similar to that for Thawte or other digital signature authorities. To me, it's a given that this thing is going to be hacked, and exposing it to as much daylight and as many human users as possible is what would make sure the system was trustworthy....
Now ur saying studnt dating is the good ol days? ur not 16! Gross!
So every chatroom in existence has to be rewritten in order to use the token scheme? Why would anyone go to the trouble of doing this? If schools want safe chatrooms, why don't they just set up their own network and do the authentication themselves? Expecting the whole world to change to support your authentication scheme seems a little farfetched.
Visit the
Verisign just developed a way to couple subscriber identity in hardware to everything a subscriber does. Jackpot. *Ding* *ding* *ding*.
Poof.
Verisign age tokens, what a great currency for paedo's.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
is to adults. You can't prove you are an adult and thus entitled to something more by NOT having one of these.
The goal to Verisign is obvious -- once they are widespread, you try to get first libraries and then other places to require the use of the "KEY" to use the system to prove your age. As an adult, you'd "need" one, and thus have to pay for it.
Also, its a good first step toward a "universal" (as if) public key. Ideally, imagine something like the Post Office being able to assign a public/private key to you. That's what everyone wanted with these keychain java keyring things talked about in the 90's.
Personally, I hate seeing verisign being given this contract, but I'm not sure someone shouldn't have it.
I'd like to see a U.N. sponsored standard, with countries and or businesses able to register as registrars. The SSL key distribution system we have now works pretty well (if overly expensive).
At a minimum, that same system applied to people as apposed to web server names would go a long way.
Yes, I know all the usual issues apply -- how do you prove its YOU with the key, etc. Lots of discussion on that (which is off topic) and other things. Privacy? What about additional private certificate keys? Well, why not all those things.
Personal ID should have a data component for public key.
The problem with quotes on the internet, is that nobody bothers to check their veracity. -- Abraham Lincoln
"Let me see your dongle."
When I am king, you will be first against the wall.
Very close, but you're missing some words.
They are offended at the very idea of trying to protect children without thinking things through.
Face it; 99.9% of all "protect the children!" efforts either don't actually protect the children, seriously hurt the liberty of children and adults, and most of the time, both.
Mod down posts with a "Free Mac Mini/iPod" sig, they're spam!
I take it that, while you'll have to carry your age and gender on a card with you, there won't be any options for people whose gender lies outside the binary dichotomy... As if the majority of databases that don't have options for these people isn't enough hassle to begin with.
It's not the school administrators information to give away. This information must go through the parent.
So all I have to do is borrow my son's dongle, and I can go cyberstalk all the girls in his class.
http://alternatives.rzero.com/
Come on, Verisign... it's A/S/L, not A/S! Get with the program! Unless this thing is a GPS receiver too, it'll never fly.
wth has gender got to do with age verification?
Now I will be able to truly believe that chicks in chats I try to pick up are really chicks.
But seriously. With all those money resources being poured into hiding symptoms (perverts in chat rooms, drugs in schools, shool rapes, students with guns, G. Weenie Bush as a president, et cera) one just wonders what could be archieved by simply pouring a bit of it to relief the tension in society, by like, just an example, ensuring that the same childrens are feeling ok at school and home instead of reaching out for help from nicely talking chatters in "SexTonigt" class of chat rooms.
Sick, sick world. And I would except more common sense from Verisign, but then again, world changes.
Why is this important? If the purpose is to identify that you are of the appropriate age, then gender does not matter at all. If the concern is that a lot of people pretend to be the opposite sex on chat rooms, this is idiotic. Plenty of people pretend to be the opposite sex in real life, and it's not hard and doesn't cause many problems. Further, if you're concerned about people faking who they are, shouldn't you identify them in their entirety?
And, even more importantly, these things will be ungodly easy to imitate, especially on Linux or a BSD where you could easily just, entirely in software, create a USB device and tell your system it is whatever you want it to be. (Yes, that's also possible on other systems, it's just really easy on an open system).
I'm assuming this is a hash code from which you cannot extract private information. But if they're idiots and there's information encoded in the key, this would only make the paedophile problem worse!
This won't work. When I worked at IBM our Token Ring network lost our tokens ALL the time...
Not so much the idea of protecting children, as offended at the idea that someone else other than their parents should be protecting them.
I'm the father of a 3 year old girl and I know it's MY responsiblity to keep her safe in this world. No one elses. It's not up to some anonymous company to invent some fallable 'system' to fool parents into a false sense of security.
On second thoughts...
Let them build it, let the kids (in the US at least) use it. Then when one child is abused after circumvention of the system, wait for the lynch-mob to descend on the manufacturers.
"If you unscrew Bill Gates' navel will the bottom fall out of the software market?"
....but are the schools just picking out who will get these, providing the information to verisign, and then getting the usb keys? Or are they taking volunteers? If it's the former, as a parent I'd be pissed. The school should not be a data mining warehouse. In fact, it shouldn't have anything to do with verifying the age of anyone who wants to use the internet. It should have to do with educating the children. It's up to parents to monitor their kids internet access, and if they choose for their kids to be a part of a system like this, then the parents themselves should be sending information to verisign. Not the principal, teacher, or superintendant chalmers.
I think they're called "Parents."
Why does this thing include gender ? I can understand wanting to make sure that anyone claiming to be a 10-year old girl in a childrens chatroom really is 10 years old, but why does it matter if she really is a she ? It just makes it easier for any pedophiles who manage to cheat the system to identify suitable victims.
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
Face it; 99.9% of all "protect the children!" efforts either don't actually protect the children, seriously hurt the liberty of children and adults, and most of the time, both.
This percentage comes from where? Of course any good goal could be misused as a selling point. It doesn't invalidate the goal.
No, the "how dare you try to protect children!" theme on /. seems to come from people who are either children themselves (in age or maturity) and from those without any children.
Not knowing any details, I would suspect that these things will work in Windows only, not Linux, not OS X. Am I right?
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
Some USB Manufacturers also claimed the security of their USB Drives as un breakable, it seems that will end up in the same way .. i guess
Most public computers i know of have upgraded to XP-SP2 and, in the process, the admins blocked access to USB devices (a new 'feature'). So what is Verisign going to do about that?
Why, I can't think of a single thing that will go wrong with this one! Brilliant!
All it takes is enough drink and the right students.
/. !!!!! Who knew?
Michael Jackson posts on
This is a strong and good program for the use of school provided resources.
In order to login and use a provided computer, two factor authentication is used to verify the identity of the user.
The addition of the age/birthdate to the token allows for age specific content controls to be in place.
Rather than having all content blocked for all users, the content can be opened provided your age is of a sufficient value to grant access.
This is not for, nor intended to be, a complete solution to all internet security. Just for use within the academic environment to prevent unauthorized access to outside (or even internal) content as a part of the experience.
Just as I would complain if little 12 year old johnny were allowed to read Penthouse Forum for his reading assignment as checked out from the school library, I do not want johnny to be given free reign of the internet ON SCHOOL PROVIDED EQUIPMENT where i do not have the ability to provide the guidance as I do in my own home.
This is one of the first signs of responsible content filtering that i have seen. A pulbic library could be set up with the same technology so that a two factor authentication key is used to allow me to log in with no filtering whatsoever. But the 15 year old girl would be prevented from seeing those sites that are not appropriate for viewing from a public resource.
We have laws that govern what can be sold to minors. This is one of the first technological answers to provide a way to control that same content across a world wide resources that is incapable of monitoring or controlling itself.
The power is in the hands of the authentication and the individual computer owner, not in the hands of a generic flawed internet filter that forces everyone to the lowest common denominator.
What if this usb dongle was a thumbprint reader, so that only the assigned thumbprint would allow it to work?
Then it goes from a two type security like something you have (dongle) and something you know (password), to two things you have.
One of the main reasons kids like chat rooms / etc. is because of the Anonymity.. No one knows that the person speaking is 16 years old. Anonymity being the great equalizer and all that on the internet.
My point is: If we're giving these tokens to kids (subsidized by the Fed), why would kids even use them?
So now I know the girl I'm talking to is genuinely 16. Now all I need is a token that proves she's genuinely hot.
Man: So, what's *YOUR* USB stick color?
Woman: Drop dead, bozo. Yours doesn't compute.
(This scenario assumes a heterosexual leaning.)
Why is it that so many Slashdotters piss and moan when any kind of system is released by commercial industry that isn't 100% flawless?
/.ers who probably all have children or niece/nephew proxy devices (for those of us too smart to have kids / or too geeky to have gfs) to get upset when people who are proven not to understand security decide that they should provide security for minors. An example of how bad an idea this is: Say I find a way to plant a program that reads the usb shtick. I then write a program that puts an occasional beacon out on a specific port. Then I wrap the whole thing up in a very successful, known, readily available worm. I download some Harry Potter drivel or something and send it around. All the sudden school kids PCs are BEACONING their age/gender. Then we could have pedophile spambots etc... Granted all that is worse case but, worse case does not mean impossible, or even difficult. These are things similar to other attacks that have gone on by advertisers combined with a little Anna K story.
I do not really know what motivates
This whole thing sounds like a good way for Verisign to make more money. Tell me they won't be selling the ability to target ads based upon the age and gender of the keyholder. Further, if this is to have any security in the form of being able to cancel stolen keys, the key will have to be linked to the student it was given to. So, although the key itself might not hold the students personal information, Verisign will have it. Given Verisign's past abuses of information in its possession, I find it hard to believe they won't start selling some form of access to this. It may be as simple as allowing "advertisers" to offer something directly to the child. Since the information was previously obtained, they could argue that they do not need the parent's permission since they are not gathering the info, only using it.
I think I know who is really behind this. It is the RIAA. If they can give these devices to every kid out there running illegal file shares or listening to downloaded music then they will have a much easier time determining where to send their lawsuits. I think that VeriSign is just a pawn in this overall scheme. Just like my Farts, My Sig don't stink.
Linux is not Windows
Verisign announced today that it would begin a program to create the youngest group of hackers ever.
Just as irrigation is the lifeblood of the Southwest, lifeblood is the soup of cannibals. -- Jack Handy
I think this product idea is not very good, but why USB? I understand that everyone has USB, but it would be more likely to be used if it used something like bluetooth. They should give out bluetooth USB transmitters and have the age devices use bluetooth to recognize when a minor is near the computer. That way, parents can browse any sites they want. Just make the computer switch to something else when the kid gets in range. Also, when people realize that this is stupid, they at least got a USB bluetooth transmitter out of the deal.
Better yet, give your spouse/SO one of these. When they get within range, the browser changes to something they would be impressed with you for doing.
This particular plan is so flawed that the protection it provides is completely false. It would be better that everyone continue to be suspicious of everyone because there is no trust than to think there is trust when it is easily broken.
Not only does the idea of mandatory user ID go against the ideals of free information sharing on the internet, this implementation of this bad idea is itself a bad idea. Tying it to biometric information and a passcode would increase security, and make the implementation reasonable at least, but it's still a fundamentally maligned idea.
In an ironic way I agree with your subject line. Nothing is perfect. The absolute lack of any positive ID on the internet causes one to judge an idea presented based on the merits of the idea instead of some presumed merits of its author. It almost forces people to think. Shit, schools can't even do that half the time. The prefect ID on the internet is no ID at all. Nothing IS perfect.
-theed
Somewhere along there, somebody would have written some software that would trick the operating system into believing that such a token was plugged in, making it possible to utilize without any extra hardware whatsoever. Billed openly as a debugging aid rather than a hacking tool, it would not be recognized for what it could potentially do by those that might want to stop it (and might be able to) until it was too late. And shortly thereafter, everyone would stop trusting the technology completely.
File under 'M' for 'Manic ranting'
I protect my kid from shooting himself in the face by making sure he knows what a gun is, what not to do with it, that I will yell at him and beat him silly if he plays with a real gun like it's a toy. I don't let him aim toy guns at people's faces and go "blam blam" and he's never seen me handle or mishandle a gun.
The fact that I don't own a gun and don't have one around is not the protection I provide him. I provide an education and rules in which he can live rather safely in a world that was not manufactured by Fisher-Price. You view this solution as solving a problem. I view it as masking the problem of accepting and promoting ignorance and gullibility. Since we don't agree on the problem, we could never agree on a solution.
I find your fascination both fascinating and disturbing.
-theed
Nope, doesn't work... many are faulty and should be returned.
... the one made out of shiny flexible metal.
This is just another example of conditioning the younger generation. Get them used to big brotherism and total surveillence/command & control. Goes along with acceptance of constant TV camera monitoring, using a thumb scanner to get a school lunch (how pavlovian can you get?) and other sorts of brainwashed response mechanisms.
We've already got the adult population conditioned to accept things that would have caused lynch mobs 100 years ago, like "random courtesy checkpoints" on the roads.
To the goons, the elite controllers, it's just part of the system, they want willing sheep, controllable herds, and the younger they get them brainwashed the better, then it's "acceptable and normal".
Hey, here's an idea! Why don't we drug the kids in the schools as well? Then we can make them even MORE controllable!
Oh ya, they do that too. Funny how all that stuff ties together.
1. The burden would be on children to get an ID. It suggests the children are to blame, when it's the pedophiles who are at fault and should be prosecuted.
2. In the extreme, isn't this a step in the direction of corporate or even government controlled access? It could limit who, when, and where content can be accessed -- if at all.
To-do List: Receive telemarketing call during a tornado warning. Check.
The device drills a hole in the kid's head and counts the rings. TGIF!
stuff |
Just a thought, but couldn't you get around the whole "trading" problem by simply making the keys integral to school.
I'm a third year uni. student. My school (The University of Victoria) has a regional bus pass encoded onto student cards as part of a deal struck with the local transit authority...
Despite the fact that I have a PILE of friends who would all gladly pay $100 for my student card to get the cheap bus pass, the damn thing is indespensible to me, so I take good care of it. Furthermore, if I ever go in to get a "lost" card replaced, they disable my old one on a central server before giving me a new one. There's only *EVER* one "real" student card for me floating around, and it *HAS* to be in *MY* posession for simple logistical reasons. I'm screwed without it.
Do the same for kids. Make their tokens integral somehow. (Part of the lunch program, part of class attendance, or SOMETHING...) then, if the kids lose them, you just make sure that the old tokens are remotely disabled before a new one is issued...
I really don't see why this is so difficult...
Yes.
In the same way that non-negative means >0.
freenode.org, now powered by Verisign inc... (somehow I cannot see it happen).
Wanna buy a Senior USB card?
Buy now and get a free elevator pass!
Who says Verisign even thinks it's possible?
Verisign doesn't care. They just need to convince people that these USB keys somehow protect their children. It doesn't matter if it ACTUALLY works, just that people BELEIVE that it works. In fact, it's probably better for verisign if it doesn't work, as it's less work for them.
The goal isn't to protect children, the goal is to get $20/year from every kid who accesses the internet. Neat trick.
paintball
think this is just a business response against the ubiquitous SecurID, a market dominated by RSA Security, the other security company. More and more companies are using the SecurID to verify authenticity, not just schools, business intranets and VPNs come too mind. Why would Verisign want to lose out on this potential pot? (rhetorical question)
Verisign needs to get in on the client authentication market, and instead, came up with this mumbo jumbo. This will be their way to wiggle into the corporate market eventually.
"Unnamed children's safety group"
is that what they are calling the National Safety Authority nowadays?
Advantage of credit cards is that a) you can exceed your available money (although I don't reccomend this, as the interest rates approach loan shark proportions) b) Because there's an extra buffer between you and your bank accounts, there's a fair amount of theft protection built in. You're only liable for $X of a stolen credit card, usually about $50, assuming you report it promptly. Debit cards, well, you may have a bit more trouble getting the money back from your bank. c) Using a credit card improves your credit rating. This is why I pay for everything by credit card, then pay off my bill in full every billing cycle. As a result, I've built a solid record as someone who makes use of credit and is also reliable. *shrug* It can make a big difference when it comes time for you to purchase your first car or house.
At the end of the day, I tend to carry my Discover card for credit (cash back is miniscule, but better than nothing) and a check card marked with a Visa logo for places that don't take Discover and for ATMs. ^_^ And I carry another credit card, a MasterCard, which I use if I run into places that don't carry Visa or Discover. I used to also keep an American Express card, but it seemed to be overkill. (Plus there's some political issues there, but that's another matter entirely)
This sig has absolutely no significance and serves only to take up screen space and waste the time of the reader.
Does anyone else have a problem with schools giving VeriSign a list of their students?
Parents should sue when their kid winds up there...
________________________________________________
suwain_2
Of course they could provide technology to schools so that schools could program their own tokens, thus eliminating the need to send private, federally protected inforamtion to Verisign. But, that would undermine Verisign's greedy, "let us mint certs which expire more frequently than necessary, so that we can sell you the same thing over and over again" strategy...
Now all the perverts that try to pick up little kids in chat rooms can be assured that they're really little kids, not cops. I'm not sure who is sicker, the perverts or the cops playing little kids. String 'em both up...
"non-negative" means >=0
Eh, what does gender have to do with anything? Isn't age the relevant part?
GAAH! MY PRINTER IS ON FIRE!!! PUT IT OUT! PUT IT OUT!
I'm already working under the assumption that every eleven year old girl I'm chatting up on irc is either a 37 y/o truck driver from Idaho or an FBI agent.
do not read this line twice.
So when the kid's pedophile uncle / dad / aunt / cousin / mother / whatever wants to go online posing at a kid, they only need to grab "Little Johnny / Janie"'s USB fob to pose as a kid?
Hmmm..Sounds like Verisign's "Security" model at work again here...
= Grow a brain...
Yes, you can't modify the cert as Verisign's signature would confirm it to be faked. However, you can still copy it and use it to assert that you're the person who's cert you stole.
Not all movement is progress.
Bad management trumps ideology - Show the world you want better leadership. http://www.timefornewmanagement.com
This looks like a good idea to ensure that player you're hooking up with in EverQuest really is a 19-year old girl.
This simply will not work.
It is yet another example of a technological fix to the wrong problem...
you don't need age and gender verification of the person sitting in a classroom at a computer.
you need age verification for that geezer sitting in his basement 2,300 miles away... or even 1.5 miles away.
Yet another example of techies selling snakeoil...
they should be ashamed.
Worse than that, it will foster an unsafe feeling of security in teachers, parents AND children.
EE Doc Smith knew this 60 years ago! Read the Lensman series
what technology can devise, technology can defeat.
Just not good enough!
Someone else says it best
True, not everybody has one, and they aren't perfectly secure, but FWIW having a passport does prove that you're a citizen of whatever country issued it, in effect a National ID Card without all the hoopla.
I already carry mine around with me anyway; perhaps a bad idea on account of loss/theft/what have you, but it HAS come in handy with some overzealous LE officers - "Well, this is just a drivers license, do you have any other proof of ID?"
Facts do not cease to exist because they are ignored. - Aldous Huxley
I just hope it would work via PKCS#11, or some similar technology. And it worked on all platforms/browsers. Not just some ActiveX object.
Would be awesome to be COPPA compliant with an easy method like that.
Heck I'd even support a bill to deploy some technology like that federally.
I could see many uses:
1. bars, cigarette sales would be easier
2. Online
Perhaps they could adopt something with fingerprint recognition built onto it. So your fingerprint authenticates as well... just in case it's stolen or lost.
A/S/L????
to beat up the scrawny kids:
"Give me your token, nerd, or else!"
There exists no way of exchanging information without making judgments. --Bene Gesserit Axiom
Now we will be able to tell that the anal retentive retard really is a teenage prick trying to impress others!
Menzoberranzan Networks
Why don't we just inject them with gps trackable microchips. That way we always know where they are. Then if the little bastard looses his chip, you know hes up to no good. So death would be proper punishment.
The key could include an onboard thumbprint scanner or other bio-authentication with it to eliminate most of these problems.
I don't care if VerminSlime cures cancer; I'll never do business with them ever again.
It's true no man is an island, but if you take a bunch of dead guys and tie 'em together, they make a good raft.
Gender has everything to do with it.
You see, these things aren't to protect kids from online predators. They are to protect online predators from police officers posing as kids. The gender and age thing are just to help the online predators in selecting the right kid.
Obviously this works, because the cops can't use a kid's ID thing since that would be illegal. So at worst the online predator ends up with a different kid than what the ID thing told him, but at least it isn't a cop.
Train the kids to use GPG/PGP! Why do people keep using proprietary nonsense, when the butt-kickingest authentication system is already out there and waiting to be used for free?
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Here's my solution:
Ask the person what their favorite Pokemon character is. The kid will give you an answer and maybe even draw you a picture. The adult will give you a blank stare.
You've missed a problem a lot of people miss. All the key does is prove that it is it. It doesn't prove that you are you unless it is activated by information only you have or includes write-once information in it about you.
If the key includes digital fingerprint and iris information signed by my private key which I keep in a safe and never reveal, and the public key is signed by a public notary, then we have an identification system.
Keys without ID information are just keys.
- Michael T. Babcock (Yes, I blog)
Child: Look what they gave me at school. It's got my name, age and knows I'm a girl. And it's USB!
Me: Put it on the table so that I can have a closer look.
USB Token: Hey, is that a hammer? THWACK!!!
Bill Clinton: Pimp we can believe in. - The Shirt!!!
You're totally right of course. A hunk of plastic that says John is 14 doesn't mean anything unless you can be sure that its John's key, and that John is in front of you.
That adds huge complexity to the system because now you need some other path to check it. Does a picture of John come up on a screen? Who checks that? Who stores the pictures? Does John provide a DNA sample with his key? A little hair clipping, drop of blood or perhaps...well never mind.
Personally, I hate the idea of fingerprint based or any other biometric system without supervised used. A person needs to be there to ensure that the thumb placed on the scanner is in fact still attached to a living person.
I would very much rather not have my thumb carry any inherent value to anyone else but me, thank you very much.
The problem with quotes on the internet, is that nobody bothers to check their veracity. -- Abraham Lincoln
I snagged it from my 13 year lod sister.
I'm selling it on ebay to some creepy 50-year-old man.
WTPOUAWYHTTOTWPA
What's the point of using acronyms when you have to type out the whole phrase anyways?
How am I supposed to lure people into my web of decadent online perversion if the thing automatically answers A/S/L for me!? No more 18/f/Cali? Who's going to talk to a 47/m/OK? Next they'll be saying my screen name can't be .~h0ttieGrrl69~.
"Stop throwing the Constitution in my face, it's just a goddamned piece of paper!" - George W. Bush Nov. 2005
If this device somehow verifies age to other people, I could just see perverts using it to help target exactly whatever age they happen to be interested in. Even "age exclusion" - i.e., not younger than X would be helpful to them. And how long until a statutory rape defense "her card said she was 17?"
www.voiceofthehive.com - Beekeeping and Honeybees for those who don't.
Well, there is the obvious fact that there is no way that this will prove that the person is a 12 year old girl - just that the person has a key created for a 12 year old girl.
Remember the Pentium Serial number ? Remember the huge privacy concerns that the media lamented over then ? Heck, that was just to identify a specific CPU in the world. Now, any website, will be able to identify a specific individual on their site with the same identity used on ALL sites. Screw Cookies !
And you know that it will be available to any site that wants it, after paying the proper license fees.. Just look at the way cookies are handled for Joe Average with IE.
As an added bonus, the maketroids now get the names, gender and ages of a slew of kids to directly market to them while they are online.
"Hellow Timmy ! I see that your birthday is coming up soon, you should tell your parents that you want the new American Freedom Enforcer GI Joe !!"
Every year we get a few steps closer to 1984....
Time travel is possible. We are quickly heading for 1984.
Schools can't do that. That would be a FERPA violation and the penalties are extremely severe including but not limited to the loss of all Federal funding including grants and financial aide. That's not something a public school with a limited budget wants to have happen. FERPA is not one of those laws you fuck around with.
If its an 'object', kids will be trading them like lunch money..
This is a stupid idea.
---- Booth was a patriot ----
If only there were a way for technology to "fix" people, we'd really be onto something.
Steal/borrow an older students device, they are in.
If this was integrated with a fingerprint scanner so the devices can only be activated by the owner, that might make it marginally difficult for the average kid to defeat the system. Granted, you could still get someone to activate their thing for you, but most kids don't have friends that will risk getting in trouble like that who are sufficiently older them to make a difference.
This is, however, marginally useful even as-is to keep people from accidentally stumbling on something, and it allows for tailoring for different age levels. Say a public library integrates a system like this with their filtering, an 8 year old could hang out on nickelodeons website, a teenager could research academic articles about sexuality for a school report, an adult could have the filter disabled completely. Rather than one size fits all filtering, this would be an easy way to set up different levels of filtering- maybe not easy to set up initially, but really easy in day to day use. You wouldn't even need to have any sort of user accounts or sysadmin intervention, just plug the thing in and the filtering software autodetects the age recorded on the device and adjusts its filtering level appropriately.
This is sweet. Now I can make sure that cute teen girl I'm talking to isn't really some dirty old man like me.
If they don't take their birthdates... then what? They have to release a new card every year???
Oh yeah, there was Sitefinder. Never mind.
Her USB token said she was 18!! ..errr yeah.
Given that most kids probably aren't going to be able to figure out the concept of verifying who they're talking to online, what's the point of this thing? To make it easier for Michael Jackson to be sure that he's not chatting it up with DA's office?
-jim
Excellent! I figure by about noon tomorrow I'll download a patch that "officially" makes me a 16 year old girl.
Oooh -- bad idea, dude. That's statutory rape, for one, when they catch you in bed with yourself. Did you think for a second about *that*?
...to lift the burden of adult supervision from those who're supposed to be exercising it. Yes indeed, it's just too damned hard for parents and babysitters/teachers to keep a lid on those cunning little wretches known as children; time to foist the crushing responsibility off onto a third party. Then we'll have someone else to blame if our brats do something we don't approve of!
Like Canada!
Max
My god carries a hammer. Your god died nailed to a tree. Any questions?
In the United States. You can't give out student information to companies, even for a good reason.
:) Should be lots of revenue in this for them.
Anyone contemplated the privacy implications of this? I mean, you get to know the student's names, their ages and genders, and you as a company know where they are located - schools (minus busing plans) draw from the near neighboorhood. You could probably tie this to zip, and maybe zip+4, which gives you a great deal of demographic information.
Plus, as is obvious, the ability to hack/crack/borrow/steal/lose/etc these items.
Besides, the cops will still be investigating everyone, including kids, who're having sex with kids online
-- Ender, Duke_of_URL
No, it's called "carbonite".
Verisign's business is built on cryptography, captive markets, and authority. This initiative is the perfect way to encroach arbitrarily on children's rights (and those of adults, when they grow up) with little recourse. That a (public or private) school will have the master list in a digital file is clear.
IANA cypherpunk but.. in the sense that a small amount of cleartext is sufficient to break open an encrypted channel, if you consider the Total Information Awareness of a child to be something to be cracked, I would tend to believe that tying age and gender to an id, even if the master list is not made public directly, is easily sufficient signal to discover the child's identity, photograph, school and home address, after a relatively small number of id-enabled transactions.
In addition the school and the child's parents are not information security experts. I expect one or two of the points made here will become apparent after a few badly thought out implementations are made around the country. And you wonder why the world laughs at the U.S.? This is hideous, embarassing, evil, corporate speak in a no-go zone, and generally a really bad idea. And it is also completele unnecessary and unwarranted for the putative purpose.
I think I can afford to be cynical since I expected something like the war in Iraq, in the general geographical area, with the identical aspects of prevarication, failed weapons searches, damned lies, deaths on both sides, damage coverage, Colin Powell (who I really like and pity) being hired to lie in the U.N. etc. for about 20 years. The point being not that I am a cynic about projection of military power in the middle east, but that when the powers at be want to do something, it gets done, and the justification can be just about anything. People stop talking about the justification when you own their ass. This is another one of those, and the ironic thing is it probably was initially conceived by someone who really wanted to protect kids in chat forums. Watch it MORPH! (Handy guide follows)
So here are a few other uses I thought up.
Adult site verification when user grows up a little.
Driver's liscense and insurance tie-in
free pass through "antiterrorist" security at airports, public attractions, etc.
tying of token id to other info to track minors by government, finance, or arbitrary moneyed organization
track academic achievers early and target children for additional education, training, hiring, messing with brains, etc.
tying to physical and genetic data for future scary purposes
tracking of athletes in presidential athletic competition, school competitions, olympics, etc.
tracking of drug use for criminal or athletic monitoring by matching id to urine / hair sample at periodic physicals
sale to toy stores, credit card companies (can't start too young), armed forces
removal of anonymity from a young age so kids will never know what they're missing
purchase of digital textbooks
selection of computer crime suspects
proof of attendance
identity check for standardized tests (schools know who is who of course)
identity check for reservation of computing resources
measurement of advertising viewer demographics in online media
detection of precocious children in adult online areas
detection of precocious children in over their heads
access to locked school premises in unsafe areas or at night
access to student pcs/tablets/pdas/accounts
access to online diaries
medical checkups at school
storage of grades in usb fob or keyed to id
child hands parent access to online life with key
ditto for any adult in educational establishment
but kids can make a few bucks doing transactions for adults sometimes so not all bad right?
Okay I've had enough. How about you, kids?
Gender verification by checking a dongle has been going on for generations. The state of the dongle may also provide some information about the person's age (among other things), but this is usually less accurate.
Hi Apreche.
I always hated your previous signature, because it contained a self-quote which is lame.
And guess what? It got you into the list of slashdot's worse signatures! Aren't you proud?
bYe,
moi
Slashdot community, please notice: I am looking for a girlfriend.
Nave H. Weiss
Not only that, but anyone that managed to compromise the system could potentially view the locations of children. This is not something I want any kids I know hooked into.
Playing pornographics games during the day is evil! Play at night!
Good, Because I really hate when I am chatting up a little girl and she turns out to be a cop
I'm sure parent's will love this because it's being spun off as one less think parents will have to worry about. I can almost see thier false security blankets getting bigger.
Anyone with children who has woken up, obtained a clue and taken an interest should be outraged by the thought of this. Did the masterminds behind this operation even ask, inform or otherwise obtain the permission of the parents? I think not.
Be Safe! Sleep with a Marine. Semper Fi!
I'm pretty sure that the situation is you pay a maximum of $50 towards bills the thief racked up before you called to cancel, and none towards anything charged after you call in.
This post written under Gentoo-linux with an SCO IP license.
But will this run on Linux? Especially after Microsoft locks Linux out of USB.
it seems this might work better if the usb keys expired after a certain time or date, and the kids had to take them to their teachers to get them "recharged"... not foolproof, but better.
> School administrators will provide a list of > students, with their ages and genders, Yet another reason my wife and I won't put my kids in public school (when they get that age). Our foster kids, we have no choice. I don't want school administrators providing any information about my kids without my consent, on a case-by-case basis, and that with full disclosure of what information will be released.
Wouldn't it be easier to just bang our chests and say "Paedophiles BAD!!!" That would be doing something, and it would be much easier.
Wouldn't it be more effective and useful to encode the birthdate on the device? The age can always be calculated that way and then you don't have to replace it every year.
I just found out there's no such thing as the real world. It's just a lie you've got to rise above. - John Mayer
It seems that most posters basically think this is a crappy idea. Is there anyone that thinks this is a good idea? Any teens think so? Any parents? I think that the concept is sound, but its implementation may not be. And Verisign is certainly one of the right companies to be involved, but they're certainly motivated by what all public companies are motivated by - profit. Any other positive thoughts?
and since only 10% of the students will care about that, those 10% will have some 12 tokens each, with various info and ages to use as fit.
:)
I for one would give a crap about chat and stuff that require *this* kind of security, and hack my dozen for usb storage
But, i for one welcome our new verisign sellers overlord. golpe de mestre dos safados!
- available free to students
This won't be useful for kids -- it will be useful for paedophiles looking for kids and trying to avoid FBI agents posing as kids. Kids won't give a crap - so they blow an hour chatting with an adult; so what? But the value of identifying a real minor to a paedophile is much higher. Ask McNaughty, er, McNaughton formerly of Java/Disney fame.-- @rjamestaylor on Ello
Many surveys of college students have shown as many as 30% of incoming freshman admit having been molested in some fashion - raped, touched inappropriately, or being exposed to someone's genitals or pornography in an overt fashion by someone who was in a position of responsibility over them.
Thirty percent. Keep in mind most of these reported surveys (google'em, many are online) were taken well before the internet became what it is. and most of these people were accosted in their own homes by relatives or friends of the family.
This is the truth no one dare speak in public. It's not the strangers parents have to worry about - more often it's their own spouse, the babysitter, or uncle Frank or aunt Sally.
Yes, I suspect that was exactly his point and exactly why he got modded funny.
Yeah, but what if you've got a kid playing on their parents' computer? How would their age be displayed then?
Quote from the article:
"The token will be available free to students in a handful of schools this fall. School administrators will provide a list of students, with their ages and genders, and VeriSign will encode that information onto the tokens."
As anyone who works in a school will tell you, this will probably not work, because any release of student information to a 3rd party requires (in most states, anyway) a parent release. No school is going to provide this info without such and risk a lawsuit. No school will provide this info anyway, because if a mistake was made and a lawsuit resulted, the school in question would be named in the suit, resulting in a lot of bad publicity. Anyone that works in school will tell you, bad press is to be avoided at all costs.
This scheme is extremely unfair to those that identify as the opposite of their legal gender. California, for example, protects students' rights to gender expression, and this scheme violates that.
Melissa
30 82 01 0n 02 82 01 01 00 qq 84 q4 o9 o4 s9 n7
q8 s3 04 78 9p qr 3q qp 6p 13 16 q9 7n qq 24 51
66 p0 p7 26 59 0q np 06 08 p2 94 q1 33 1s s0 83
35 1s 6r 1o p8 qr nn 6r 15 4r 54 27 rs p4 6q 1n
rp 0o r3 0r s0 44 n5 57 p7 40 58 1r n3 47 1s 71
rp 60 s6 6q 94 p8 18 39 rq sr 42 18 56 qs r4 4p
49 10 78 4r 01 76 35 63 12 36 qq 66 op 01 04 36
n3 55 68 q5 n2 36 09 np no 21 26 54 06 nq 3s pn
14 r0 np pn nq 06 1q 95 r2 s8 9q s1 r0 60 ss p2
7s 75 2o 4p pp qn sr 87 99 21 rn on sr 3r 54 q7
q2 59 78 qo 3p 6r ps n0 13 00 1n o8 27 n1 r4 or
67 96 pn n0 p5 o3 9p qq p9 75 9r ro 30 9n 5s n3
pq q9 nr 78 19 3s 23 r9 5p qo 29 oq nq 55 p8 1o
54 8p 63 s6 r8 n6 rn p7 37 12 5p n3 29 1r 02 q9
qo 1s 3o o4 q7 0s 56 47 81 15 04 4n ns 83 27 q1
p5 58 88 p1 qq s6 nn n7 n3 18 qn 68 nn 6q 11 51
r1 os 65 6o 9s 96 76 q1 3q 02 03 01 00 01
This thing is useless without biometerics to lock the key to a given user at this point in time. Supposed Johnny steals his dads credit card, dad is going to be pissed bout missing a card (like any good american he uses it on average 5 times a day). But now Johnny can get to pr0n. Now supposed Johnny steals the usb dongle, guess what the dad wont notice as he doesnt use it every day. Thus johnny is able to look at pr0n longer. Unless you tie the usb dongle to a biometerics this does nothing execpt allow verisign to charge new fees for encoding. In reality what we need is crypto usb keys, ones that have a private key and public cert installed in them. The private key should be locked compelty without the biometeric integrated thumb print scanner) then the private key is unlocked for crypto operations, but never allowed to be directly extracted. Then all we need to do is make sure its in a form factor that will destruct the key if tampered with and whamo we have a real way to identify people in real time. Of course such a system would be usefull for voting, credit applications, travel, picking up children, just about everything we hope bad people dont try do do as us today. Something with such wide use will never come to be. Good thing Verisign doenst know what they are doing, the might have ruled the world.
You're paying the bill (good) but you're also making the lender more money (better)
You can make the lender even more money by paying the lender back in advance, so that the lender can turn around and lend the money to somebody else. Even if you pay in full each month, the card issuer still makes money on the 3 percent loan origination fee that it charges the merchant.
Many organizations give to United Way. I don't know if it's still true, but at one time, United Way gave to Planned Parenthood. If you're not familiar with the latter organization, Planned Parenthood offers abortion as an option over adoption. Even if you specify a specific charity when giving through United Way, that will just redirect somebody else's "general fund" money to Planned Parenthood. However, United Way claims that Planned Parenthood money from United Way doesn't go directly toward abortion, but the general fund redistribution principle may apply there as well.
Ok, being that they made a point to mention that these would be given to school children, won't this make it easier for pedophiles to avoid stings?
SweetTartTeen6969:Hi lolz. Imma 13 yr old grl lol from Seattle. my parentz suck. lolz. NE1 wanna hang tonight
SugarDaddy:Yeah. I understand. Parents do suck. I'll hang out with you. BTW, please insert your USB key so that I can verify your age and gender.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
Great! The next thing we see is script kiddies trying to crack their "skool-usb" to show the disco bodyguards they are really 18!!