Slashdot Mirror

← Back to Stories (view on slashdot.org)

Verisign Develops Token for Age Verification

Posted by CowboyNeal on from the plugging-in dept.

FirstTimeCaller writes "A Reuters article is reporting that Verisign in conjunction with an unnamed children's safety group, will release a USB token that can be plugged into a PC to verify the age and gender of a person participating in online chat rooms. According to the article, the token will be available free to students in a handful of schools this fall. School administrators will provide a list of students, with their ages and genders, and VeriSign will encode that information onto the tokens."

37 of 417 comments (clear)

  1. Credit card ? by mirko · · Score: 2, Insightful

    In most countries, credit card authentication was used to ensure one had reached the legal age...
    In which situations wasn't it enough, besides the goatse ?

    --
    Trolling using another account since 2005.
    1. Re:Credit card ? by ninthwave · · Score: 5, Insightful

      And what kid wouldn't trade there cheap token for a chat room that they see as stupid to some grimy adult for something else?

      --
      I was thinking of the immortal words of Socrates, who said: "I drank what?" - Chris Knight (Val Kilmer)- Real Genius
    2. Re:Credit card ? by jmcmunn · · Score: 5, Insightful


      Yeah, because we all know that none of the pedophiles out there have kids of their own who might leave this key plugged in, or laying on the desk for dad/mom to use?

      This is dumb, this does about as much good as the pages before porn sites telling people to not enter if they are not 18. Big deal, a USB key that tells someone I am young. It'll be 2 days maximum until some geek gets ahold of one and then you can buy them online for $25 +S/H.

    3. Re:Credit card ? by clifyt · · Score: 4, Insightful

      And now they are giving these things to much younger kids. Its a good way of giving allowance to kids without giving them cash that the bigger kids can steal -- or if they loose it, it can be canceled and the money protected....err...in theory because debits don't carry the same protection credit cards do, but most banks will try to give you close to the same.

      Beyond that, when I run a credit card, my business doesn't get to know if its a debit card or not. When I'm on the road, I use my business's debit card that doesn't look anything like the cheesy consumer debits that go out of their way to let the person swiping it know its not a real credit card regardless of the visa logo. For instance, while in North Carolina a few weeks ago, I handed over my personal debit card to rent a car -- rejected. I then give then the business one, accepted -- same bank -- same type of card -- different look.

      I'm convinced that the card companies don't tell anyone if its debit or credit and they have just compiled lists of acceptable CC Prefixes.

      So no, having a credit card these days means nothing because of as the parent indicated -- debit cards are everywhere and anyone can get them.

    4. Re:Credit card ? by Maestro4k · · Score: 3, Insightful
      • This is about making sure you're a kid, not that you're an adult. The theory is that it'll keep the pedophiles, who won't have the "I'm a kid" token, out of the elementary school "chat rooms."
      Of course there's not much to stop a smart pedophile (or pedophiles) from finding a way to create their own tokens (what age do you want to be today?) or just stealing them. The article makes it sound like the tokens may contain the kid's names, age and gender, not just age. I'm sure the pedophiles who are on the chat rooms will appreciate knowing that it's really a kid instead of a police officer on the other end.

      Another thought: if they do uniquely identify each kid losing one could open up realms of bullying that are scary. Imagine being able to "prove" you're another kid. Then you go online and tell off all their friends, make lots of enemies, etc. until the lost token's reported and a new one isssued. Poor kid gets back online and faces all his/her online friends refusing to talk to him and complete strangers cussing them out for something they didn't do. Brilliant system.

      • Besides the "problem" of pedophiles in "chat rooms" being completely overblown, this is probably just the precursor of some sort of infrastructure to eliminate anonymous browsing. And who wouldn't like a piece of selling a token for $20/year to anyone who wants to get any information from the Internet in 10 years?
      Either that or it's an FBI dream that they'll be able to tell who's really kids online (and of course be able to obtain fake tokens to use when trolling the chat rooms for pedophiles). Personally I agree with you on it being overblown, I suspect the majority of "kids" online talking to "pedophiles" are law enforcement and vigilantes trying to set each other up, neither realizing the other party's not who they think they are.
    5. Re:Credit card ? by FrankHaynes · · Score: 2, Insightful

      Ask anyone who actually knows the facts about this hot-button topic and you will learn that the huge majority of offenders are known to the child, typically a family member. They are not meeting each other online in the first place.

      Yes, this evil, murky boogey man lurking around every chat room corner is overblown. But, because it makes parents' blood boil the law makers and authorities can get away with murder by bringing it up.

      And of course we know that these keys cannot be spoofed or duplicated. Verisign says so.

      Another poorly thought-out technical solution to a Human problem.

      --
      slashdot: A failed experiment.
    6. Re:Credit card ? by mikemulvaney · · Score: 2, Insightful
      This is dumb, this does about as much good as the pages before porn sites telling people to not enter if they are not 18.
      Those pages are actually good for something. If you hit one and don't want to see the porn, you can go somewhere else. This is a good thing for people who aren't actually looking for porn.

      Yesterday, when I was at work, I was trying to do some quick research about a grill I wanted to buy. I went to google and accidentally searched for 'girlls', which led to some interesting hits. I didn't visit any of those sites, and did a search for 'grills' instead. A few minutes later, I hit 'back' one time to many, and through some unknown sequence of keys, I either submitted a "I'm feeling lucky" or selected that first hit, and my monitor was filled with pictures of black-teens-ebony-sex. Luckily no one can see my monitor in my office, but still.

    7. Re:Credit card ? by jadenyk · · Score: 2, Insightful
      So you're saying that over 1/2 of [legally] adult Americans who are in debt (I couldn't find stats for other countries, not that I looked hard) aren't adults?

      There's more to life, the universe and everything than money. Money doesn't make a person. Every day, people fall on financial hardships and sometimes need to over-extend themselves just to get by. Especially in this economy (though, yes, it is getting better).

      Responsibility should be judged on many different things than how much money one has. How about how they treat others or how they conduct themselves? Does the neighborhood crack-head who lives off of welfare and hand-outs but happens to be in great financial shape since he has little to no bills deserve to be called an "adult" over the guy who works his 9-5, stays clean and sober, drives the speed limit and goes to church every Sunday, but since he got laid off and works at BK for minimum wage, his bills have been late?

  2. If it's just to verify "age and gender" . . . by acceleriter · · Score: 4, Insightful

    . . . why is there a "list of students" involved? And seriously, do they not know these tokens are lent? Either this is an insidious attempt at a pilot of some sort of "internet ID" or a completely dumb idea.

    --

    CEE5210S The signal SIGHUP was received.

    1. Re:If it's just to verify "age and gender" . . . by MemRaven · · Score: 4, Insightful
      Really? It seems like an ideal way to pose in a "safe" chat room. You just borrow/steal/abscond-with/buy the token from someone who matches the profile that you want to emulate (i.e. you steal it from your 6 year old neice, or just take it when she's not looking and replace it before she can misplace it).

      If we've learned nothing else from social attacks, it's that a misplaced sense of security can actually be worse than a lack of security at all. If you think that authentication is working, you're less on your guard (and more trusting) that you would be if you thought that it definitely wasn't working. If the system is that easy to foul up, it's thus worse than no authentication at all.

      Now if it was 2 or 3 factor authentication (i.e. in order for the token to work you have to do a fingerprint and PIN check) then it's a different story. If it's just a dongle, it's pretty worthless.

    2. Re:If it's just to verify "age and gender" . . . by zoeblade · · Score: 4, Insightful

      Either this is an insidious attempt at a pilot of some sort of "internet ID" or a completely dumb idea.

      More than likely, it's both.

    3. Re:If it's just to verify "age and gender" . . . by Safety+Cap · · Score: 2, Insightful

      And when you molest/murder the other young girl you were hoping to chat to, the authorites have somewhere to start looking - they know the online identities of the people the girl was chatting to, and start looking into them...

      ...only to discover that the token you used was stolen from some kid 6 months ago in another state and sold on the black market...
      --
      Yeah, right.
  3. Right... by The+One+KEA · · Score: 4, Insightful

    Who's going to run the betting pool on how many minutes it takes someone to crack the keys and modify the information?

    Better yet, how many kids will lose their tokens?

    Not to mention the possibility of the breaching of the privacy of minors.

    On paper this sounds like a good way to protect children, but somehow I think the execution of the idea is not going to be as easy as Verisign and Co. think it might be.

    --
    SCREW THE ADS! http://adblock.mozdev.org/ Proud user of teh Fox of Fire - Registered Linux User #289618
    1. Re:Right... by Anonymous Coward · · Score: 1, Insightful

      Who's going to run the betting pool on how many minutes it takes someone to crack the keys and modify the information?

      Oh, it's probably not that bad. Presumably it's an X.509 cert with the key generated on board the token, though that's just a guess. Anyway, it's certainly not worth the effort of doing cracking, except maybe to reuse them for something useful.

      Better yet, how many kids will lose their tokens?

      Only the stupid ones. The smart ones will sell them to the kind of people who like to hang out on kid's chat channels at $50 a pop. It's a win-win. The kids get some cash, the pervs get to masquerade as kids.

    2. Re:Right... by jrod2027 · · Score: 5, Insightful

      Or how about how long will it take for some pedeophile to get ahold of one of these tokens?
      Instead of relying on children to take their word of how old they claim to be, the kids could be fooled by a false sense of security with these IDs.

      Peodophile: I'm an 11 y/o kid honest... see my Verisign token proves it.
      Kid: Wow, you're right. Want to go hang out?

  4. So now the Child Stalkers can... by KyootFox · · Score: 3, Insightful

    Just check the online ID before persuing the child??

    That's gonna cut into the FBI's stake-outs, isn't it?

  5. Can't work won't work by klubkid79 · · Score: 2, Insightful

    And what is stopping a dubious individual from borrowing one of these tokens?

  6. Man, a 13 year old could make a big profit by scythian · · Score: 5, Insightful

    Selling his or her token to some freak on ebay!

    --
    terpmotors.com
  7. Just what little tommy needs! by palad1 · · Score: 5, Insightful

    A personal x509.3 certificate and a crypto key.

    So when he's 21 he won't complain when the barcode on his forearm will be used to 'strenghten e-vote security'.

    Train them while they are still young, the older they get, the harder for you to teach them new tricks...

    Oh, wait, this only works with pkcs#11-enabled chat applications? I guess IRC will have to be outlawed then. You don't want untagged pedophile commies subverting little Tommy on IRC now, do you?

  8. Am I missing something, or is this lame? by dpbsmith · · Score: 3, Insightful

    Unless the article is leaving out some, dare I say key piece of information... in about a week, students will have figured out that the computer doesn't know whether the USB token belongs to the person who inserts it or not.

    In about two weeks, they will be borrowing them from older siblings.

    In about three weeks, there will be a brisk trade in USB tokens issued to older students who have no interest in the school-approved content that is actually linked to the key, but great interest in money.

    In about three months, forged adult-ID USB token will be for sale on eBay.

    Even a plain old ID card has a signature and a photo on it, so someone can see whether it matches the holder of the card or not. But these anonymous bits of colored plastic are just an invitation to abuse.

    In a corporate setting, I suppose you've signed something that says you're responsible for all use made of the token, and you would be suspiciously unable to do your job if you loaned it to someone else... and subject to dismissal if someone finds out. I don't see how that can be applied in a school context.

    Unless they were planning to Superglue the token to the kid?

    --

    "How to Do Nothing," kids activities, back in print!

    1. Re:Am I missing something, or is this lame? by erikharrison · · Score: 3, Insightful

      Ha!

      It's more like those kids who are already on the internet will continue using open environments (AOL chatrooms, IRC, message boards) where the token is useless, and those who aren't web savvy will loose the damn thing.

      The way to make these used is to make kids want to use them - for example, providing places where kids feel more secure or comfortable with some guarentee of the identity of their co-chatters. On the other hand, we're just lulling those kids into a false sense of security for many of the reasons you list above, regardless of whether or not what you mention comes to pass, but because it teaches them to trust weak technology without thinking.

  9. Re:Dumbest Idea Ever by maxwell+demon · · Score: 3, Insightful

    I guess FBI agents can get tokens for any age/gender they want.

    --
    The Tao of math: The numbers you can count are not the real numbers.
  10. Gender? by LordK2002 · · Score: 4, Insightful
    What on Earth has gender got to do with child safety?

    Clearly in some cases it might be necessary or desirable to prove your age, but unless the chatroom is supposed to be an online matchmaking service I fail to see what the presence of a Y chromosome has to do with anything.

    1. Re:Gender? by grahamm · · Score: 4, Insightful

      Maybe some areas might be gender specific. For example girls might find it easier to discuss things like the the changes to their bodies which happen at puberty if there are only other females present. The tokens could be used to only allows girls of the appropriate age (plus specific vetted adult female advisors) in the chatroom.

    2. Re:Gender? by figa · · Score: 4, Insightful
      How are advertisers going to narrowcast effectively if they don't know the gender of the kid? These keys are going to be a boon to target marketers. They'll be able to get the age, gender, school district, and past browsing history easily, and with a little cross-referencing, ethnicity and family income.

      Foucault would probably point out that technologies of control have always been inflicted on children first, always for their safety and well being. Verisign's obvious goal in this is to breed a generation of Internet users that are accustomed to using an ID with a computer. While this generation comes of age, Verisign will probably partner with Microsoft and legislators to make Verisign-issued IDs mandatory start a computer, first for children, then for the rest of us. It's not that far-fetched, and it ties in well with DRM.

      As for girls (or boys, for that matter) discussing their private lives online, a less cynical and profit/control motivated educator would explain that you just don't discuss those things online. Kids should understand that they are publishing when they're writing in a chat room, whether it's run by the school or Mattel, and anything you say can be stored, copied, and republished outside of the context you wrote it in. These keys would obviously not keep a malicious child from copying sensitive text from a gender "locked" discussion board, complete with IDs, and text messaging it to the rest of the class.

    3. Re:Gender? by jandrese · · Score: 4, Insightful

      Better yet, they shouldn't talk about that at all. I mean it's just gross, right? I don't know what all of those special interest chat groups (not cybersex people, cmon!) are for. I mean isn't this the sort of thing that is never spoken of? If people start getting too much information they might get ideas, and ideas aren't good for keeping people in line.

      One of the biggest strengths of the internet is the ability to discuss issues anonymously that you may be too embarrassed to discuss with your friends and family--friends and family who would be of no help anyway since they know just as much as you.

      --

      I read the internet for the articles.
    4. Re:Gender? by julesh · · Score: 3, Insightful

      One of the biggest strengths of the internet is the ability to discuss issues anonymously

      So let me get this straight -- these kids are having to prove their identity in order to be able to discuss stuff anonymously. That makes sense.

  11. Dangerous by mrph · · Score: 2, Insightful
    The situation could get dangerous if people start relying too much on these things.
    Once someone figures out how to crack it, he or she would be able to fool everyone who believes that the system is reliable.
    Today most people are sceptical to people online, with this system it could actually get really easy for the scumbags to convince someone of their (fake) age.

  12. Get lost Veribad. by mcbridematt · · Score: 1, Insightful

    As a technology concious teenager, I would like to say FUCK OFF VERISIGN. I WILL NOT BE PLUGGING SOMETHING INTO MY OWN HARDWARE JUST TO LET PEOPLE KNOW WHO I REALLY AM. If I want to disclose my identity in full, thats my own decision.

    Of course, they're are a whole lot of teens out there who spend the whole night talking to friends on MSN (blame Micro$haft for capturing this market by bundling it with WinXP).

    I would like to call on parents reading this to frag all traces of MSN and other chat networks from their teens computers so the quality of english spoken worldwide does not decline within the next decade. I stopped wasting my time talking to losers on such chat networks because I simply can't bear the quality of english OR SHOULD I SAY SMSlish being driven around by people who think 500 millisecond responses are critical. Spoken to your kids english teacher recently? Doesn't come as a suprise to me that I am one of the only students in the english class that can maintain good spelling with no cutbacks to save time.

    Also think what else such USB Keys could do. Enable sitefinder instead of Google? Spy on students in cases where X person is under agreement to lease equipment from the school? Erase traces of non-DRM music to keep their friends at the **AA happy? Hmm, better speed up development of my RFID disk wipe module ASAP. I think I'll need it when school IT staff think they can blackmail me into violating californian breakin disclosure law again. They've already tried to break into my own blog to see what dirt I have marked private on them.

  13. Re:Nothing is perfect! by Paleomacus · · Score: 5, Insightful

    We're not looking for flawless. It just seems that this system is completely broken.

    It's really not better than nothing at all. The illusion of safety can be more dangerous than being wary of threat.

  14. COPPA anyone? by YrWrstNtmr · · Score: 4, Insightful
    Children's Online Privacy protection Act of 1998

    It's not the school administrators information to give away. This information must go through the parent.

  15. There's already a device that protects children. by Jack_Frost · · Score: 4, Insightful

    I think they're called "Parents."

  16. mod parent up! by zanderredux · · Score: 2, Insightful
    as an AC noted,
    I'd mod you up if I had mod points. This is the crux of the entire issue. Most people just don't realise it yet.
  17. Translated story by w3weasel · · Score: 2, Insightful

    Verisign announced today that it would begin a program to create the youngest group of hackers ever.

    --

    Just as irrigation is the lifeblood of the Southwest, lifeblood is the soup of cannibals. -- Jack Handy

  18. Who says Verisign thinks it's easy? by raehl · · Score: 2, Insightful

    Who says Verisign even thinks it's possible?

    Verisign doesn't care. They just need to convince people that these USB keys somehow protect their children. It doesn't matter if it ACTUALLY works, just that people BELEIVE that it works. In fact, it's probably better for verisign if it doesn't work, as it's less work for them.

    The goal isn't to protect children, the goal is to get $20/year from every kid who accesses the internet. Neat trick.

    --
    paintball
  19. Credit vs. Debit by SeanDuggan · · Score: 2, Insightful
    Well, the main advantages of debit cards are that that you can use them in ATMs to get cash without incurring 14% fees on the transaction (similarly, many grocery stores let you get back money on a transaction if you tell them you're using a debit card, a way of avoiding service fees sometimes if the local ATMs don't interface with your bank) and theoretically, you're limitted to what's already in your bank account (I think they allow some degree of overdraft and if you've got an associated savings account, they may automatically draft money between accounts to cover overdraft). And, like most posters have said, you can use them just like a credit card in almost all situations.
    Advantage of credit cards is that a) you can exceed your available money (although I don't reccomend this, as the interest rates approach loan shark proportions) b) Because there's an extra buffer between you and your bank accounts, there's a fair amount of theft protection built in. You're only liable for $X of a stolen credit card, usually about $50, assuming you report it promptly. Debit cards, well, you may have a bit more trouble getting the money back from your bank. c) Using a credit card improves your credit rating. This is why I pay for everything by credit card, then pay off my bill in full every billing cycle. As a result, I've built a solid record as someone who makes use of credit and is also reliable. *shrug* It can make a big difference when it comes time for you to purchase your first car or house.

    At the end of the day, I tend to carry my Discover card for credit (cash back is miniscule, but better than nothing) and a check card marked with a Visa logo for places that don't take Discover and for ATMs. ^_^ And I carry another credit card, a MasterCard, which I use if I run into places that don't carry Visa or Discover. I used to also keep an American Express card, but it seemed to be overkill. (Plus there's some political issues there, but that's another matter entirely)

    --
    This sig has absolutely no significance and serves only to take up screen space and waste the time of the reader.
  20. Re:Rule #1 by Anonymous Coward · · Score: 1, Insightful

    "non-negative" means >=0