Slashdot Mirror

← Back to Stories (view on slashdot.org)

Verisign Develops Token for Age Verification

Posted by CowboyNeal on from the plugging-in dept.

FirstTimeCaller writes "A Reuters article is reporting that Verisign in conjunction with an unnamed children's safety group, will release a USB token that can be plugged into a PC to verify the age and gender of a person participating in online chat rooms. According to the article, the token will be available free to students in a handful of schools this fall. School administrators will provide a list of students, with their ages and genders, and VeriSign will encode that information onto the tokens."

17 of 417 comments (clear)

  1. If it's just to verify "age and gender" . . . by acceleriter · · Score: 4, Insightful

    . . . why is there a "list of students" involved? And seriously, do they not know these tokens are lent? Either this is an insidious attempt at a pilot of some sort of "internet ID" or a completely dumb idea.

    --

    CEE5210S The signal SIGHUP was received.

    1. Re:If it's just to verify "age and gender" . . . by MemRaven · · Score: 4, Insightful
      Really? It seems like an ideal way to pose in a "safe" chat room. You just borrow/steal/abscond-with/buy the token from someone who matches the profile that you want to emulate (i.e. you steal it from your 6 year old neice, or just take it when she's not looking and replace it before she can misplace it).

      If we've learned nothing else from social attacks, it's that a misplaced sense of security can actually be worse than a lack of security at all. If you think that authentication is working, you're less on your guard (and more trusting) that you would be if you thought that it definitely wasn't working. If the system is that easy to foul up, it's thus worse than no authentication at all.

      Now if it was 2 or 3 factor authentication (i.e. in order for the token to work you have to do a fingerprint and PIN check) then it's a different story. If it's just a dongle, it's pretty worthless.

    2. Re:If it's just to verify "age and gender" . . . by zoeblade · · Score: 4, Insightful

      Either this is an insidious attempt at a pilot of some sort of "internet ID" or a completely dumb idea.

      More than likely, it's both.

  2. Right... by The+One+KEA · · Score: 4, Insightful

    Who's going to run the betting pool on how many minutes it takes someone to crack the keys and modify the information?

    Better yet, how many kids will lose their tokens?

    Not to mention the possibility of the breaching of the privacy of minors.

    On paper this sounds like a good way to protect children, but somehow I think the execution of the idea is not going to be as easy as Verisign and Co. think it might be.

    --
    SCREW THE ADS! http://adblock.mozdev.org/ Proud user of teh Fox of Fire - Registered Linux User #289618
    1. Re:Right... by jrod2027 · · Score: 5, Insightful

      Or how about how long will it take for some pedeophile to get ahold of one of these tokens?
      Instead of relying on children to take their word of how old they claim to be, the kids could be fooled by a false sense of security with these IDs.

      Peodophile: I'm an 11 y/o kid honest... see my Verisign token proves it.
      Kid: Wow, you're right. Want to go hang out?

  3. Man, a 13 year old could make a big profit by scythian · · Score: 5, Insightful

    Selling his or her token to some freak on ebay!

    --
    terpmotors.com
  4. Just what little tommy needs! by palad1 · · Score: 5, Insightful

    A personal x509.3 certificate and a crypto key.

    So when he's 21 he won't complain when the barcode on his forearm will be used to 'strenghten e-vote security'.

    Train them while they are still young, the older they get, the harder for you to teach them new tricks...

    Oh, wait, this only works with pkcs#11-enabled chat applications? I guess IRC will have to be outlawed then. You don't want untagged pedophile commies subverting little Tommy on IRC now, do you?

  5. Re:Credit card ? by ninthwave · · Score: 5, Insightful

    And what kid wouldn't trade there cheap token for a chat room that they see as stupid to some grimy adult for something else?

    --
    I was thinking of the immortal words of Socrates, who said: "I drank what?" - Chris Knight (Val Kilmer)- Real Genius
  6. Re:Credit card ? by jmcmunn · · Score: 5, Insightful


    Yeah, because we all know that none of the pedophiles out there have kids of their own who might leave this key plugged in, or laying on the desk for dad/mom to use?

    This is dumb, this does about as much good as the pages before porn sites telling people to not enter if they are not 18. Big deal, a USB key that tells someone I am young. It'll be 2 days maximum until some geek gets ahold of one and then you can buy them online for $25 +S/H.

  7. Gender? by LordK2002 · · Score: 4, Insightful
    What on Earth has gender got to do with child safety?

    Clearly in some cases it might be necessary or desirable to prove your age, but unless the chatroom is supposed to be an online matchmaking service I fail to see what the presence of a Y chromosome has to do with anything.

    1. Re:Gender? by grahamm · · Score: 4, Insightful

      Maybe some areas might be gender specific. For example girls might find it easier to discuss things like the the changes to their bodies which happen at puberty if there are only other females present. The tokens could be used to only allows girls of the appropriate age (plus specific vetted adult female advisors) in the chatroom.

    2. Re:Gender? by figa · · Score: 4, Insightful
      How are advertisers going to narrowcast effectively if they don't know the gender of the kid? These keys are going to be a boon to target marketers. They'll be able to get the age, gender, school district, and past browsing history easily, and with a little cross-referencing, ethnicity and family income.

      Foucault would probably point out that technologies of control have always been inflicted on children first, always for their safety and well being. Verisign's obvious goal in this is to breed a generation of Internet users that are accustomed to using an ID with a computer. While this generation comes of age, Verisign will probably partner with Microsoft and legislators to make Verisign-issued IDs mandatory start a computer, first for children, then for the rest of us. It's not that far-fetched, and it ties in well with DRM.

      As for girls (or boys, for that matter) discussing their private lives online, a less cynical and profit/control motivated educator would explain that you just don't discuss those things online. Kids should understand that they are publishing when they're writing in a chat room, whether it's run by the school or Mattel, and anything you say can be stored, copied, and republished outside of the context you wrote it in. These keys would obviously not keep a malicious child from copying sensitive text from a gender "locked" discussion board, complete with IDs, and text messaging it to the rest of the class.

    3. Re:Gender? by jandrese · · Score: 4, Insightful

      Better yet, they shouldn't talk about that at all. I mean it's just gross, right? I don't know what all of those special interest chat groups (not cybersex people, cmon!) are for. I mean isn't this the sort of thing that is never spoken of? If people start getting too much information they might get ideas, and ideas aren't good for keeping people in line.

      One of the biggest strengths of the internet is the ability to discuss issues anonymously that you may be too embarrassed to discuss with your friends and family--friends and family who would be of no help anyway since they know just as much as you.

      --

      I read the internet for the articles.
  8. Re:Credit card ? by clifyt · · Score: 4, Insightful

    And now they are giving these things to much younger kids. Its a good way of giving allowance to kids without giving them cash that the bigger kids can steal -- or if they loose it, it can be canceled and the money protected....err...in theory because debits don't carry the same protection credit cards do, but most banks will try to give you close to the same.

    Beyond that, when I run a credit card, my business doesn't get to know if its a debit card or not. When I'm on the road, I use my business's debit card that doesn't look anything like the cheesy consumer debits that go out of their way to let the person swiping it know its not a real credit card regardless of the visa logo. For instance, while in North Carolina a few weeks ago, I handed over my personal debit card to rent a car -- rejected. I then give then the business one, accepted -- same bank -- same type of card -- different look.

    I'm convinced that the card companies don't tell anyone if its debit or credit and they have just compiled lists of acceptable CC Prefixes.

    So no, having a credit card these days means nothing because of as the parent indicated -- debit cards are everywhere and anyone can get them.

  9. Re:Nothing is perfect! by Paleomacus · · Score: 5, Insightful

    We're not looking for flawless. It just seems that this system is completely broken.

    It's really not better than nothing at all. The illusion of safety can be more dangerous than being wary of threat.

  10. COPPA anyone? by YrWrstNtmr · · Score: 4, Insightful
    Children's Online Privacy protection Act of 1998

    It's not the school administrators information to give away. This information must go through the parent.

  11. There's already a device that protects children. by Jack_Frost · · Score: 4, Insightful

    I think they're called "Parents."