Verisign Develops Token for Age Verification 417
FirstTimeCaller writes "A Reuters article is reporting that Verisign in conjunction with an unnamed children's safety group, will release a USB token that can be plugged into a PC to verify the age and gender of a person participating in online chat rooms. According to the article, the token will be available free to students in a handful of schools this fall. School administrators will provide a list of students, with their ages and genders, and VeriSign will encode that information onto the tokens."
Credit card ? (Score:2, Insightful)
In which situations wasn't it enough, besides the goatse ?
Re:Credit card ? (Score:5, Informative)
Re:Credit card ? (Score:4, Interesting)
Not a very good system.
Translated story (Score:3, Insightful)
Re:Credit card ? (Score:4, Interesting)
Also, what about people that don't feel comfortable giving out their credit card information for age verification purposes? I don't want my credit card information all over the web.
Re:Credit card ? (Score:4, Interesting)
When people with bad credit grow up psychologically and find help to get out of debt, that's when you should start treating them as adults, and not a moment before. There are plenty of organizations to help people in those situations. All they have to do is pick up the phone and take responsibility. It's a long, slow process back to fiscal solvency, but going through it proves responsibility and maturity in a way that bankruptcy and other cheap fixes don't.
By contrast, if a fifteen-year-old (as mentioned in another post in this thread) is responsible enough to manage his/her own finances without overspending, he/she should be treated as an adult because he/she is acting in a responsible fashion befitting an adult. (The rare occasion is the fifteen-year-old son or daughter of a multi-millionaire who spends without remorse, but fortunately, these are pretty easy to spot for the most part. :-)
In short, age verification by credit card is a much better method than actual physical age because it more accurately reflects the maturity of the individual, which is generally the purpose of an age verification system....
Oh my. I'm starting to sound like my parents....
Comment removed (Score:5, Insightful)
Re:Credit card ? (Score:3, Informative)
A debit card is linked directly to your checking account. As soon as the card is swiped, the funds are already being transferred out of your account.
It's still a debate in my household as to which is the preferred one to use.
Re:Credit vs. Debit (Score:5, Informative)
Actually, while that is good for your credit, paying it off slower (not in full) looks much better. You're paying the bill (good) but you're also making the lender more money (better), so your credit score goes up further than if you pay the whole thing at once.
Same as a bank loan. It looks better to pay it off according to the schedule than to jump the gun and pay the whole thing off early.
Of course, if your credit is already excellent, there's no need to worry with all that. If you're trying to rebuild bad credit, then slower is better.
Re:Credit card ? (Score:4, Informative)
As these hapless victims could attest. You sir would be right. [keytlaw.com]
Re:Credit card ? (Score:5, Informative)
Besides the "problem" of pedophiles in "chat rooms" being completely overblown, this is probably just the precursor of some sort of infrastructure to eliminate anonymous browsing. And who wouldn't like a piece of selling a token for $20/year to anyone who wants to get any information from the Internet in 10 years?
Re:Credit card ? (Score:5, Insightful)
Re:Credit card ? (Score:5, Insightful)
Yeah, because we all know that none of the pedophiles out there have kids of their own who might leave this key plugged in, or laying on the desk for dad/mom to use?
This is dumb, this does about as much good as the pages before porn sites telling people to not enter if they are not 18. Big deal, a USB key that tells someone I am young. It'll be 2 days maximum until some geek gets ahold of one and then you can buy them online for $25 +S/H.
Re:Credit card ? (Score:5, Interesting)
Re:Credit card ? (Score:3, Interesting)
No no no, the Number of the Beast is always the same, while National ID numbers should all be unique. The NotB essentially *destroys* identity and makes the bearer an interchangeable unit of someone else's property. The two concepts are antithetical.
I don't believe Revelation, but amusingly I've figured that this sort of system (and Trusted Computing) actually DOES fall in exactly in line with this Number of the Beast thing. Nor are the concepts are antitheti
Re:Credit card ? (Score:3, Insightful)
Those pages are actually good for something. If you hit one and don't want to see the porn, you can go somewhere else. This is a good thing for people who aren't actually looking for porn.
Yesterday, when I was at work, I was trying to do some quick research about a grill I wanted to buy. I went to google and accidentally searched for 'girlls', which led to some interesting hits [google.com].
Re:Credit card ? (Score:3, Insightful)
Yes, this evil, murky boogey man lurking around every chat room corner is overblown. But, because it makes parents' blood boil the law makers and authorities can get away with murder by bringing it up.
And of course we know that these keys cannot be spoofed or duplicated. Verisi
Re:Credit card ? (Score:5, Interesting)
Exactly.
Freedom has a price. The freedom to travel freely, however you want to, means that a few thousand people a year will die in car accidents. The freedom to speak your mind means that somewhere, sometime, some folks are going to abuse that freedom and incite a riot during which people die. The freedom to keep and bear arms means that some people will be wrongfully shot.
You can't have the good without the bad.
So, yeah, it's not exactly no big deal that only a few dozen kids get hurt a year, but that's certainly nowhere near enough justification to sanction any mechanism that may be even a precursor (as has been pointed out in other postings) to restraining the electronic means of exercising our right to freedom of speech and association.
Re:Credit card ? (Score:2)
Re:Credit card ? (Score:5, Informative)
The problem with all these ID shemes is aways tying the token to the right person until computers have mandated biometic id readers this is never going to work with remote computers.
Personally I think the best solution if for parents to take an interest in what their children are up to rather than seeing the internet as a why to keep them quiet. Someone will aways slip though the net, the best way for children to be kept safe is education, they need to know people lie, cheat, steal, and there are bad people in the world who would not think twice about killing someone else.
James
Re:Rule #1 (Score:2)
Re:Rule #1 (Score:3, Funny)
Re:Rule #1 (Score:3, Funny)
In the same way that non-negative means >0.
Re:Credit card ? (Score:4, Insightful)
-
This is about making sure you're a kid, not that you're an adult. The theory is that it'll keep the pedophiles, who won't have the "I'm a kid" token, out of the elementary school "chat rooms."
Of course there's not much to stop a smart pedophile (or pedophiles) from finding a way to create their own tokens (what age do you want to be today?) or just stealing them. The article makes it sound like the tokens may contain the kid's names, age and gender, not just age. I'm sure the pedophiles who are on the chat rooms will appreciate knowing that it's really a kid instead of a police officer on the other end.Another thought: if they do uniquely identify each kid losing one could open up realms of bullying that are scary. Imagine being able to "prove" you're another kid. Then you go online and tell off all their friends, make lots of enemies, etc. until the lost token's reported and a new one isssued. Poor kid gets back online and faces all his/her online friends refusing to talk to him and complete strangers cussing them out for something they didn't do. Brilliant system.
-
Besides the "problem" of pedophiles in "chat rooms" being completely overblown, this is probably just the precursor of some sort of infrastructure to eliminate anonymous browsing. And who wouldn't like a piece of selling a token for $20/year to anyone who wants to get any information from the Internet in 10 years?
Either that or it's an FBI dream that they'll be able to tell who's really kids online (and of course be able to obtain fake tokens to use when trolling the chat rooms for pedophiles). Personally I agree with you on it being overblown, I suspect the majority of "kids" online talking to "pedophiles" are law enforcement and vigilantes trying to set each other up, neither realizing the other party's not who they think they are.Re:Credit card ? (Score:5, Interesting)
You're right. Most pedophiles attack children they know: their own, their family's children or their neighours.
Re:Credit card ? (Score:5, Informative)
it will take exactly 3 seconds for these toatart appearing on the black market and sold to those sicko's.
as for the "pedophile problem in chat rooms" being overblown... My daughter hang's on a couple of websites/chatrooms that are pure kid, and LITTLE kid related. while sitting there with her i nthe chat forum a sick-asshat that was asking her age, started asking her if she knew what a blow-job was, and asking other questions that made it obvious he was an adult.
This is on the fricking NeoPets website. a site geared for little kids about a little kids toy.
sorry, it is a big problem and most parents do not monitor their child's net access closely which makes it an even BIGGER problem.
when I have to explain to her that posing a photo of herself on the net for her friends to see is a really bad idea, things are certianly not "overblown".
Re:Credit card ? (Score:4, Interesting)
from the transcript [glgarden.org] of that episode.
SYD RAPSON (MP Labour) : We believe that paedophiles are using an area of the internet the size of Ireland and through this they can control keyboards.
RICHARD BLACKWOOD (comedian/musician) : Online paedophiles can actually make your keyboard release toxic vapours that make you suggestible. (sniffs keyboard) You know I must say I actually feel more suggestible and that's just from one sniff.
Re:Credit card ? (Score:3, Informative)
The point of the token is to prove that you are a minor and thus should be allowed into kids only chat rooms.
The idea of the experiment is to see if the scheme is effective in keeping pedophiles and stalkers out.
If it's just to verify "age and gender" . . . (Score:5, Insightful)
Re:If it's just to verify "age and gender" . . . (Score:3, Interesting)
Security is risk management, not risk elimination.
The point of an experiment is to see how significant these issues actually are.
Sharing the token is a bad idea since it will also be used to authenticate to the school web site. If a kid looses the token and has it re-issued then the original is ca
Re:If it's just to verify "age and gender" . . . (Score:5, Insightful)
Either this is an insidious attempt at a pilot of some sort of "internet ID" or a completely dumb idea.
More than likely, it's both.
Re:If it's just to verify "age and gender" . . . (Score:5, Insightful)
If we've learned nothing else from social attacks, it's that a misplaced sense of security can actually be worse than a lack of security at all. If you think that authentication is working, you're less on your guard (and more trusting) that you would be if you thought that it definitely wasn't working. If the system is that easy to foul up, it's thus worse than no authentication at all.
Now if it was 2 or 3 factor authentication (i.e. in order for the token to work you have to do a fingerprint and PIN check) then it's a different story. If it's just a dongle, it's pretty worthless.
Re:If it's just to verify "age and gender" . . . (Score:3, Insightful)
Re:If it's just to verify "age and gender" . . . (Score:5, Interesting)
The former would do what they seem to want without giving out unnecessary amounts of data to verisign, but the latter is VERY dangerous indeed.
What's to stop this unique ID from being used to collect all kinds of data on the children? who controlls the servers that do the authentication? if it's the school it's not so big a deal if it's some other org (especially Verisign) I'd be very wary of it's use.
Great... (Score:4, Interesting)
Still this security thing is jsut a laugh really isn`t it?
sigh.....
CJC
Re:Great... (Score:3, Funny)
Ah, the good old days of student dating...
eeeeewwwwwww (Score:2, Funny)
Now ur saying studnt dating is the good ol days? ur not 16! Gross!
Right... (Score:5, Insightful)
Better yet, how many kids will lose their tokens?
Not to mention the possibility of the breaching of the privacy of minors.
On paper this sounds like a good way to protect children, but somehow I think the execution of the idea is not going to be as easy as Verisign and Co. think it might be.
Re:Right... (Score:5, Insightful)
Instead of relying on children to take their word of how old they claim to be, the kids could be fooled by a false sense of security with these IDs.
Peodophile: I'm an 11 y/o kid honest... see my Verisign token proves it.
Kid: Wow, you're right. Want to go hang out?
Re:Right... (Score:5, Informative)
-
Better yet, how many kids will lose their tokens?
Not at the same time of course, but I'd bet at least 50%. I work for a school system and just yesterday we had about 8 kids get on the wrong buses and another 5 or so who were new bus riders and didn't know where they lived exactly. If they can't remember things as important as which bus they ride and house they live in we certainly can't expect them to keep track of a small USB token.-
Not to mention the possibility of the breaching of the privacy of minors.
That's the first thing I thought of myself. I work with the bus routing software and when I need to send copies of my databases to the company who makes it to debug a problem I have to make a copy and go through and change all the names to John Doe. I also can't send the whole file since the addresses can't be masked for debugging purposes. How sending an entire list of your kids with names, age and gender to Verisign can be legal is beyond me. AFAIK that would require signed consent from every single parent/guardian for every kid.-
On paper this sounds like a good way to protect children, but somehow I think the execution of the idea is not going to be as easy as Verisign and Co. think it might be.
Well there's the beauty of it from Verisign's standpoint. They don't have to worry about the execution, they just provide the tokens and authorization servers. The school systems get to sort out the mess from lost/stolen keys and what not. It'll just end up overwhelming the poor staff with more paperwork and problems than they already have to deal with.Re:Right... (Score:5, Informative)
Now, you can try to brute-force RSA to find their private key...
See you back when Quantum Computers are sold at Wallmart :)
Who says Verisign thinks it's easy? (Score:3, Insightful)
Verisign doesn't care. They just need to convince people that these USB keys somehow protect their children. It doesn't matter if it ACTUALLY works, just that people BELEIVE that it works. In fact, it's probably better for verisign if it doesn't work, as it's less work for them.
The goal isn't to protect children, the goal is to get $20/year from every kid who accesses the internet. Neat trick.
So now the Child Stalkers can... (Score:3, Insightful)
That's gonna cut into the FBI's stake-outs, isn't it?
Re:So now the Child Stalkers can... (Score:2)
In fact, if other users were able to verify the tokens, that would further reduce the hypothetical defendant's chance of being able to claim s/he didn't know the alleged underage participant was underage.
Re:So now the Child Stalkers can... (Score:4, Interesting)
-
Just check the online ID before persuing the child??
Doubt it, they'll most likely be able to get fake tokens to use online. The main problem may be that they'll need multiple tokens as they can't be the same "child" constantly as their cover might be blown from time to time (after busts for instance).That's gonna cut into the FBI's stake-outs, isn't it?
Other than that it probably won't matter, if you read the details of the busts the police do make from online contacts the guys were total morons to start with. They didn't arrest some horrid child predator, they arrest some moron who likes kids but isn't bright enough to be successful at it. I'm quite sure the real dangers are far sneakier, after all they know the feds are watching the chat rooms too. Additionally the statistics show that most kids are sexually abused by someone they know, generally family, so online predation isn't what the cops really need to worry about, it's just a way to make it appear they're doing something about the problem.
Can't work won't work (Score:2, Insightful)
Re:Can't work won't work (Score:2)
The only way it could work is aggressive monitoring. The token must contain not just age/gender of the child, but an ID number into a huge database... and all browsing/chatting done under that ID must be reported in summary form to an adult responsible for the child (parent or teacher).
That way, users of borrowed tokens can be caught by profiling. (Or more likely, lost/sold tokens can be deactivated before the "predatory" adul
Sending it to colleges? (Score:5, Funny)
Re:Sending it to colleges? (Score:4, Funny)
Well, everyone needs a hobby.
Man, a 13 year old could make a big profit (Score:5, Insightful)
Oh noes! (Score:2, Funny)
Cheers,
IT
Re:Oh noes! (Score:5, Funny)
~~~
Re:Oh noes! (Score:4, Funny)
Just what little tommy needs! (Score:5, Insightful)
So when he's 21 he won't complain when the barcode on his forearm will be used to 'strenghten e-vote security'.
Train them while they are still young, the older they get, the harder for you to teach them new tricks...
Oh, wait, this only works with pkcs#11-enabled chat applications? I guess IRC will have to be outlawed then. You don't want untagged pedophile commies subverting little Tommy on IRC now, do you?
mod parent up! (Score:3, Insightful)
Marketing at its best? (Score:2)
So? Which business is this that is marketing something which basically says
"OK Parents! Using our technology, it will be safer for your kids to be additional consumers on the internet now"
Please tell me this is not the case.
Cart before the horse..... (Score:2)
The only thing that these USB tokens verify is the information on the token!
Untill they surgically graft these fobbles to the children and make them unstealable (ooops not possible), then they are pointless.
hehe WON'T SOMEBODY THINK OF THE CHILDREN!
har, I thought I would never say that.
Dumbest Idea Ever (Score:4, Interesting)
Re:Dumbest Idea Ever (Score:4, Insightful)
Re:Dumbest Idea Ever (Score:2)
James
Excellent... (Score:2)
The non-issue of 50 year old men prenting to be 14 year old boys (or girls) is probably not worth the investment!
Re:Excellent... (Score:2)
Well, they probably won't have a token, will they?
My rights as an anonymous online individual (Score:4, Interesting)
What about student's rights - they have the right to enter chat rooms, etc.
I can envision the next step - restricting web sites based upon age, then it will be restricting web pages based upon being a student, finally, just restricting overall.
Luckily, we won't have to worry about this being a wide-spread problem - the system is too flawed to go very far; however, I feel for those that WILL be made to use it.
Bottom line is that NOBODY should HAVE to use this system - somehow it should infringe upon their right to freedom of assembly. Albeit, a *virtual* assembly, it's an assembly!
Am I missing something, or is this lame? (Score:4, Insightful)
In about two weeks, they will be borrowing them from older siblings.
In about three weeks, there will be a brisk trade in USB tokens issued to older students who have no interest in the school-approved content that is actually linked to the key, but great interest in money.
In about three months, forged adult-ID USB token will be for sale on eBay.
Even a plain old ID card has a signature and a photo on it, so someone can see whether it matches the holder of the card or not. But these anonymous bits of colored plastic are just an invitation to abuse.
In a corporate setting, I suppose you've signed something that says you're responsible for all use made of the token, and you would be suspiciously unable to do your job if you loaned it to someone else... and subject to dismissal if someone finds out. I don't see how that can be applied in a school context.
Unless they were planning to Superglue the token to the kid?
Re:Am I missing something, or is this lame? (Score:4, Insightful)
It's more like those kids who are already on the internet will continue using open environments (AOL chatrooms, IRC, message boards) where the token is useless, and those who aren't web savvy will loose the damn thing.
The way to make these used is to make kids want to use them - for example, providing places where kids feel more secure or comfortable with some guarentee of the identity of their co-chatters. On the other hand, we're just lulling those kids into a false sense of security for many of the reasons you list above, regardless of whether or not what you mention comes to pass, but because it teaches them to trust weak technology without thinking.
www.isafe.org (Score:5, Informative)
Re:www.isafe.org (Score:2)
Doesn't this violate (Score:2, Interesting)
What are the students doing in chat rooms during school anyway? Seems that Verisign just wants another way to make money.
And you know it'll never be cracked because... (Score:2, Funny)
Gender? (Score:5, Insightful)
Clearly in some cases it might be necessary or desirable to prove your age, but unless the chatroom is supposed to be an online matchmaking service I fail to see what the presence of a Y chromosome has to do with anything.
Re:Gender? (Score:5, Insightful)
Re:Gender? (Score:5, Insightful)
One of the biggest strengths of the internet is the ability to discuss issues anonymously that you may be too embarrassed to discuss with your friends and family--friends and family who would be of no help anyway since they know just as much as you.
Re:Gender? (Score:4, Insightful)
So let me get this straight -- these kids are having to prove their identity in order to be able to discuss stuff anonymously. That makes sense.
Re:Gender? (Score:5, Insightful)
Foucault would probably point out that technologies of control have always been inflicted on children first, always for their safety and well being. Verisign's obvious goal in this is to breed a generation of Internet users that are accustomed to using an ID with a computer. While this generation comes of age, Verisign will probably partner with Microsoft and legislators to make Verisign-issued IDs mandatory start a computer, first for children, then for the rest of us. It's not that far-fetched, and it ties in well with DRM.
As for girls (or boys, for that matter) discussing their private lives online, a less cynical and profit/control motivated educator would explain that you just don't discuss those things online. Kids should understand that they are publishing when they're writing in a chat room, whether it's run by the school or Mattel, and anything you say can be stored, copied, and republished outside of the context you wrote it in. These keys would obviously not keep a malicious child from copying sensitive text from a gender "locked" discussion board, complete with IDs, and text messaging it to the rest of the class.
EBAY! (Score:2, Interesting)
This only adds a false sence of security, without biometric identification on these usb things, anyone can become a 16 year old male. Lets go chat up NAMBLA and ask them what they think!
Wow, they are going about this all wrong... (Score:2)
Okay, so we all know they don't use caps and punctuation,
Age? (Score:2)
Surely they should be encoding their date of birth on there and not age?
Otherwise, come the kids birthday, the token will need updating again.
Re:Age? (Score:2, Funny)
And Verisign get paid again. I think you've hit on a business plan, there.
TWW
Dangerous (Score:2, Insightful)
Once someone figures out how to crack it, he or she would be able to fool everyone who believes that the system is reliable.
Today most people are sceptical to people online, with this system it could actually get really easy for the scumbags to convince someone of their (fake) age.
Excuse me... (Score:2)
Ok, that's great. Now what's your address, little girl?"
Get lost Veribad. (Score:2, Insightful)
Of course, they're are a whole lot of teens out there who spend the whole night talking to friends on MSN (blame Micro$haft for capturing this market by bundling it with WinXP).
I would like to call on parents reading this to frag all traces of MSN and other chat networks from
Re:Get lost Veribad. (Score:5, Funny)
Arrogance: Check!
Rightious Indignity: Check!
Teen Angst: Check!
Hip-Sounding Paranoia: Check!
Rebellion Against "The Man": Check!
Thank you for verifying your age. You are indeed a teenager as you claim.
-Verisign
Trust mechanism (Score:2)
Re:Trust mechanism (Score:2)
Changing the world (Score:3, Interesting)
Find tokens on eBay 1 day later (Score:2)
Verisign age tokens, what a great currency for paedo's.
Of course they give it away to the kids, its value (Score:4, Interesting)
The goal to Verisign is obvious -- once they are widespread, you try to get first libraries and then other places to require the use of the "KEY" to use the system to prove your age. As an adult, you'd "need" one, and thus have to pay for it.
Also, its a good first step toward a "universal" (as if) public key. Ideally, imagine something like the Post Office being able to assign a public/private key to you. That's what everyone wanted with these keychain java keyring things talked about in the 90's.
Personally, I hate seeing verisign being given this contract, but I'm not sure someone shouldn't have it.
I'd like to see a U.N. sponsored standard, with countries and or businesses able to register as registrars. The SSL key distribution system we have now works pretty well (if overly expensive).
At a minimum, that same system applied to people as apposed to web server names would go a long way.
Yes, I know all the usual issues apply -- how do you prove its YOU with the key, etc. Lots of discussion on that (which is off topic) and other things. Privacy? What about additional private certificate keys? Well, why not all those things.
Personal ID should have a data component for public key.
So perverts now have a legitimate reason to ask.. (Score:3, Funny)
COPPA anyone? (Score:5, Insightful)
It's not the school administrators information to give away. This information must go through the parent.
it's a start (Score:4, Funny)
OK, I'll wear the hat... (Score:3, Interesting)
This is just another example of conditioning the younger generation. Get them used to big brotherism and total surveillence/command & control. Goes along with acceptance of constant TV camera monitoring, using a thumb scanner to get a school lunch (how pavlovian can you get?) and other sorts of brainwashed response mechanisms.
We've already got the adult population conditioned to accept things that would have caused lynch mobs 100 years ago, like "random courtesy checkpoints" on the roads.
To the goons, the elite controllers, it's just part of the system, they want willing sheep, controllable herds, and the younger they get them brainwashed the better, then it's "acceptable and normal".
Hey, here's an idea! Why don't we drug the kids in the schools as well? Then we can make them even MORE controllable!
Oh ya, they do that too. Funny how all that stuff ties together.
Dislike this approach (Score:3, Interesting)
2. In the extreme, isn't this a step in the direction of corporate or even government controlled access? It could limit who, when, and where content can be accessed -- if at all.
In lieu of a credit card, here's how it works (Score:4, Funny)
FERPA violation? (Score:3, Informative)
Of course they could provide technology to schools so that schools could program their own tokens, thus eliminating the need to send private, federally protected inforamtion to Verisign. But, that would undermine Verisign's greedy, "let us mint certs which expire more frequently than necessary, so that we can sell you the same thing over and over again" strategy...
Gender? (Score:3, Interesting)
What's the point? (Score:3, Funny)
Can't they come up with a better stupid idea? (Score:3, Funny)
Oh yeah, there was Sitefinder. Never mind.
Re:Nothing is perfect! (Score:5, Insightful)
It's really not better than nothing at all. The illusion of safety can be more dangerous than being wary of threat.
Re:Nothing is perfect! (Score:5, Interesting)
1) For a child to be protected, they MUST have the fob.
2) They must use it on presribed machines with the right software.
3) Some big brother is watching out for them.
What this really is a step to personally "brand" everyone. Just like RFID in clothes or under the skin or the tatoos of Germany.
Further you can only be "safe", if you are willing to "pay" for it, including tracking every one of your habits on net.
There's already a device that protects children. (Score:5, Insightful)