[HN Gopher] Introducing Age Verification ___________________________________________________________________ Introducing Age Verification Author : kosei Score : 94 points Date : 2021-09-21 19:59 UTC (3 hours ago) (HTM) web link (blog.roblox.com) (TXT) w3m dump (blog.roblox.com) | officeplant wrote: | This is giving me flashbacks to the VTech scandal where they | ended up leaking out photos and personal information for over 6 | million kids. | TedShiller wrote: | So I'm supposed to trust that they will never have a data breach? | For the lifetime of the company? And for all subsequent | acquirers? | mustyoshi wrote: | As somebody who used to breach them for rewards. I concur with | your reasoning, but I imagine their security is much better | than it was half a decade ago. | musicale wrote: | Roblox seems to be a self-correcting problem. | wtf77 wrote: | Thanks. Now I have a reason to close my kids account :) | monksy wrote: | Something I think that should be mentioned: Everytime you submit | an image of an id: That gets shared through out the verifying | organizations communication channels. | | Wither it's via database accessibility (even if it's encrypted), | a web front end, email, or IMs. They'll say all they want, but | ids do leak. | donmcronald wrote: | First off... NOT A FUCKING CHANCE. If a kid came to me with a | game that was asking for "opt in" age verification by scanning | government ID, and they wanted to do it, we'd have a long talk | about privacy and that game would get uninstalled even if it | means the end result is the kid crying over it. | | Second, how is this going to work? I don't know a single kid that | plays Roblox and has a government issued photo ID. And are they | _REALLY_ going to roll out a system where they 're trying to | train minors to scan their ID and submit it to a corporation for | something as trivial as a _game_? | | > When a government-issued ID is scanned for verification, an | anonymized value is generated, allowing Roblox to safely verify | identity without risking exposure of the user's real identity. | | There are two possibilities here: | | 1. It's absolutely bullshit and they store some portion of | uniquely identifiable identity info, like your name + birthdate, | somewhere. | | 2. It's absolutely useless because someone will create a website | or app that fools the system by showing fake id and a matching | "likeness". | | So I don't believe _at all_ the glossed over claims of respecting | privacy on this. This is a bad idea and I hope it fails | spectacularly. | q_andrew wrote: | This is a bandaid measure. Roblox spends most of its time | convincing young children that they will be successful while | simultaneously cheesing the 'robux' exchange rate so that these | children get nothing. | | Roblox is undoubtedly responding to backlash from revelations | that they are exploiting children for economic growth. Here's a | great summary: https://youtu.be/_gXlauRB1EQ | nomel wrote: | > Roblox spends most of its time convincing young children | that they will be successful | | I've never seen this. Could you give an example? Me and my | kids are pretty heavy players, with a couple games released, | with one giving my kid a nice stream of Robux. | judge2020 wrote: | > Second, how is this going to work? I don't know a single kid | that plays Roblox and has a government issued photo ID. | | Chances are their age verification system only applies if you | say you're 18+. I doubt they're going to throw away players. | donmcronald wrote: | > It will be available globally in over 180 countries on both | mobile and desktop for anyone 13 years of age or older with a | government-issued ID or passport. | | That's a quick ticket to getting a lot of 13-16 year old | forbidden (by parents) from playing your game IMO. | MomoXenosaga wrote: | In my country everyone from the age of 14 has to have an ID. | | I see the logic of it. If you make laws that state kids can't | have access to services you need a way to verify someone is in | fact an adult. | jbigelow76 wrote: | _2. It 's absolutely useless because someone will create a | website or app that fools the system by showing fake id and a | matching "likeness"._ | | fauxblox.com is available for registration, someone more | enterprising than myself is welcome :) | [deleted] | meepmorp wrote: | I guess my kids will miss Roblox when it goes away forever. | void_mint wrote: | Putting sensitive information about children on the internet, in | the hands of a major corporation (a gaming company, no less). | | What could go wrong? | garrettjoecox wrote: | What 13 year old has a government issued ID? | Symbiote wrote: | Probably the majority of European children have one, or an | equally valid national identity card. | | But at that age, it's going to be kept somewhere safe by | parents. The passport probably costs more than the budget | airline holiday flight. | gruez wrote: | For the jetsetting 13 year old, a passport. It's not exactly | rare, but it's also not common either. | dmead wrote: | I've held shares in Roblox since ipo. This is concerning. | sprite wrote: | Are there any good identify verification saas? | devrand wrote: | I haven't used it but Stripe Identity recently came out: | https://stripe.com/identity | throwaway2214 wrote: | Can't someone train a GAN to do this-id-does-not-exists.com? | | I would use it quite often for this kinds of things. | Shank wrote: | I mean yeah, you could, but forging identity documents is | illegal in most places with functioning legal systems, for | obvious reasons. Forging a government ID and presenting it as a | real one is a giant minefield that most people probably don't | want to be in. | z0r wrote: | You're suggesting that it should be illegal to lie to Roblox | about your identity? | lordlic wrote: | Yes? Duh? That's the point of anti-forgery laws. | tgsovlerkhgsel wrote: | The person offering the site will be from a jurisdiction | where they don't have to care, and will do it either for the | lulz or for money. | | The 12 year old kid using the site will not care about the | legal implications. | kingo55 wrote: | What happens if/when these systems are hacked and millions of | users' government-issued identities are freely available to | anyone on the dark net? | asperous wrote: | In the US, how many 13 year olds have id cards? It seems like by | the time they have a drivers license they might not be into | roblox anymore. | scohesc wrote: | I understand the massive investments into "rolling your own" | system for ID verification, but I always feel sketched out when | companies ask you to send your ID and your photo to "a third- | party" - where the privacy terms of that relationship are so | obtuse/vague it's not worth reading. | | Is it really that hard on the privacy front to hire someone to | keep watch and manually verify that someone is who they say they | are? I assume the amount of people verifying will be massive at | first, but after 2-3 months I could see the amount of people | signing up (AND verifying their ID) would be in the thousands per | week - easily handled by humans instead of "a third-party | service" | ollien wrote: | I'd feel _more_ sketched out if a provider was handling it | themselves. I don't know how much I want someone unqualified | handling the storage of this themselves... | macksd wrote: | It's all down to the specific brand. | | Outsourced to Ping? Ok. Outsourced to some identity SaaS I | never heard of that just closed their series B? Pass. | | But then obviously I'd expect Microsoft to own their own | identity story, and if they ever didn't I would immediately | suspect I wasn't actually even dealing with Microsoft. | michaelt wrote: | What seems really sketchy to me is the third party together | with a lot of the language in the press release - _Roblox_ | does not store _raw_ ID document nor the selfie data. | sevenf0ur wrote: | I didn't have an ID until I started driving at 15. I wonder how | many of the Roblox player base even has a government ID. Will | children beg their parents to go to the DMW so they can get | verified on Roblox? | davemtl wrote: | The age verification appears to be opt-in, however they don't say | what happens if you don't hand over your kids ID. One would hope | that it would disable or limit communication between players and | keep the player in a suitable for all category. I wouldn't be | surprised that because their user base is growing up, they they | would want to change it into kind of a "second life" for | teenagers. | | Whichever way, they're not getting my kids ID. | [deleted] | eps wrote: | > _nearly 50% of the users on our platform are over the age of 13 | as of Q2 2021_ | | Hahahaha... jeez... _/ wipes a tear_ | | They are in for a surprise of their corporate lives. | | We have several accounts with them for our kids and I had all of | them set with the birthday set to some random year between 1960 | and 1990. Because, as every parent knows, any sort of "kids" | account comes with random restrictions, needing to create parent | account and all sort of other bullshit that complicates | everyone's life and prolongs the sign-up process. | | They must be smoking crack if they think that a non-trivial | amount of _teens_ (leave alone adults) are playing Roblox games. | Because 99.9% of these games is a complete and utter junk that | makes your eyes bleed and gets traction because of the (way) | younger kids that play them. That 's it. That's the Roblox secret | sauce. But, yeah, let's card them. Brilliant, brilliant move. | davedx wrote: | Both our teenagers play Roblox | jjoonathan wrote: | I long ago aged out of these limits, but I never stopped using | my fake birthday. Everywhere I thought I could get away with | it, I did. | | Ad networks still figured out my real birthday :/ | monocularvision wrote: | This is so absolutely spot on. I have my kids' fake birthday | memorized because I use it so often. As soon as you enter a | birthday that actually would mean under 13, be prepared for | _nothing to work_. | Someone1234 wrote: | > sort of "kids" account comes with random restrictions, | needing to create parent account and all sort of other bullshit | that complicate everyone's life and prolong the sign-up | process. | | I set up one of these for Apple and Microsoft, and boy oh boy, | has it been an absolute shit-show. There have been tons of bugs | with both, it is a terrible user experience all around, and it | has actually cost me more money in very real terms (e.g. IAPs | needing to be re-purchased three times). | | Unfortunately it seems like nobody at tech companies actually | dog-foods kid/family accounts, and just does it as a butt | covering exercise to avoid regulation. They do the bare minimum | and then let it rot. | donmcronald wrote: | Yep. It's absolutely brutal. Ex: EA Play won't work with XBox | Game Pass if it's on a child account. | | All the kids I know just use fake info with fake birthdays. | There's a huge risk of losing the account, but who even knows | what to do. Obviously these companies don't want to invest in | moderation, so I think they should focus on moderation tools | and leave the parent/organizer account holders do the actual | moderation. | | Microsoft does the money handling on child accounts really | well, but the family sharing is absolutely brutal. It's an | insanely bad user experience. | [deleted] | donmcronald wrote: | Haha. Yeah. And if they start verifying identity and locking | accounts that can't prove the identity info provided at signup, | that's going to be a lot of locked accounts. | | I think they're overestimating the importance of a gaming | account. | Avicebron wrote: | Yea..I've always assumed Roblox was at best majority 7-15. I | haven't set up anyone's account, but isn't the "at least 13 or | older" a generic checkbox that is sort of used as a default for | everything from youtube to netflix? | alkonaut wrote: | Use some official eID. They are pretty pervasive across the world | and typically it's just one system per country to intract with | like Freja in Norway, BankID in Sweden and so on. | | That leaves the bad methods for countries that doesn't have a | good official or de facto standard eID system. But maybe that | will create public pressure to adopt one. | kosei wrote: | Though I applaud the effort to get age right and protect players, | I'm not sure I'll ever be comfortable having me or my child scan | our photo ID and selfie to upload it as part of a login flow to | an application. | _jal wrote: | Yeah, I don't do this. | | If your service demands my ID, I'll close my account. | | If you have KYC requirements, I'll meet you in person or find a | different vendor. | LegitShady wrote: | This happened to me with twitter. made an account, followed | some people, they locked the account and told me it exhibited | bot like behaviour and I needed to scan some photo id to send | to them for them to unlock it. | | Never worried about twitter ever again. Probably the | healthier choice in the long run. | toomuchtodo wrote: | A component of my work is in digital identity, so I hope you | don't mind the question: what would make you comfortable doing | so? For Roblox, I can see the exception taken, but some | applications do require this level of identity proofing | (scanning your passport in an airline mobile app to book an | international flight comes to mind). | | Edit: Thank you everyone for your feedback, it's very helpful! | michaelt wrote: | Putting photos of my ID documents online just seems like an | incredibly bad move for my security and privacy. | | The only time I'd even consider sharing photos of my ID | documents over the internet is if I'm sharing them with an | organisation I have a multi-year high-trust relationship with | (like my e-mail provider of 20 years). And even then, I'd | prefer not to if I can avoid it. | TedShiller wrote: | Government agencies only. | jmkd wrote: | While I trust my Government to issue me a passport (what | else can I do), I can't say I trust all their agencies to | securely store an image of it. | LegitShady wrote: | I don't ever want to provide a storable version of my ID to | you. I don't trust you or anyone else to keep it safe. I | would expect my identity to compromised over and over as | companies get breached. | Symbiote wrote: | In Britain they proposed an anonymous system for checking age | before viewing pornography. (It was cancelled.) | | The idea was you could show your ID to someone qualified to | check (like a shop selling alcohol), they'd give some sort of | pass, and that could be used to access the website. I | wouldn't mind that, so long at the shop person only looks at | the ID. | | (And I've never been asked to scan a passport when booking a | flight.) | cinntaile wrote: | Built-in watermark support. When the system eventually gets | hacked and the pictures end up in the hands of hackers, their | use will be limited due to a "COMPANY + DATE" watermark | plastered all over. | LegitShady wrote: | the company will either go out of business as people claim | costs associated with the breach, or you would get a $10 | settlement from a class action. | | The watermark isn't worth anything, and doesn't add any | trust. | nobody9999 wrote: | >scanning your passport in an airline mobile app to book an | international flight comes to mind | | I'm curious as to why this might be necessary. | | Whenever I've traveled internationally, while I've had to | provide the airline with a bunch of info when booking my | flight, I've never had to provide a scanned version of my | passport. | | Rather, when I arrive at my destination (at both ends) I need | to show the nice customs folks my passport. | | Which airlines require providing them with a scan of a | passport to _book_ a flight? I ask so that I can make sure | _never_ to use those airlines. Thanks! | scohesc wrote: | (I think) I feel like I'd be similar in opinion about this | with the OP, so hopefully you don't mind me putting my | thoughts here! | | The main issue that I have is that it's down to a matter of | trust. I'm mainly using the article on Roblox as an example | for my thoughts here, but I'm sure it could be easily | translated to other services/companies doing digital ID | verification. | | I don't like digital identity verification at all however I | am open to other options. I have no trust in these identity | verification companies using my ID for the sole purpose they | say it will be used for. I have no idea if they're holding | onto the ID and using it for training their algorithms, or if | they sell it to a data collection agency, or if they etc. | etc. etc. - why do I need to read a 10+ page privacy policy | document to figure that out? | | For a company like Roblox - I don't see why they couldn't | roll out their own system for digital verification. Yes, | you'd have an absolutely massive influx of users at this | point since they seem to _just now_ be adding age | verification, but after a month or two - barring special | events/promos in game - I'm sure an ID Verification | department could be handed out to a few people. | | That being said - I'm not considering any issues in other | aspects like Legal issues, Privacy issues, data retention | issues, number of users, numerous ID types etc. etc. etc. and | I'm sure those are HUGE factors as to why people aren't | "rolling their own" solution. | alex_c wrote: | Nothing would make me _comfortable_ doing so, any more than | sharing my bank credentials with a 3rd party for example. The | only question is whether the benefit or necessity of doing so | outweighs my discomfort. | | I think the discomfort is a good thing here. | donmcronald wrote: | I did it for a crypto exchange, but that was for KYC / AML | verification and I intentionally chose an exchange that's | regulated by my country's KYC/AML regulator, so I was | expecting to have to do it. | | Giving up that much PII for a game is insane. I'd uninstall | it without even thinking. Any industry that's not regulated | to _require_ photo ID when they 're asking for it doesn't | need to ask for it. | joe_the_user wrote: | _Some applications do require this level of identity proofing | (scanning your passport in an airline mobile app to book an | international flight comes to mind)._ | | I don't know about presently but historically, you didn't | need a passport to buy an international ticket. You needed a | passport to get on the plane at the airport. So if you buy a | ticket in a fake name, it's your problem if you can't fly and | tickets aren't refundable for this. | | Which is to say that no app space comes to mind when I think | of something that needs id scanning - or the only apps like | this are extensions of state control to the virtual space | (virtual parole hearings or whatever). | | Basically, anything that isn't the state should use it's own | fricking account system to relate to people online. And the | state itself is kind of iffy. | fouric wrote: | Not OP, but: | | If at all possible, I would want a hard guarantee that my | photo ID and all derived information (e.g. my real name (as | in the case of Roblox, they don't care about your _identity_ | , just your _age_ )) would be completely deleted as soon as | possible, as well as a description of exactly when that would | be (e.g. "we have to contact your federal government to | verify the authenticity of this ID, and then ensure that they | know that we've verified your user account, and then we'll | delete everything immediately - this typically take 4-8 | business days, and we'll email you when the process is | completed"). | | Regardless of the above, I would require that no personal | information linked to my ID would be used for any purpose | (analytics, marketing, ads, or sale/transfer to a third | party) except identity verification. | Avicebron wrote: | Unfortunately it seems like "hard guarantee" for most | things in tech is almost laughable, and if there is a | chance data can be gathered, probably not even worth | dreaming about | Someone1234 wrote: | Indeed. Plus even if they "hard guarantee" it at service | launch they could and likely would quietly change it | after the press has moved on, with a TOS update on line | 194,404,4008 that nobody will read. | xyzzy21 wrote: | Which is why "Asking" is an AUTOMATIC "delete the app" or | "cancel the web account" or similar. | | We weren't born yesterday. :-) | syshum wrote: | >>scanning your passport in an airline mobile app to book an | international flight comes to mind | | Why? Proof of ID would be required at boarding time, and by | Security who simply verify the supplied info matches the | actual ID, but does not actually scan and store the document | (nor should they) | | I am unclear what in a booking process would require a person | to scan in your passport to book the travel? | | How would this work if I am a corporate booker needing to | book flights for others, do I need to maintain a copy of | their ID's? | | Your example is pretty flawed, as is most examples you will | come up with because in reality there is no reason to have to | upload your ID. It is draconian and should be resisted by | everyone for any purpose | [deleted] | [deleted] | shkkmo wrote: | This level of identity proof isn't that secure. | | If we absolutely need to have software that has this level of | identity, then we need to build infrastructure to support it. | That infrastructure already exists to some degree as notaries | and could be expanded and modernized to allow privacy | preserving identity verification. | TaylorAlexander wrote: | Generally I would be comfortable showing my ID to either an | established bank or the government which issued the ID. And | airport security. Otherwise if a private company wants me to | upload my ID I would probably avoid using their service. | xyzzy21 wrote: | Not OP but there is NO SITUATION where I'd EVER do this for a | web site. There are NONE I trust enough for that kind of | information and NO web site offers sufficient value to even | consider the risk. | gruez wrote: | >but some applications do require this level of identity | proofing (scanning your passport in an airline mobile app to | book an international flight comes to mind). | | I never had to do this when booking a flight. The max I had | to do was provide my personal info (name, birthday, passport | number). If they asked for a passport scan and a selfie I | would have noped out. | legerdemain wrote: | Kayak asks for ID photos, even for _domestic_ flights. | Someone1234 wrote: | But the underlying airlines don't, so just find the | flights on Kayak then book direct bypassing this invasive | measure. | xyzzy21 wrote: | Never used Kayak but thanks for the tip: I NEVER will use | Kayak! | unclebucknasty wrote: | The worst are those that let you get invested and only _then_ | spring these requirements on you. | | NBA Top Shot comes to mind. They allow you to buy with no | problem. But, to sell on their platform you have to go through | what is essentially a KYC check. | | Your investment is sunk otherwise. | pvg wrote: | I don't think I'd be comfortable with this either, certainly | not to play some game. On the other hand, the bizarre problems | maintainers of online communities have to deal with are just | wild and worth keeping in mind as context: | | https://www.wired.com/story/roblox-online-games-irl-fascism-... | TameAntelope wrote: | To be fair, it's not part of their login flow, it's part of | their verification flow. It's a one-time thing, not an every- | login thing. | | I also see no problem with this. What could they realistically | use this information for that would be nefarious? It doesn't | actually store the ID in any real sense, as they explain in the | link, and I see no reason for them to lie about that. | | It's real easy to scream, "But My Privacy!!!", and probably a | decent amount more difficult to come up with an actual and | practical risk there. | | Honestly, if your threat model includes "video game companies | that lie about age verification systems", I don't think you're | taking your security very seriously. | modzu wrote: | one risk is the inevitable data leak and having these | documents for sale on a darkweb market. how exactly is the ID | anonymized? who knows? | MomoXenosaga wrote: | In the Netherlands we have a government app that blacks out | the sensitive stuff called kopieID. | | Honestly if you are going to ask for identification ask for | a passport or driver's license not this idiocy of credit | cards and bank statements. That's just insulting my | intelligence. | TameAntelope wrote: | The documentation says anonymized "value" is generated, so | likely some kind of hash. | | I don't think these are able to be stolen in any meaningful | sense, based on how they describe their tech stack. | nomel wrote: | My full name, physical address, and IP address were leaked with | another game my kids play. I'm excited for my drivers license | and picture to be leaked as well. | [deleted] | president wrote: | This is why people are afraid of vaccination ID/passports. | tialaramex wrote: | I would much prefer my _government_ to take on responsibility | for providing this sort of service as they do e.g. driver | qualification. | | Once upon a time the usual thing to get OK'd to rent a van | (e.g. for students who are moving house) is you rock up to the | rental place with the legal documents showing you're entitled | to drive. You're relying on the fact that the person renting | you a van doesn't much care and isn't keeping the exact details | from those documents. | | But although you can do this today, obviously the documents get | scanned into a permanent data repository, so, that's not great. | But, the UK government added a site so you can prove you're | you, and get codes, which for a limited period show someone | that yup, this person is legal to drive and so on. | | They do this for right to work too. Although, annoyingly _only | for foreigners_. If you 're a citizen, you can't prove right to | work this way, you need to be like "Look, I'm a citizen, here's | proof" to your employer. But if you are foreign you can just go | "Check this URL, your government says I'm entitled to work | here" and they needn't know whether that's because your husband | is a "Cultural Attache" to the Russian Embassy, or you've got | special refugee status, or you're actually an Italian and you | just speak and look Russian for some reason, just that you're | entitled to work here. | LegitShady wrote: | I'd rather not subsidize roblox with government systems. If | they can't figure out an age verification system that works | thats on them. The government shouldn't be verifying the age | of people for businesses. It's a waste of tax dollars to | subsidize a business with major profits. | wizzwizz4 wrote: | Roblox _has_ an age verification system that works. It 's | just not good for the public. Isn't that what governments | are for? | bla15e wrote: | fantastic news. with this, the fate of corporate roblox is sealed | and the metaverse can evolve further | watermelon0 wrote: | Where does the need for hard verification of the age come from? | | My friends and I were using the internet when we were under 13 | years old (although not by much), and just clicked the button to | confirm that we are older than 13 (mostly on various forums), and | later on the same thing with 18 years old verification screens, | and we turned out alright (at least from my perspective.) | Lavery wrote: | Probably parents realizing their children were making in-app | purchases beyond what they (the parents) were aware of, and | charging them back as unauthorized use. The cc processors pass | that on to the merchant, and will drop them if there are too | many. Likely Roblox just reached some critical mass where they | couldn't sustain it any more. | chipotle_coyote wrote: | When I read about the age verification system for Roblox, it | immediately made me think of a post on the official Patreon | blog from just a few days ago, talking about how they're | going to have to start asking for identity verification for | "adult/18+ creators" due to new standards from Mastercard. | And, yes, this clearly isn't _exactly_ the same thing, but | the similarity in requirement combined with the timing make | it at least fractionally more suspicious to me that this is | driven by payment processor requirements -- or at the very | least, whatever concerns are driving those requirements. | | It's also worth pointing out that unlike Patreon's | requirement for adult material creators, Roblox's | verification is optional, which most of the discussion here | on HN seems to be eliding. | | https://www.theverge.com/2021/9/21/22684672/roblox-age- | verif... | | > For now, only one feature requires age verification: | Roblox's new voice chat feature. During its initial beta, it | will only be available to players who verify they are at | least 13 years old. But the implication seems to be that | other features -- perhaps specific Roblox games or community | tools -- could be age-gated as the company works to protect | its relatively young user base. | tgsovlerkhgsel wrote: | Pure speculation: Once they build a user base that over time | crosses the age of 18 (or whatever the age for accessing adult | material is in the player's country), they can allow them | access to a separate, premium, age restricted section, where | they can expand their user generated content model to a | demographic with a lot more money and a market where that money | is easily spent. | Animats wrote: | According to Roblox's S-1 filing, they want to move their | customer base up from the current average age of 13. Age | verification is for older users, so they can be less | restricted. Roblox has a large outsourced "moderation" | operation, and is working on an AI system that can bring down | the ban hammer in 100ms after saying a bad word. | | Tencent already does this in China. Tencent owns 49% of Roblox. | So the technology is available. | xyzzy21 wrote: | Fuck China as an exemplar for anything moral or legal!! | jbigelow76 wrote: | Given this angle I wonder if Roblox is actually hoping for | rampant falsifications so they can keep their underage | players but also tell regulators that they are protecting | minors from possible exposure to harmful content. | [deleted] | [deleted] | scohesc wrote: | Wow - I had no idea that Tencent owned that much of Roblox. | | Now I'm even more wary of sending my ID to a company that's | owned by another company that's owned by a repressive | government and can influence how anyone in the chain can do | business. | ProfessorLayton wrote: | Tencent owns 49% of Roblox's Chinese operations, which is a | subsidiary, not the entire company. | Animats wrote: | Ah, right. I just checked the S-1. | donmcronald wrote: | > According to Roblox's S-1 filing, they want to move their | customer base up from the current average age of 13. | | I'm guessing that's because things like COPPA don't apply to | 13+ and identity verification lets them start building | accurate PII profiles for children the day they turn 13. What | a nasty business. | toomuchtodo wrote: | Children's Online Privacy Protection Rule ("COPPA") | | https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-... | | EDIT: @gruez: An attestion is likely no longer sufficient for | Roblox's compliance requirements, and identity proofing is now | cheap to perform (~$1-2/per proofing request). Cheaper to get | ahead of the curve. | | https://www.theverge.com/2021/9/21/22684672/roblox-age-verif... | | > For now, only one feature requires age verification: Roblox's | new voice chat feature, Spacial Voice. During its initial beta | test, it will only be available to players who verify they are | at least 13 years old. (Roblox didn't say whether it would | later be available to users regardless of verification status.) | | > But the implication seems to be that other features -- | perhaps specific Roblox games or community tools -- could be | age-gated as the company works to protect its relatively young | user base. More than half of Roblox's users are still under 13 | (Roblox says "nearly 50 percent" were over 13 as of the second | quarter of the year). | | A business decision was made. | gruez wrote: | That piece of legislation was from 21 years ago. What | changed? In the past a "I'm 13" checkbox would have sufficed. | scohesc wrote: | I'm sure it's more of a "cover your ass" scenario where in | the future, if someone gets past the ID verification system | and uses an account to commit a crime on their platform, | Roblox can just say "the ID company verified it!" | droopyEyelids wrote: | There are truly unsavory elements that will intrude on a | virtual environment for children. Roblox corp knows exactly | what they're dealing with due to their existing support | requests- and they can imagine the implications of adding a | spacial voice feature into that mix. | | I trust they're not going overboard here. | zerkten wrote: | I don't think anything has changed, but COPPA isn't the | only regulation with age requirements. GDPR also includes | age requirement (https://gdpr-info.eu/art-8-gdpr/). | | From a quick read of the article, I think this is | intentionally going beyond the requirements. They obviously | feel that this will build a safer and more trustworthy | environment at the expense of other issues, including a | loss of users who don't want to provide identity. | donmcronald wrote: | > COPPA imposes certain requirements on operators of websites | or online services directed to children under 13 years of | age, and on operators of other websites or online services | that have actual knowledge that they are collecting personal | information online from a child under 13 years of age. | | I didn't read the whole thing. I plan to one day though | because I want to see what the rules are, but, to me, that | summary sounds like the only reason you need to do it is if | you want to collect personal information for children that | are 13-17 year old. | | Here's a wild idea... How about not collecting the personal | information of children? | nobody9999 wrote: | >Here's a wild idea... How about not collecting the | personal information of children? | | Here's an even wilder one: How about not | collecting personal information? Full stop. ___________________________________________________________________ (page generated 2021-09-21 23:00 UTC)