As it is well known by now, in a few weeks the Digital Act legislation will come into force in the UK, enforcing the proper age verification of the British citizens from pornographic websites. According to the F-Secure Company though, there is concern that the new law can potentially lead to data breaches and the theft of the citizens’ personal data.
According to the new law, the British citizens will have to properly verify that their adults, in order to be allowed access to websites with pornographic content. However, this process also involves some risks, as the age verification methods used by some solutions include the revealing and/or storing of other personal data, which are definitely not necessary for verifying the age of the users.
The F-Secure principal consultant Tom Gaffney mentioned: “Preventing kids from accessing certain types of online content, such as pornography, is in everyone’s interest. But people who share personal details with third-party age verification platforms need to know that attackers actively target this type of data and will likely find these databases very enticing.” He also continued and underlined that hackers
and other cyber-criminals will use this as a chance to deceive users and steal their personal data by creating fake websites, which will be supposed to follow the new legislation regarding age verification. This means that users must be aware of this danger, and also be very careful as it is very easy to be exposed on the internet.
“The checks may drive those who wish to avoid the age verification system into engaging in more risky online behaviors. This could include accessing smaller, unregistered sites, or using free, untrustworthy tools that can harm unsuspecting users attempting to work around the checks. If these behaviors increase, we could end up exposing internet users of all ages to illegal content, as well as malware and other cyber-crimes.” said Fennel Aurora, security advisor at F-Secure, and she supported that this regulation aims to protect minors and in general users and not to replace the parents’ role.
However, our AGEify solution has been created through a privacy-by-design approach, so that all these risks are eliminated. The only personal data that we keep about our users is their month and year of birth, and we pair these with random numbers, used as unique identifiers for their mobile devices. This means that, even if a data breach takes place (a risk that no one should shut out), the attackers will only get access to random numbers and months / years, which will be impossible to connect with any real people. Our ultimate goal is to help the Internet become a safer place for minors, while preserving the anonymity of our users and eliminating any potential dangers.