As a long time software engineer and occasional software user I have to admit that I have just about “had it up to here” with [so-called] “security” on the Internet.
The occasional real security is annoying enough but smoke and mirrors stuff is just galling beyond reason. Firstly, in reality there IS NO security with computers, nothing over 90% say. I mean, really… if America’s Department of Defense can be hacked once or twice a year (and that’s what we know about), what chance does the average non-techie computer user have to remain safe? Shall we say: none? On a good day? Especially not if actually targeted by some hacker who should asked to leave the planet.
Then the fake alerts, fake emails, fake text messages, fake virus notices… the average user has been made into a complete target. All your lawyering and posturing can’t change that.
So, that said, Why the Blazes do you insist on an age verification gateway before letting me in to some sites? You really think that proves anything? It proves nothing at all. Any one can type anything there. A ten-year-old can type in 1950 for a birth year and get in to your site.
“Oh gee! I’m only 17 and this website requires me to be 18.
Guess I’d better leave now,” said no one ever.
The only “fix” for this (and it’s also not 100%) is to have the browser supply that information, from information that is already in the computer and/or the browser-related account (Gmail, Microsoft, Apple, what ever) and not ask the user directly. Better, but it also has its downside as, again, it does not actually “prove” anything, only that at some point I claimed to be nn years old.(1)
So why do they do it this way? Well, I have a theory about that. They know that the “how old are you” gateway proves nothing. But they are showing the parental types and censorship types and the uber-control types out there that they are making the effort, and most of “those types” won’t actually notice that the “fix” fixes nothing. In other words, it keeps your lawyers from beating up their lawyers.
Yet it penalizes everyone, in the name of defending themselves from a very few, it slows down everyone, all this security(2).
Really now. Grow Up! Tell your corporate, paranoid, weenie lawyers to go get a real job and stop downgrading everything they touch. It’s annoying. It also doesn’t keep the Corporation from getting sued, not against a competent accuser who can demonstrate the “smoke and mirrors” aspect of your so-called security and social conformity (which is impossible, anyway as that certainly doesn’t conform to my society or my culture — only to that of a few who have gained an unholy amount of power by simply yelling loudly).
The computer industry as a whole needs to admit that security is the individual user’s responsibility, that it comes with education, training and competance on the part of the user and that there is nothing any corporation can do to enforce it for you. Nothing.
All you’re really doing is admitting you can’t keep your website and/or service safe.
So, tell your Lawyers to get rational, not paranoid. Stop the sue-sue-sue game, which is a Game, and is what actually supports an awful lot of lawyers out there in the world. A retired lawyer I know of (and an active one) agreed with me completely when I said, “90% of all lawyers exist only to protect us from the same 90% of all lawyers.” Meaning (if you read it right) 90% of all lawyers are parasites and we’d be better off without them.
So… how old are you? Yeah? Prove it!!
[30]
(1) In reality, and I have studied this issue quite a bit, there is NO absolute way to prove identity on a computer (or even in person!). Even an embedded chip in your forearm, say, planted there at birth, could never be 100% proof that you are who you claim to be (such a thing would only create a black market in fake ID chips). There is no way for me to prove who I am, no way for you to prove who you are. It can’t be done. Fingers prints, DNA scan (if such a thing was possible at time of log in to a website) can all be circumvented (watch the movie Gataca, for instance). Any system you can think of can be gotten around.
(2) How about the newest insantiy in computer security? The two-step verification before you can get on to a website? That is, I log in to a site on my computer, then a text message is sent to my phone with a code and I have to type that in to the browser, or click something on the phone, to continue logging in. Like this was the website to launch nuclear missiles or something. All it “proves” is that I have both the computer and the phone. How about I stole them both at the same time? Then the assumption that 1) you have a cell phone and a computer, 2) you live some place where there is cell reception, and 3) that your cell reception is immediate on text messages. None of those assumptions are valid for all people, only for 85%, maybe 90%. You know what this actually accomplishes? I don’t use those web sites. I went to that website for a reason, I’m “on a mission,” and the break in my momentum while waiting for some text or notice to finally show up on my phone is unacceptable. Their security issues are not my problem.