UK Online Safety Regulations and impact on Forums

@chillibear do you know if Shufti have a video showing how their face estimation works - eg the user journey? It looks like you might have to be signed in on their website to see things like that but just wondered if there was one to see. The responses I am getting from Shufti are a bit abrupt since I asked about data storage. I asked if there was a video of the user journey and response I got was - yes we have everything. Not a link! So I assume I'd have to do a free trial to check it out, and for that I'd need the API implementing first presumably. When I'm not sure which API I want to get developed yet .......

I've signed up for a demo (Shufti) - not sure how that will work or whether it's just online. You can opt to just have face estimation - it just means that anyone who fails that has to contact you - no other option offered. So on that basis it would be minimal data being stored. A photo and maybe exif data I would think - need to check that. But it's still data. But people can ask to have data deleted if they want to.

I'm wavering between the option above (One ID and Uk users only) or paying for Shufti and working out data deletion. Don't want to pay any more than that as I don't want to charge people.
 
Last edited:
No idea if there are any videos around. The default trial is quite short (3 days). You can generate and launch validations from within their UI - so to just see what the end user experience is like you wouldn't need to do any integration as you can create the "Journey Builder", which is a web based tool.
 
Well that's better than I got. I did manage to get them to extend mine to five days - three in the middle of the Easter break wasn't quite enough to really test any code and I wanted to at least do a proof of concept. Fifteen should give you plenty of time to try things and experiment.
 
I think you tried the free trial didn't you @chillibear . How did you find the face estimation process. Because from what I've seen, some are much better than others. The google one I did it literally scanned your face and came up with a tick. Another one I tried was a slower process (Luciditi). Where you actually took a photo, and it then waited for ages processing before coming up with a tick.
 
Last edited:
chillibear said:
Well that's better than I got. I did manage to get them to extend mine to five days - three in the middle of the Easter break wasn't quite enough to really test any code and I wanted to at least do a proof of concept. Fifteen should give you plenty of time to try things and experiment.
Click to expand...
That's what it says online at the moment, I haven't actually got it yet ........
 
Still looking into the data retention thing. Maybe that is just for the gov id check and not for face estimation - because this article says:

"
It is against the law, under UK GDPR, for an age verification provider to ask you for a photo for the purposes of estimating your age, and then keep it for any other purpose unless you give clear and explicit consent.
Click to expand...

So no images are stored as a result of facial age estimation."

Do the age estimation techniques based on facial images put me at risk of surveillance through image recognition software? – AVPA

avpassociation.com avpassociation.com

However, presumably you are giving consent before you do the age estimation ............which is why I want to try the trial. And they are not keeping it for "any other purpose" - just for the purpose of future age estimation I think .......

However it would probably be better to have the second line of id scanning if face scanning fails - otherwise how would you verify them if they contact you? They could send a photo of their ID but it doesn't mean it's theirs ............. But I assume that would be acceptable as verifying age - if someone emailed you a photo of their ID. But then presumably we'd have to store that date ......... so it could be proved if asked.
 
Last edited:
You (as the user doing the check) do have to give them (Shufti) consent however, so all fine as far as the law goes. Assuming you went with them as a final solution you could simply delete the user's data from your Shufti account dashboard (either manually or have it as part of your software solution) and then Shufti have already said they also delete their 'own copy' in that situation.

Their scanning was not particularly quick in my experience. However not slow enough that it was a problem. The only bit I had trouble with was that I found you needed to set an upper bound on age checks to get it to work reliably. The documentation says you can just set an "over" amount, but that often seemed to fail even with their test data. Setting an upper and lower bound worked however (you can set the upper to 165 years old - which is the limit).
 
I thought I would try creating a minimal viable product (MVP) for age verification using the Cloudflare platform, including pages, workers, and AI gateway, and so far, so good. The costs for input + output tokens + image = $0.000308 to $0.000474 per submission. That's $0.308 to $0.474 per 1,000 image submissions. Costs of 3rd parties have been mentioned in this thread, how does that compare?

For this MVP:
  • No personal identification is collected or stored
  • No session tracking or user accounts
  • Images are processed in-memory only
  • No database or persistent storage mechanisms are implemented
  • Criteria for determining age certificate of >18yrs or not is a work in progress and would need testing against false selfie submissions heh. But thought I'd see what I could come up with :D
cf-age-verification-mvp-demo-v2-1.webp

cf-age-verification-mvp-demo-v2-2.webp cf-age-verification-mvp-demo-v2-3.webp
 
Last edited:
Where would the liability lie with the age verification? If you as the site owner implement an age verification process via a 3rd party, and someone manages to bypass it?
 
MattW said:
Where would the liability lie with the age verification? If you as the site owner implement an age verification process via a 3rd party, and someone manages to bypass it?
Click to expand...
I imagine the liability would reside with the site owner. I can't see OFCOM taking direct action against an age verification service.

It would be up to the site owner to take action against the verification service because those are the two entities bound by contract. That assumes of course the verification service has not met their service level agreement. I doubt any service would guarantee a 100% success rate though.
 
1745249606058.webp

Cool idea.

As a forum participant, I'd close this and find another site. Why ? I have no idea if the forum is keeping the picture. I would assume it would do that. I've never been asked to upload a real time photo of myself for ANY site.

I don't think i'm alone here.
For a site that wants to be 100% safe and is willing to see a steep decline in registrations ... this is an amazing option.
 
Digital Doctor said:
As a forum participant, I'd close this and find another site. Why ? I have no idea if the forum is keeping the picture. I would assume it would do that. I've never been asked to upload a real time photo of myself for ANY site.
Click to expand...
Yeah I agree. Probably only target UK visitors. Just curious if it can be done :)
 
Last edited:
eva2000 said:
I thought I would try creating a minimal viable product (MVP) for age verification using the Cloudflare platform, including pages, workers, and AI gateway, and so far, so good. The costs for input + output tokens + image = $0.000308 to $0.000474 per submission. That's $0.308 to $0.474 per 1,000 image submissions. Costs of 3rd parties have been mentioned in this thread, how does that compare?

For this MVP:
  • No personal identification is collected or stored
  • No session tracking or user accounts
  • Images are processed in-memory only
  • No database or persistent storage mechanisms are implemented
  • Criteria for determining age certificate of >18yrs or not is a work in progress and would need testing against false selfie submissions heh. But thought I'd see what I could come up with :D
View attachment 321691

View attachment 321692 View attachment 321693
Click to expand...
That's fantastic! So you mean it would create an age verification without using an external provider? Costs you mentioned are way better than anything else found so far. One ID has a free option for uk users only but it's not as fast as face id.
 
Digital Doctor said:
View attachment 321695

Cool idea.

As a forum participant, I'd close this and find another site. Why ? I have no idea if the forum is keeping the picture. I would assume it would do that. I've never been asked to upload a real time photo of myself for ANY site.

I don't think i'm alone here.
For a site that wants to be 100% safe and is willing to see a steep decline in registrations ... this is an amazing option.
Click to expand...
The thing is, I know my members would be happy to do it, as they want to have their forum back as it was. Also so many sites are now doing Age ID that I think people will get used to it. You just have a notice saying their data isn't stored and it's just to verify their age. I just had to do a face age id the other day for google, to see a youtube video with medical photos in. It's "the new normal" 🤣
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom