Well if your records show people have been verified as over 18. I don't see how anyone could bypass it if they need to do it at registration. Also it's done "in good faith". Ofcom accept face estimation - they don't say it has to be with a particular company.
UK Online Safety Regulations and impact on Forums
- Thread starter lazy llama
- Start date
-
- Tags
- regulation
That sounds clunky ............
Digital Doctor
Well-known member
Age confirmation via facial images are for porn and gun websites.
The idea 99.5% of websites need it is silly.
The idea 99.5% of websites need it is silly.
eva2000
Well-known member
Technically, if it's hosted on the Cloudflare Platform, it is external. But yes, it would not be using an external paid provider and would be considered an in-house age verification solution. Whether OFCOM finds it acceptable would be a completely different matter, heh. The selfie image is encrypted in the browser until it is passed to the AI.
I think it sounds brilliant. It's age verification using an acceptably official external software and it's not a simple age check tick so I don't see why it shouldn't be acceptable - unless it was an "adult" type site.
I don't quite understand how it works though.........So it's a kind of addon? That asks the user to do a selfie and upload it, is that right? Presumably then it wouldn't have "liveness" to authenticate the user, which is something Ofcom does mention but doesn't necessarily stipulate. And how does it then verify age from the photo? Just the software estimates it? That is very clever if you've written that.
What was that about the browser?
I don't quite understand how it works though.........So it's a kind of addon? That asks the user to do a selfie and upload it, is that right? Presumably then it wouldn't have "liveness" to authenticate the user, which is something Ofcom does mention but doesn't necessarily stipulate. And how does it then verify age from the photo? Just the software estimates it? That is very clever if you've written that.
What was that about the browser?
It avoids doing a Child Risk Assessment though, if you have age verification, which also then avoids numerous mitigations to protect children, which could a) dumb the site down/censor a lot more and b) create a lot of extra work. It makes it easier to have compliancy and you don't need to worry about content to the same degree.
eva2000
Well-known member
There are also many privacy laws surrounding biometric personal data, including how the images are processed, stored, etc. So OFCOM would most likely have to approve certain age verification providers for use. Then there's the accuracy of selfie-based age verification.
My MVP demo is just a standalone demo not an addon. Just wanted to see if it's possible to do using AI to analyse the age for age verification - working on perfecting that part as curious how far I can take it.
To protect users' privacy, the selfie is encrypted within your browser before transmission and only decrypted on the secure backend solely for the purpose of the age verification analysis. So web site operator wouldn't have access to the selfie image easily or if data was intercepted between web site and Cloudflare platform/network.
If folks want to test my standalone MVP age verification demo privately, send me a private message for the link. Could do with more folks submitting fake/bonus images to see AI verification works to reject the images
eva2000
Well-known member
AFAIK, unless it's changed, age verification implementation does not remove the requirement for risk assessment. Risk assessments will be needed regardless.
chillibear
Well-known member
There are two risk assessments you have to do. The primary one addressing the 17 harms and then if you can't prove you don't have users under eighteen you will have to do the Childrens Risk Assessment. However we are still waiting on Ofcom's guidance for this (due this month), when that is published there will be three months (if I recall correctly) to do that second assessment.
They do give examples of what they consider to be robust age verification, but I don't recall them specifying any particular "qualifications" so to speak for the providers, so I imagine as long as you follow UK data protection laws and guidance around the data there wont be an issue. There are however various bodies that provide some certification such as https://accscheme.com/ as to its value it's hard to know, there also appears a trade body https://avpassociation.com/
eva2000
Well-known member
Yeah silly for OFCOM to enforce an law when guidance and tools haven't been provided!
Yeah just the legal stuff you need to handle will add to any age verification provider's costs of business. Yoti also listed https://www.yoti.com/business/facial-age-estimation/
eva2000
Well-known member
zappaDPJ
Well-known member
That's either a change in OFCOM policy or a bit of a stretch. OFCOM has a list of 'Highly effective methods of age assurance' which includes facial age estimation but as far as I'm aware they don't recommend vendors. In addition here's a cut and paste taken directly from OFCOM's site.
Implementing the Online Safety Act: Protecting children from online pornography
Children are set to be protected from accessing online pornography under new age-check guidance proposed by Ofcom today to help services to comply with online safety laws.
This suggests to me that facial age verification might not be OFCOM's preferred method for age assurance. That said I also think it's worth remembering the focus here is to prevent children accessing pornography and not necessarily a site with family friendly content.
I read it that they just considered certain types of age verification to be acceptable and more effective than others. Eg a simple are you 18 tick isn't sufficient. I think @eva2000 's solution would be perfectly acceptable. None of the major companies guarantee their results are 100% but they are seen as acceptable solutions. And the site showing they are age checking everyone in good faith.
Elsewhere though, they mention email age estimation and other methods as acceptable. Don't have the link right now (it's further back on here), but they have a whole document on age verification ...........
I'm happy to do some testing
Last edited:
eva2000
Well-known member
Yeah email age would be a difficult one to do ourselves heh.
Will pm you the linkI'm happy to do some testing
eva2000
Well-known member
Some folks have said it's hard to click the capture button for phones, as one hand holds the phone and another hand is in the required box. So improved with 5-second timer on clicking the capture button + also supports tapping on the video itself to capture, so easier to do one-handed
Haven't figured out what to do if a person only has 1 hand or no hands!
Haven't figured out what to do if a person only has 1 hand or no hands!
bzcomputers
Well-known member
Wouldn't it just be easier to ask them to turn their head left or right and capture a side profile, to confirm liveness?
eva2000
Well-known member
Yeah thought of that - it would require more than one image submission so costs would increase. Right now cost is between $0.35 to $0.55 per 1000 images. So 2 images would double that cost. Still cheap, but adds up
I did it on computer, so didn't have that issue. Both hands free But I can imagine that's harder on phone. How about just asking them to blink? However, raising a hand is very good because it prevents a photo being held in front of the camera - the photo blocks the option for a hand to show so it avoids them using a photo - it has to be an actual person.
But I can imagine that's harder on phone. How about just asking them to blink? However, raising a hand is very good because it prevents a photo being held in front of the camera - the photo blocks the option for a hand to show so it avoids them using a photo - it has to be an actual person.