UK Online Safety Regulations and impact on Forums

[Alvin63]

Can someone else see if they can get the Luciditi age verification to work? It won't work on my desktop. Unless the actual app will be different, it presents four options

1) Continue
2) Verify using Luciditi
3) Verify using your bank (Says OneID there)
4) Exit - I am not over 18.

Which is a confusing number of options for users to select. It would be easier if it just said "continue". If on mobile, and you press continue, it then gives three options

1) Take a selfie
2) Verify using Luciditi
3) Verify using your bank

If choosing the "Take a selfie" option it works fine. But if you choose "Verify using Luciditi" it gives you a QR code to scan. Scanning that takes you to a "small" page/window that says tap here or scan the QR code. Tapping here does nothing. Scanning the QR code isn't possible because you're already on that page having scanned the QR code. This is the same on both mobile and desktop.

Maybe if only requiring the selfie and the bank options, there would be less options displayed. I can only assume the "Verify using Luciditi" option is for people who have a luciditi app on their phones?

But no option there to scan your ID (which was mentioned). I guess this is just a demo though.

But it wouldn;t do a selfie on computer. IT did give the option to "take a selfie on my phone" though and when that was done, it approved on computer.

So @eva2000 's option was way easier - particularly on computer!

However! It did give me the opportunity to test out One ID's banking option - as it seems to be tied in with Luciditi. As I have a banking app that was very simple. I tapped on my bank, it opened my banking app, I tapped in my security code. BUT - it then asked which bank account do you want to share. Which I think would be very offputting. I tapped on my current account. A few seconds later it verified I was over 18 and a button came up to "share". Which then takes you back to Luciditi.

Although it says (in very small print under a drop down box) that you are only sharing your age and not banking details, the fact that it asks you to choose a bank account to "share" made me immediately think - is this safe? After tapping on a bank account it did say something about not sharing any bank details and only your age, but again that was very small on a phone screen and easily missed.

If someone doesn't have a banking app, but banks online, I think they'd have to go through a full online banking login. If they don't bank online at all - it doesn't work.

So the One ID banking option is

1) Uk only
2) Only accessible to people who do online banking
3) Nerve-wracking to users IMO

 

[Alvin63]

However also, the Luciditi Face estimation, is fairly simple and straightforward, if you use a phone and just tap continue. So providing it could be set up to only have Face ID and only ask for document ID if that fails, it could be fairly simple. Then there is just the cost .......

On one attempt it failed to verify (I forgot to take my glasses off) and it asked me to actually take a selfie - which it then scanned. ie a proper selfie photograph which triggered flash. Whereas the first/normal attempt, you just put your face in the frame and tap the button - but doesn't actually take a photo.

I did have a quick look at Luciditi's app but didn't register. It wanted me to scan my passport and do a selfie. Presumably anyone who is registered may go through a different process if accessing a site?

 

[Alvin63]

Yeah a lot of them recommend a higher age limit, which is interesting.



Yeah my facial age verification checks are looking for such spoofed images. Though been reading folks are now using real-time AI deepfakes that can change a persons face on the fly!

That sounds maybe more like a Government security issue or an issue for "adult" sites perhaps? But I may be wrong. I don't suppose many forum members would be that tech minded - depending on the topic! But - I wonder if spammers would start to utilise it.

 

[eva2000]

That sounds maybe more like a Government security issue or an issue for "adult" sites perhaps? But I may be wrong. I don't suppose many forum members would be that tech minded - depending on the topic! But - I wonder if spammers would start to utilise it.

Yeah who knows. OFCOM might evaluate age verification systems with such tests?? I've updated my facial age verification system some more with wider camera on desktops/laptops to fit hand positions so not so cramped. And also added optional backend testing for different tested age thresholds for 18, 21, 23, and 25 to see how it fairs

 

[Alvin63]

With VAT the Luciditi option works out about £948 a year (about £79 a month). Which is too high .......

 

[Alvin63]

Yeah who knows. OFCOM might evaluate age verification systems with such tests?? I've updated my facial age verification system some more with wider camera on desktops/laptops to fit hand positions so not so cramped. And also added optional backend testing for different tested age thresholds for 18, 21, 23, and 25 to see how it fairs

Just tried it. Personally, I preferred the less wide box for having your face in close enough, but it does make it easier to put a hand in a box. Although I prefer it without the hand ................ just a selfie

 

[eva2000]

Verifymy replied to my enquiry about face estimation instead of email estimation. It's marginally cheaper at 40p per verification, but still has the same set up cost (£2000). No data is stored except a cookie on your site so you don't verify them twice.

Luciditi replied to my query about costs. The guy was quite helpful. Age estimation is 6p per verification but they recommend setting the age at 23 to exclude anyone younger than 18. He says this means about 25% of users typically fail that maybe over 18. The back up then is banking or document scanning which is 49p per verification. He helpfully did some sums based on 25% of users doing the back up option saying this would average about 20p per verification overall. However there is also an annual charge of £550 a year, so based on 100 verifications a month the cost would be about £790 a year (before VAT!). Which long term, may actually be worse than £2000 upfront one-off fee to Verifymy,

The demo on their web page didn't load properly for me a couple of times so I would hope the real thing was better. No data stored, but a token stored for the user that lasts 18 months, so they don't keep being verified.

Although based on the members of my forum I expect the vast majority are well over 23.

Put the numbers through ChatGPT for 100 verifications/month

Years	Verifymy (GBP)	Verifymy (USD)	Verifymy (AUD)	Luciditi (GBP)	Luciditi (USD)	Luciditi (AUD)
1 yr	£2 480	$3 285.26	A$5 172.04	£ 790	$1 046.51	A$1 647.55
2 yr	£2 960	$3 921.11	A$6 173.08	£1 580	$2 093.03	A$3 295.09
3 yr	£3 440	$4 556.97	A$7 174.12	£2 370	$3 139.54	A$4 942.64
4 yr	£3 920	$5 192.82	A$8 175.16	£3 160	$4 186.05	A$6 590.18
5 yr	£4 400	$5 828.68	A$9 176.20	£3 950	$5 232.56	A$8 237.73

• Verifymy: £2 000 one-off setup + £0.40×100×12 = £480/yr
• Luciditi: £550/yr + £0.20×100×12 = £240/yr
• Luciditi remains more cost-effective at every horizon here.

Over 5yrs:

• Verifymy comes out to about £ 0.73 per check (≈ $ 0.97 / A$ 1.53).
• Luciditi is about £ 0.66 per check (≈ $ 0.87 / A$ 1.37).

Scary if folks had 1,000 verifications/week!

 

[eva2000]

Just tried it. Personally, I preferred the less wide box for having your face in close enough, but it does make it easier to put a hand in a box. Although I prefer it without the hand ................ just a selfie

yeah will try other things like maybe 2 or 3 fingers in a box LOL

 

[Alvin63]

Does it really need that for liveness? I think it fails if you leave glasses on so must be detecting a real face.

 

[eva2000]

Does it really need that for liveness? I think it fails if you leave glasses on so must be detecting a real face.

So far it does strength the checks somewhat. But will test other things as well

 

[Alvin63]

Put the numbers through ChatGPT for 100 verifications/month

Years	Verifymy (GBP)	Verifymy (USD)	Verifymy (AUD)	Luciditi (GBP)	Luciditi (USD)	Luciditi (AUD)
1 yr	£2 480	$3 285.26	A$5 172.04	£ 790	$1 046.51	A$1 647.55
2 yr	£2 960	$3 921.11	A$6 173.08	£1 580	$2 093.03	A$3 295.09
3 yr	£3 440	$4 556.97	A$7 174.12	£2 370	$3 139.54	A$4 942.64
4 yr	£3 920	$5 192.82	A$8 175.16	£3 160	$4 186.05	A$6 590.18
5 yr	£4 400	$5 828.68	A$9 176.20	£3 950	$5 232.56	A$8 237.73

• Verifymy: £2 000 one-off setup + £0.40×100×12 = £480/yr
• Luciditi: £550/yr + £0.20×100×12 = £240/yr
• Luciditi remains more cost-effective at every horizon here.

Verifymy

Luciditi

[th]
Service

[/th]​

[th]
GBP/verification

[/th][th]
USD/verification

[/th][th]
AUD/verification

[/th]
[td]
£ 4 400 ÷ 6 000 ≈ £ 0.733

[/td][td]
$ 5 828.68 ÷ 6 000 ≈ $ 0.971

[/td][td]
A$ 9 176.20 ÷ 6 000 ≈ A$ 1.529

[/td]
[td]
£ 3 950 ÷ 6 000 ≈ £ 0.658

[/td][td]
$ 5 232.56 ÷ 6 000 ≈ $ 0.872

[/td][td]
A$ 8 237.73 ÷ 6 000 ≈ A$ 1.373

[/td]​

• Verifymy comes out to about £ 0.73 per check (≈ $ 0.97 / A$ 1.53).
• Luciditi is about £ 0.66 per check (≈ $ 0.87 / A$ 1.37).

Can't quite work that out. The £2000 for Verifymy is just for the first year - a one-off, upfront cost. (I think - but you have me wondering now!) Plus verification costs Luciditi is £550 every year plus verification costs. So over 5 years I make Verifymy average out at £880 a year. Luciditi would be similar I think at about £790. After 5 years, assuming the initial £2000 was paid off, Verifymy would be £480 a year. So longer term, Verifymy would be cheaper. Shorter term is more expensive.

Shufti Pro is the cheapest. No annual fee. $700 upfront for credits. 20 cents a verificiation. $240 a year so the $700 dollar pre-purchased credit would last about 3 years. Then continuing at $240 a year. But they save data. (Although it is encrypted according to some of their info).

Presumably VAT is on top of all those costs (ie 20% more on top).

Those are minimal costs as if/when face verification fails they'd need the backup verification which costs a bit more per verification.

 

[zappaDPJ]

Yeah a lot of them recommend a higher age limit, which is interesting.

I'd take a guess that's because higher limits reduce the likelihood of errors. I myself at 65 years of age could easily pass for a teenager.


I wish!

 

[Alvin63]

One of the ones I tried gave an actual predicted age! Not sure which one it was now .........which made me 5 years older than I am
Edit: That was Privately.eu

 

[Alvin63]

Can't quite work that out. The £2000 for Verifymy is just for the first year - a one-off, upfront cost. (I think - but you have me wondering now!) Plus verification costs Luciditi is £550 every year plus verification costs. So over 5 years I make Verifymy average out at £880 a year. Luciditi would be similar I think at about £790. After 5 years, assuming the initial £2000 was paid off, Verifymy would be £480 a year. So longer term, Verifymy would be cheaper. Shorter term is more expensive.

Shufti Pro is the cheapest. No annual fee. $700 upfront for credits. 20 cents a verificiation. $240 a year so the $700 dollar pre-purchased credit would last about 3 years. Then continuing at $240 a year. But they save data. (Although it is encrypted according to some of their info).

Presumably VAT is on top of all those costs (ie 20% more on top).

Those are minimal costs as if/when face verification fails they'd need the backup verification which costs a bit more per verification.

And they are all too expensive!

 

[eva2000]

One of the ones I tried gave an actual predicted age! Not sure which one it was now .........which made me 5 years older than I am
Edit: That was Privately.eu

Yeah, I am logging the estimated age on the backend so I can fine-tune the AI. Added a dedicated testing endpoint for 2D image portraits for tuning stuff and testing various age thresholds like 18, 21, 23, 25



must suck to be 17yrs old with age verification looming over the net!

 

[hkymre]

The boss of OFCom was on bbc news this morning advising companies to use facial recognition, digital ids or credit cards to meet the age verification requirements

She was on as they’ve published the new rules this morning

New rules for a safer generation of children online

Children in the UK will have safer online lives, under transformational new protections finalised by Ofcom.

www.ofcom.org.uk

One key quote from it

Providers of services likely to be accessed by UK children now have until 24 July to finalise and record their assessment of the risk their service poses to children, which Ofcom may request. They should then implement safety measures to mitigate those risks [2]. From 25 July 2025, they should apply the safety measures set out in our Codes to mitigate those risks

 

[zappaDPJ]

For info...

Ofcom finalises rules for tech firms to protect children online

Websites will have to instate age checks and tighten up algorithm recommendations for young users.

www.bbc.co.uk

 

[eva2000]

The boss of OFCom was on bbc news this morning advising companies to use facial recognition, digital ids or credit cards to meet the age verification requirements

She was on as they’ve published the new rules this morning

New rules for a safer generation of children online

Children in the UK will have safer online lives, under transformational new protections finalised by Ofcom.

www.ofcom.org.uk

One key quote from it

Thanks for heads up. For age verification https://www.ofcom.org.uk/online-safety/protecting-children/age-checks-to-protect-children-online

Same as I understood it. Everyone has to do the children risk assessment first. But as mentioned, age assurance implementation can wave that children risk assessment. Seems cheaper to do the risk assessment than implementing age assurance!

What are online services required to do, and by when?
The Online Safety Act divides online services into different categories with distinct routes to implement age checks. However, the action we expect all of them to take starts from today:

Requirement to carry out a children’s access assessment. All user-to-user and search services – defined as ‘Part 3’ services[4] – in scope of the Act, must carry out a children’s access assessment to establish if their service – or part of their service - is likely to be accessed by children. From today, these services have three months to complete their children’s access assessments, in line with our guidance, with a final deadline of 16 April. Unless they are already using highly effective age assurance and can evidence this, we anticipate that most of these services will need to conclude that they are likely to be accessed by children within the meaning of the Act. Services that fall into this category must comply with the children’s risk assessment duties and the children’s safety duties.[5]
Measures to protect children on social media and other user-to-user services. We will publish our Protection of Children Codes and children’s risk assessment guidance in April 2025. This means that services that are likely to be accessed by children will need to conduct a children’s risk assessment by July 2025 – that is, within three months. Following this, they will need to implement measures to protect children on their services, in line with our Protection of Children Codes to address the risks of harm identified. These measures may include introducing age checks to determine which of their users are under-18 and protect them from harmful content.
Services that allow pornography must introduce processes to check the age of users: all services which allow pornography must have highly effective age assurance processes in place by July 2025 at the latest to protect children from encountering it. The Act imposes different deadlines on different types of providers. Services that publish their own pornographic content (defined as ‘Part 5 Services[6]) including certain Generative AI tools, must begin taking steps immediately to introduce robust age checks, in line with our published guidance. Services that allow user-generated pornographic content – which fall under ‘Part 3’ services – must have fully implemented age checks by July.

What does highly effective age assurance mean?​

Our approach to highly effective age assurance and how we expect it to be implemented in practice applies consistently across three pieces of industry guidance, published today[5]. Our final position, in summary:

• confirms that any age-checking methods deployed by services must be technically accurate, robust, reliable and fair in order to be considered highly effective;
• sets out a non-exhaustive list of methods that we consider are capable of being highly effective. They include: open banking, photo ID matching, facial age estimation, mobile network operator age checks, credit card checks, digital identity services and email-based age estimation;
• confirms that methods including self-declaration of age and online payments which don’t require a person to be 18 are not highly effective;
• stipulates that pornographic content must not be visible to users before, or during, the process of completing an age check. Nor should services host or permit content that directs or encourages users to attempt to circumvent an age assurance process; and
• sets expectations that sites and apps consider the interests of all users when implementing age assurance – affording strong protection to children, while taking care that privacy rights are respected and adults can still access legal pornography.

We consider this approach will secure the best outcomes for the protection of children online in the early years of the Act being in force. While we have decided not to introduce numerical thresholds for highly effective age assurance at this stage (e.g. 99% accuracy), we acknowledge that numerical thresholds may complement our four criteria in the future, pending further developments in testing methodologies, industry standards, and independent research.