Regulating Access to Adult Content (with Privacy Preservation)

In the physical world we have well-established mechanisms for keeping children out of adult-only areas. In the virtual world this is generally replaced by self declaration. Some service providers resort to using heavy-weight identification mechanisms, judging adulthood as a side effect thereof. Collection of identification data arguably constitutes an unwarranted privacy invasion in this context, if carried out merely to perform adulthood estimation. This paper presents a mechanism that exploits the adult's more extensive exposure to public media, relying on the likelihood that they will be able to recall details if cued by a carefully chosen picture. We conducted an online study to gauge the viability of this scheme. With our prototype we were able to predict that the user was a child 99% of the time. Unfortunately the scheme also misclassified too many adults. We discuss our results and suggest directions for future research

Case study:exploring children’s password knowledge and practices

Children use technology from a very young age, and often have to authenticate themselves. Yet very little attention has been paid to designing authentication specifically for this particular target group. The usual practice is to deploy the ubiquitous password, and this might well be a suboptimal choice. Designing authentication for children requires acknowledgement of child-specific developmental challenges related to literacy, cognitive abilities and differing developmental stages. Understanding the current state of play is essential, to deliver insights that can inform the development of child-centred authentication mechanisms and processes. We carried out a systematic literature review of all research related to children and authentication since 2000. A distinct research gap emerged from the analysis. Thus, we designed and administered a survey to school children in the United States (US), so as to gain insights into their current password usage and behaviors. This paper reports preliminary results from a case study of 189 children (part of a much larger research effort). The findings highlight age-related differences in children’s password understanding and practices. We also discovered that children confuse concepts of safety and security. We conclude by suggesting directions for future research. This paper reports on work in progress.<br/

Are you over 18? A snapshot of current age verification mechanisms

There are many online spaces that children should not enter to shield them from adult content, services and products. Age verification mechanisms are used to bar entry to minors. We examine the arguments for and against their use, and propose three dimensions that these kinds of mechanisms ought to judged by: (1) effectiveness \& inclusivity, (2) affordability, and (3) privacy preservation. We used a systematic literature review to provide a snapshot of age verification practice in the research literature and commercial arena. We found a wide range of age verification mechanisms, ranging from "verification theatre" (box checking to confirm adulthood) to those that verify age by confirming identity. The latter elicit significant security and privacy concerns while the former clearly constitute no obstacle at all. Some mechanisms use facial biometrics to estimate age (for a fee), but the costs can easily become prohibitive for small businesses. We suggest directions for future research into solutions that can provide a more effective and affordable solution, which crucially also respect the privacy of users