SL Age Verification Revised

(Copyright Linden Lab)

Update, July 2012: This article is now out-of-date following a further change to the Age Verification process. See this post for details.

It appears that Linden Lab has launched a new Age Verification process. This is causing more than a few waves, as Tateru and Ciaran report.

While I don’t wish to blow my own horn, I’m not actually surprised that there has been a change; this is actually something Rodvik took the time to Private Message me about via Twitter earlier in June in order to obtain some perspective on changing the system (presumably because I’m involved in the Adult Community within SL) – and I’ve little doubt he PM’d others as well to get some feedback. While he didn’t specify how the system was to be changed, it was clear from the exchange that something would be changing.

The problem with the old verification process  – really – was that it was completely misrepresented through rumour, ignorance and assumption. It was also somewhat invasive (although to be honest, I had little issue with Aristotle Integrity and providing my passport details because I made myself go read-up on the system itself and understand what it was actually about).

Among the wild (and incorrect) claims made at the time the system was introduced were the following:

  • It was used to track US citizen’s voting habits / to target US citizen for political mailshots, etc. (a rumour generated because the software came from the same company that provides political trending software to the major US political parties)
  • The software was “against European law” (and yet 12 out of the twenty top users of the software were European Union countries, including Germany, France and the UK – three countries where the “against European law” cries were the loudest)
  • That the software stored personal information on-file and made it available to third parties for a fee (yet the software does no such thing: it operates on a look-up basis with nationally-held databases and simply acts a a “tick box” confirmation service)
  • That the software supplied personal information to Linden Lab (in fact the only information passed to Linden Lab was either a tick to say a person had been successfully Age Verified or a cross to say they hadn’t).

If genuine fault were to be placed with Aristotle Integrity, it was in the fact that it could easily be fooled. The system appeared to compare supplied data with a variety of databases with no actual cross-referencing. This resulted in people being able to fool the system by giving (for example) a valid Social Security number against the name Elvis Presley and end up being verified. In the UK and Europe people were able to give “old” data relating to themselves (such as a former home address and expired passport number) and get verified. Some even claimed to be able to give completely fictitious information together with a real name (say, Donald Duck) and get verified. There was also a problem for some in that even when genuine information was given, verification would fail, or the Age Verified flag would have to be periodically re-set (I myself have had to re-verify twice since my original verification after suddenly finding myself blocked once again from land with the Age Verified flag set (rather than the PIOF flag)).

Part of the fault here was clearly with the Artistotle Integrity software, although equally, much of the blame lay with the various government databases being checked, simply because they are not cross-referenced (and we probably all breathe easier as they are not).

However, all this aside, the fact that the system required the submission of passport numbers, Social Security numbers, etc., whether or not they were stored somewhere was extremely off-putting to many – and it was this evasiveness that gave Rodvik cause to PM on the subject, and indicate privately that he felt the matter needed addressing.

The result is a completely new system that simply requires you supply a date of birth and confirm the information supplied is true.

That’s it.

New Age Verification Process (with thanks to Tateru Nino)

Doubtless the new system is going to get people up in arms once it becomes widely known, and some people are going to rail against the whole thing being a “joke” and so on simply because the system is now so “easy”. Others will doubtless cry “foul” because of the information (SSN, driver’s license, etc) they have “given” to LL in the past (even though, as stated, no information supplied is actually retained by Aristotle Integrity or LL).

However, the fault here is not LL’s: they are simply conforming to the requirements set forth by the US Federal Trade Commission’s best-practices for age-verified access to adult content on-line. It may not be the best method in the world (but can anyone point to a system that does work without falling flat on its face at the first presentation of false data that doesn’t require invasive “background checks”?). It is however what the US government considers adequate in lieu of anything better.

If nothing else, it should put an end to the more ludicrous claims made around Aristotle Integrity and take away the very genuine headaches some people did have when trying to verify using it.

We’ve yet to see any formal announcement about the new system – the news has been “leaked” via SLU, where it appears some were given a heads-up that the new system was now available for testing and opted the break the news themselves on Friday. Whether they received word from LL or perhaps from Rodvik having also been a part of the batting of ideas I had been loosely involved in via Twitter, is unclear. Given that so much of late seems to be coming to light as a result of word-of-mouth rather than any official announcement, it would be nice to see something show up on the official blog about this come Monday.

Advertisements

18 thoughts on “SL Age Verification Revised

  1. I caught the news via a google+ post from someone who was age-verifying an alt and spotted the change. I could have found out sooner from other sources (SLU, or twitter) but I actually missed seeing all of that.

    Like

    1. I assume the change was stumbled upon before any planned announcement LL might be making about the new system could be released.

      It’ll be very disappointing if they are simply pushing this out *without* saying anything, particularly given the overall lack of any substantial communication from them via the SL blogs on just about anything other than SL8B and SLCC of late.

      Like

      1. The Lab has been so quiet this month that I’ve had dozens of people asking me “Hey, Tat? Why are the Lab so quiet? Do you know what’s going on? I’m worried!” etc..

        Like

        1. I’n frankly disappointed. OK, they’ve lost some who were ostensibly responsible for communications (Amanda Linden being one), but the fact is, there has been a near drought situation with “visible” communications from LL since the “old” Jive forums and blogs were frozen in preparation for the roll-out of the Lithium platform which – ironically – was touted as a means to “improve” communications not just user-to-user, but between Lab and community.

          Even – and with the greatest of respect to him – Rodvik’s Tweeted promise of more communications from the Lab during June has almost completely failed to materialise.

          Like

  2. I was told about it by a friend who intimated that I might like to start a thread about it in SLU if there wasn’t one already (she didn’t seem too pleased about the change, as it happens). She’s no connection with LL that I know of, though if she’d been beta-testing something and had signed an NDA, then I suppose she wouldn’t be able to tell me that was the case. And I don’t intend to ask her how she came to find out.

    Certainly I didn’t hear about it from LL directly (or even, as far as I know, indirectly) and neither did I hear about it from twitter.

    Like

    1. Thanks Innula – as you are involved in the Adult Community and Tweet, I did wonder if you were another person Rodvik contacted to sound out able “streamlining” the process of verification.

      tbh – I really thought no more about the conversation I had with him (in which *no* specifics were discussed, other than my pointing out some of the inherent problems with Aristotle Integrity over and above those Rodvik had picked-up on for himself. It’s good to know things have changed, even if the news is circulating – well, circuitously, I guess!

      Like

  3. Aristotle/Integrity cannot verify UK passport numbers, this was always a huge red flag for me, why on earth were they asking for info they could not verify?

    Like

    1. I have to differ with you here.

      When I originally verified (just after the process went into effect), I used my UK passport with no trouble at all.

      I’ve subsequently had to re-verify twice, and both times have used my passport again without any issue.

      I also know of one person who managed to verify using an expired passport.

      So I think the issue is no so much with requesting data, as to how that data is actually put to use before being discarded by Aristotle Integrity.

      Like

      1. If Ciaran will forgive me for jumping in, I think the point is Aristotle has no earthly way of knowing if it’s your passport you used to verify your identity. As far as I know from my dealings with the Passport Service, the most Aristotle could have verified was that the number you provided was, in fact, a possible number a UK passport might carry.

        Since, as far as I know, they couldn’t check this on line and would have to phone up the Passport Service to be told even that, I can’t believe they made an international call to the Passport Service and got a reply on a Sunday morning, our time, in the few seconds it took them to “verify” my age when last I used my passport for this purpose.

        Like

        1. Why would Integrity need to call anyone? The check would be automated. And how long does it take automatic systems to, for example, verify your credit card details when making an international purchase?

          Remember, Aristotle is an “approved” system in use by HM Government (at the time that I verified, the UK was the 2nd largest government user of Aristotle after the USA). Ergo, the links for checks to be carried out could well be in place.

          Also, given we are *volunteering* personal information for the purposes of verification, then the UK Data Protection Act doesn’t really apply to safeguarding data – particularly as *no* personal information is actually returned by the Passport Office to Aristotle.

          Of course, the two caveats to all this are that:

          1) In order for all the hooks to be in place for such in-depth verification to take place would mean that Whitehall actually has its act together (about as likely as pigs taking flight come autumn).

          2) The verification process was so hit-and-miss (again, my own example of a friend verified on the basis of an expired (by a number of years) passport number), which rather suggests that whatever databases Aristotle calls upon to make data checks, they are not the most up-to-date – which makes a simple look-up of issued numbers (as you suggest) far more likely than any comprehensive check.

          Whatever the truth, the fact remains that Aristotle can *use* passport numbers, whether the check is in-depth or simply against a stale list. The claim that it “doesn’t” use UK Passport Numbers is more to do with the fact that people have had difficulties when using their Passport Number (for whatever reason) – the same way that others in other countries have reported that while the system apparently asks for their driver’s license, it “cannot verify” them using the supplied data.

          Like

      2. The issue is that you don’t know whether your passport number was even checked, and I highly doubt it was. During the beta verification the field wasn’t mandatory, I verified without putting anything into that field.

        I had already contacted the UK passport agency asking how Aristotle could confirm my passport number and they told me they couldn’t.

        There is of course the passport validation service, which they may use, but in most cases private companies have to phone a call centre for this, government agencies like the DVLA will have access to the database but I’ve seen nothing to suggest Aristotle would have access as a private company.

        Like

        1. Aristotle says they process based on the *likelyhood* of the data being genuine, using data from databases where it is available, or where they have made access deals, and using public sources and veracity algorithms where it is not. They were always very clear about this, from what I saw. In the USA, they’ve got access to the electoral rolls, and they appear to have access to certain other data in other countries (where they’ve made some arrangement) for the rest, as they’ve said, they assess the plausibility of the presented data against public sources, id checksums and so forth.

          I believe some folks at the Lab itself may have said things that suggested that Aristotle had more comprehensive access to data than Aristotle said it had.

          Like

        2. As far as I know, even government agencies have to phone them. Access to the validation service’s database is restricted as an anti-forgery measure.

          They don’t want forgers being able readily to check that the number they’re applying to a fake or stolen passport is a valid one, and still less do they want to risk anyone being able to launch a brute-force attack to determine what algorithms they use in generating new passport numbers.

          Like

        3. I’ve based my feedback on what I’ve read on the Aristotle site, which has always overall swayed me to the fact it is a very simple look-up process, rather than anything in depth (hence my commentary towards Whitehall having things set-up for in-depth verification being about as likely as pigs flying :-)).

          Again, I think it more likely that some form of simple look-up takes place, rather than nothing at all, as Tateru comments vis-a-vis whatever database they can access (and again, hence the verification of expired passport numbers). If there is simply no check at all performed, then Aristotle would be verging on making fraudulent claims as to the capabilities of the Integrity software.

          Just to make one thing clear: I’ve never believed Aristotle is accurate in any way, much less foolproof; I’d actually put it on a par with the system now replacing it in terms of accuracy and reliability. However, that hasn’t stopped me from “defending” it or LL from the more extreme rumour-based allegations made against it within the community, which do little to help matters in either direction.

          Like

        4. Your comments system is confusing with these reply buttons missing 😉 Might be a Firefox 5 issue.

          I fully believe Aristotle can verify information based on the UK electoral roll, I’m sure that’s how they verified me. I’m still not convinced they can verify passport numbers in an instant, although they may have access to passport numbers via systems other than the UK passport agency. As Innula points out, even government departments aren’t given easy access to that data.

          Like

          1. I think the button issue is a combination of Firefox 5 (your end, given buttons are vanishing for me under Firefox, but not as consistently under Chrome) and the particular WP theme I’m now using (given Chrome *is* having intermittent button issues). I might have to swap back to the previous layout.

            I cannot speak for direct access to live data; I don’t work for the Government, although I have a close friend who is an “Administrative Manager” in the Metropolitan Police who appears to have a different opinion to you – not that we’ve discussed anything in-depth (she’s not even involved in SL). Again, I’m not saying that in-depth checks take place. Never have. What I any saying (and agree with Tateru on) is that checks are performed using whatever data Integrity can gain access to for Aristotle to use – and that these sources are most likely stale (again, people citing being verified against PAST addresses, rather than current addresses), simply isn’t Integrity’s concern. They simply do enough to validate what they claim to be able to do.

            Like

  4. Gosh, it’s so easy now…

    I’ve just checked and confirmed that the new system is exactly as you described. A couple of weeks ago I created a new alt to do some tests with one of my WordPress plugins that failed with the “new” avatar names (the ones that have the “fake” last name of “Resident”). Since I never intended to use that alt except for a few tests, of course I never bothered to age-verify it 🙂

    So I just tried it out. One link, one checkbox, and that’s it — I’ve got a new fully age-verified avatar.

    Like

Comments are closed.