In the last few days you have probably heard about the application that the Government is going to launch to control access to adult websites by minors. It is expected to be available after the summer. It has raised controversy about its usability. In this article we are going to talk about whether there may be cybersecurity problems. Could it put users’ data at risk?
This application is called Digital Wallet Beta. Perhaps the name itself, because of the “Beta”, gives us clues that this is, in part, an experiment that many believe will not work out. The intention is clear: to restrict access to adult content for minors. Currently, there are practically no restrictions.
Application to limit content for minors
This program is intended to verify age when entering certain websites. It affects pornographic, betting or video game rewards sites. Clearly, what is sought with this is to keep minors away from these websites. It is necessary to use the DNIe to verify age. However, for the moment, it only affects pages hosted in Spain.
It uses a kind of token voucher, with 30 each month. They are basically logins that you can use. Once you use that token, you can enter that website for the entire month, without having to re-verify your age continuously, up to a maximum of 10 times. It’s kind of like when you save session cookies on a social network or leave an Amazon order unfulfilled and come back later.
But what happens when those 30 tokens are used up? In that case, the user will have to renew them. In fact, the application will send a notice when those tokens are running out, so that the user can renew them and continue browsing without age restrictions. In addition, this Digital Wallet application will allow the user to store other things, such as university degrees and certificates.
The truth is that it has raised a lot of controversy about whether it is really going to be an effective solution. We see that there are tools for almost everything on the Internet, so simply by doing a search you will find manuals to find a way to bypass this age restriction for entering certain websites.
Can it put privacy or security at risk?
On paper, it is an anonymous system. In fact, they say, the application will not keep any records, but everything will remain on the user’s device. They also add that the application will be audited by the National Cryptographic Centre, to avoid any vulnerability that could be exploited by an attacker.
But of course, theory is one thing, practice is another. In the short term, there may not be any problems; in the long term, you never know if a vulnerability or flaw could appear that leaks user credentials, list of tokens used, etc. We have seen that even security-based applications, such as Authy 2FA, have had problems and user data has been leaked.
So, the truth is that even if a program is designed to be anonymous and secure, it can always stop being so. In Spain, we have also recently seen a massive hack at the DGT and hundreds of thousands of drivers’ data were stolen. The same has happened with banks and companies of all kinds.
This type of stolen data could be of great value to cybercriminals. It is private, confidential information that could be put up for sale on the Dark Web. This is how it works when a vulnerability arises. They could end up extorting the victim, with the aim of receiving money in exchange for not publishing their data.
In short, the Digital Wallet Beta application will, in principle, go into operation after the summer. The controversy is already there and only time will tell if it really becomes widely used. In addition, there will always be the ghost of privacy and vulnerabilities that may exist.
