Go.cam Security: Age Verification Without Data Transfer

Go.cam’s architecture prioritizes decentralized execution: processing remains confined to the end user’s device. This isolation natively eliminates risks related to video transmission and the centralization of data on third-party servers.

The Professional Client (operator) delegates the technical decision to an autonomous unit. This separation removes any vulnerability related to the handling of biometric files.

Local isolation and session data deletion

Processing is 100% local; no video stream passes through our servers. The security perimeter is limited to a single browser session. Go.cam isolates the computation to produce an access decision without ever leaving this environment.

The system includes a Standard Check (included) and an Advanced Check (Liveness) currently in Private Beta. This decentralized execution neutralizes risks linked to video transmission and removes any need to centralize data for the Professional Client (operator).

The engine uses local resources (CPU/GPU) exclusively during the estimation phase, following two principles:

• Containment: processing remains strictly limited to the local engine, without access to the rest of the system or device files.
• Temporality: the session is ephemeral. Once the signal is transmitted, Go.cam releases the resources and irreversibly deletes the calculation data.

This absence of persistence prevents any correlation between sessions or tracking of the user. The check remains a one-time operation triggered only at the access point defined by the Professional Client (operator).

Code transparency and auditability

Technical transparency is guaranteed by the GNU AGPL license, making Go.cam’s source code fully auditable. This openness allows the Professional Client (operator) to verify the integrity of the algorithms and strict compliance with data confidentiality.

Computation isolation and signal qualification

The computation runs in a dedicated software environment isolated from the other components of the page. This isolation limits interactions with the rest of the browsing environment and preserves the integrity of the operator’s site.

During execution, Go.cam evaluates the signal according to three criteria:

• Stability: verification of the consistency of the video stream
  
• Consistency: compliance of the signal with estimation parameters
  
• Usability: validation of environmental conditions (lighting, framing)

The engine discards unusable signals during processing to produce a result consistent with the configured threshold. If the signal is altered or insufficient, validation is refused.

Binary signal transmission and end of camera authorization

As a trusted intermediary, Go.cam validates age without ever requiring access to your user database (IAM). The process results in the transmission of a binary signal that controls access to the restricted area with the following characteristics:

• Signal neutrality – Transmission of a raw binary value (true/false) without any identifying or biometric characteristics.
• Application isolation – This signal mechanically triggers access authorization or blocking, without interaction between the Go.cam engine and the Professional Client’s user database.
• Single purpose – The signal is strictly used to open the current session, with no possibility of later reuse.

The transmission of the signal immediately locks or unlocks access: the session closes, camera authorization ends, and computing resources are released.