Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
theptip 7 hours ago

> users would be able to control others from central browser controls that apply to websites broadly.

Great to see this finally. It’s obviously the way it should have been implemented from the beginning.

We still see this technically myopic approach with things like age verification; it’s insane to ask websites to collect Gov ID to age verify kids (or prove adulthood for porn), rather than having an OS feature that can do so in a privacy-preserving way. Now these sites have a copy of your ID! You know they are going to get hacked and leak it!

(Parents should opt their kids phones into “kid mode” and this would block age-sensitive content. The law just needs to mandate that this mode is respected by sites/apps.)

everforward 5 hours ago | parent | next [-]

I'm dubious of the privacy-preserving approaches and would rather we just quit with digital age verification. I'm specifically worried about unification of data sources identifying users.

The challenges presented to sites, and verifiers if the scheme uses those, would have to be non-identifiable in the sense that they can't tell that 2 of them came from the same key. Otherwise there's a risk users get unmasked, either by a single leak from a site that requires age verification and a real name (e.g. an online wine merchant) or by unifying data sources (timing attacks, or identifying users by the set of age-restricted sites they use).

Perhaps I just don't understand the underlying crypto. That wouldn't be super surprising, I'm far from an expert in understanding crypto implementations.

GardenLetter27 7 hours ago | parent | prev | next [-]

> We still see this technically myopic approach with things like age verification; it’s insane to ask websites to collect Gov ID to age verify kids (or prove adulthood for porn), rather than having an OS feature that can do so in a privacy-preserving way. Now these sites have a copy of your ID! You know they are going to get hacked and leak it!

An OS feature is also a terrible option - remember when South Korean banks forced the country to use ActiveX and Internet Explorer?

The government should offer some open digital ID service where you can verify yourself with 2FA online, after registering your device and setting credentials when you get your ID card + residence registration in person.

JumpCrisscross 5 hours ago | parent [-]

> OS feature is also a terrible option - remember when South Korean banks forced the country to use ActiveX and Internet Explorer?

Just let Estonia run the programme [1].

[1] https://e-estonia.com/solutions/estonian-e-identity/id-card/

Neikius 4 hours ago | parent | prev | next [-]

Another backhanded way to forbid opensource solutions? Because now they will argue we need secure booted tamper-proof windows/mac os to make sure the proof is legit.

philipallstar 7 hours ago | parent | prev | next [-]

> (Parents should opt their kids phones into “kid mode” and this would block age-sensitive content. The law just needs to mandate that this mode is respected by sites/apps.)

Good kid mode[0].

[0] https://www.lego.com/en-gb/product/retro-telephone-31174

poly2it 5 hours ago | parent [-]

Adding a kids mode to *all* sites seems like a huge investment to most of the tech industry. I predict most would just NGINX-block users with the kid header.

ElectricalUnion 7 hours ago | parent | prev [-]

That was what P3P was supposed to enforce automatically for you, until Google ruined it for everyone.