Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
tzs 3 days ago

> "Everyone must prove their age online now" creates a trail of identity that kills anonymous speech dead.

That depends on the implementation. Do it the wrong way, like many countries or US states, and that is a problem.

Do it right, like the EU is doing in their Digital Identity Wallet project, which is currently undergoing large scale field trials, and the site you prove age to gets no information other than that you are old enough, and your government gets no information about what sites you have proved age to or when you have done so.

indymike 2 days ago | parent | next [-]

> That depends on the implementation.

Not really. Either you have freedom of speech or you have restricted speech. The more restriction, the less freedom you have.

> the site you prove age to gets no information other than that you are old enough, and your government gets no information about what sites you have proved age to or when you have done so.

As long as the broker in the middle can be trusted, cannot be extorted by government power or private wealth... in other words: unpossible.

tzs 2 days ago | parent [-]

In the system the EU is using you are the broker in the middle.

Briefly, your government issues you a digital copy of your identity documents cryptographically bound to a hardware security module that you provide. For the first iteration this will be the security module in your smartphone. Later iterations will support standalone smart cards and plug in security modules like YubiKeys.

If you wish to prove your age to a site a cryptographic protocol takes place between you and the site which demonstrates to the site that you have a government issued identity document that is bound to a hardware security module, and that you have that module, and that the module is unlocked, and that the identity document says that your age is above the site's minimum age requirement.

No information is transmitted to the site from the identity document other than the age is above the threshold. There is also nothing transmitted that identities the particular hardware security module.

rdm_blackhole 2 days ago | parent | prev | next [-]

> Do it right, like the EU is doing

Doing it right like the EU? You mean like the EU, scan everything that is sent through anybody's phone in the name of protecting the children?

> the site you prove age to gets no information other than that you are old enough, and your government gets no information about what sites

That is the case for now. What happens when the lobbies get in there and decide that this info is actually very valuable and that they should have the right to know who is visiting their client's websites and apps, will the anonymity remain? I think not.

And what about the defense industry who in the name of fighting terrorism will demand that users that identify themselves on "suspicious" sites now need to have their data recorded?

The issue is that once everyone is using this system, then it's very easy for any government to come and start expanding the scope of the data recorded and as always under the cover of good intentions.

This is how it goes: - In 2025, they record nothing - In 2026, they start logging IP addresses and passing along suspicious log ins to the cops - In 2030 they start recording more and more data until all anonymity is gone

I wouldn't touch the EU's identity wallet with a 10 foot pole and I certainly wouldn't use anything that the EU is doing now as a benchmark considering what happened with the Chat control law recently.

BlueTemplar 2 days ago | parent [-]

Logging IP addresses for use by law enforcement started in like 2004.

I remember ISPs and Web cafés complaining quite a lot.

But I guess you mean on the client software side itself ?

zelphirkalt 2 days ago | parent | prev [-]

The EU is very double edged though. It has great projects, undoubtedly. For example GDPR was a gigantic step forward, even if many people here, who are US-centric mostly, don't want to hear that. But on the other hand the EU also has loads of shit that members and lobbies try to push, like for example chat control.

Let's hope that this project you mention works out, if indeed it works like you describe.