Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
zmmmmm 2 days ago

I feel like the EFF has stretched a bit far on this one. They need to be advocating for good solutions, not portraying age verification as fundamentally about surveillance and censorship.

As many are pointing out zero knowledge proofs exist and resolve most of the issues they are referring to. And it doesn't have to be complex. A government (or bank, or anybody that has an actual reason to know your identity) provided service that mints a verifiable one time code the user can plug into a web site is very simple and probably sufficient. Pretty standard PKI can do it.

The real battle to be lost here is that uploading actual identity to random web sites becomes normalised. Or worse, governments have to know what web sites you are going to. That's what needs to be fought against.

akersten 2 days ago | parent | next [-]

> They need to be advocating for good solutions, not

No, fighting back against horrible proposals does not require suggesting an alternative proposal to the alleged problem. That only serves to benefit the malicious actors proposing the bad thing in the first place, the hope that we'll settle on something Not As Bad.

Thank god for the EFF and their everlasting fight to stop these nonsense internet laws. I'm glad they don't waste their time on "well how about this" solutions. The middle ground will never be enough for the proponents of surveillance, and will always be an incremental loss for the victims.

quitit 2 days ago | parent | prev | next [-]

There are overwhelming dichotomous portrayals in this debate which gives me pause because there are entities who benefit from both sides of this debate, but neither would benefit with a sensible privacy-preserving solution.

So instead of advocating for those sensible and workable solutions, the discussions are always centred on either blocking any attempt at reform while hyperventilating about vague authoritarianism or a similarly vague need to protect the innocent.

Meanwhile in the world of smartphone data providers, social media networks, and the meta/googles of the world: they all know your personal information and identity up to the wazoo - and have far more information on every one of you than what is possessed by your own governments (well except for the governments that are also buying up that data.)

So let me be clear, the gate is open, the horse has bolted - recapturing your privacy is where attention should be focused in this debate... even if it's bad for shareholders.

Seattle3503 2 days ago | parent [-]

> Meanwhile in the world of smartphone data providers, social media networks, and the meta/googles of the world: they all know your personal information and identity up to the wazoo - and have far more information on every one of you than what is possessed by your own governments (well except for the governments that are also buying up that data.)

This is where I'm concerned too. We are seeing a proliferation of third party verification services that I have to interact with and that have no real obligations to citizens, because their customer is the website.

I'd like to see governments step in as semi-trusted third parties to provide primitives that allow us to bootstrap some sort of anonymous verification system. By semi-trusted, I mean trusted to provide attestations like "This person is a US citizen over the age of 18" but not necessarily trusted with an access log of all our websites.

stvltvs 2 days ago | parent | prev | next [-]

What good solutions are there that prevent the age verification service and the website from comparing notes (because Big Brother told them to) and figuring out who you are and what you're doing?

zmmmmm 2 days ago | parent | next [-]

If they voluntarily collude then yes, you can't avoid that. It's like third party cookies - once two parties collude it's game over. But that just outlines a situation where the user's chosen trusted service is hostile to their interests and they need to find one that isn't.

If Big Brother starts mandating the collusion - then yes, there's a hill to die on. But in some ways that's the point here. There are hills to die on - this just isn't it. And if you pick the wrong hill then you already died so you are losing the ones that really mattered. If the EFF pointed out to everyone that there is a privacy preserving answer to the core issue that is driving this, they could then mount a strong defense for the part that is truly problematic, since it isn't actually required to solve the problem.

pseudalopex 2 days ago | parent [-]

> If they voluntarily collude then yes, you can't avoid that.

You may accept this. Others will not.

> But that just outlines a situation where the user's chosen trusted service is hostile to their interests and they need to find one that isn't.

Just?

Seattle3503 2 days ago | parent | prev [-]

This is only hypothetical for government ID's, but in theory government IDs could provide pairwise pseudonymous identifiers with services. Your ID with a single service is stable, but it is different with each service.

pseudalopex 2 days ago | parent [-]

They imagined a scenario where the state ordered 2 companies to identify users. How would replacing 1 company with the state improve this?

Seattle3503 2 days ago | parent [-]

What would the state force you to do in this case?

stvltvs 2 days ago | parent [-]

Is your question about what authoritarian states do with information about everyone's private lives?

Seattle3503 11 hours ago | parent [-]

No, it's a question about how a government would break cryptographic protocols, or force others to.

If the identifiers are pseudonyms, if the government compelled someone to share their user IDs, all the government would see are basically a bunch of UUIDs keyed to that provider.

So what specific actions are you talking about. What is your threat model?

raw_anon_1111 2 days ago | parent | prev | next [-]

Age verification is about government overreach surveillance and censorship. That’s it.

casey2 2 days ago | parent | prev | next [-]

The reality is that even countries that have digital IDs like Belgium which would be 1 of the many requirements of implementing such a zero-knowledge system are pushing for surveillance heavy legislation right now.

Once a system is in place that infringes on rights nobody will modify it to give citizens more rights.

atonse 2 days ago | parent | prev [-]

Yep this is the first time I've disagreed with the EFF on anything civil liberties related.

My view is that there's no reason why we can't come together and come up with a rating system for websites (through HTTP headers, there are already a couple proposals, the RTA header and another W3C proposal).

Once a website just sends a header saying this is adult only content, what YOU as a user do with it is up to you. You could restrict it at the OS level (which is another thing we ALREADY have).

This would match the current system, which allows households to set their devices to block whatever they want, and the devices get metadata from the content producers.

No ID checks needed.

kmoser 2 days ago | parent [-]

> My view is that there's no reason why we can't come together and come up with a rating system for websites

There's no way everybody will agree what constitutes "adult only content," therefore there's no way to come up with a rating for websites.

atonse 17 hours ago | parent [-]

I have to imagine porn sites don’t want an underage audience either.

So I think they would voluntarily state that their content is adult only.

This isn’t rocket science. We’ve rated content for decades. We simply can’t be obtuse about this and throw our hands up and do nothing because we can’t tell if obvious things like porn are adult only content the way we’ve done on every other medium.