| ▲ | rectang 4 hours ago | ||||||||||||||||||||||
> Better the nanny state than Nanny Zuck. why-not-both.jpg Maximizing corporate freedom leads inevitably to corporate capture of government. Opposing either government concentration of power alone or corporate concentration of power alone is doomed to failure. Only by opposing both is there any hope of achieving either. Applying that principle to age-verification, which I think is inevitable: Prefer privacy-preserving decoupled age-verification services, where the service validates minimum age and presents a cryptographic token to the entity requiring age validation. Ideally, discourage entities from collecting hard identification by holding them accountable for data breaches; or since that's politically infeasible, model the service on PCI with fines for poor security. The motivation for this regime is to prevent distribution services from holding identification data, reducing the information held by any single entity. | |||||||||||||||||||||||
| ▲ | AnthonyMouse 4 hours ago | parent [-] | ||||||||||||||||||||||
> Prefer privacy-preserving decoupled age-verification services, where the service validates minimum age and presents a cryptographic token to the entity requiring age validation. This is the wrong implementation. You require sites hosting adult content to send a header indicating what kind of content it is. Then the device can do what it wants with that information. A parent can then configure their child's device not to display it, without needing anybody to have an ID or expecting every government and lowest bidder to be able to implement the associated security correctly. It doesn't matter what kind of cryptography you invent. They either won't use it to begin with or will shamelessly and with no accountability violate the invariants taken as hard requirements in your theoretical proof. If you have to show your ID to the lowest bidder, you're pwned, so use the system that doesn't have that. | |||||||||||||||||||||||
| |||||||||||||||||||||||