Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
Nursie 7 hours ago

I mean, your example of the ATO there isn't even an age verification thing, it's a defective clone of OIDC, so by that logic we should ban all SSO or identity delegation solutions?

Because we don't believe anyone will ever use the standards in this area, despite loads of companies and government bodies actually using OIDC already?

I'm not really sure what you're driving at.

shakna 6 hours ago | parent [-]

> I mean, your example of the ATO there isn't even an age verification thing, it's a defective clone of OIDC, so by that logic we should ban all SSO or identity delegation solutions?

MyGovID _is_ an age verifier. Sorry. The successor after the rebrand, is called myID [0], and advertised as:

> myID is a secure way to prove who you are online.

---

> I'm not really sure what you're driving at.

Clearly. You seem to think that because it might one day be done correctly, by one group, the rest of the world is safe. However, over in this reality, we have fuck ups by governments and private corporations, who are the people the rest of the world actually deals with.

You cannot enforce these real groups, to actually follow good practices. Thus, in practice, everyone gets fucked when you bring in these laws. Because it will always be done the wrong way, by someone.

[0] https://www.myid.gov.au/

Nursie 5 hours ago | parent [-]

> The successor after the rebrand, is called myID [0], and advertised as:

It's an identity scheme and SSO solution for accessing government services. As said at [0] in the "What is myID" section.

I sincerely hope that they're using something standard and well tested like OIDC behind the scenes this time, because otherwise it's ripe for another fuckup like the one you linked. If it is also used for age verification that appears to be secondary.

> You cannot enforce these real groups, to actually follow good practices. Thus, in practice, everyone gets fucked when you bring in these laws. Because it will always be done the wrong way, by someone.

So we need to stop the Australian government from ever using an SSO/identity solution again because it can't be trusted to do it properly, having messed up in the past, and the rest of us have had to live with the consequences. And as they aren't the only ones to have messed up, companies do it all the time too, we should also ban all identity and SSO solutions (because that's what we're talking about in this thread, banning of age verification, not mandating it).

I don't think you get to call out age validation as a uniquely hard problem that cannot possibly be made safe, but allow other identity-style services a pass. There are many areas in which we (through the government) can and do mandate good practice, both by government and private entities.

[0] https://my.gov.au/en/about/help/digital-id