Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
palata 2 days ago

I think it's easier and safer to complain about everything than to actually have a nuanced and informed stance.

Look at age verification: it's very easy and very safe to say "nobody sane would think that it is a good idea to force people to show their ID to every website they want to access, it will obviously leak the IDs, that is very bad!". While it is not wrong, it is manipulative: that is not the only way to implement age verification. In fact, there is technology that exists that would allow age verification in a privacy-preserving manner: some service that already have access to your ID can give you a token that proves your age, and you can then use this token to access a website. The service cannot know where you use the token, the website cannot know your ID, and they cannot collude.

So the constructive debate around age verification is this: assuming we implement it properly (i.e. in a privacy-preserving manner), is that something that we want or not? Does it solve a problem, or at least does it help?

But we cannot ever elevate the debate to that level, because nobody can't be arsed to get informed about it.

soco 2 days ago | parent [-]

But ironically exactly the people in the better place to influence that half-arsed implementation are those who comment here - instead of influencing said implementation. Somehow what we do ourselves at work is always good and nice and perfect (while what others do is brain-dead and pointless). Now okay you could say an engineer is too small to change politics, but how about 100 engineers? Thousands? If the whole practice would say loud "whoa this doesn't fly" I bet the decision makers would listen. But no, most of the techies will say "okay whatever let's do it" then (maybe) come online to complain.

palata a day ago | parent [-]

The thing, I believe, is that engineers are just people. They also have strong, uninformed opinions. It's not like every engineer is an expert in cryptography, right?

For instance, there is a large consensus against ChatControl, agreeing on the fact that it's impossible to let the good guys decrypt arbitrary data without opening it to the bad guys. As a result, I don't think it's still a debate: the EU won't ask to weaken the encryption. Now an alternative to that is stuff like scanning the messages on the device (which technically does not break the encryption) and report them when it makes sense. There is a problem with that, too: in order to detect "illegal" content, someone has to decide what is illegal. And because it evolves, probably it's a list that can be updated remotely. And whoever controls that list has some surveillance power we may not want to give anyone (I know I don't).

It seems to me that this second issue took more time to get traction, but now engineers generally understand it. So if a politician asks, they can say "you can technically do that, but you are building a dangerous surveillance apparatus". It doesn't mean that the politicians won't want it, but at least they should understand the technical stance on it.

So for ChatControl, engineers seem to understand the problem, and the consequence of that is that ChatControl hasn't passed. At least not yet, and now I think those in favour have to convince enough people that building those surveillance tools is a good idea.

For age verification it's a lot different, IMO. There is a website dedicated to it: https://ageverification.dev/, explaining how they want it to be privacy preserving, which is technically possible. But still, there doesn't seem to be a large consensus about this (see the comments on HN). Many, many engineers keep saying "it is not technically possible", which is wrong. Maybe it is not desirable, which is a different debate. But it is technically possible.

What does that mean? Well for age verification, from what I see the "engineers community" is not credible at all. I can't get anything from it "as a community" other than "people yell many things, many of them being factually wrong". Many will say "not only it's not technically possible, but ON TOP OF THAT it is not desirable", but why would I listen to their second point when I can verify that the first one is already wrong?

It's always the same problem: not every opinion is worth the same. The opinion of an expert is worth more in their domain of expertise. So you can't just run a poll on HN and go with its result, right? In the case of age verification, for instance, it seems like the EU has been talking to actual experts, because https://ageverification.dev/ seems pretty good.

I feel like many engineers yell against it because they don't like the idea of age verification, not because it's technically bad. Which is a fair stance to have. But the honest way to defend it is by actually talking about why they think privacy-preserving age verification is a bad thing. Claiming that it is not technically possible is either uninformed (and therefore not credible) or manipulative, IMHO.