| ▲ | pyrale 3 hours ago | |||||||
you generate a random number and send it to website you want to visit. Website you want to visit generates a one-time private/public key for the purpose of this login attempt, hashes your random number, and sends the hash back to you. You connect to the government auth platform, auth yourself to your government, and ask them to sign the hash you received. You pass the signed hash as well as the original random number to the website you wanted to access (the original random number is used by the website to store the one-time key they generated for you). They can see it is signed by the government. They can see it is made with the hash they provided. You get access to whatever content you wanted. The website doesn't know who you are. The government doesn't know where you logged in. Sure, it won't hold up against collusion between website and government, but nothing would. the principles explained above are slight adaptations of PKCE authentication. | ||||||||
| ▲ | Ajedi32 3 minutes ago | parent | next [-] | |||||||
So now I have to get permission from the government to browse the web? And they can revoke that permission at any time? And we need a great firewall to block citizens from communicating with foreign websites that don't comply with this scheme? This idea is worse than facial scanning, by a lot. (Better idea is OS level parental controls combined with government-mandated content tags to let the OS know what content is child-safe.) | ||||||||
| ▲ | LudwigNagasena 3 hours ago | parent | prev [-] | |||||||
> Sure, it won't hold up against collusion between website and government, but nothing would. Right, so it's just privacy theatre. | ||||||||
| ||||||||