Kraiden
@Kraiden@piefed.social
- Comment on Online age-verification tools spread across U.S. for child safety, but adults are being surveilled 1 day ago:
As I’ve said elsewhere, yes in a perfect world it would be on the parents to enforce this, but that doesn’t mean we should do nothing on the social media side. It’s also the parents responsibility to prevent underage drinking and smoking, yet we still restrict those at the point of sale.
I’m for age restrictions on social media, and yes there are arguments against it, but I’m not really interested in having that conversation.
less invasive alternatives
This is exactly what I take issue with. It’s a false dilemma. The assertion that you can’t have age verification without the invasion of privacy and destroying online anonymity in the process IS FALSE. You CAN have both. THIS is the grift in my opinion.
- Comment on Viral anti-masturbation app exposed sensitive user data 3 days ago:
- Comment on Online age-verification tools spread across U.S. for child safety, but adults are being surveilled 6 days ago:
Oh 100% I do not trust the current govt. to do this properly! Like I’ve said elsewhere today, I just want people to know that it IS possible, and the idea that you HAVE to give up privacy to keep kids safe online is a false dilemma.
As for the second certs usefulness, it’s got enough information in it to prove that the parent cert was issued by a trusted issuer. It’s like a stamp of approval. A really bad analogy is if I take an official birth certificate, and cut it up in such a way that the official seal and the year are still connected by a thread of paper. You can tell that it was an official document issued to someone born in 1990 for example, but nothing else. Again, that’s a really bad analogy because it’s not a new cert, and contains the birth year, so it’s not the same.
This is all based on something called Zero Knowledge Proofs, that I don’t even pretend to completely understand, but it’s a whole field of study, meant to solve exactly this kind of problem. Currently watching this myself
- Comment on Online age-verification tools spread across U.S. for child safety, but adults are being surveilled 6 days ago:
Yes you need to prove yourself to the issuer, but that’s no different to proving yourself to the dmv to get a driver’s license. But this is the START of the process, not the end.
Once that process is done, like with a drivers license, the issuer gets no further information on what you do with it.
A SECONDARY cert that contains no PII is what Meta get sent.
Even if Meta sent that cert to the state, the ONLY information they could get from it is that it was state issued, and that it was issued to someone over 16.
The point isn’t to obscure the information, it’s to not send it in the first place.
There is no relation to the blockchain. There is no “chain” here to trace back. This is just an extension on regular old school cryptography. The only provable link is that the parent cert was generated by an authority. There is no way to tell if a 3rd cert was generated with your parent cert or mine
- Comment on Online age-verification tools spread across U.S. for child safety, but adults are being surveilled 6 days ago:
you’d have to trust the code and to be an approved system would require the government to sign off on it
No! That’s the great part, because it’s just fancy crypto maths, there’s no reason it couldn’t be a FOSS app. Estonia has several 3rd party providers, and they do get certified, but that’s not a necessity
So turn it off.
Tell that to the people in China. Seriously, if you get a chance, read the article I linked. It’ll do a much better job than I ever could at explaining why what you’re describing is just about the worst possible solution to this problem imaginable.
- Comment on Online age-verification tools spread across U.S. for child safety, but adults are being surveilled 6 days ago:
My idea is already in place
Yes, and by turning it on you are opting in to allowing your ISP to decide what information you get access to. Making that the default is a TERRIBLE idea.
your ID that is linked
There is nothing linking your account to you IRL. This is what I’m having a really hard time getting through to people. That situation cannot happen. “The people who wrote the system” don’t at any stage get access to information that could expose you. Your data never leaves your sphere of influence. That’s what makes the system so great.
Only proposal I’ve liked is being able to buy tokens at a store without any ID being logged and buying new ones when it expires. Like the mullvad VPN gift cards.
Yes! What I’m trying to describe is that process, but in a digital space. Swap the store with a LOCAL app (ie: one that doesn’t phone home, and can generate the tokens on your device), and swap the ID with the cert file, and you’ve got the same process in the digital space, with all the same benefits
- Comment on Online age-verification tools spread across U.S. for child safety, but adults are being surveilled 6 days ago:
People will find a way around verification
Sure, but that’s true regardless of implementation. Your Great Firewall approach is by far the easiest to circumvent, and comes with by far the biggest drawbacks. Even worse than handing a face scan and a copy of your ID to every website that asks.
To have a perfect system
Who said anything about perfect? The system is NOT perfect. What it IS though, is private, and better than the alternatives.
You either accept that system isn’t perfect or push for complete surveillance.
Says who? It doesn’t have to be that black and white. “Don’t let perfect be the enemy of good” as the saying goes. You don’t have to accept your privacy being violated, AND you don’t have to just roll over, give up, and let kids access anything they want.
You seem willing to risk what will turn out to be surveillance
No. My whole point is that the privacy/anonymity and age verification are NOT mutually exclusive. You CAN have both.
I’m more skeptical and not trusting of those in charge
Your idea LITERALLY lets those in charge decide what information you get access to, so maybe you should be a little more skeptical.
how much someone trusts their government and corporations
I trust neither. That’s why I like the system I’m describing. It puts ME in charge of MY data, and gives me controll over who gets to use it, and exactly what they’re allowed to do with it
- Comment on Online age-verification tools spread across U.S. for child safety, but adults are being surveilled 6 days ago:
verification necessarily ties your device to your personal identity
needs to be an identifier associated with every device/account
I think you’ve misunderstood. Neither of these statements is true
If there were any possibility that a state actor had interest in identifying my personal identity of this account, and there was a record that pointed to my name, SSN, or other unique personal identifiers
That’s the whole point. This isn’t possible. There are NO identifiers ANYWHERE that link your account to your real world credentials.
if it’s being verified by a state authority at all
It’s not. At least not in the way you’re thinking. You are issued a file, like you are issued an id. This could be done from any device anywhere, and could theoretically be copied and moved around to other devices. This file is cryptographically SIGNED by the state.
Meta then send you a request with their own cert.
The third party then generates a 3rd cert that JUST verifies that you are of age, and contains NO other PII. It uses a combination of signatures from the request and your credentials file to generate this.
The result is that Meta can verify that this new cert was generated in response to their request, that it was based off of an authentic state credentials file, and that the user is of age. That’s it. Not the exact date of birth, no names, addressses, ssns or anything. JUST “user is >16.” There are no identifiers, and no way to tie it back to you IRL.
The state get absolutely no indication that any of this has gone down at all. The 3rd cert is verified off of a universal public key
- Comment on Online age-verification tools spread across U.S. for child safety, but adults are being surveilled 6 days ago:
Ok, lets start from an age verification POV: What you’re suggesting is at the account level. If YOU want to access social media, then everyone in your household gets access to is as well. Even if YOU decide you don’t want it, nothing stops your kid from connecting to your neighbours wifi, or going to their friends house, or even public library/cafe wifi. It will not address the core issue.
On the flip side, you’ve now given your ISP permission to decide what information you are allowed to see. Sure they may block porn, and social media, but hey, maybe “kids” shouldn’t be allowed to access information on LGBT issues, or political ideologies, or “upsetting” news about unrest at home or abroad. If YOU want to access that information, well that’s ok, we’ll just add you, along with the address of service, and all your contact information to our “whitelist”
Believe me, it’s the wrong approach
And I dont care about the social media justifications for verification anymore. You, me, and many other people accessed the Internet at a young age and turned out fine.
Actually there’s mountains of evidence to the contrary here. It’s pretty widely accepted now that social media is not a place for children.
This hysteria of parents not wanting to take responsibility for raising and monitoring their own kids and demanding the government remove everything seems like boomers back in the day wanting games banned.
In an ideal world, you’re right, parents would be responsible for protecting their kids, but we’re not in anything remotely like an ideal world. You could say the same about anything. It’s the parents responsibility to prevent underage drinking or smoking too, yet we still do what we can to restrict those at the point of sale, rather than just shrugging and going “Not my problem”
- Comment on Online age-verification tools spread across U.S. for child safety, but adults are being surveilled 6 days ago:
What you’re describing is essentially the Great Firewall with an exemption form. It wouldn’t solve the problem of underage access to social media, and it would cause a whole slew of other, worse problems in it’s place. For so many reasons I don’t even know where to start, no!! Don’t do this!!
- Comment on Online age-verification tools spread across U.S. for child safety, but adults are being surveilled 6 days ago:
Yep, you’re not wrong. The people currently pushing for age verification are specifically doing it to destroy online anonymity, because they realise what a threat it is to them. I just want people to understand that they are peddling a false necessity. You do NOT need to give up privacy or anonymity to have a viable age verification system. Like I said in another comment:
At some point, I sincerely hope that the current regime will end and be replaced by something more sane. At that point, I don’t want people to immediately think “age verification = bad”
- Comment on Online age-verification tools spread across U.S. for child safety, but adults are being surveilled 6 days ago:
Sure, but I have 2 counterpoints:
There’s no reason the 3rd party app needs to be proprietary. This is starting to get technical, but my understanding is that you get a cert from the requester, and it’s the combination of that with the state issued magic cert that’s used for validation. The 3rd party app is essentially just a calculator. It doesn’t need any certs of its own
That’s an implementation detail. My argument is that it’s the implementation that’s the real cause for concern here, not the idea
- Comment on Online age-verification tools spread across U.S. for child safety, but adults are being surveilled 6 days ago:
it’s that it is digitally stored and certifiable at all
I fundamentally disagree with this. First off, that ship has sailed. Your data is already digitally stored. The problem is that it’s stored outside of your control and accessible without your consent. This system addresses those issues.
The most secure data providers in the world have all basically had data breaches
There is no technical reason your data ever needs to be on a device that is outside of your control. The 3rd party is just a local app, with local data storage. In other words there shouldn’t BE a massive database that can be breached. Sure, your device can still be breached, or stolen, but so can your physical wallet. Your device being stolen shouldn’t leak my data.
for what purpose are we willing to gut privacy online
I’m not. I’m trying to explain that giving up privacy is NOT a requirement for age verification
So it’s marginally more difficult for minors to obtain porn?
I’m actually thinking about social media. There’s plenty of data to suggest that underage access causes severe harm, that can and has led to suicides. This is a problem with a body count.
De-anonymization has always been the goal, not ‘protecting the children’.
100% agree. I just want people to understand that it IS a smokescreen. “Age verification” is a GOOD IDEA that is being used as a cover. Recognize the underlying threat, absolutely, but also recognize the good idea that’s being used to hide it.
- Comment on Online age-verification tools spread across U.S. for child safety, but adults are being surveilled 6 days ago:
I mean, yes, it’s the same process. It’s just moving the convenience store to your phone, and instead of being issued a physical ID by the dmv or whoever, you’re given a digital one. To be clear, that ID, and therefore your information is stored locally on your device, not in a server somewhere.
- Comment on Online age-verification tools spread across U.S. for child safety, but adults are being surveilled 1 week ago:
No I’m not! I’m in 100% agreement with you that this has nothing to do with protecting children! Age verification, if done properly, is a good idea, that I’m completely for. But you’re right, this isn’t that. This is a smokescreen.
I just want to be sure that people understand that they ARE using a good idea as their cover here. It CAN be compatible with privacy and anonymity, and it is a good idea to stop young children engaging with the cess pit that is modern social media.
At some point, I sincerely hope that the current regime will end and be replaced by something more sane. At that point, I don’t want people to immediately think “age verification = bad”
- Comment on Online age-verification tools spread across U.S. for child safety, but adults are being surveilled 1 week ago:
There is no technical reason it couldn’t be decentralized. It’s a file handed to you by a trusted issuer, like (not American, so guessing:) the dmv. From that point on it should all be local processing to generate the child certs. It doesn’t need to phone home until the credentials expire.
Again, the implementation is the problem
- Comment on Online age-verification tools spread across U.S. for child safety, but adults are being surveilled 1 week ago:
Swap the convenience store for an app, and the ID for a digital cert, and ye basically!
Any Estonians reading, please feel free to correct me
- Comment on Online age-verification tools spread across U.S. for child safety, but adults are being surveilled 1 week ago:
Have a look at my other comment. It’s possible
- Comment on Online age-verification tools spread across U.S. for child safety, but adults are being surveilled 1 week ago:
Have a look at my other comment. That’s essentially what you’re describing
- Comment on Online age-verification tools spread across U.S. for child safety, but adults are being surveilled 1 week ago:
And because someone will probably ask, this is my understanding of how it would work for age verification (I am not an expert):
There are 3 parties in this scenario. The Estonian state, Meta, and a 3rd party (which is currently a real 3rd party, but work is being done to allow this to be a digital wallet on your device, that you control)
The state issues your 3rd party a magic cryptographic cert that has all your personal data like dob
Meta issue an age challenge: Not “what’s your dob” but rather “Are you old enough to use this service?”
3rd party show you exactly what Meta are requesting and give you the option to approve or deny the request
If you approve, the 3rd party generate a new cert that JUST says “Yes I’m of age” and nothing else.
Because it’s been generated from the states magic cert it can be verified with their public key.
Meta don’t get more info than they need, the state can’t see that you’ve logged into Meta, but you’ve successfully proved you’re old enough to use the service.
The current weak point is that the 3rd party can absolutely see all of it, but there’s no reason the 3rd party has to be an external service. It could absolutely be an app on your device.
You still need to prove yourself to the state, but you’d have to do that to get an id card in the first place. It’s WAAAAY better than trusting all the different porn sites and social media services individually to not leak or misuse your data
- Comment on Online age-verification tools spread across U.S. for child safety, but adults are being surveilled 1 week ago:
I’m going to copy and paste a comment I made elsewhere:
The problem with age verification is VERY much in the implementation. It IS possible to do age verification without having to identify yourself to Meta/PornHub/Whoever. It IS possible to maintain privacy, AND restrict things like porn and social media to those who are of age. Look at how the Estonian system works, it’s brilliant. The problem isn’t age verification, it’s the blatant data grab that is currently trying to destroy your online anonymity…
- Comment on Looks fine to me 1 week ago:
As someone who is currently feeling disheartened at… gestures wildly… I thought a nice, light piece about a botched art restoration in Spain would be a safe reprieve… But nope, you managed to tie it back in to world politics. Congrats I guess.
I think I need to get off social media for a bit.
- Comment on New Zealanders' biometric information and other sensitive data may be handed over to the United States government under a new border security agreement between the countries 2 weeks ago:
Chloe Swarbrick for an NZ specific example
- Comment on Floating turbine towers above — the S1500 hovers to harvest wind at 131 feet 2 weeks ago:
African or European heifers?
- Comment on All this for a banana bread recipe 2 weeks ago:
Hey, I’ve replied to the parent comment with a description of how it works
- Comment on All this for a banana bread recipe 2 weeks ago:
Sure! I’m far from an expert, but this is my understanding of how it would work for age verification:
There are 3 parties in this scenario. The Estonian state, Meta, and a 3rd party (which is currently a real 3rd party, but work is being done to allow this to be a digital wallet on your device, that you control)
The state issues your 3rd party a magic cryptographic cert that has all your personal data like dob
Meta issue an age challenge: Not “what’s your dob” but rather “Are you old enough to use this service?”
3rd party show you exactly what Meta are requesting and give you the option to approve or deny the request
If you approve, the 3rd party generate a new cert that JUST says “Yes I’m of age” and nothing else.
Because it’s been generated from the states magic cert it can be verified with their public key.
Meta don’t get more info than they need, the state can’t see that you’ve logged into Meta, but you’ve successfully proved you’re old enough to use the service.
The current weak point is that the 3rd party can absolutely see all of it, but there’s no reason the 3rd party has to be an external service. It could absolutely be an app on your device.
You still need to prove yourself to the state, but you’d have to do that to get an id card in the first place. It’s WAAAAY better than trusting all the different porn sites and social media services individually to not leak or misuse your data
- Comment on All this for a banana bread recipe 2 weeks ago:
So yes, given the state of the everything in the US right now, yes, do this.
But please know, the problem with age verification is VERY much in the implementation. It IS possible to do age verification without having to identify yourself to Meta/PornHub/Whoever. It IS possible to maintain privacy, AND restrict things like porn and social media to those who are of age. Look at how the Estonian system works, it’s brilliant. The problem isn’t age verification, it’s the blatant data grab that is currently trying to destroy your online anonymity…
Having said that, for fuck sake don’t let the current people in charge do this! It will be a fucking Big Brother style surveillance nightmare.
- Comment on pls? 4 weeks ago:
the text only this meme makes Saul look like an eyeless, mouthless lovecraftian horror… I love it!
- Comment on Sick days 4 weeks ago:
Ok, ye! That sounds like a better system! I mean it’s essentially the same, but our “couple of weeks” is cumulative, which is worse
- Comment on Sick days 4 weeks ago:
I’m curious what that looks like in practice. I’ve heard about places that offer “unlimited sick leave” but really in practice that means that you’re basically scrutinized every single time you take it, and people end up too scared to use it because they don’t want to be seen as abusing the system. At least with a set amount, you’re only really looked at funny if you go over. (or if you take it all at once, but then you need a medical cert)
So if you have a cold, and just need a single day, do need to produce a medical cert? What about culture-wise, do people look at you funny in that case?
