- cross-posted to:
- privacy@programming.dev
- privacy@lemmy.ml
- cross-posted to:
- privacy@programming.dev
- privacy@lemmy.ml
You must log in or # to comment.
The intentions are good.
As if, state surveillance is not a good intention. If it was really about protecting minors, there are many more useful and less invasive measures that haven’t been taken yet. And why only minors, anyway? Most social media platforms are harmful and predatory for adults, too.
I think that would be even harder to track. And I fear this will include those use cases as well. It can go downhill very easy from here
Which other measures would be a good idea?
- Make continuous scrolling in social media illegal.
- Make a setting mandatory which (when active) only shows posts from the people you follow. That should stop the attention seeking crap that appears in everyone’s feed. The user didn’t ask for random information, they want info on the people they follow.
The most effective measure is to forbid “algorithms” to show content
Forbid (personally) targetted advertising and half job is done. Suddenly user data lose a lots if value and most dark patterns are centered around the gold that is the data. That said algo should be forbidden too, I agree with you. Or at last opt-in with warning like the ones on cigarettes (algorithms cause harm to your brain).
So, something more akin to how forum boards did it?
Just like here. There no hidden algorithms to hook people up. It’s just content you follow or what’s new or upvoted. It doesn’t analyze what I do to try to push stuff for me
Directly punishing companies that are predatory towards children would be a good start
But that would hurt their revenues. Can’t anyone think of the economy™?
“We’ve tried nothing and we’re all out of ideas!”
using zero-knowledge proofs
Can I get an explanation of what it actually does from someone who knows at least more than I do about cryptography, which is to say more than nothing? I still haven’t seen one anywhere. Do I really need to go find the source code and try to read it myself to figure it out?
In this case, it just means that the website is given a boolean indicating whether you are over 18 or not, without your real age being given.
In cryptography, a zero-knowledge proof (also known as a ZK proof or ZKP) is a protocol in which one party (the prover) can convince another party (the verifier) that some given statement is true, without conveying to the verifier any information beyond the mere fact of that statement’s truth.
I know what a zero-knowledge proof is and have read and understood a description of the well-known one relating to proof of age. That is not a sufficient explanation as to how it is applied in practice here — if indeed it is. I’ve seen it claimed elsewhere that it isn’t. But in any case it wouldn’t solve the whole problem of proving whose age it is that’s being established.
Edit to add: Upon preliminary investigation it seems like it uses OAuth in the protocol? But it is claimed that no identifying info is stored “in the app”. Does this mean that the OAuth client_id and any associated public keys are somehow kept secret from the attestation provider when you show it your passport to get the age attestation? Because otherwise it would be personally identifying info. If there’s no identifying info, is it therefore possible if you’re 12 years old to get an older kid to use their ID to get your phone age-attested and then there’s never any possibility it could be traced back to them? I just can’t make sense of it. It seems probable that the privacy claims are an illusion or a lie, but too many people seem to be swallowing them instantly and not noticing that taste.
I doubt it can be both private and secure. And don’t even get me started on workarounds. What if I verify more phones with my id? And sell them to minors, or example. It can get dark pretty quick.
Very well-written article, and I do agree with the “least bad” sentiment. I would rather this app didn’t have to exist in the first place, thogh. And the article doesn’t really go into detail if the ID really is only used to create a “above 18-token”, or if it is somehow stored, but I understand what happens serverside is hard to go into. I hope that it isn’t stored, or there’s gonna be leaks.
I would hope this goes the chat control route, but I don’t think it will be the case
I find funny and silly that people managed to develop bulletproof DRM so you can’t steal a 4k Netflix show in any way but building reliable adult check so kids can’t just click “I’m older than 18 y.o.” on porn site is a total mess.
I find funny and silly that people managed to develop bulletproof DRM so you can’t steal a 4k Netflix show in any way
Hmm. Did they?
Anyway, dystopian surveillance is not that hard technologically. It’s just politically and legally difficult and quite expensive.
Tell record labels that if they make a working, near foolproof age verification algo, they’ll get a 30 years of copyright extension for free. They’ll fix it today
BTW, here’s how this “bulletproof” DRM works:
-
There’s a special chip in your computer that decodes the stream. We all pay extra for electronics, the sole purpose of which is to make your property serve someone else.
-
The decoded signal is then sent to the display. To prevent it being recorded, the cable signals that the stream must not be recorded. This is where it gets funny. Messing with CPUs and GPUs is not something that can be done. Cables is a different story. IDK if they cracked down on this yet. Some years ago, when you ordered the cheapest cable from Asia, it simply did not transfer the DRM signal. It’s an unnecessary expense. Of course, even using such a cable may be a criminal offense.
-
I rather have the latter honestly, if the user can run abritary code and has physical access there should be nothing they can do exert control, any attempt to otherwise is artificial technical limitation, the end user who owns the device should have the absolute right of running arbritary code on their device free of any artificial teachnical limitation imposed by anything or anyone other themselves, with the exception of if the user is not capable of making their own choices responsibily (e.g children, in this case their legal guardian should be the one in their place)
