[miellaby]

Beyond all the hystery around this topic, I feel like blocking porn site to minors is a reasonable requirement and it can be done with no privacy concern neither on the site side nor on the government side. It's a straightforward usage of basic crypto tools.

Says: - the porn site creates a challenge and send it to the browser. - the browser goes to the governmental service where one uses tax ID or the like to prove age. The service returns a challenge answer encoded with the government private key - the browser goes back to the porn site with the answer. The porn site uses the public key to decode the governmental response and validate it does correspond to the challenge.

As I see it, theres no PII that the site can get, no history leak on the government side, no excessive centralisation, nothing frighting really.

Do I miss something?

[grayhatter]

> Do I miss something?

The point of the article? The idea that I shouldn't have to ask my government for permission to view information/media? The fact that this absolutely will doxx your privacy to the government?

I'm all for, "wont somebody think of the children", but IMO protecting children is a 'solved' problem. When a child runs into the street we blame the parents, we don't install gates down every sidewalk. When a kid is seen riding a bike without a helmet, again, we don't decide that you need to send your government a selfie before the tires unlock.

Sites do have a responsibility to ensure people don't misuse their content. But liquor stores only ask for ID when you try to buy a dangerous substance, they don't make you ask your government for permission.

And that works flawlessly, fake IDs definitely aren't a thing, and I'm sure the same applies to this online ID thing.

Edit: I had 2nd thoughts about this because I don't like to make slippery slope arguments but this one seems worthy of consideration at the very least. Once this exists, all sites dealing with fraud will start to use it. Which Will have a DOS effect on government servers, which means they will try to mitigate it by requiring the requesting site provide a site ID and unique ID for the request. So much for any of the features that people expect might protect some privacy.

[takinola]

> The fact that this absolutely will doxx your privacy to the government?

Done properly this will not reveal your online behavior to the government any more than using your government issued ID card to enter a bar leaks your location to the issuing party.

Now, whether governments should have the right to restrict access to certain types of information and media based on age is a different question

[grayhatter]

> Done properly this will not reveal your online behavior to the government any more than using your government issued ID card to enter a bar leaks your location to the issuing party.

This is incorrect, and a gross misunderstanding of how either network requests on the internet work, or crypto... likely both.

Are you really saying someone looking at an ID card is the same as my computer sending a request containing my ID to a government entity, and waiting for a response?

[takinola]

Here’s an idea for how it could work while preserving your privacy.

1. User verifies their age with a trusted party (which may or may not be a government body)

2. User requests a token from the trusted party. The token is signed so 3rd parties can verify it. The token also includes the public key of the user so 3rd parties can verify whom it is for

3. The user shares this token with the 3rd party site, who is now able to verify the user’s age. Note, the 3rd party site never has to contact the issuer of the token other than to get their public key.

With this model, the token issuer is not able to connect the user to the 3rd party site directly.

We can, of course, think about possible attacks but this is just a basic illustration of the possibilities.

[dontupvoteme]

>Done Property

Why would it ever be?

Either incompetency or Malevolence will make itself manifest.