[hhh]

I think the way discords setup works is reasonable. It’s an on-device model that only submits the outcome of the scan to the platform.

I hope they just improve that performance, rather than see this and back out of it entirely and require ID checks.

[amoshi]

>It’s an on-device model that only submits the outcome of the scan to the platform.

And that's why it's been bypassed already

https://x.com/Pirat_Nation/status/1949036664132657225

[leshenka]

No way discord has enabled devtools haha

On the other note, can one attach chrome devtools to any electron application?

[jfyi]

It was available with ctrl+shift+I for forever in their desktop client. It only changed in the last 2 years or so.

Pretty sure it's just a flag somewhere to re-enable.

[Retr0id]

On-device models are excellent for privacy, but they are fundamentally broken from a security perspective. Preventing people from spoofing the results would involve locking them out of their own devices, via DRM.

[immibis]

You're treating this as a computer security problem when it's actually a political problem. It doesn't have to work to be mandated. It doesn't even have to work, for everyone to get a pat on the back and a raise for implementing it. Keeping minors away from porn isn't the point, the point is more like to scare people about being surveilled so they voluntarily won't watch it.

[hhh]

I understand, and think that there’s an acceptance criteria for some level of fraud tbh.

[FergusArgyll]

Paging @patio11

[subscribed]

Hardware attestation would be enough to clamp down on almost anything, ensuring the hardware and the os guarantee the outcome is not manipulated.

Not the broken anti-competitive Google play store integrity (which is passing for any handset not patched for the last 8 years but with Google buttplug in it, effectively nullifying assurances from the attestation), but a proper hw attestation.

[Retr0id]

You just described DRM

[astrange]

DRM mostly explicitly does /not/ function that way.

If you jailbreak an iPhone you can still use store apps and watch movies. You don't think that's just because Apple forgot about it, right? Or because the movie studios are merciful? They definitely aren't. It's because they think it'd be illegal to lock you out over it.

[Retr0id]

You are mistaken. DRM can work in a variety of ways but that is absolutely one of them.

Apple doesn't attestation as part of their DRM (afaik) because it wouldn't be very useful. An iOS jailbreak requires the kind of exploits that would break attestation anyway, so it adds little value.

Movie studios could require strong hardware attestation for playback, but in doing so they would limit the set of compatible devices. They are in fact a little merciful (if only because they care about their bottom line).

> It's because they think it'd be illegal to lock you out over it.

I wish.

[astrange]

One thing I've noticed is that when I post something here I know for a fact but that isn't common wisdom, nobody believes me.

> You are mistaken. DRM can work in a variety of ways but that is absolutely one of them.

Of course it can work that way. It's software, you can write whatever you want.

It doesn't though. If you prefer, they have chosen to believe this is what the law says because it's a good argument if some partner asks them to do it.

Similarly you can get banned from the eShop if you jailbreak your Nintendo Switch, but they don't stop you from using physical games. They could do that if they wanted to. Or rather, they could make you have to work around it.

[Der_Einzige]

That's the point!

We want a broken and easily bypassable system that only exists to make do-gooders think they did good.

[edm0nd]

I think this is the correct way too.

Some of the age verification systems that use digital ids (mDLs) do the same thing but people freak out about how they work because I think they misunderstand the tech.

They system basically asks the mDL via an api call "is this user above the age of 18/21" and the app only responds with a yes or no. It doesn't pass the users fulls details over or anything like that.

[MattPalmer1086]

Do these systems prevent linkability or allow the use of pseudonyms?

As in, if I repeatedly ask for age verification to the same service, does it know:

1) the identity of the user making the request, and 2) whether repeated requests comes from the same user (even if they don't know who it is?)

[ndriscoll]

My non-expert understanding is that in the short term mDL is linkable to a cert serial, but those are supposed to be regularly rotated. So you might have 2) for a day or whatever the rotation period is. I think I've seen it asserted that it is possible to have a ZKP framework that doesn't require this, but I don't know how that might work.

The age verification bills in the US at least also make it illegal to record that information, sometimes with high penalties (e.g. my reading of Texas's is that it is up to $10k per retained record).

[MattPalmer1086]

Thanks. Didn't know it was illegal to record it in the US - or does that vary by State?

There's a bunch of ways to achieve this privately. The work of Jan Camenisch on Anonymous Credentials and other things was done quite a long time ago now. It's a well studied field.

[rumblefrog]

Could you point to the source of the on-device model? Moreso for curiosity.

[michaelt]

No, but I can tell you that the moment you open the browser console, it stops scanning and marks the scan as failed.

The vendor is https://www.k-id.com in Discord's case

[a2128]

That just seems like a standard anti-tampering measure, I don't think it necessarily means the model is local or anything

[michaelt]

https://www.k-id.com/post/adapting-discord-for-the-uk-online... says that:-

> Identity documents are deleted after a user’s age group is confirmed, and the video selfies used for facial age estimation never leaves their device.