| HN Mirror

Y	Hacker News new \| ask \| show \| jobs

by mindslight 310 days ago

It's the old dynamic when customary things are made into digital systems, those digital sytems need to be perfect because exploiting the flaws is also made extremely efficient.

Someone else sitting next to you follows meatspace rules. They need to know a minor, be trusted enough to be reasonably left alone with said minor, and they will also be aware of possible legal consequences for facilitating a minor's access to porn. Society has been dealing with this for quite a long time.

This extends to directly using someone else's ID from behind a keyboard - whether they trust you (above scenario), or you've got remote access to their system (rare), or it's the type of ID that is copyable from data leaks (revokable, I guess). The barrier is still pretty high.

Whereas if parties are able to run any software of their choosing, the ZKP approach allows anybody on the Internet to decide to "help out" with minors viewing porn. Either for some ideological cause (which might not even be about helping 17 year olds access porn, but rather just about privacy with distrust of fancy crypto), or simply for money or other things of value.

The basic promised properties of the ZKP approach are that that the ID provider won't know what sites you're going to, and that sites won't be able to get your identity, right? The first one removes the downside to an individual creating extra credentials for others - they must just like porn sites more than the average person. And the second one makes it so abuse of issued proofs can't be traced back to the person granting use of their ID. So in real world usage, something has to give about this situation.

With the way the computing landscape is setup, that something is likely to be focusing on the ability to split the client into two parts being run by different parties. There are alternative responses, of course - one would be to gradually walk back the security provided by the ZKP, spilling more and more information to the site.

But treacherous computing (aka computational disenfranchisement) seems to be what people used to customary meatspace systems reflexively reach for when confronted with the frustrating realities of clients having computational freedom. And as I pointed out, the UK system is already demanding treacherous computing, and Google has already been pushing it for their own purposes.