Hacker News new | ask | show | jobs
by AnthonyMouse 49 days ago
> A properly designed government app

Oof, that's not a great premise to take as a requirement right out of the gate. More counterexamples than examples for that one.

> that uses cryptography to generate a deniable token that can't be cross-correlated but proves your humanity/age

If it's actually deniable/anonymous then how would it work for rate limiting? If you can't correlate their activity then you don't know if the million requests are a million people or one bot with a million connections. If you can correlate their activity then it's not anonymous.

Moreover, it's a false dichotomy that we should be doing either of these things. The better alternative to corporate surveillance isn't government IDs, it's no surveillance.
1 comments
ForHackernews 49 days ago
A site can still choose to have a login system if it wants to. Sites can still rate limit based on IP address or cookies or whatever they use today.

The idea would be to use ZK proofs to demonstrate that "yes, this anonymous request is from a client acting on behalf of an adult human EU citizen" - that's something that is not easy to do today.

link
AnthonyMouse 49 days ago
> A site can still choose to have a login system if it wants to. Sites can still rate limit based on IP address or cookies or whatever they use today.

So then you don't need either attestation or government IDs, right?

> The idea would be to use ZK proofs to demonstrate that "yes, this anonymous request is from a client acting on behalf of an adult human EU citizen" - that's something that is not easy to do today.

But how is that even useful? Is it good to exclude real people from Korea or South America? Do we really expect criminal organizations or for that matter even children to be unable to find a single adult EU citizen willing to anonymously loan them an ID?

It's about as plausible as criminals being unable to run their code on a device that can pass attestation. They're both authoritarians with a conflict of interest trying to foist a hellscape on everyone under a pretext their proposal can't even really address.

link
darkwater 49 days ago
> It's about as plausible as criminals being unable to run their code on a device that can pass attestation. They're both authoritarians with a conflict of interest trying to foist a hellscape on everyone under a pretext their proposal can't even really address.

How is the system proposed by GP authoritarian? It's not actually giving away any real PII. We could just argue that it would make Internet less usable for "illegal" immigrants who don't have a Gov ID - whcih can be seen as a problem already in itself, but still doesn't make that solution "authoritarian".

link
AnthonyMouse 49 days ago
> How is the system proposed by GP authoritarian? It's not actually giving away any real PII.

These proposals have two major flaws.

1) They're predicated on a secure implementation, but any government-mandated system is going to be instantaneously ossified. Everyone will have to interface with it and then lobby heavily to prevent it from changing and requiring them to do more work. The initial implementation therefore has to be perfect. Free of not just current but also future vulnerabilities. That has never happened before and isn't likely to. But then you're proposing something with an extremely high probability of permanently compromising everyone's security as required by law.

2) They're structurally authoritarian.

Suppose the initial implementation was actually secure. I can even propose one: Every adult ID has the same QR code on it which you have to scan to be let in. There is no way of distinguishing any of them since they're completely identical even between different IDs, but only the adult IDs have them.

Great, now you just have to scan your ID to be let in. Papers, please. Are ordinary people going to be able to distinguish this from what comes immediately after, when they say the anonymity is causing kids to be let in so they're going to make the QR codes unique, allowing them to track everyone and find out who is lending a kid their ID? Then the infrastructure is already in place. All they have to do is change the implementation out from under you and it's an instant panopticon. Turnkey mass surveillance is authoritarian even if you haven't turned it on yet.

> We could just argue that it would make Internet less usable for "illegal" immigrants who don't have a Gov ID

We're talking about the internet here. People are required to be neither immigrants nor illegal for them to be citizens of another country.

link
ForHackernews 49 days ago
You're moving the goalposts. I was responding to your claim that any verification system involves the government getting a complete record of all online activity.

If you're willing to admit this is entirely possible from a technical standpoint, there's a separate question about how useful/valuable it is.

Making it harder for children to access extreme pornographic or violent content seems useful to me. Many advertisers want to be able to say they've shown ads to a human not a bot. Humans in WEIRD* countries have more valuable eyeballs than humans in the developing world.

If you don't solve for those use-cases in a privacy preserving way, adtech will do it in an intrusive way - which is what Google are doing in the OP.

*"Western, Educated, Industrialized, Rich, and Democratic"

link