Hacker News new | ask | show | jobs
by Fnoord 28 days ago
Which is true. Irma/Yivi [1] in NL/BE proves that to be the case. But it always works with a trusted third party. The client, after confirming auth with the human, generates a unique key for the platform. The platform asks the trusted third party to verify this key, and then a scope is defined. For example: 'is this person 18+?' the response to the platform is then 'Yes' or 'No'.

[1] https://yivi.app
2 comments
chopin 28 days ago
So, the trusted third party gets to know which sites you visit?
link
Fnoord 28 days ago
No, they don't have to (this is a common myth and FUD). That data can remain encrypted and private. For example, the token could be signed with the private key from person and TTP. They do know when people visit a website (or other entity requiring auth) but anyone with network access does.

All the platform gets to know a person 18+ is visiting their platform. In their data analysis, they could add such information to the rest of their data analysis such as IP, but this wouldn't be within scope (illegal in EU). Just worth it to mention in case a platform gets compromised.

So:

Username Bob, age 18+ (verified), from IPv4 1.2.3.4, visited PronHub, at 2 AM, with browser XYZ.

vs

Username Bob, from IPv4 1.2.3.4, visited PronHub, at 2 AM, with browser XYZ.

If Bob isn't logged in, they have to auth every time they visit.

And this is going to happen due to nefarious actors. LLMs (AI), as well as state actors in countries behind the other fence of Iron Curtsin in the New Cold War.

link
chopin 28 days ago
How can the third party not know I visited pronhub when pronhub verifies a token with the third party handed to me by the third party?

This may protect my privacy towards pronhub if I am not logged in. But not my privacy against the third party where I need to be logged in and who likely knows my real identity.

link
essentia0 28 days ago
No.
link
krageon 28 days ago
The third party is never trustworthy. Such a system is the death of all things good in effect - it makes a single party very attractive to compromise. Compromise is so easy in practice that imagining a group of people is preventing it at any kind of scale is purely magical thinking.
link