I think the biggest problem is that the amount of tension you need to apply to hold the binding pins can vary quite a bit, and it's hard to build a mechanical device that can feel with enough fidelity to figure it out.
> In the sense of the word that means people who write code, not people who break into things
It would be like if you were going over a list of pros and cons and when you got to the cons some guy was like "wow, you work with criminals, huh?" Then you tell him not that sort of con and he says "yeah, typical nerd bickering".
Phil, based on this summary and reading the emails about what went down between you and Nick, you sound like an absolute lunatic. He mocked you once back in 2017. He set up a satirical website that had a single joke: you as obsessed detective, sniffing out perceived slights. Then, when called out on it, he very eloquently apologized for it, expanded on why he had done it, and offered an olive branch of friendship.
In response, you have absolutely flipped out on him. You've continuously attempted to expand his "crimes" into something against your wife, attempted to accuse him of misogyny, attempted to frame it as an attack on your kids, attempted to loop his employers into it, claimed you'd sue, and called him a bully. And later, when he made an offhand reference to this ordeal (to someone else you appear to be flipping out on), you accuse him of starting a new campaign of bullying. It's so completely out of scale that I have to question your mental state.
And the cherry on top is that in the middle of all this, you took a piece of information -- the fact that he has posted on social media about mental health issues -- and tried to leverage that into a claim that this is all his problem. I'm sorry, but that is absolutely disgusting behavior, and I hope you're ashamed of it.
This makes me wonder if there's a business case for a privacy-preserving identity service which does age verification. Say you have a strong identity provider that you have proven your age to. Just as the 3rd party site could use SSO login from your identity provider, perhaps the identity provider could provide signed evidence to the 3rd party site that asserts "I have verified that this person is age X" but not divulge their identity. Sidestep the privacy issue and just give the 3rd party site what they need to shield them from liability.
What's ... boggled me about this issue since forever is that:
1. Most people access online content through either a personal or business broadband service (residential, mobile, or place-of-work).
2. Those services ... bill directly. Which means that it should be possible to specify an age preference for the service account as a whole, and/or subsets of it. The service can specify whether or not age-bounded online services are acceptable or not, as well as specific classes of age-bounded services. E.g., a workplace service would generally allow for >18 access, but might restrict usage of gaming, gambling, pr0n, or related sites. A household might request no age gating at all (all >18 or whatever minimum age is mandated) or several classes of service, say, if adults and children are present.
3. Where it's necessary to specify multiple preferences, multiple network segments could provide this logically (e.g., an IPv6 block with unrestricted and age-gated ranges), with distinct devices being allocated appropriate gateway addresses.
4. Effectively, the connectivity provider then attests for age, without requiring any finer-grained identity disclosure.
To be blunt, because it sounds insane and simultaneously solving the problem at the wrong abstraction level, and based on criteria that have nothing to do with age. Age-based IP ranges? This sounds like a recipe for reinventing the entire internet in a non-backwards-compatible way. Networks are not people. Why would we treat the network as your identity?
What I'm suggesting for different service levels is simply to map a specified access / age-verification level to a specific network access point. This is better suited to IPv6 which has a much larger address space than IPv4, and often allocates a range of addresses rather than a single IP, though NAT or IP shenanigans might be possible for the latter as well.
The point is to put the heavy lifting of age validation at a level at which who is getting the service has already been vouched through service account provisioning.
It's less that there is something unreasonable sounding about it and more that there's almost nothing that sounds reasonable about it. It's like you suggested that instead of setting speed limits, we directly tie the maximum speed of a car to how far the driver's seat is from the steering wheel.
That's quite an elaborate system. It goes through a lot of gyrations (not the least of which is inventing a whole new type of crime and passing laws about it) and doesn't sound even as strong as the age verification "required" to buy cigarettes in the US. I'd think "welcome to pornhub. Either log in or do Privacy-enhanced Age Verification by Auth0 (TM)" would be a lot easier to get off the ground.
I’ve been noodling on this idea for a while but I think getting commercial acceptance would be hard. People have tried it with crypto albeit with lukewarm results. I think to have the network effects required to be successful in such an endeavor, it would have to come from a vendor like apple or google unfortunately.
You kind of want an mTLS for the masses with a chain of trust that makes sense.
mTLS is no good because the target service could then uniquely identify you. I think you explicitly want a three-party scheme where the target service just accepts the idp's assertion about your age in a cryptographically secure way.
The article does go into this and gives lip service to the idea that a secure third party could expose age without exposing identity. Ultimately, there's still the problem that even if point of verification can be done in a zero trust way, you are still entrusting very sensitive information to a third party which is subject to data breach.
If you do it right the only sensitive information exposed to the age gated site is that your age is above their threshold.
The party that actually has to at some point verify who you really are of course has your sensitive information, and there is no obvious way to work around that. However, there is a way to make it so that it doesn't matter.
That is by making them be a party that already has that information. Probably the simplest would be to make it be the same government agency that issues your physical identity documents like passports or drivers licenses. If we don't want it to be a government agency or we want to have competition banks would be a possibility.
The question is: why would services like Google and others want to use such privacy-preserving identity solutions? They wouldn't gain anything from a non-invasive, user-friendly system, so I don't think they'd use it. They want more data, so they are going for it.
> The question is: why would services like Google and others want to use such privacy-preserving identity solutions? They wouldn't gain anything from a non-invasive, user-friendly system, so I don't think they'd use it. They want more data, so they are going for it.
Considering that Google is releasing open source software they developed to facilitate such systems [1], apparently they are OK with the idea.
It could simply be that they realize that online age verification becoming required for some online activities is inevitable for the same reasons age checks are required for some non-online activities, and when that comes to pass they want to be able to do in a way that doesn't expose them to too much risk.
Yes, Google loves data but that doesn't mean they don't care about risk. The data they would from some of the age verification methods probably wouldn't improve their ability to advertise much but would cause a lot of problems if leaked.
Another possibility might be that have no choice. My understanding is that in the EU member states that enact online age verification laws will have to require that verification can be done using the privacy-preserving system that the EU Digital Identity Wallet will support. Sites will be able to use other methods too (as long as the don't violate GDPR) so they could support something that gives them more information for advertising, but they will still have to support the privacy-preserving option.
You've almost got it right. You just need to modify this part:
> Just as the 3rd party site could use SSO login from your identity provider, perhaps the identity provider could provide signed evidence to the 3rd party site that asserts "I have verified that this person is age X" but not divulge their identity
The way you compared it so SSO login makes it sounds like there would be interaction between the 3rd party site and the identity provider. That's bad because if someone got a hold of the records from both the site and the identity provider they might be able to match access time logs and figure out who you are.
A fix is to make it so you get your signed document from the identity provider ahead of time, and that document is not tied to doing age verification with any particular site(s). You get it once and then use it with as many sites as you want.
When you use it with a site to demonstrate age we need to do that in such a way that neither of you have to communicate with the identity provider. If the site needs to verify a signature of the identity provider on something you present they use the provider's previously published public key.
We need to make it so that when you use the signed document from the identity provider to show your age to a site they don't see enough from the document to identify you, even if they have been compromised and are collaborating with the identity provider to try to identify you.
Finally, the signed document should be bound to you in some way so that you can't just make copies and give them to others or sell them on the black market to people who want to evade age checks.
BTW, since under this approach the identity provide isn't actively involved after their issue your signed document what probably makes the most sense is to have your government be the identity provider. In particular, the same agency that issues your driver's license or passport or nation ID (if your country has those).
Such a system can in fact be built. The EU is including one in their EU Digital Identity Wallet project, which has been in development for several years and is not undergoing large scale field testing in several countries. It is supposed to be deployed to the public this year or next.
The first version handles the binding of the document to you by tying it to your smart phone's hardware security element. They plan to later support other types of hardware security elements. 90+% of adults in the EU have smart phones (95-98% for adults under 54), and it is going up, so the first version will already cover most cases.
Google has published some libraries for implementing a similar system. Both the Google libraries and the EU system are open source.
> That's bad because if someone got a hold of the records from both the site and the identity provider they might be able to match access time logs and figure out who you are
I see your point, but this doesn't sound like an actual risk to me. The idp will have security as one of their critical features and should be considered trustworthy in this regard. And having *both* the target site logs *and* the idp logs compromised is even more far-fetched. We aren't sitting around worrying about people correlating ISP logs to pornhub logs, and I don't trust my ISP any farther than I can throw them.
The beauty of using an SSO-style scheme is that one could actually see it easily slotting in as a subset of existing protocols. The site could get a SAML doc and the only claims it has in it are "user is over 18", for example. Use the infrastructure for exactly what it's designed for: identifying some selection of attributes that describe a person. It's very elegant and leverages existing well-understood (and well-integrated) tech plumbing.
This also takes all the sensitive data handling out of the hands of social media mongers and pornographers. Let them do what they're good at and let the competent security folks handle the sensitive bits.
The way I read his statement was as a joke. He wasn't a dumb guy. Surely he would have had the thought that if God is all-knowing, you obviously can't "fool" God by simply mouthing the right words right before you die.
> Maybe the AdaFruit founder said something unacceptable like "it's OK to be white" or "a man can't become an actual woman just by pretending that he is." That might explain the conflict.
Why would you just invent identity politics issues to be mad about?
reply