EU chief calls for a bloc-wide push on an age verification app to protect children online. If enforced, users will have to prove their age to access legally restricted sites.
I’m sorry, but have you read the technical documentation? The design is intentional created this way to avoid tracking.
You are issued a set of ZKP tokens that you hand back to websites. They cannot correlate these tokens back to you, nor can the operator of the system.
Now they could lie, of course, and violate the design (but being open source that’s a little harder), but if the government wanted to secretly track you, much more precise tools exist for this already.
That’s the stupid part, it doesn’t matter what it will look like at the beginning. It might be the best written documentation now, they can even implement the app correctly. The thing is, the jump from “people can use the internet” to “in order to access the internet you need to provide your government ID to your smartphone” is a big jump, one that can cost a politician career. The jump from “you need to use version 1.4.412 of the govenment id checker” to “you need to use version 2.0 of the Government Id Checker Plus” is minuscule. That’s where you introduce a persistent database of the tokens, somewhere on page 5 of the changelog. And only nerds care about that and nobody listens to them.
It’s so fucking easy, Russia did this exact gambit in 2017, Kazakhstan couple of years before.
But that slippery slope, which it sounds like you believe us to be on, also applies to phone location tracking, credit cards payments, mobile phone train tickets, smart homes, smart cars, home CCTV etc etc.
Do you leave your phone at home, always pay with cash, don’t use any apps? Most people do these things on the basis that the government doesn’t wantonly have access to what we’ve bought online. Why is age gating so different?
You’re doing fallacy fallacy. Some slopes are actually slippery, it’s just the nature of the slopes.
Government ID connected to all your accounts on the internet isn’t much different from other things you mentioned, the only difference is that the other bits of privacy we actually exchanged for convenience. With everything you mentioned and more, you can either opt-out, you don’t actually need your car to be “smart” or have a car at all, or it wasn’t invented as a control mechanism, like credit cards or smartphones. Using it to do nefarious shit requires effort and additional work, and there are at least some protections in place. But yes, it’s another form of control, just way more sudden, invasive, and useless.
If we’re doing fallacies, yours called “nirvana fallacy”. “We can’t have an ideal world, therefore we need not to fight when people are trying to make it worse”.
Connecting everything you do on the internet to your id serves the only purpose, prevent people from being able to do speech that the government doesn’t like. While we have a democratic government, it might not lead to problems. The second we have all this shit in mind, the government might start asking itself, why do they bother with all this democracy when they have all this authoritarian instruments lying around for no reason.
Again, this discussion is about the EU proposal, which explicitly does not connect your ID to everything you do. In facts it’s designed exactly to ensure that sites can verify you being over a threshold age without having any other knowledge about you. Have you read the EU implementation or are you conflating it with the US proposal?
Of course things can break and something might be able to refer back to you, until it gets fixed.
But if your argument is that “the standard is fine, but something might not quite work”, then the same argument applies to your phone’s location tracking, your debit/credit payments etc. The vast majority of us happily use systems on the basis that they are secure, until they’re not, and then things get fixed.
It’s a matter of exposure and attack surface vs rewards for the attacker, and risk in companies are evaluated by the trio: freqency of occurrence, severity of occurrence (how large), severity of the occurrence. Banks can spend a lot because severity quickly gets very high in money.
What’s the incentive again for the next gov to properly fund the system? Oh yes: they would have to say “sorry! shit happens! that’s all because of the previous admin!!” and maybe throw one guy under the bus.
I’m sorry, but have you read the technical documentation? The design is intentional created this way to avoid tracking.
You are issued a set of ZKP tokens that you hand back to websites. They cannot correlate these tokens back to you, nor can the operator of the system.
Now they could lie, of course, and violate the design (but being open source that’s a little harder), but if the government wanted to secretly track you, much more precise tools exist for this already.
That’s the stupid part, it doesn’t matter what it will look like at the beginning. It might be the best written documentation now, they can even implement the app correctly. The thing is, the jump from “people can use the internet” to “in order to access the internet you need to provide your government ID to your smartphone” is a big jump, one that can cost a politician career. The jump from “you need to use version 1.4.412 of the govenment id checker” to “you need to use version 2.0 of the Government Id Checker Plus” is minuscule. That’s where you introduce a persistent database of the tokens, somewhere on page 5 of the changelog. And only nerds care about that and nobody listens to them.
It’s so fucking easy, Russia did this exact gambit in 2017, Kazakhstan couple of years before.
Ok, so it’s the slippery slope fallacy.
But that slippery slope, which it sounds like you believe us to be on, also applies to phone location tracking, credit cards payments, mobile phone train tickets, smart homes, smart cars, home CCTV etc etc.
Do you leave your phone at home, always pay with cash, don’t use any apps? Most people do these things on the basis that the government doesn’t wantonly have access to what we’ve bought online. Why is age gating so different?
You’re doing fallacy fallacy. Some slopes are actually slippery, it’s just the nature of the slopes.
Government ID connected to all your accounts on the internet isn’t much different from other things you mentioned, the only difference is that the other bits of privacy we actually exchanged for convenience. With everything you mentioned and more, you can either opt-out, you don’t actually need your car to be “smart” or have a car at all, or it wasn’t invented as a control mechanism, like credit cards or smartphones. Using it to do nefarious shit requires effort and additional work, and there are at least some protections in place. But yes, it’s another form of control, just way more sudden, invasive, and useless.
If we’re doing fallacies, yours called “nirvana fallacy”. “We can’t have an ideal world, therefore we need not to fight when people are trying to make it worse”.
Connecting everything you do on the internet to your id serves the only purpose, prevent people from being able to do speech that the government doesn’t like. While we have a democratic government, it might not lead to problems. The second we have all this shit in mind, the government might start asking itself, why do they bother with all this democracy when they have all this authoritarian instruments lying around for no reason.
Again, this discussion is about the EU proposal, which explicitly does not connect your ID to everything you do. In facts it’s designed exactly to ensure that sites can verify you being over a threshold age without having any other knowledge about you. Have you read the EU implementation or are you conflating it with the US proposal?
At last a piece of code free of any flaw, any exploit, invulnerable to any known or unknown attack method!
Of course things can break and something might be able to refer back to you, until it gets fixed.
But if your argument is that “the standard is fine, but something might not quite work”, then the same argument applies to your phone’s location tracking, your debit/credit payments etc. The vast majority of us happily use systems on the basis that they are secure, until they’re not, and then things get fixed.
Your argument has to apply evenly.
It’s a matter of exposure and attack surface vs rewards for the attacker, and risk in companies are evaluated by the trio: freqency of occurrence, severity of occurrence (how large), severity of the occurrence. Banks can spend a lot because severity quickly gets very high in money.
What’s the incentive again for the next gov to properly fund the system? Oh yes: they would have to say “sorry! shit happens! that’s all because of the previous admin!!” and maybe throw one guy under the bus.
and here we go… https://xcancel.com/Paul_Reviews/status/2044723123287666921#m