Comment by Edmond
1 year ago
Whenever this comes up, the focus is on simply opposing the idea. I think perhaps devoting energy to solutions that can address both the concern of safety and privacy is also worth considering.
The internet is going to be a fundamental part of human life I would argue indefinitely. The need for robust information verification is not something we're going to be able to do without.
The question is, would solutions end up being effective ones or ones that "work" but create all sorts of other problems? The worse outcome in my view would be that we all end up being required to use big tech companies as gate keepers for our digital lives.
Now for my pitch :). Cryptographic certificates are a solution option that CAN bridge this gap.
Demo: https://youtu.be/92gu4mxHmTY
Technical Doc: https://cipheredtrust.com/doc/#pki-overview
Respectfully, you are making the error of assuming it is a technical problem when it is a political one.
The problem the government have is the masses trust those bad people over there more than our trusted and approved government experts over here, and they think this is a communication problem and not a problem of substance.
I would agree that technical measures for trust are necessary, but the gov should not be allowed to be the arbiter of who gets to trust who - that is a fundamental freedom that must be left to individuals.
One could also argue that the problem is actually educational.
>Whenever this comes up, the focus is on simply opposing the idea.
Well, because the idea is fundamentally unsound. Nobody can keep such a database secure, and certainly not the Canadian government, champions of ineptitude that they are.
>Certify
Goodness, that's dystopian.
It doesn't require maintaining a database. The certificates can be in a registry but also can be on your device without being in a registry. In any case, the security is not associated with a database or anything of the sort.
Okay so what happens when I lose my keys and need new ones issued?
I have to go through the manual verification process and then issue revocation certs for my old keys?
How do I know what those keys were without a database of which key belongs to whom?
2 replies →
> Whenever this comes up, the focus is on simply opposing the idea
What are you saying? We have been proposing solutions since immemorial times. If it's bad for the kids to have access, why it is not bad for the adults? If you can answer that question the solution should be evident.
It can be argued that it's bad for both. I think the solution is an educational one.
> Whenever this comes up, the focus is on simply opposing the idea. I think perhaps devoting energy to solutions that can address both the concern of safety and privacy is also worth considering.
This implies you have to be concerned about safety. But I don't believe seeing anything [they would voluntarily watch] on a computer screen can inflict serious harm to anybody, no matter the age. I advocate for universal (without exclusion of any age group) right for anonymous access to whatever information already is publicly available.
> But I don't believe seeing anything [they would voluntarily watch] on a computer screen can inflict serious harm to anybody, no matter the age.
You can believe whatever you want but a whole lot of people including me do believe watching shit, voluntarily or otherwise, harms you. Plenty of evidence for it.
I actually do believe everything does harm you in at least some minuscule degree (even things that help you in a way or many, harm you in another). Even breathing does. Yet the degree of harm is not substantial enough to justify prohibition and all the downsides coming from trying to enforce it.
Being a generally normal person I also feel I wish kids see no porn yet as soon as I direct my attention to this feeling and question it I recognize it has no rational reason whatsoever, it's just as subjective as a preference can be. Banning a specific kind of content would be as reasonable as banning a food I personally don't find tasty, even if the majority feels the same - should we waste everyone's effort and sacrifice everyone's rights in such a case?
4 replies →
> The worse outcome in my view would be that we all end up being required to use big tech companies as gate keepers for our digital lives.
So your proposed solution is...to give my private data to big tech companies? Who else is going to manage the cryptographic certificates at scale?
The keys are on your device, it doesn't require management by a third-party.
How is anyone else going to know that the public key I hand them belongs to a person that satisfies whatever requirement they are checking? For example, if someone wants to verify my age, how do they know the public key I hand them belongs to a person that meets the age requirement?
Some third party is going to have to verify that that's true. Which means some third party is going to have to have access to my private data, to verify that my public key belongs to a person whose private data meets whatever requirements are being asked about. That third party will end up being a big tech company.
Your example about CAs is not relevant because CAs only need to verify that someone has control of a particular web endpoint. They don't need to verify the private information of whoever that person is. So the information they need is much less intrusive than the information a third party who is going to attest that public keys belong to people meeting things like age requirements would need to have. Yes, once a third party has attested to your age certificate, they aren't involved with how you use it--but that third party has to have a lot more private information about you to be able to make that attestation, than CAs currently have about website operators.
1 reply →
There is zero chance that a legally mandated certificate scheme won't require centrally-managed certificates to prevent the underage from loading illegally shared keys onto their devices.
7 replies →
A QR code verifying that I'm 18 years old, great! What use is that? Not sure... anyone could copy that QR code and claim they're 18 years old.
Or maybe it includes more data than that and we're back at the privacy problem.
>A QR code verifying that I'm 18 years old, great! What use is that? Not sure... anyone could copy that QR code and claim they're 18 years old.
Exactly, now scan the sticker with the QR Code on this blog post: https://blog.certisfy.com/2024/02/from-secrecy-model-of-info...
You'll see it tells you whether the sticker is stolen or not based on where you got it from, ie the "Valid For Source" field.
Except that being on a phone I can't scan a QR code being displayed on the same device.
But basically you're saying that I need a QR code for each site I'm using? That's not obvious from reading the blog post. And still doesn't address that someone else could use the same code on the same site?
Also I don't think I understand what "the secrecy of your social insurance number/credit card doesn't matter as long as nobody else can generate a certificate for it" means. Is that assuming everyone only accepts certificates and not the raw information anymore?
I'm sure fraudsters would happily take credit card numbers even without being able to generate certificates.
2 replies →
https://developers.google.com/privacy-sandbox/protections/pr...
The reason it comes up is because it's the proverbial wolf in sheep's clothing. Conservatives have an agenda to remote porn from the internet at all costs. They also want to kill anonymity on the internet and if you frame it properly then you can push through their agenda.