Comment by diggan
2 months ago
> "and having offshore porn sites or any other third parties collect IDs from adults and becoming a repository of potential blackmail material comes with its own risks [...] A more technically sound approach would be content controls directly implemented on the devices parents chose to give their children" said the company's (Proton's) spokesperson
While I agree with their second point, the first argument sounds a bit overly dramatic, considering how the implementation seems to work. They couldn't blackmail, as the information they receive is limited.
As far as I understand how at least one of the methods for verification must be, is “double-anonymity” or "double-blind" protocol: the site never sees the user’s identity, the verifier never learns which site is being visited, and only a yes/no “18+” token is exchanged. Then other methods could be offered too.
Although if we assume the average security competence with these types of companies, handling ID documents and stuff, they'll surely get hacked sooner or later. So maybe the link between porn site and identity isn't there, but your personal data that been submitted to them will yet again float out there.
Their proposed alternative is even worse IMO. Even if you can figure out some privacy-safe way of doing on-device age verification, the end result will be a web that only works if you are browsing from an "approved" client - i.e. a platform controlled by Apple, Google or Microsoft.
Not necessarily. You need some source of truth (i.e. government ID) to sign digital tokens representing attributes like "18+". Those tokens are uploaded to those websites.
The risk becomes "kids loading their parents' ID into their phones" but with decent digital ID that shouldn't be a problem.
Yivi already solves this problem. It's being used as a basis for an implementation of a European digital ID of sorts, though I'm still sceptical of the European side of things.
The app works on any device because the device doesn't do anything special. All it does is POST some signed token if the user clicks "approve".
I suppose this can be a problem in the US where people hate the idea of digital government ID for some reason, but that's a political problem, not a technical one. France already has a digital ID equivalent for use with government services, as do all other EU member states in their own way, so the source of these tokens is practically ready to go.
There could easily be a web standard to allow/disallow NSFW content and the web browsers could broadcast this flag based on settings at OS level similarly to the light/dark theme setting at OS level that can be used by websites and it works on all OS/web browsers implementing this trivial feature.
> “double-anonymity” or "double-blind" protocol: the site never sees the user’s identity, the verifier never learns which site is being visited, and only a yes/no “18+” token is exchanged.
Isn't this an actually reasonable solution? I assumed age verification was supposed to be done by the site itself, and therefore it was considered a very bad idea. But this... what's the problem with this method?
> But this... what's the problem with this method?
You're just hoping that there's never a leak of any UUID(s) that could be used to correlate things. The ad-tech industry has pioneered de-anonymization tech and they're very, very good at it.
Tangential question: if the principal is divorced from the "is not a minor" signal, what prevents a thrifty youth from just buying/stealing somebody's token?
First, intentionally leaking this type of data is extremely illegal under Europe's strict privacy laws. So we are limited to unintentional breaches of privacy which can be guarded against with auditing requirements.
Second, you have to look at the potential damage such a leak would have on the affected porn watchers. Is it really that damaging to your reputation if someone could prove that you visited Pornhub in the last year? Isn't it a common view that all men and most women watch porn at least occasionally anyway?
And I get the risk if you live in a country that criminalizes pornography. But are were sure there is an extreme societal taboo on enjoying erotic cinema in the notoriously puritanical country of... checks notes France?
Third, it's important to consider the baseline. If you are a citizen of France and you are accessing Pornhub via your residential ISP or your mobile phone, then your ISP already knows you are visiting Pornhub. This isn't concerning to anyone but the thickest thin-foil-hat wearing paranoid schizophrenics, and I've never heard of this leading to massive data breaches or blackmail situations either.
Given that ISPs appear to be basically trustworthy, they might as well do the age verification thing, too. They probably already have your personal info due to KYC-legislation.
Of course there are small differences: with age verification your ISP can distinguish between you and other people in your household, which removes a bit of plausible deniability. If you don't trust your ISP you can use alternate DNS-over-HTTPS, VPNs, proxys like Tor, etc. to cover your tracks, which you wouldn't be able to do anymore. But I bet 99,99% of Pornhub visitors in France don't bother with any of that, proving that they aren't actually concerned about being blackmailed or outed as porn consumers by their ISP.
12 replies →
What prevents someone from buying, stealing or photoshopping an ID card?
I'd guess the same issue would be present with selling tokens.
> You're just hoping that there's never a leak of any UUID(s) that could be used to correlate things.
No. For any technology you could argue I'm just hoping it won't fail. If I fly with a plane, I'm just hoping it won't crash, right?
In fact, there would be security measures making it less likey that there is a leak. I am literally not "just hoping".
Now those security measures might fail of course. But what are the probabilities? That matters.
> The ad-tech industry has pioneered de-anonymization tech and they're very, very good at it.
Please explain how this does not apply to opening pornhub on my computer right now, with zero age verification systems. I think it applies perfectly, and so it is not an actual argument in this discussion.
It depends how solid the implementation is, and what the competency reputation of the government implementing it is.
Well, we can't refuse a system or a technology on the basis of "depends". Your physical safety when traveling anywhere by any means depends on many factors. You still leave the house, don't you? Even if you don't, most rational people do, daily.
3 replies →
If the only thing that verifier does is verification for accessing digital pornography, it remains blackmail-able. Not in the sense of identifying the specific content accessed but in the sense of "this user has gone through the steps to gain access" which is, frankly, good enough.
After verifying the ID, there is no reason the verifier needs to know to whom a token belongs, which would help this. It doesn't need to be repudiatable in practice because the security risk of a leak is near 0 and nobody ages backwards.
The solution to that is to make sure the age verification is used for a variety of different purposes.
For example, why not use the same age verification system to block access to sites that advertise or sell alcohol or tobacco products? Or sex toys. Or dating apps. Or loans applications. Or for any number of adult-only apps that aren't necessarily blackmailable? Normalize age verification for adult-only services.
That provides people with plausible deniability. “Oh, I wasn't looking at porn! I was just trying to find the perfect brandy to buy as a business gift.” or “Oh, I was just trying to get a quote to refurnish my apartment on credit.”
I'm against this because 1. of chilling effects and 2. it risks solving the sybil problem, making it easy to e.g. restrict people to one account.
> Normalize age verification for adult-only services.
Lets not, please.
Normalization like this could absolutely invite overreach / abuse. The immediately/obvious one is now sites have a "this is/is-not a minor" data point to correlate with the user activity that they'll sell off to some advertiser/broker.
I don't recall where I heard it, but the quote was essentially "the perception of surveillance is itself restrictive."
Threatening someone to tell people “There's a high likelyhood that X watches porn” is a blackmail-worthy threat IMHO.
Unless you have access to someone's specific kinks or routine (how often does he/she watches porn, for how long), you're no going to scare many people.
Facebook has these information by the way, thanks to the “like buttton” scattered everywhere (at least for people who don't browse porn in private mode, but having done IT support in college, I can tell you there are many people who don't).
Is it though? In this day and age I would think that someone who doesn’t watch porn is in the minority, it is like saying this person has sex.
On the other hand what kind of pornography, or how frequently and so on could be social pressure , same as what kind of fetishes or kind of sex or with type of person/gender, most people aren’t that sex positive to talk openly about.