Comment by lucianbr

2 months ago

> “double-anonymity” or "double-blind" protocol: the site never sees the user’s identity, the verifier never learns which site is being visited, and only a yes/no “18+” token is exchanged.

Isn't this an actually reasonable solution? I assumed age verification was supposed to be done by the site itself, and therefore it was considered a very bad idea. But this... what's the problem with this method?

21 comments

lucianbr

Reply
baby_souffle  2 months ago

> But this... what's the problem with this method?

You're just hoping that there's never a leak of any UUID(s) that could be used to correlate things. The ad-tech industry has pioneered de-anonymization tech and they're very, very good at it.

Tangential question: if the principal is divorced from the "is not a minor" signal, what prevents a thrifty youth from just buying/stealing somebody's token?

  • sltkr  2 months ago

    First, intentionally leaking this type of data is extremely illegal under Europe's strict privacy laws. So we are limited to unintentional breaches of privacy which can be guarded against with auditing requirements.

    Second, you have to look at the potential damage such a leak would have on the affected porn watchers. Is it really that damaging to your reputation if someone could prove that you visited Pornhub in the last year? Isn't it a common view that all men and most women watch porn at least occasionally anyway?

    And I get the risk if you live in a country that criminalizes pornography. But are were sure there is an extreme societal taboo on enjoying erotic cinema in the notoriously puritanical country of... checks notes France?

    Third, it's important to consider the baseline. If you are a citizen of France and you are accessing Pornhub via your residential ISP or your mobile phone, then your ISP already knows you are visiting Pornhub. This isn't concerning to anyone but the thickest thin-foil-hat wearing paranoid schizophrenics, and I've never heard of this leading to massive data breaches or blackmail situations either.

    Given that ISPs appear to be basically trustworthy, they might as well do the age verification thing, too. They probably already have your personal info due to KYC-legislation.

    Of course there are small differences: with age verification your ISP can distinguish between you and other people in your household, which removes a bit of plausible deniability. If you don't trust your ISP you can use alternate DNS-over-HTTPS, VPNs, proxys like Tor, etc. to cover your tracks, which you wouldn't be able to do anymore. But I bet 99,99% of Pornhub visitors in France don't bother with any of that, proving that they aren't actually concerned about being blackmailed or outed as porn consumers by their ISP.

    • pests  2 months ago

      > visitors in France don't bother with any of that, proving that they aren't actually concerned about being blackmailed or outed as porn consumers by their ISP.

      I don’t think that follows. Tons of people don’t have the technical means or ability to use those countermeasures. Some don’t even know they are being tracked.

      I don’t think that implies they’re fine with being blackmailed.

      1 reply →

    • baby_souffle  2 months ago

      > First, intentionally leaking this type of data is extremely illegal under Europe's strict privacy laws.

      Good thing we only ever have intentional leaks, then.

      > Is it really that damaging to your reputation if someone could prove that you visited Pornhub in the last year?

      LGBT individuals have killed themselves over being outed before they were ready to. I'd wager that any leak that could positively link a person to a site will also include at least some activity on that site. But even if not, there are other people that do have things to loose from being connected to pornhub in any capacity. The simplest example would be anybody seeking sexual health/wellness information; it isn't the core purpose of pornhub, but they are a source that somebody in a sexually repressive environment may seek info from.

      > ... extreme societal taboo on enjoying erotic cinema in the notoriously puritanical country of... checks notes France?

      I think we're on different pages here. Your argument seems to be "we should let the good countries have nukes" and my stance is "nobody gets nukes, period". France shows the world that it's possible and less human-friendly governments take that as an invitation to copy, but worse.

      The only winning move is to not play.

      > ...you are accessing Pornhub via your residential ISP or your mobile phone, then your ISP already knows you are visiting Pornhub.

      Assuming use of ISP controlled DNS servers, the ISP only knows the account holder's name. They don't know if it's a neighbor/guest that's cracked/borrowed the WiFi ... etc. VPN or even just not using ISP managed DNS circumvents this collection.

      > Given that ISPs appear to be basically trustworthy

      The word "basically" is doing a lot of work there. If you could have said "ISPs are paragons of virtue that are always guaranteed trustworthy" I'm sure you would have. But you didn't so we both agree that anything that follows is predicated on a bad-faith premise.

      I still have yet to see a good answer to "how do you prevent borrow/theft/buying/renting/selling of ID vouchers?"

      4 replies →

    • LPisGood  2 months ago

      > First, intentionally leaking this type of data is extremely illegal under Europe's strict privacy laws. So we are limited to unintentional breaches of privacy which can be guarded against with auditing requirements

      You already know this, I’m certain, but laws and “audits” do little more than nothing to meaningfully protect data.

      4 replies →

  • Sayrus  2 months ago

    What prevents someone from buying, stealing or photoshopping an ID card?

    I'd guess the same issue would be present with selling tokens.

  • lucianbr  2 months ago

    > You're just hoping that there's never a leak of any UUID(s) that could be used to correlate things.

    No. For any technology you could argue I'm just hoping it won't fail. If I fly with a plane, I'm just hoping it won't crash, right?

    In fact, there would be security measures making it less likey that there is a leak. I am literally not "just hoping".

    Now those security measures might fail of course. But what are the probabilities? That matters.

    > The ad-tech industry has pioneered de-anonymization tech and they're very, very good at it.

    Please explain how this does not apply to opening pornhub on my computer right now, with zero age verification systems. I think it applies perfectly, and so it is not an actual argument in this discussion.

JCattheATM  2 months ago

It depends how solid the implementation is, and what the competency reputation of the government implementing it is.

  • lucianbr  2 months ago

    Well, we can't refuse a system or a technology on the basis of "depends". Your physical safety when traveling anywhere by any means depends on many factors. You still leave the house, don't you? Even if you don't, most rational people do, daily.

    • JCattheATM  2 months ago

      > Well, we can't refuse a system or a technology on the basis of "depends".

      Of course we can, based exactly on the dependencies. If someone has an atrocious representation, we don't need to trust the system, if they don't then it becomes more reasonable to do so.

      > Your physical safety when traveling anywhere by any means depends on many factors. You still leave the house, don't you?

      Not all risks are equal.

      2 replies →