Comment by sltkr
2 months ago
First, intentionally leaking this type of data is extremely illegal under Europe's strict privacy laws. So we are limited to unintentional breaches of privacy which can be guarded against with auditing requirements.
Second, you have to look at the potential damage such a leak would have on the affected porn watchers. Is it really that damaging to your reputation if someone could prove that you visited Pornhub in the last year? Isn't it a common view that all men and most women watch porn at least occasionally anyway?
And I get the risk if you live in a country that criminalizes pornography. But are were sure there is an extreme societal taboo on enjoying erotic cinema in the notoriously puritanical country of... checks notes France?
Third, it's important to consider the baseline. If you are a citizen of France and you are accessing Pornhub via your residential ISP or your mobile phone, then your ISP already knows you are visiting Pornhub. This isn't concerning to anyone but the thickest thin-foil-hat wearing paranoid schizophrenics, and I've never heard of this leading to massive data breaches or blackmail situations either.
Given that ISPs appear to be basically trustworthy, they might as well do the age verification thing, too. They probably already have your personal info due to KYC-legislation.
Of course there are small differences: with age verification your ISP can distinguish between you and other people in your household, which removes a bit of plausible deniability. If you don't trust your ISP you can use alternate DNS-over-HTTPS, VPNs, proxys like Tor, etc. to cover your tracks, which you wouldn't be able to do anymore. But I bet 99,99% of Pornhub visitors in France don't bother with any of that, proving that they aren't actually concerned about being blackmailed or outed as porn consumers by their ISP.
> visitors in France don't bother with any of that, proving that they aren't actually concerned about being blackmailed or outed as porn consumers by their ISP.
I don’t think that follows. Tons of people don’t have the technical means or ability to use those countermeasures. Some don’t even know they are being tracked.
I don’t think that implies they’re fine with being blackmailed.
True, and I addressed that a bit in my other comment here: https://news.ycombinator.com/item?id=44212409
The short version is that I think people who don't realize their ISP can see which sites they visit aren't any worse off by their ISP signing age-verification tokens. Those tokens give much less information about the content they consume than the metadata the ISP already has access too.
I would guess at least a double-digit percentage of internet users are in the clueless category that you describe, and in practice there isn't a huge problem of these dummies being outed/blackmailed by their ISPs. So I don't think it's realistic to expect that if ISPs were in the business of providing age guarantees they would be outing/blackmailing their customers, especially since their behavior of those ISPs would be scrutinized by more knowledgeable people, and any ISP not taking customer privacy seriously would be subject to both public criticism and legal action.
> First, intentionally leaking this type of data is extremely illegal under Europe's strict privacy laws.
Good thing we only ever have intentional leaks, then.
> Is it really that damaging to your reputation if someone could prove that you visited Pornhub in the last year?
LGBT individuals have killed themselves over being outed before they were ready to. I'd wager that any leak that could positively link a person to a site will also include at least some activity on that site. But even if not, there are other people that do have things to loose from being connected to pornhub in any capacity. The simplest example would be anybody seeking sexual health/wellness information; it isn't the core purpose of pornhub, but they are a source that somebody in a sexually repressive environment may seek info from.
> ... extreme societal taboo on enjoying erotic cinema in the notoriously puritanical country of... checks notes France?
I think we're on different pages here. Your argument seems to be "we should let the good countries have nukes" and my stance is "nobody gets nukes, period". France shows the world that it's possible and less human-friendly governments take that as an invitation to copy, but worse.
The only winning move is to not play.
> ...you are accessing Pornhub via your residential ISP or your mobile phone, then your ISP already knows you are visiting Pornhub.
Assuming use of ISP controlled DNS servers, the ISP only knows the account holder's name. They don't know if it's a neighbor/guest that's cracked/borrowed the WiFi ... etc. VPN or even just not using ISP managed DNS circumvents this collection.
> Given that ISPs appear to be basically trustworthy
The word "basically" is doing a lot of work there. If you could have said "ISPs are paragons of virtue that are always guaranteed trustworthy" I'm sure you would have. But you didn't so we both agree that anything that follows is predicated on a bad-faith premise.
I still have yet to see a good answer to "how do you prevent borrow/theft/buying/renting/selling of ID vouchers?"
> I'd wager
Your willingness to wager on something proves absolutely nothing. I'd wager you woulnd't really wager anything anyway.
> my stance is "nobody gets nukes, period"
Your 100% risk-free society does not exist. You risk things every time you leave the house. Nukes already exist, and one country that gave them up saw that to be a huge mistake.
> less human-friendly governments take that as an invitation to copy, but worse
So France should not do something because other countries might do something different that would be bad? This is not a rational discussion. This argument makes zero sense.
You should not be commenting on HN because you are encouraging people to comment on forums where bullying happens and that kills.
> Nukes already exist, and one country that gave them up saw that to be a huge mistake.
"nukes" here meaning "de-anonymizing" the internet. I don't think "but at least one country already has them so of course the DPRK should be allowed to have them!" is a good attitude to have towards nuclear proliferation.
I have no problem with a site/platform having a "you need to prove to us that you're an adult" policy. I am terrified that other government(s) will use "because of the children" to force these policies onto the internet at large.
> Good thing we only ever have intentional leaks, then.
I already addressed this: unintentional leaks from regulated companies are very rare. It's not a perfect system, but it works to some extent.
> LGBT individuals have killed themselves over being outed before they were ready to.
OK, but visiting Pornhub doesn't prove you're gay, it only proves you watch porn, which lots of people do. If someone calls you out on it, you just say you were watching some dumb big-titted bimbo slut get pounded hard in the pussy. Crisis averted.
The age verifier wouldn't know which adult-only site you are trying to access, so when they sign your over-18 token, they don't know if you're going to redeem it on hairybears.com or bigtittedsluts.com.
Again, this is different from your ISP who already knows which sites you visit today and everyone is totally fine with this! ~nobody in France is committing suicide over their ISPs outing them as gay! It's literally a nonexistent problem.
Finally, I don't want to keep doing the checks notes bit, but do you really think there is that much of a taboo on being gay in France of all countries?
> I'd wager that any leak that could positively link a person to a site will also include at least some activity on that site.
But that's not true, as I already explained. The age verifier doesn't know what you are going to use the age-token for. They know strictly less than your ISP, by a huge margin. Note that the ISP doesn't even see the age-token. That's between the site you visit and the age verifier.
> Assuming use of ISP controlled DNS servers, the ISP only knows the account holder's name. They don't know if it's a neighbor/guest that's cracked/borrowed the WiFi ... etc. VPN or even just not using ISP managed DNS circumvents this collection.
For the purpose of blackmail this doesn't really matter... where there is smoke there is fire.
If you heard <politician you don't like> was found to have child porn on his phone, and his excuse was that his nephew who borrowed his phone on the weekend must have put it there, would you think that exonerates him? Or would you assume he's lying to cover his ass?
> If you could have said "ISPs are paragons of virtue that are always guaranteed trustworthy" I'm sure you would have. But you didn't so we both agree that anything that follows is predicated on a bad-faith premise.
I don't follow your point here. I'm not saying ISPs are paragons of virtue, I'm simply saying: 99% of people who visit Pornhub don't even try to hide this fact from their ISP (note that the people this post is about were only signing up to a VPN after France blocked their access; they didn't give a fuck about their ISP knowing they watched porn before). That means some of these are true:
In which of these scenarios does having the ISP issue an age-token make things worse for the customer? I really cannot think of one, but I'm open to changing my mind.
> I already addressed this: unintentional leaks from regulated companies are very rare. It's not a perfect system, but it works to some extent.
The corpus of HIBP would indicate that leaks are not rare. Your definition of "some" may need re-calibration.
I would prefer that this data not exist to begin with; can't leak and de-anon data that was never captured.
> In which of these scenarios does having the ISP issue an age-token make things worse for the customer? I really cannot think of one, but I'm open to changing my mind.
Having to bother with any "confirm you are an adult human" _at all_ is a hassle. Any and all circumstances that require this makes things worse for the customer and generates data that may risk de-anonymizing the customer.
And why bother when I still can't figure out what stops under-age me from buying/borrowing/stealing somebody else's token?
> First, intentionally leaking this type of data is extremely illegal under Europe's strict privacy laws. So we are limited to unintentional breaches of privacy which can be guarded against with auditing requirements
You already know this, I’m certain, but laws and “audits” do little more than nothing to meaningfully protect data.
Where's your evidence for that claim?
Personally I worked for a FAANG company that took data protection quite seriously. I would love to say that it was because they cared so much about their customer's privacy (which was of course the official position) but I think the reality was at least partially that the people in charge knew that if data was leaked and it could be pinned on lax internal policies, the company would be liable for millions if not billions in damages.
From that I conclude that the legal framework does provide a certain degree of protection to customer data. Nothing is perfect, of course, but that's true for every law: a red traffic light doesn't force drivers to stop, and in fact people run red lights every day. But the threat of getting fined for running a red light is pretty effective at forcing most people to stop for a red light most of the time, which is not nothing.
Also consider the logical conclusion of your cynical argument. If the laws and regulations that require companies to guard their customers privacy are almost entirely ineffective, as you claim, then shouldn't we abolish them? After all, they impose a burden on companies, which makes goods and services more expensive for consumers, without providing any non-material benefits in return.
> Personally I worked for a FAANG company that took data protection quite seriously
Me too, and it’s still funny how often user data gets leaked even with world class engineers and incentives. Moving beyond FANG, look at how absurdly common it is for user data to get leaked - financial institutions, romance services, transportation services, everyone.
2 replies →