← Back to context

Comment by baby_souffle

2 months ago

> First, intentionally leaking this type of data is extremely illegal under Europe's strict privacy laws.

Good thing we only ever have intentional leaks, then.

> Is it really that damaging to your reputation if someone could prove that you visited Pornhub in the last year?

LGBT individuals have killed themselves over being outed before they were ready to. I'd wager that any leak that could positively link a person to a site will also include at least some activity on that site. But even if not, there are other people that do have things to loose from being connected to pornhub in any capacity. The simplest example would be anybody seeking sexual health/wellness information; it isn't the core purpose of pornhub, but they are a source that somebody in a sexually repressive environment may seek info from.

> ... extreme societal taboo on enjoying erotic cinema in the notoriously puritanical country of... checks notes France?

I think we're on different pages here. Your argument seems to be "we should let the good countries have nukes" and my stance is "nobody gets nukes, period". France shows the world that it's possible and less human-friendly governments take that as an invitation to copy, but worse.

The only winning move is to not play.

> ...you are accessing Pornhub via your residential ISP or your mobile phone, then your ISP already knows you are visiting Pornhub.

Assuming use of ISP controlled DNS servers, the ISP only knows the account holder's name. They don't know if it's a neighbor/guest that's cracked/borrowed the WiFi ... etc. VPN or even just not using ISP managed DNS circumvents this collection.

> Given that ISPs appear to be basically trustworthy

The word "basically" is doing a lot of work there. If you could have said "ISPs are paragons of virtue that are always guaranteed trustworthy" I'm sure you would have. But you didn't so we both agree that anything that follows is predicated on a bad-faith premise.

I still have yet to see a good answer to "how do you prevent borrow/theft/buying/renting/selling of ID vouchers?"

4 comments

baby_souffle

Reply
lucianbr  2 months ago

> I'd wager

Your willingness to wager on something proves absolutely nothing. I'd wager you woulnd't really wager anything anyway.

> my stance is "nobody gets nukes, period"

Your 100% risk-free society does not exist. You risk things every time you leave the house. Nukes already exist, and one country that gave them up saw that to be a huge mistake.

> less human-friendly governments take that as an invitation to copy, but worse

So France should not do something because other countries might do something different that would be bad? This is not a rational discussion. This argument makes zero sense.

You should not be commenting on HN because you are encouraging people to comment on forums where bullying happens and that kills.

  • baby_souffle  2 months ago

    > Nukes already exist, and one country that gave them up saw that to be a huge mistake.

    "nukes" here meaning "de-anonymizing" the internet. I don't think "but at least one country already has them so of course the DPRK should be allowed to have them!" is a good attitude to have towards nuclear proliferation.

    I have no problem with a site/platform having a "you need to prove to us that you're an adult" policy. I am terrified that other government(s) will use "because of the children" to force these policies onto the internet at large.

sltkr  2 months ago

> Good thing we only ever have intentional leaks, then.

I already addressed this: unintentional leaks from regulated companies are very rare. It's not a perfect system, but it works to some extent.

> LGBT individuals have killed themselves over being outed before they were ready to.

OK, but visiting Pornhub doesn't prove you're gay, it only proves you watch porn, which lots of people do. If someone calls you out on it, you just say you were watching some dumb big-titted bimbo slut get pounded hard in the pussy. Crisis averted.

The age verifier wouldn't know which adult-only site you are trying to access, so when they sign your over-18 token, they don't know if you're going to redeem it on hairybears.com or bigtittedsluts.com.

Again, this is different from your ISP who already knows which sites you visit today and everyone is totally fine with this! ~nobody in France is committing suicide over their ISPs outing them as gay! It's literally a nonexistent problem.

Finally, I don't want to keep doing the checks notes bit, but do you really think there is that much of a taboo on being gay in France of all countries?

> I'd wager that any leak that could positively link a person to a site will also include at least some activity on that site.

But that's not true, as I already explained. The age verifier doesn't know what you are going to use the age-token for. They know strictly less than your ISP, by a huge margin. Note that the ISP doesn't even see the age-token. That's between the site you visit and the age verifier.

> Assuming use of ISP controlled DNS servers, the ISP only knows the account holder's name. They don't know if it's a neighbor/guest that's cracked/borrowed the WiFi ... etc. VPN or even just not using ISP managed DNS circumvents this collection.

For the purpose of blackmail this doesn't really matter... where there is smoke there is fire.

If you heard <politician you don't like> was found to have child porn on his phone, and his excuse was that his nephew who borrowed his phone on the weekend must have put it there, would you think that exonerates him? Or would you assume he's lying to cover his ass?

> If you could have said "ISPs are paragons of virtue that are always guaranteed trustworthy" I'm sure you would have. But you didn't so we both agree that anything that follows is predicated on a bad-faith premise.

I don't follow your point here. I'm not saying ISPs are paragons of virtue, I'm simply saying: 99% of people who visit Pornhub don't even try to hide this fact from their ISP (note that the people this post is about were only signing up to a VPN after France blocked their access; they didn't give a fuck about their ISP knowing they watched porn before). That means some of these are true:

  1. They trust their ISP not to tell anyone they visit pornhub.
  2. They don't care if anyone knows they visit pornhub.
  3. They don't realize their ISP can see they visit pornhub.

In which of these scenarios does having the ISP issue an age-token make things worse for the customer? I really cannot think of one, but I'm open to changing my mind.

  • baby_souffle  2 months ago

    > I already addressed this: unintentional leaks from regulated companies are very rare. It's not a perfect system, but it works to some extent.

    The corpus of HIBP would indicate that leaks are not rare. Your definition of "some" may need re-calibration.

    I would prefer that this data not exist to begin with; can't leak and de-anon data that was never captured.

    > In which of these scenarios does having the ISP issue an age-token make things worse for the customer? I really cannot think of one, but I'm open to changing my mind.

    Having to bother with any "confirm you are an adult human" _at all_ is a hassle. Any and all circumstances that require this makes things worse for the customer and generates data that may risk de-anonymizing the customer.

    And why bother when I still can't figure out what stops under-age me from buying/borrowing/stealing somebody else's token?