Comment by sltkr
2 months ago
> Good thing we only ever have intentional leaks, then.
I already addressed this: unintentional leaks from regulated companies are very rare. It's not a perfect system, but it works to some extent.
> LGBT individuals have killed themselves over being outed before they were ready to.
OK, but visiting Pornhub doesn't prove you're gay, it only proves you watch porn, which lots of people do. If someone calls you out on it, you just say you were watching some dumb big-titted bimbo slut get pounded hard in the pussy. Crisis averted.
The age verifier wouldn't know which adult-only site you are trying to access, so when they sign your over-18 token, they don't know if you're going to redeem it on hairybears.com or bigtittedsluts.com.
Again, this is different from your ISP who already knows which sites you visit today and everyone is totally fine with this! ~nobody in France is committing suicide over their ISPs outing them as gay! It's literally a nonexistent problem.
Finally, I don't want to keep doing the checks notes bit, but do you really think there is that much of a taboo on being gay in France of all countries?
> I'd wager that any leak that could positively link a person to a site will also include at least some activity on that site.
But that's not true, as I already explained. The age verifier doesn't know what you are going to use the age-token for. They know strictly less than your ISP, by a huge margin. Note that the ISP doesn't even see the age-token. That's between the site you visit and the age verifier.
> Assuming use of ISP controlled DNS servers, the ISP only knows the account holder's name. They don't know if it's a neighbor/guest that's cracked/borrowed the WiFi ... etc. VPN or even just not using ISP managed DNS circumvents this collection.
For the purpose of blackmail this doesn't really matter... where there is smoke there is fire.
If you heard <politician you don't like> was found to have child porn on his phone, and his excuse was that his nephew who borrowed his phone on the weekend must have put it there, would you think that exonerates him? Or would you assume he's lying to cover his ass?
> If you could have said "ISPs are paragons of virtue that are always guaranteed trustworthy" I'm sure you would have. But you didn't so we both agree that anything that follows is predicated on a bad-faith premise.
I don't follow your point here. I'm not saying ISPs are paragons of virtue, I'm simply saying: 99% of people who visit Pornhub don't even try to hide this fact from their ISP (note that the people this post is about were only signing up to a VPN after France blocked their access; they didn't give a fuck about their ISP knowing they watched porn before). That means some of these are true:
1. They trust their ISP not to tell anyone they visit pornhub.
2. They don't care if anyone knows they visit pornhub.
3. They don't realize their ISP can see they visit pornhub.
In which of these scenarios does having the ISP issue an age-token make things worse for the customer? I really cannot think of one, but I'm open to changing my mind.
> I already addressed this: unintentional leaks from regulated companies are very rare. It's not a perfect system, but it works to some extent.
The corpus of HIBP would indicate that leaks are not rare. Your definition of "some" may need re-calibration.
I would prefer that this data not exist to begin with; can't leak and de-anon data that was never captured.
> In which of these scenarios does having the ISP issue an age-token make things worse for the customer? I really cannot think of one, but I'm open to changing my mind.
Having to bother with any "confirm you are an adult human" _at all_ is a hassle. Any and all circumstances that require this makes things worse for the customer and generates data that may risk de-anonymizing the customer.
And why bother when I still can't figure out what stops under-age me from buying/borrowing/stealing somebody else's token?