← Back to context

Comment by Nursie

1 day ago

> There is a problem with schemes like that.

/goes on to discuss how government legislation of specific schemes is the issue, not the schemes themselves.

Then we don't legislate specific schemes? The GDPR doesn't do that, for instance, it spells out responsibilities and penalties but doesn't say "Though shalt use this specific algorithm".

Remember, this discussion started with a call to ban all age checks, which itself is a government action and restriction on the agency of private business.

There are ways that private entities can implement age checks both securely and without leaking much other information, so it seems very heavy-handed to ban them. Private entities are building such systems between themselves already, without government mandates on the specifics.

2 comments

Nursie

Reply
AnthonyMouse  8 hours ago

> Then we don't legislate specific schemes?

Except that you have to in this case because IDs are issued by the government and then it's the government having to provide some privacy-protecting means of using them, which is the thing they're incapable of in practice.

> There are ways that private entities can implement age checks both securely and without leaking much other information

I have yet to see a single one implemented in real life. People point to attempts and then you look at the implementation and it's full of dubious choices and unforced errors, before you even start looking for bugs.

Moreover, private entities have the perverse incentive to do the opposite of implementing it securely, because they find it profitable to track people, or find it unprofitable to spend the resources necessary to prevent themselves from being infiltrated by foreign governments when their business is the sort which is useful to them as these are.

  • Nursie  5 hours ago

    > it's the government having to provide some privacy-protecting means of using them

    Nope, not necessarily.

    > I have yet to see a single one implemented in real life.

    There are likely to be a lot more coming as the newer standards in this area were finalised last year. Online identity is a continually evolving space.

    > Moreover, private entities have the perverse incentive to do the opposite of implementing it securely, because they find it profitable to track people

    Some do in some circumstances, but far from all. Others (often financial institutions) have wised up to PII being a liability rather than an opportunity and some are working on frameworks and capabilites in this space that don't involve any more storage or transfer of anyone's ID than already happens in banks.