Comment by handoflixue
10 hours ago
In this specific case, why fear the government?
My government has already seen my government-issued ID. If my government hasn't worked out my phone number, they can always ask the phone company. My address is required for the ID, voting, and filing taxes. I don't see how the government learns anything from this?
Conversely, I would like to believe most companies do not have my government-issued ID, nor a lot of the information on it.
In this specific case your government can ban you from the web by refusing to verify. E.g. to punish dissidents abroad Belarusian dictatorship simply nullifies their IDs, and lists them as terrorists in public data. Apparently that's enough to ruin somebody's life worldwide. But at least they can use their browsers, which would be not that easy in a world where gov't-backed verification is norm on the net.
From an American perspective, i don't trust the government with the implementation details, nor do I trust our political climate, misaligned incentives, and general disinterest in good governance to implement something so sensitive.
If I lived in say, Sweden, I feel much more comfortable trusting their government to implement. In America, I feel I must always vote in a way that prevents giving any power to the government that I wouldn't want my political opponents to have over me.
In said US of America, when the government wants to know something about you, they will get everything they want from the companies - it's even written clearly in the US laws. So I'm not sure why (or where) you draw that line...
1. if they have to subpoena each site each time they need user data, it reduces mass surveillance risk. I'm okay with cops getting a warrant to access someone's gmail. I'm not okay requiring everyone to use email.gov.
2. I use a VPN and pseudonyms. they could unmask me if they cared to, but it'd be annoying. it'd be a lot more annoying if they wanted to unmask every VPN user all the time.
1 reply →
the grass is always greener on the other side
> My government has already seen my government-issued ID.
If you have a government ID and all you use it for is voting and paying taxes, then they know that you vote and you pay taxes.
If you have to use it for accessing the internet then they know everything you do on the internet. What you read, who you talk to, what you post, when you sleep, where you are at any given time -- it's very much not the same thing as just having a picture of you and your name.
No they do not. A properly designed government app that uses cryptography to generate a deniable token that can't be cross-correlated but proves your humanity/age to a consuming site is manifestly different than Google adtech hoovering up as much of your activity as possible.
> A properly designed government app
Oof, that's not a great premise to take as a requirement right out of the gate. More counterexamples than examples for that one.
> that uses cryptography to generate a deniable token that can't be cross-correlated but proves your humanity/age
If it's actually deniable/anonymous then how would it work for rate limiting? If you can't correlate their activity then you don't know if the million requests are a million people or one bot with a million connections. If you can correlate their activity then it's not anonymous.
Moreover, it's a false dichotomy that we should be doing either of these things. The better alternative to corporate surveillance isn't government IDs, it's no surveillance.
4 replies →
I have not seen any government adopt such a standard.
some EU countries claim to provide anonymous age verification services, but those only hide your identity from the relying party. the site you visited is logged to the government's database along with your identity, before you're redirected to the target site with an "anonymous" token.
1 reply →
They could do it like that, but they won't do it like that, because tracking the population is a feature not a bug