Comment by pastel8739
20 hours ago
This doesn’t stop the scheme the parent proposes, where adults install some proxy on their device and challenges are responded to on the parent device. Then the private key never leaves the parent device and all the child device has is the proxy software, which could be set up to not log any identifier of the key that it used
I agree, but this is also clearly a increased barrier. Going back to OPs comment that perfection is impossible, the goal is to raise the bar, I would say that this is more than good enough.
Sure, but the comment I am responding to is arguing that there is a way around pressures towards a traceable token, so you can prosecute the person sharing their credentials. This is not the case.
> but this is also clearly a increased barrier.
If there's a simple piece of software that can be installed, it's not meaningfully increasing the barrier. Also, there are negative consequences to introducing "rules that you're expected to break" like this. It makes the law unserious.
Sure, but then you're partnering with someone you probably don't know to take payment for doing something illegal, and that partner knows your device and where to send the money.
And if it's a phone app, it's not going to be on app stores and you already know the person giving you the app is a criminal.
So you're installing an untrustworthy app to risk criminal charges, and the customers of this scheme are kids who mostly don't have a lot of money.
You’re missing the point. If the tokens are truly anonymous then none of this matters. There’s no way to discover or prove where the tokens came from. It could be someone in another country with stolen IDs, which are now a goldmine for minting tokens and selling on the internet.
So the schemes inherently add some traceability, which makes the tokens no longer actually anonymous.
This is the back door used to make the tokens double as ID tokens.
I'm not missing the point, and if you'll think about my scheme for a bit you'll see that anonymity is maintained in normal circumstances even though there's incentive to protect your credentials. Let's go through scenarios:
1) You give a teenager your full credentials. Teenager is careless, as teenagers often are, and posts something revealing who he is. Cops have option to search teenager's phone, see who you are, and at least revoke the credentials.
2) You install a relay app on your phone, for money. Now you've installed an untrustworthy app from a criminal, who might hack you, or might be arrested and reveal details of your device and where they're sending your money.
Neither scenario happens because the age verification is traceable.
3) Your credentials get stolen, and used in a foreign country to implement a relay scheme.
This one, I admit, my scheme can't do anything about. But this means our teenager has to pay a foreign entity. Teenagers can also pay foreign porn sites directly, if porn is our concern.
On top of that, the age verification systems we've seen so far have their own security holes that teenagers are exploiting without having to pay anything.
My personal view is that the whole thing is ridiculous and we shouldn't bother with any of this. My point is just that we can implement reasonably good age verification without eliminating anonymity on the internet.
Trusted computing fixes this up to the analog hole. Which is as much as you can expect.
Neuralink fixes the analog hole! Beam the ads directly to your cortex!
[flagged]
Trusted computing is the biggest threat to privacy and liberty of them all!
No, you can reliably attest public source builds of critical software for the ultimate in transparency. That even includes models running on GPUs. Combine that with blind tokens and you get trusted, anonymous identity verification.
1 reply →
The same way a lobotomy fixes a headache.
How so?
They are implying the use of trusted computing with proprietary software to ensure that only users on fully “trusted” (locked down) devices are allowed to access network resources.
Presumably, if you have a trusted application on a trusted device, the identifier was installed in a trusted way, the device is in trusted possession and the device won't be given to anyone else, trusted computing may be able, in certain cases, to make it more difficult for a remote minor to use the identifier.
1 reply →