The concept is not terrible, the implementation is. Passing this law with no secure way of proving identity is where it’s clearly just a Christo-fascist power move.
The way the US is going, with anti-LGBT laws popping up all over the place, I have less trust for the government collecting that information than the sketchy porn sites themselves.
The only implementation I would support is one where the asking website doesn’t know your ID, and the verifying website doesn’t know what you’re trying to visit. Essentially just asking for a one-time use token that verified your age, and providing that token to the website you’re trying to visit.
Edit for a bit more detail: User authenticates to ID website, which provides them a token with age verification (true/false) and a short (10 minute?) TTL. This token is encrypted by the ID website. User then provides this token to the asking website (eg: pornhub). Pornhub then sends the token back to the ID website to decrypt it. All pornhub knows about you is whether or not you’re of age, and the verifying website never knows what the token is for.
that’s amazing, I would love to see this implemented, problem is nobody wants to set it up, they want the data. I think they enjoy the discomfort hoping people will stop.
If the system was setup and used despite all the pressure, the short TTL may create the risk of traffic correlation attacks, especially for the smaller, less traffic sites. this is something that can likely be fixed.
There would be too much value in tracking that token for such a scheme to stay secure. Governments or shady corporations or illegal black markets or all of the above would be all over keeping tabs on what sites are visited by which tokens and matching them to identities.
The whole point is that the token itself doesn’t have any personal info attached to it, only a yes/no and expiry time.
I’ll even one up my original suggestion - it uses standard public/private key encryption, where the government issues a simple json token with a yes/no Boolean and a TTL. The public key that can decrypt the tokens is public. Pornhub then decrypts the token and verifies the boolean and expiry date, all without talking to the government at all.
I think a law verifying your age over the internet inherently breaks the idea of a free internet, of which we are already seeing degradation of by Google and DRM/web integrity anyways.
I agree. Even internet security protocols are at risk, and the dinosaurs responsible for writing laws don’t understand basic encryption let alone the idea that it is 100% a needed concept in a free, fair, and just society.
That’s not speech. You can age limit things, but not on speech. Beyond that, the limitations on speech have to meet certain conditions where it’s in the publics best interest and doesn’t put too much burden on the public.
I think there is a lot more to this that a secure way or protecting children.
It’s the base idea that I have to prove who I am online at all. That I cannot lie. Lieing should be a fundamental right. Not identifying yourself should be a fundamental right. Giving a false name should be a fundamental right.
I get that too, but we wouldn’t want people buying alcohol or fire arms anonymously. Imo access to pornography should be like access to R-Rated movies or Parental Advisory music. Guidelines set either by the industries or government, but policed by parents.
You don’t want people buying alcohol anonymously? Im totally for it.
You’ve hit the nail on the head while at the same time missing everything. Parents should be policing their children and what they do on computers. It’s not like there is a spectrum between pg porn and x rated porn. The websites themselves are already the R rating.
The concept is not terrible, the implementation is. Passing this law with no secure way of proving identity is where it’s clearly just a Christo-fascist power move.
The way the US is going, with anti-LGBT laws popping up all over the place, I have less trust for the government collecting that information than the sketchy porn sites themselves.
You’re not wrong.
And fuck sending your driver’s license to random shady porn sites
The only implementation I would support is one where the asking website doesn’t know your ID, and the verifying website doesn’t know what you’re trying to visit. Essentially just asking for a one-time use token that verified your age, and providing that token to the website you’re trying to visit.
Edit for a bit more detail: User authenticates to ID website, which provides them a token with age verification (true/false) and a short (10 minute?) TTL. This token is encrypted by the ID website. User then provides this token to the asking website (eg: pornhub). Pornhub then sends the token back to the ID website to decrypt it. All pornhub knows about you is whether or not you’re of age, and the verifying website never knows what the token is for.
that’s amazing, I would love to see this implemented, problem is nobody wants to set it up, they want the data. I think they enjoy the discomfort hoping people will stop. If the system was setup and used despite all the pressure, the short TTL may create the risk of traffic correlation attacks, especially for the smaller, less traffic sites. this is something that can likely be fixed.
There would be too much value in tracking that token for such a scheme to stay secure. Governments or shady corporations or illegal black markets or all of the above would be all over keeping tabs on what sites are visited by which tokens and matching them to identities.
ISPs already have, and do sell that data.
The whole point is that the token itself doesn’t have any personal info attached to it, only a yes/no and expiry time.
I’ll even one up my original suggestion - it uses standard public/private key encryption, where the government issues a simple json token with a yes/no Boolean and a TTL. The public key that can decrypt the tokens is public. Pornhub then decrypts the token and verifies the boolean and expiry date, all without talking to the government at all.
I think a law verifying your age over the internet inherently breaks the idea of a free internet, of which we are already seeing degradation of by Google and DRM/web integrity anyways.
That was broken decades ago.
today couldn’t have happened if yesterday’s degradation didn’t occur. it’s been slowly breaking for a while now.
I don’t see how it doesn’t violate free speech. Imagine needing the government’s permission to talk to someone?
Edit: forgot a word
I agree. Even internet security protocols are at risk, and the dinosaurs responsible for writing laws don’t understand basic encryption let alone the idea that it is 100% a needed concept in a free, fair, and just society.
There are already age limitations that are constitutional. You can’t run for office, buy alcohol, drive a car etc.
That’s not speech. You can age limit things, but not on speech. Beyond that, the limitations on speech have to meet certain conditions where it’s in the publics best interest and doesn’t put too much burden on the public.
I think there is a lot more to this that a secure way or protecting children.
It’s the base idea that I have to prove who I am online at all. That I cannot lie. Lieing should be a fundamental right. Not identifying yourself should be a fundamental right. Giving a false name should be a fundamental right.
I get that too, but we wouldn’t want people buying alcohol or fire arms anonymously. Imo access to pornography should be like access to R-Rated movies or Parental Advisory music. Guidelines set either by the industries or government, but policed by parents.
You don’t want people buying alcohol anonymously? Im totally for it.
You’ve hit the nail on the head while at the same time missing everything. Parents should be policing their children and what they do on computers. It’s not like there is a spectrum between pg porn and x rated porn. The websites themselves are already the R rating.
things like Ecchi and stripteases exist, but its too mild for PornHub. Soo… I’m not really making a point.