• jaschop@awful.systems
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    2
    ·
    edit-2
    7 days ago

    I’ll slightly nitpick the claim about the central ID register, because you can do a lot of this stuff decentralized with smart IDs.

    I imagine it works like this: You somehow get your hands on a certificate that reads “yo, the controller of the key pair with public key a4c6… is over 18 - signed, new south wales records agency”. You hook up your smart card to pass some cryptographic test, and voilá: you proved you have the ID of an adult and know their PIN.

    Not that I advocate for IDing everytime you visit a website, but I guess I’d be fine with it for ordering weed online. I expect we’ll get something like it in the EU, if we decide not to go full fucking surveillance state.

    • David Gerard@awful.systemsOPM
      link
      fedilink
      English
      arrow-up
      5
      ·
      7 days ago

      controller of the key pair

      never.

      These are not people who are going to do things correctly, let alone doing complex things correctly. They are absolutely going to come up with some hamfisted bullshit, there is no way they are not. If they really try to do this, the most likely version is a central ID register but it’s privatised.

    • YourNetworkIsHaunted@awful.systems
      link
      fedilink
      English
      arrow-up
      4
      ·
      7 days ago

      I mean, doesn’t somebody still need to validate that those keys only get to people over 18? Either you have a decentralized authority that’s more easily corrupted or subverted or else you have the same privacy concerns at certificate issuance rather than at time of site access.

      • jaschop@awful.systems
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        7 days ago

        The point would be, to roll it all into the ID issuing process. I think most EU IDs already have cryptographic identities built in. The certificate issuing should probably be a state service as well. The alternative would probably be, just mail your birth certificate and a 3D scan of your anus to the private age verification provider of your choice.

        It of course all falls back to a central state authority. But the process wouldn’t have to be more centralized and privacy-invasive than state IDs already are. Control of resident data could be kept at municipality level, and you wouldn’t need a central approver, that gets a running feed of all my age-restricted activities.

        Before I sound like I’m soying over ID verification, I’ll add that all this junk can become insidious very quick, if it becomes easy to implement and gets used everywhere. I also detest beyond measure that my ID currently stores a scan of my fingerprint, and I hope the court-ordered deadline makes that shit illegal again in 2027.

        • David Gerard@awful.systemsOPM
          link
          fedilink
          English
          arrow-up
          6
          ·
          7 days ago

          Control of resident data could be kept at municipality level

          no, they’ll fuck it up as hard as possible. These are not people who give a shit about the privacy of the plebs.