zlacker

[parent] [thread] 19 comments
1. lifeis+(OP)[view] [source] 2023-03-18 11:35:40
I am unclear why a reasonable digital ID (probably government ID card style) plus rate limits is not going to be effective.

I can see lots of reaosns people might oppose the idea but I am not sure why it's not a widely discussed option?

(asking honestly and openly - please don't shout!)

replies(5): >>creaki+w >>nprate+y >>ipaddr+t9 >>tbrown+Qb >>wpietr+lz
2. creaki+w[view] [source] 2023-03-18 11:41:47
>>lifeis+(OP)
Closest example I know of is Korean internet. It is almost nigh impossible to get an account in major websites without SSN and a phone number. Despite this, there are still countless bots and scammers that uses hacked or leaked personal data. So I’m not sure if it would be that effective
replies(1): >>lifeis+X3
3. nprate+y[view] [source] 2023-03-18 11:42:08
>>lifeis+(OP)
Because the only way it'd work is if it was mandatory (because of point 2); it'd then be extended to porn sites to protect the children. That means politicians browsing history on pornhub would also be recorded and inevitably leaked when they get hacked.
◧◩
4. lifeis+X3[view] [source] [discussion] 2023-03-18 12:14:27
>>creaki+w
I am thinking more like webauthn - but where I own a key pair, and I go to post office with my passport, they give me a nonce and prove that my it's my key pair then they post that public key is definitely me. I then can use that posting as my "username" and any challenge response includes the public key so they know that only I could be signing up

I am very aware of "designing a security system they themselves cannot break" and the difficulties of key management etc.

Would be interested in knowing more from smarter people

(probably need to build a poc - one day :-( )

replies(1): >>bombol+qh
5. ipaddr+t9[view] [source] 2023-03-18 13:06:55
>>lifeis+(OP)
If spam was your only problem now we have two spam and identity theft. Selling/obtaining identity information becomes very profitable and those working in the postal office must guard access like a bank vault.
replies(2): >>lifeis+Ji >>wpietr+7A
6. tbrown+Qb[view] [source] 2023-03-18 13:23:46
>>lifeis+(OP)
Anonymity is critical to free speech, because there exist bad actors who will resort to violence to suppress speech they don't like.
replies(1): >>lifeis+5i
◧◩◪
7. bombol+qh[view] [source] [discussion] 2023-03-18 14:11:37
>>lifeis+X3
> I own a key pair

Right there… it won't work with the general population.

replies(1): >>lifeis+ii
◧◩
8. lifeis+5i[view] [source] [discussion] 2023-03-18 14:15:54
>>tbrown+Qb
But, and I understand the argument, that is a problem for IRL society / government to solve.

If someone walks upto me in the voting booth and says "vote for X or I will kill you" that's a crime. If they do it in the pub it's probably a crime. If they do it online the police don't have enough manpower to deal with the situation.

We should change that.

Every time some fuckwit tweets "you and your kids are going to get raped to death and I know where you live" because some woman dares suggest some political chnage I would like to see jail time.

And if we do that then I can understand your argument, but I would then say it is not valid - in a society that protects free speech.

replies(3): >>woile+zj >>tbrown+Ts >>__Matr+dt
◧◩◪◨
9. lifeis+ii[view] [source] [discussion] 2023-03-18 14:17:50
>>bombol+qh
something like 2 billion people have a phone with a secure enclave capable of this in their pockets today - and they use it everyday for logins, payment and paying at the car park.

We have the penetration

(Afaik smartphone penetration is around 4.5-5 BN, and something like 50%+ have secure enclaves but honestly Indont follow that deeply so would defer to more knowledgeable people)

replies(2): >>klabb3+Py >>bombol+6j2
◧◩
10. lifeis+Ji[view] [source] [discussion] 2023-03-18 14:21:55
>>ipaddr+t9
Then make it a banks job to guard the bank vaults - they need to earn that FDIC bailout money :-)
◧◩◪
11. woile+zj[view] [source] [discussion] 2023-03-18 14:28:34
>>lifeis+5i
Actually, there could be places where verified humans are required, and places where they are not.
◧◩◪
12. tbrown+Ts[view] [source] [discussion] 2023-03-18 15:41:06
>>lifeis+5i
That doesn't work so well when the government is one of the bad actors.
replies(1): >>lifeis+Bz
◧◩◪
13. __Matr+dt[view] [source] [discussion] 2023-03-18 15:43:12
>>lifeis+5i
I'm far less worried about being intimidated into voting a certain way by someone who is avoiding the authorities online.

Much more likely is that I'll vote ignorantly because I lack information that someone withheld because they're intimidated by the authorities.

◧◩◪◨⬒
14. klabb3+Py[view] [source] [discussion] 2023-03-18 16:20:51
>>lifeis+ii
That’s not your identity, it’s an access token protected by an advanced lock screen (which is greatly useful, but not the same). If you lose your device, the way you get back into your accounts is your de-facto identity—usually it ranges between the email you used during signup to your govt id.

There isn’t a widely deployed public key network with keys that represent a person, afaik. PGP is the closest maybe?

15. wpietr+lz[view] [source] 2023-03-18 16:23:57
>>lifeis+(OP)
I expect that's where we're heading. But then, as somebody who writes online mostly under my own name, maybe I'm just biased. Come on in, the water's fine!

I think there are cases for anonymous/pseudonymous speech, but I think that's going to have to shift away from disposable identities. Newspapers, for example, have been providing selective anonymity for hundreds of years, so I think there's a model to follow: trusted people/organizations who validate the quality of a non-public identity.

So a place like HN, for example, could promise that each pseudonymous account is connected to a unique human via some sort of government ID with challenge/response capability. Or you could end up with third-party ID providers that provide a similar service that goes beyond mere identity, like the Twitter Verified program scaled up.

Disposable identities have always been a struggle. E.g., look at Reddit's very popular Am I the Asshole, where people widely believe a lot of the content is creative writing exercises. But keeping up a fake identity over the long term was a lot of work. Not anymore, though!

◧◩◪◨
16. lifeis+Bz[view] [source] [discussion] 2023-03-18 16:25:41
>>tbrown+Ts
My point is that if government is a bad actor, there is no recourse. We need a fair democratic society - it's on us to build one / keep it there
replies(1): >>accoun+eW5
◧◩
17. wpietr+7A[view] [source] [discussion] 2023-03-18 16:29:01
>>ipaddr+t9
The paradigm of fixed identity information as proof is pretty obviously doomed. Just like how the 1970s concept of username/password as proof of identity is on its way out. Or credit card numbers alone being used to validate transactions.

All of those notions are pre-internet ways of proving identity. In a world where we're all rarely more than an arm's length from a globally connected computer, they're on the way out.

replies(1): >>lifeis+zA2
◧◩◪◨⬒
18. bombol+6j2[view] [source] [discussion] 2023-03-19 08:23:20
>>lifeis+ii
> something like 2 billion people have a phone with a secure enclave capable of this in their pockets today - and they use it everyday for logins, payment and paying at the car park.

They don't own a key pair. They carry one around, which is owned by google or some other entity?

◧◩◪
19. lifeis+zA2[view] [source] [discussion] 2023-03-19 12:02:42
>>wpietr+7A
I am guessing that "fixed identity information" is not a key pair ?
◧◩◪◨⬒
20. accoun+eW5[view] [source] [discussion] 2023-03-20 13:15:37
>>lifeis+Bz
It might get to be that way some day, but for now there is recourse. France is (in)famous for it and they are currently making use of that way.

And this is important because a "fair democratic society" that doesn't need people to be able to protest is, as history has shown many times, only a temporary affair. The best way to keep it is to not give the government the tools a worse government could use to suppress dissent.

[go to top]