zlacker

[parent] [thread] 13 comments
1. Knee_P+(OP)[view] [source] 2023-07-27 09:13:47
That entirely depends on how the mechanism is implemented.

For example you could have the website never knowing your actual ID but simply passing an encrypted string to the national server, which would return a 200 response if the document is valid. You could also have additional requests like "is the user 18+".

The website will just know the request is coming from something which has a valid ID available. The state will also not know which pages you browsed, only the domain of the request, just like with HTTPs your ISP does not know exactly the pages you browse but just the websites themselves.

And before someone talks about the state knowing your browser history: they already can by calling up your ISP, and they would get a lot more information than this mechanism would provide.

replies(6): >>salawa+6a >>quazar+cn >>flagra+on >>jasonj+Ft >>Zak+SA >>yjftsj+jS1
2. salawa+6a[view] [source] 2023-07-27 10:32:44
>>Knee_P+(OP)
It will never work. It'll all come down to a single ID. No one is going to do an ipta more eork than necessary Dissuade yourself of this illusion. Besides which, any type of "nerfed" system that avoids abusive patterns by design will just get

A) used as political chaff for jockeying by power hungry politicians as distraction fodder or FUD material

B) centralized by the intelligence community of your country, or an allied country with an agreement that they'll do the work for your government that your government can't.

There are things that simply should not, nay, must not be made.

The Single Identification Number is one. We have all the tools to do it today. The only thing keeping it from happening is refusal to implement at the grassroots level.

3. quazar+cn[view] [source] 2023-07-27 12:20:00
>>Knee_P+(OP)
time correlation between the isp and the authentication system
4. flagra+on[view] [source] 2023-07-27 12:21:32
>>Knee_P+(OP)
There's a lot of trust in that model. I would have to trust that the web server isn't passing extra information like the page I visited, that the government isn't passing back extra info like a unique identifier, and that the scripted strong is completely anonymous and single use.

If any of that trust is broken my privacy is at risk.

> And before someone talks about the state knowing your browser history: they already can by calling up your ISP, and they would get a lot more information than this mechanism would provide.

That depends on how you browse the internet today, and how the ISP tracks it. Simply using a different DNS service goes a long way, and using a VPN or the tor network may not be totally fool proof but should get around the basic drag nets am ISP is likely to use.

replies(1): >>solati+D61
5. jasonj+Ft[view] [source] 2023-07-27 13:00:15
>>Knee_P+(OP)
With the system you propose, the state would positively know that "citizen 24601 is being age verified at ObscenePornForConsentingAdults.com".

The ISP, with SNI implemented, would only be able to tell the state that "a device connected through this physical location accessed a server through Cloudflare".

replies(1): >>Mayeul+tS
6. Zak+SA[view] [source] 2023-07-27 13:31:39
>>Knee_P+(OP)
> they already can by calling up your ISP

My ISP will tell them I spend most of my time connected to Mullvad VPN, and Mullvad will tell them they don't know anything about what any particular IP address was doing.

Having to give identity attestations either directly or proxied by a government server would make such anonymous browsing much more difficult, if not impossible.

replies(1): >>helloj+mk1
◧◩
7. Mayeul+tS[view] [source] [discussion] 2023-07-27 14:38:15
>>jasonj+Ft
Not necessarily.

1. 18+website tells the browser age verification is needed, gives a random token

2. Browser signs a verification request with the local ID card (or a key temporality allowed to do so), forwards it to government server

3. Government server sees the request with random token, signs both, answer the browser

4. Browser forwards signed attestation to 18+website.

The government server only sees the random token. The website only has the attestation. There are other things that can be nitpicked against, but not this. For instance, can we require local ID cards? What about foreign visitors? Possibly an attestation from their passport? And of course, browsers sit in the middle and see everything.

However, this could be a useful mechanism to have. For age verification, nationality check, or even identity check on official websites. And if we have this, it's bound to be abused in some ways (Facebook could require an ID check).

replies(2): >>philwe+YZ >>Pawger+Xn1
◧◩◪
8. philwe+YZ[view] [source] [discussion] 2023-07-27 15:08:15
>>Mayeul+tS
I agree that you could design the system this way. But do you actually expect governments to do that?
replies(1): >>Anthon+AG1
◧◩
9. solati+D61[view] [source] [discussion] 2023-07-27 15:36:33
>>flagra+on
> there's a lot of trust in that model

No, there isn't. It's basically an OAuth login flow. The spec is publicly documented, anyone can register applications and check if the government is responding as desired, both by correctly requesting auth for the correct scopes in the government-hosted auth page, and by checking that the data returned from the gov matches what the spec promises.

replies(1): >>Anthon+aN1
◧◩
10. helloj+mk1[view] [source] [discussion] 2023-07-27 16:26:47
>>Zak+SA
Really the only way to defeat it would be by having all the citizens share their keys openly so no activity was ever guaranteed to belong to the credential owner.
◧◩◪
11. Pawger+Xn1[view] [source] [discussion] 2023-07-27 16:40:44
>>Mayeul+tS
> And of course, browsers sit in the middle and see everything

Google is loving this, I bet.

◧◩◪◨
12. Anthon+AG1[view] [source] [discussion] 2023-07-27 17:44:52
>>philwe+YZ
Also worth noting that if the system is designed in this way then anyone can set up a "pretend I'm 21" service which will sign anybody's token using a random adult's ID because it can't be traced back to them.

Conversely, that system is not secure if the site conspires with the government, because the government could record the signature (or the token) and then compare it to the one the site has to violate the anonymity of a legitimate user. There are forms of encryption that prevent this (the user does a cryptographic operation on their own device that munges the data so the site can still verify the signature but can't tell which one it was), but now you need the government to implement that system -- and update it if any vulnerability is found -- and do a coordinated update of all the sites in the world with the new protocol that patches whatever vulnerability is found -- and do this rapidly and competently because in the meantime the system would have to be taken offline to avoid it being actively exploited.

Do Not Attempt. Failure inevitable.

◧◩◪
13. Anthon+aN1[view] [source] [discussion] 2023-07-27 18:08:31
>>solati+D61
OAuth isn't designed to be secure against token issuers conspiring with services to deanonymize users.
14. yjftsj+jS1[view] [source] 2023-07-27 18:30:19
>>Knee_P+(OP)
> The website will just know the request is coming from something which has a valid ID available. The state will also not know which pages you browsed, only the domain of the request, just like with HTTPs your ISP does not know exactly the pages you browse but just the websites themselves.

Just the domain is still a pretty major information leak.

> And before someone talks about the state knowing your browser history: they already can by calling up your ISP, and they would get a lot more information than this mechanism would provide.

Yeah, but they have to ask. This creates a system that requires preemptively sending them that information.

[go to top]