Privacy

45924 readers

1764 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS

330

Discord will require a face scan or ID for full access next month (www.theverge.com)

submitted 2 days ago by mr_MADAFAKA@lemmy.ml to c/privacy@lemmy.ml

101 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] mcv@lemmy.zip 9 points 1 day ago (3 children)

I'm not against age restrictions, but letting every site brew their own method is a really bad idea. I'm not going to upload my legal ID to every random site; that's a recipe for identity theft, and it's a really bad idea to teach people that that's normal or acceptable.

And age guessing through facial recognition is incredibly unreliable. My 16 year old son has already been accepted as 18+ somewhere. I had a full moustache at 14. Others are blessed with a babyface well into their 30s.

The only right way to do this, is if governments provide their citizens with an eID that any site can ask "is this person 18+?" and get an accurate answer without any other identifiable info. And if you don't want the government to know what sites you visit, have sites route the request through a proxy.

But instead everybody's got to cobble together their own improvised system that we just have to trust blindly is not going to sell our data.

[–] freedickpics@lemmy.ml 3 points 9 hours ago

and it’s a really bad idea to teach people that that’s normal or acceptable.

This is a point so few people mention. Normalising having to give up personal information online is such a dangerous thing to do and companies/governments that enforce this shit are setting people up to be scammed

[–] Ferk@lemmy.ml 1 points 8 hours ago* (last edited 7 hours ago) (1 children)

if you don’t want the government to know what sites you visit, have sites route the request through a proxy.

I feel a proxy would not really make much of a difference. If the government keeps a mapping of which eID corresponds to each real person from their end (which they would do if they want to know what sites you visit) then they can simply request the services (and/or intermediaries) to provide account mapping of the eIDs (and they could mandate by law those records are kept, like they often do with ISPs and their IP addresses). The service might not know who that eID belongs to.. but the government can know it, if they want.

The government needs to want to protect your privacy. If the government really wants to know what sites you visit, there's no reason why they would want to provide you with a eID that is truly anonymous at all levels and that isn't really linked to you, not even in state-owned databases.

[–] mcv@lemmy.zip 1 points 4 hours ago

Of course, a government has many ways they can legislate your rights, freedom and privacy away. But if you want to do this in a way that preserves privacy, this is how you do it.

Of course the government knows who you are; they have to. They issue your ID, and that makes them the only organisation that can issue your eID. But a government that serves its people would provide this an a service, with the proxy, to ensure privacy is respected.

And of course with a warrant they can and should be able to demand access to the proxy's or the website's logs. But only with a warrant. That is the bar that the government should always have to clear before they can get access to any citizen's privacy.

[–] M1k3y@discuss.tchncs.de 4 points 1 day ago (1 children)

And if you don't want the government to know what sites you visit, have sites route the request through a proxy.

Actually, no on the fly communication with the issuer is required for selective disclose. You just need a signed document with individually salted hashes of different properties and you can create a zero knowledge proof non-interactively. Zero knowledge meaning that truely nothing but the disclosed property (age > 18, County == DE, or whatever) is communicated to anyone.

Theres a lot of other cool stuff that can be done with zero knowledge digital identity wallets. You could for example hash your pubkey together with the service providers pk and disclose that as a per service ID, but not reveal your pk. This allows linkability within one service (as a login method for example) while preventing cross service linkability.

[–] Ferk@lemmy.ml 1 points 7 hours ago* (last edited 7 hours ago)

That prevents the site from knowing your identity, but I'm not convinced it prevents the government from knowing you visit the site. The government could keep track of which document corresponds to which individual whenever they issue / sign it.

So if the government mandated that each signed proof of "age>18" was stored by the service and mapped to each account (to validate their proof), then the government could request the service to provide them copy of the proof and then cross-check from their end which particular individual is linked to it.