can somebody screenshot the article i cant read it
I’m not against age restrictions, but letting every site brew their own method is a really bad idea. I’m not going to upload my legal ID to every random site; that’s a recipe for identity theft, and it’s a really bad idea to teach people that that’s normal or acceptable.
And age guessing through facial recognition is incredibly unreliable. My 16 year old son has already been accepted as 18+ somewhere. I had a full moustache at 14. Others are blessed with a babyface well into their 30s.
The only right way to do this, is if governments provide their citizens with an eID that any site can ask “is this person 18+?” and get an accurate answer without any other identifiable info. And if you don’t want the government to know what sites you visit, have sites route the request through a proxy.
But instead everybody’s got to cobble together their own improvised system that we just have to trust blindly is not going to sell our data.
and it’s a really bad idea to teach people that that’s normal or acceptable.
This is a point so few people mention. Normalising having to give up personal information online is such a dangerous thing to do and companies/governments that enforce this shit are setting people up to be scammed
if you don’t want the government to know what sites you visit, have sites route the request through a proxy.
I feel a proxy would not really make much of a difference. If the government keeps a mapping of which eID corresponds to each real person from their end (which they would do if they want to know what sites you visit) then they can simply request the services (and/or intermediaries) to provide account mapping of the eIDs (and they could mandate by law those records are kept, like they often do with ISPs and their IP addresses). The service might not know who that eID belongs to… but the government can know it, if they want.
The government needs to want to protect your privacy. If the government really wants to know what sites you visit, there’s no reason why they would want to provide you with a eID that is truly anonymous at all levels and that isn’t really linked to you, not even in state-owned databases.
Of course, a government has many ways they can legislate your rights, freedom and privacy away. But if you want to do this in a way that preserves privacy, this is how you do it.
Of course the government knows who you are; they have to. They issue your ID, and that makes them the only organisation that can issue your eID. But a government that serves its people would provide this an a service, with the proxy, to ensure privacy is respected.
And of course with a warrant they can and should be able to demand access to the proxy’s or the website’s logs. But only with a warrant. That is the bar that the government should always have to clear before they can get access to any citizen’s privacy.
I agree that a government that wants privacy can actually do it in a way that ensures privacy. That’s also what I was saying.
My point was that this is up to the government, and no amount of “route the request through a proxy” would patch that up, that’s not gonna help this case. Because this is not something that’s tracked in the networking layer, it’s in the application layer.
If the government wants to protect privacy, they can do it without you needing to use proxies, and if the government wants to see what sites you visit using these certificates, they can do it even if you were to use proxies.
If the proxy is independent, I don’t see how the government can know what the requesting site is. They can only see the proxy. I don’t mean a standard network proxy of course, but a proxy for the entire request. That’s probably the source of our misunderstanding.
They don’t need to know the requesting address in order for them to know if it was you the person corresponding to that proof of age, because the information is in the data being exchanged. These kind of verifications don’t depend or rely on IP address or networking, these are credentials that are checked on the application layer.
In fact, they don’t even need to directly communicate with the government for this.
This is equivalent to a registration office for a service asking you provide a paper stamped by the government that certifies your age without the paper actually saying who you are… the service does not need to contact the government if they can trust the stamp in the paper and the government official signature (which in this case is mathematical proof). And even though the service office can’t see your name in the paper, the government knows that the number written in the paper links to you individually, because they can keep record of which particular paper number was issued to which individual, even if your name wasn’t written in the document itself.
So, the government can, at any given time, go to those offices, ask them to hand in the paper corresponding to a particular registration and check the number to see who it belongs to.
The traceability is in the document, not in the manner in which you send it. It does not matter if you send the document to a different country for someone else to send it from a different address, on your behalf (ie. a proxy). If the government can internally cross-reference the registration papers as being the ones linked to your governmental ID, they can know it’s yours regardless of how it reached the offices. So this way they can check if you registered yourself in any particular place they wanna target and what your account is.
And if you don’t want the government to know what sites you visit, have sites route the request through a proxy.
Actually, no on the fly communication with the issuer is required for selective disclose. You just need a signed document with individually salted hashes of different properties and you can create a zero knowledge proof non-interactively. Zero knowledge meaning that truely nothing but the disclosed property (age > 18, County == DE, or whatever) is communicated to anyone.
Theres a lot of other cool stuff that can be done with zero knowledge digital identity wallets. You could for example hash your pubkey together with the service providers pk and disclose that as a per service ID, but not reveal your pk. This allows linkability within one service (as a login method for example) while preventing cross service linkability.
That prevents the site from knowing your identity, but I’m not convinced it prevents the government from knowing you visit the site. The government could keep track of which document corresponds to which individual whenever they issue / sign it.
So if the government mandated that each signed proof of “age>18” was stored by the service and mapped to each account (to validate their proof), then the government could request the service to provide them copy of the proof and then cross-check from their end which particular individual is linked to it.
The reason why it works is a bit complicated, but basically the trick is that the signatures are not immutable. Given a valid signature, it is possible to create a new valid signature over the same content that is not linkable to the original one. This means that it is still possible to derive, what authority signed the document, but the authority cannot know in which transaction it has signed that specific document.
If you have no way to link the signature to the original document, then how do you validate that the signature is coming from a document without repetition / abuse?
How do you ensure there aren’t hundreds of signatures used for different accounts all done by the same stolen eID that might be circulating online without the government realizing it?
Can the government revoke the credentials of a specific individual? …because if they can’t then that looks like a big gap that could create a market of stolen eIDs (or reusing eIDs from the deceased) …and if they can, what stops the government from creating a simulation in which they revoke one specific individual and then check what signatures end up being revoked to identify which ones belong to that person? The government can mandate the services to provide them all data they have so they can analyze the data as if they were Issuer, Registry and Verifier, all in one, without separation of powers.
Have not used this so I can’t speak to their viability, but there’s also @root
I’m never doing this. I’ll pay someone else to verify my account before I upload my dox with these assholes.
I’m fine switching to an alternative, but I have seen no gaming companies linking anything else for their official “forums”
Minecraft.wiki links to Zulip…
I hope for once people would get together and drop Discord so that Discord would have to reverse this policy. So often, we the customers really have the power if we get together and act together. All these social networks are nothing without the contributions of the customers.
without the contributions of the
customersWithout the contributions of the product.
As the adage goes, if you’re not paying for it (and often even when you are), you’re not the customer.
We should append this, …" or it is open source"
Of the accounts impacted globally, we have identified approximately 70,000 users that may have had government-ID photos exposed
Goodbye Discord.
Hello Matrix!
Matrix isn’t that good from an usability standpoint as it looks a lot like IRC
Usability is good in my opinion. They’ve spent a lot of time on the UI over the past couple years. The mobile Element X apps are excellent now IMO. But the two things that prevent matrix/Element from being a good discord replacement are:
- No Mumble-like voice chat. They have Zoom-like conference calling now, but no voice channels.
- Search is either non-existent (mobile clients) or is awful. It’s somehow worse than Discord’s search! I know it’s because the search needs to work on-device because of E2EE, but unfortunately it’s still a minus point vs Discord.
Honestly, the best solution to 1 may be to simply deploy mumble in addition to matrix (or other chat apps).
Seconding this, just use mumble. It’s self-hosted free and open source software, easy on resources, provides very low latency, and it’s very stable and reliable.
The client might look a little dated but I still love it. I don’t care for stupid electron apps, which every modern application seems to be.
LOL! That’s so true! Even I have trouble navigating.
I don’t trust discord with what little I formation I’ve gave them so far. Definitely not giving them my ID or a scan of my face.
But they pinky promise the face scan is not facial recognition and that it’s immediately deleted and never leaves your device.
Considering the recent “third-party” data breach cases…
More info for those unfamiliar:
Of the accounts impacted globally, we have identified approximately 70,000 users that may have had government-ID photos exposed, which our vendor used to review age-related appeals.
Yeah, you go ahead & do that, & watch how many people will jump ship to other alternatives while you lose a lot of money & subscriptions, especially when you’ve been hacked before.
People have found other alternatives to TikTok, & they’ll do the same with Discord.
i wouldn’t be so optimistic. normies have a tendency to accept quite a lot.
I mean, you’re not wrong, but have you seen what those alternatives were?
Lol, no thanks. I deleted this trash years ago and wish companies would stop using it for tech and customer support. “Join our discord channel!” - no.
Same here.
Its Joever
Discord is kill
Like I mentioned in a similar post, please look at this alternative: https://stoat.chat/
Seams cool, but why not matrix since matrix has different instances you can chose from.
forgot to add that one, my other post did include Matrix as well :)
Does this still require you to ‘call’ people to be in a voice channel? Or is it now similar to discord in that you join a channel and can hear anyone in it?
Finally my chance to quit?
IdkWell, time to dump Discord after I finish school.
