[HN Gopher] Online ID / age verification: the death of online se...
___________________________________________________________________
Online ID / age verification: the death of online search
Author : dredmorbius
Score : 86 points
Date : 2021-07-15 20:00 UTC (2 hours ago)
(HTM) web link (decoded.legal)
(TXT) w3m dump (decoded.legal)
| djrogers wrote:
| This sounds like it would create a some new challenges for search
| engines, but the article itself offers a number of ways to
| address those.
|
| Given that, and the massive amount of money in search, I think
| the headline falls somewhere between clickbait and a flat-out
| lie.
| avhon1 wrote:
| How much money is in DuckDuckGo, Mojeek, Gigablast, YaCy, or
| other minority search engines? If indexing material requires
| serious resources, the only viable search engines will be the
| huge ones.
| ivan_gammel wrote:
| Government can offer rather simple infrastructure to enable
| digitally signing crawler requests and any legal entity
| should be able to acquire and renew signatures at very low
| cost. Total implementation costs for search engines won't be
| high in such case.
| dane-pgp wrote:
| No doubt Google will come up with a way for search engines to
| authenticate to the sites they are spidering, which will be
| just "Open" enough that all their competitors can implement
| it for free (but not have any control over the evolution of
| the technology).
|
| Sites would just have to decide which search engines they
| want to allow to spider them, which will probably be a
| hardcoded list in a webserver config file somewhere, with the
| associated public keys.
|
| If we're lucky, webserver package maintainers will try to
| keep these lists up to date, and Google may even contribute
| some funds for the development effort, doing just enough to
| stop this system from triggering an anti-trust investigation.
| j56no wrote:
| Age is going to be another credential, based on signatures that
| browser will be allowed to present. Spiders will have their
| signatures, which cannot be copied, eg think how SSL client certs
| work. Now, are sites going to require age credentials? sounds
| like a GDPR v2 cookies story.
| zodPod wrote:
| More of governments who have no idea how technology works trying
| to solve technology problems.
| DethNinja wrote:
| Believe me they got a pretty good idea, they know knowledge is
| power and they want to limit the access to it.
| dmje wrote:
| I'd argue that kids need the tools and techniques to understand
| how to deal with dodgy online content, rather than locking it
| away. Prohibition tends to drive things underground; I'd rather
| have (and am having - I have 2 teenage kids!) realistic and
| honest conversations about porn and other content. I don't lock
| my router to stop adult site access, instead we're having a
| conversation about it.
|
| I'm under no illusions, btw. I know they'll access it. I know I
| did as a teen (albeit magazines rather than the web) but I think
| a dialogue is sorely missing about damage, the impact on women,
| body image, etc etc. The more this is pushed into a black/white
| old enough / not old enough over-simplified scenario, the less we
| can have nuanced conversations about it all.
|
| I suspect this whole move is purely an optics piece. That doesn't
| make it any less dangerous, in fact it maybe makes it more
| dangerous, but it explains the incompetence and lack of thought
| behind it.
| retrac wrote:
| Even though the net has drastically amplified the issue, both
| 20 and 40 years ago it was tricky for a boy to make it to
| manhood, at least in the West, without seeing some nude
| magazines and perhaps more than a few hardcore films. Your
| advice was sometimes the advice given then, and I think it was
| right then and now. But while telecommunications has enabled 4K
| porn videos, it doesn't seem to have enabled us to talk with
| each other about it seriously, in proportion.
| wnevets wrote:
| > I'd argue that kids need the tools and techniques to
| understand how to deal with dodgy online content, rather than
| locking it away.
|
| We can't even get grown Adults to do that.
| tomjen3 wrote:
| Thing is it is not that difficult to lock down most porn sites
| if you are in control of the router and can force the use of a
| specific DNS.
|
| If you have your childrens iPhones as part of a family setup
| you can also block their access that way.
|
| However I salute you for your choice, which is the harder and
| better way. If more parents did as you, we would not have the
| issues we have today.
|
| Porn is nice enough but watch, but because there is essentially
| no discussion about how to have sex (outside of school, which
| at best is put tab a in slot b, here is how not to become
| pregnant, this is what STDs are.) the only input too many teens
| get is porn.
| hexa22 wrote:
| Won't block Firefox which uses encrypted DoH dns.
| hellbannedguy wrote:
| I've wondered what is the best strategy is over the years.
|
| 1. Heavily restrict the porn/bad sites.
|
| or
|
| 2. Let them see the bowels of the internet, and hope they
| will go in the opposite direction.
| mianos wrote:
| If they have phones with a sim and data they can just turn
| off the wifi and bypass the local network blocks.
| bserge wrote:
| Some argue linking real identities to online accounts will
| reduce, well, all negative activity.
|
| Facebook, Weibo and other smaller platforms around the world
| prove that's not going to happen.
|
| (Too) Many people are still going to be trash even with their
| actual identity out in the open.
|
| So just leave the Internet be, for the love of everything.
| criddell wrote:
| > Some argue linking real identities to online accounts will
| reduce, well, all negative activity.
|
| I don't think anybody is arguing that it will reduce _all_
| negative activity, just some.
| BuildTheRobots wrote:
| Is the plan to make real identities publically viewable?
|
| Seems like it's either a data breach waiting to happen or
| makes it much easier for the worst to dox and target people.
| closeparen wrote:
| The whole premise of "doxing" being a problem is that
| people have a right to say things on the internet that
| would get them in trouble in real life.
|
| I think the pro-real-names position would argue that it is
| net negative for society for people to have this ability,
| we should only be saying aloud what we are willing to put
| our reputations behind.
|
| I don't agree with this position, but afaik that's the
| position.
| ellenhp wrote:
| I know you said you don't agree but you left that
| position up without a rebuttal so here goes. What if
| someone managed to dump of the personal information of
| everyone in an online support group for LGBT folks and
| published it. That's doxxing too and this would do
| nothing to mitigate it.
| hexa22 wrote:
| Doxing is far greater than being canceled for a reddit
| comment. An open source dev recently got doxed and had
| 4channers banging on their house windows at night.
| Swatting and similar activity is also an extreme problem.
| Zababa wrote:
| > An open source dev recently got doxed and had 4channers
| banging on their house windows at night.
|
| As far as I know, this hasn't been confirmed by anyone
| other than the dev themself yet. The personal information
| is also not in the archive, so someone (4chan staff or
| archive staff) did their job. We'll have to wait and see
| for the truth of that case, if it ever comes to light.
| irthomasthomas wrote:
| There is a strong desire in some to avoid fame. Anonymity
| solves that. Names risk fame.
| handrous wrote:
| I dislike the way the 'net has gone such that this kind
| of measure is probably inevitable--I prefer one that's
| anonymous-by-default where revealing your real identity
| is strongly discouraged by norms and it's hard to gain
| anything "real" by revealing it, anyway, so there's
| little incentive to--but on the anti-anonymity side, I'd
| agree it's pretty damn weird that we treat shouting crazy
| or abusive shit (or anything, really) into a world-reach
| megaphone with so little gravity, or expect anonymity
| when doing so.
| smoldesu wrote:
| I'd argue it's addressing the wrong criticism then. People
| should feel fine critiquing what a celebrity is wearing on
| social media: that's not toxic behavior, but having your real
| name inextricably linked to your account would definitely
| make you think twice.
|
| The _real_ issue here is the dedicated toxic users: sites
| like 4chan and Kiwifarm for example. Those groups are
| typically responsible for the real damage we see on the
| internet, and there 's likely no way for us to ever flush
| them out. It's a cat-and-mouse game that cannot be won, only
| indefinitely postponed (which is a victory in their books).
| akomtu wrote:
| What damage? They sit on 4chan and whatever they say stays
| there.
| jimkleiber wrote:
| For me, the problem with anonymous identities online is that
| laws (at least in the US) surrounding defamation and other ways
| to regulate human interaction seem based on a real identity.
| Without that, I'm not sure how those and similar laws can be
| enforced on the internet.
|
| One could argue that they shouldn't be and that's maybe a
| separate conversation, but for example, right now, if someone
| defames me in person, I can sue them and if they defame me on
| the internet under anonymity, and I don't think I can (yes they
| can be anonymous in person but I think it's much more
| difficult).
| reedjosh wrote:
| > One could argue that they shouldn't be and that's maybe a
| separate conversation
|
| Yes, it's probably a separate conversation, but I don't think
| we should give these bad laws more teeth.
| dredmorbius wrote:
| Strong agreement here.
|
| The principle driver of antisocial behaviour online seems to be
| _impunity_ , _immunity_ , and/or _disinhibition_. Anonymity and
| /or pseudonymity are related, but nowhere near identical.
|
| As Yonatan Zunger, chief architect of Google+ (and now an ex-
| Googler) pointed out, _compulsory identification amplifies
| rather than removes power relationships_. This is his principle
| (and IMO devastating) response to David Brin 's _Transparent
| Society_ argument. Minorities and the disempowered obliged to
| identify themselves _lose even more power in the bargain_.
|
| What empowers abuse is the ability to inflict harm without
| _perception_ of risk, whether that perception is accurate or
| not. Disinhibition reduces perception whilst overall risk
| remains high. (The concept is captured in the word "assassin",
| deriving from the Arabic, _hashishin_ , referencing hashhish
| --- assassins had reduced inhibitions through pharmaceutical
| influence.) Legal immunity, the cover of a crowd, operating
| extrajurisdictionally, cover of a state or other significant
| actor, or simple mass delusions can all provide the reality or
| appearance of impunity.
|
| Mandating identity itself creates new avenues for abuse,
| including the revoking of official credentials, bureaucratic
| incompetence, bribery, and the potential of a "permanent
| archive" of all accesses (already substantially present through
| numerous mechanisms) which can be mined at arbitrary future
| dates, but as-yet unknown entities with as-yet unknown motives.
|
| I'll note that I'm one of numerous reasonably-well-know
| pseudonymous HN members.
| meowkit wrote:
| This is well stated. In case you read this reply, have you
| looked into decentralized identifiers (DIDs)? Any thoughts?
| dredmorbius wrote:
| I'm (maybe) composing my own set of suggestions to Neil. A
| substantial bit of that is TL;DR: credible assertions of
| characteristics (or rights or responsibilities) might offer
| some solution-shaped objects.
|
| But in many cases, there's no reasonable way to accomodate
| identity / credential / characteristic assertion into data
| flows (e.g., commandline tools, proxies).
| Edmond wrote:
| The argument about crawling is not a good one, a simple
| authentication mechanism, for instance with asymmetric key
| cryptography can address that problem.
|
| Along those same lines, the internet can in fact have scalable
| information verification (age,height,income,sex...etc) with
| robust privacy: https://certisfy.com
|
| In other words, cryptographic certificates can solve this
| problem.
| rabuse wrote:
| I've had this problem recently with parsing a webpage using some
| webscraping library, and returning nothing since everyone seems
| to be running a SPA now. It's infuriating that you pretty much
| need to run some headless browser to just scrape a damn website
| now.
| beiller wrote:
| Don't spas make scrapers easier cause you can just call the
| APIs directly?
| Geee wrote:
| Better solution is to provide OS-level parental controls, so that
| parents can whitelist websites / apps / social contacts for their
| children. No age verifications or breaches of privacy needed for
| safer Internet.
| ve55 wrote:
| The consequences of requiring government IDs for basic Internet
| usage are much worse than just making crawling and indexing more
| difficult. I worry that due to government/'activist' pressure and
| the difficulty of dealing with spam/bots/identity (think of the
| captcha/ML rat race we are in), we may end up with an Internet
| that is not only completely centralized (as ours is becoming),
| but that also completely disallows anonymous and pseudonymous
| usage in most cases. I'm definitely not a fan of the direction
| many government bodies are taking us with respect to this.
| Scoundreller wrote:
| > think of the captcha/ML rat race we are in
|
| Google and my employer deal with massive amounts of spam emails
| and gets it right 99.9999999% of the time.
|
| There's a reason why Google captcha me on their own properties.
|
| (It's inexplicable why EBay captchas me AFTER I submit 2FA...)
|
| We know who the bots are, but if you want your visitors to do
| some free work for my training models, so be it.
|
| The captchas need some work though. If you want me to select
| all photos with carS, I'm not going to choose the photos with
| one car only.
| mandelbrotwurst wrote:
| > The captchas need some work though. If you want me to
| select all photos with carS, I'm not going to choose the
| photos with one car only
|
| If you're trying to get through these while spending the
| least amount of time on them, you want to answer "How would
| most people presented with this answer the following: _______
| ?" as opposed to "What do you think is the most correct
| answer to the following ________ ?"
| Scoundreller wrote:
| I know, it was an academic exercise. I wanted to see if the
| system would adapt or eventually accept me anyway. It did
| not.
|
| So I bought the thing from another vendor.
| tomxor wrote:
| > It's inexplicable why EBay captchas me AFTER I submit
| 2FA...
|
| Google does this too and it drives me nuts. What's makes it
| even more of a "fuck you" is they will do it to paying users,
| (business accounts)... if you refresh the page three times
| the captcha goes away, they are just trying their luck at
| using people for free ML training labour.
| dredmorbius wrote:
| The article is a draft concerning UK Internet policies for which
| suggestions are solicited.
|
| I'd seen it posted to Mastodon earlier.
|
| Critiques are very much on point.
| pjc50 wrote:
| This is probably going to go nowhere. It fell over last time:
| https://www.bbc.co.uk/news/technology-50073102
|
| It's not even an important front in the culture war.
| pessimizer wrote:
| All of these things fail half a dozen times before they
| succeed.
| Nasrudith wrote:
| Which is why there has to be a punishment for anybody stupid
| enough to propose or vote for the bill. Throw them out on
| their ass and they'll get the message.
| woliveirajr wrote:
| > In other words, forcing users to prove who they are, or at
| least how old they are, before they can access the restricted
| content
|
| First we protect children. Then we protect specific groups. Then
| they redefine who should be protected of what.
|
| In the end a few protect all the others from knowing things they
| shouldn't know. And knowledge is power, as always.
| gopher_space wrote:
| We absolutely need a media walled garden for children. There's
| no good reason to give them unfettered access to the internet
| right out of the chute. They can grow out of it at their own
| pace.
|
| The moralizing coming from all angles is weird, since everyone
| involved would probably consider themselves a problem-solver.
| jimbob45 wrote:
| That should be done by the parent, not the child. There are
| more than enough tools for a parent to police what their
| child sees online.
|
| The problem is that parents aren't trusted to do their job by
| some and some want the government to step in and do as much
| parenting as possible. That's not how parenting works though.
| The government doesn't own your children and shouldn't get to
| decide how they're raised.
| cissou wrote:
| I hear your argument but would you apply the same to
| alcohol and cigarettes? Let parents make sure their kids
| get none of it until they're of age? I think it cannot work
| that way and it's OK for society as a whole to help with
| the parenting.
| alerighi wrote:
| Just don't give your children internet access till they are
| old enough that they can be responsible enough to use it
| correctly? Why this is not an option?
|
| I got a PC that was all mine and an ADSL internet connection
| at 16 years old, before of that I used the family computer,
| but not really used the internet a lot since back in the day
| it was quite expensive, and when I did I was monitored by my
| parents. I got a smartphone that was capable of accessing the
| internet everywhere at 18, before of that only a phone that
| did phone calls and SMS. And still grow up fine and managed
| to get a good career in IT.
|
| There is no reason whatsoever for a child younger than 14 to
| use the internet on its own, without the surveillance of his
| parents. And there is even no reason for him to have a
| smartphone. If as a parents you are concerned about giving
| him a phone for emergencies, just give him a 10$ feature
| phone that can only do phone calls and SMS. It's as simple as
| that.
|
| Nowadays kids are always in front of a computer or a phone,
| they no longer go out to play, instead they spend their time
| on Tiktok or other stupid social media. We must change that,
| not the internet.
| Nasrudith wrote:
| Really if you want to protect children don't make a goddamned
| dystopia for them to grow up in.
|
| We all know about the evil manipulators who favor that lie but
| frankly those stupid enough to believe bear moral agency as
| well.
| vkou wrote:
| I would like to point out that a child not having access to
| the internet is not necessarily a 'goddamned dystopia', it's
| just how the world has been from the time of the first ape
| that stood up, to the Eternal September of ~1993.
| cocoafleck wrote:
| I agree, but keep in mind that children grow up in a
| society, and make friends in school. You are influencing
| their relationships by restricting their internet access.
| panta wrote:
| Think of the children! ...They could grow some critical
| thinking abilities otherwise...
| tyingq wrote:
| This article could really use some context. It's not clear what
| proposal, from who, where, etc.
___________________________________________________________________
(page generated 2021-07-15 23:00 UTC)