Users claim Discord's age verification can be tricked with video game characters (opens in new tab)

It's a great first step toward making criticism of the government scary. Porn, hate speech, and other "legal but private/embarrassing" speech are the sharp end of the spear. When it's okay to restrict those, it becomes more easier to restrict political opposition.

Personally I'd rather my kid discover porn sites with cleartext(S) browsing, so I can be aware of the development and have a talk. Then later I can teach them how to use VPNs, TOR, and other secure protocols to eek out some freedom from this digital prison that Surveillance Valley has built for us.

I disagree. This is exactly what happened with the initial launch of Healthcare.gov after the Affordable Care Act. The government spent hundreds of millions contracting a large firm that completely botched the site, it couldn't even handle a few hundred users at launch.

Then a small team of highly skilled engineers from Google/Facebook etc were brought in to fix it. They stabilized and relaunched the system in weeks at a fraction of the original cost. It showed that the problem wasn't the complexity or the standards, it was how the project was managed and who was building it.

A small group of closely working skilled engineers would produce something more reliable and far less likely to have a privacy breach than the typical government contracting system.

The idea that a small group of people can't produce something that can scale to millions of people is just false.

It also wouldn't just be cheaper; it would be better. The "government" way of doing things would be far more likely to be broken glue code with privacy issues because all those committee meetings and bottom of the barrel contractor selection don't produce better end results

What are you talking about? The government gets to cheat and use the IRL ID verification they do already for licenses.

* You create your account as part of your license renewal and have a normal-ass login. As part of that your account is manually marked as being 18+ (or just your age) by the person behind the counter.

* The government publishes a few public certs which will be used to verify.

* Then you go to your account page and click the button to generate a certificate signed by one of the government's private keys. The cert is valid for say 7 days.

* You upload the cert to the website you want to access and the website validates it.

Done. You make it illegal to provide your tokens to minors like it's illegal to provide booze to minors. Good enough for government work. It's literally just an EV cert.

The problem gets a lot easier when you have a country wide IRL ID system already in place and can write laws.

I'd rather have a mess than allow the federal government to have more power over me. I'm trans and I would have to out myself every time I needed to show ID if I had to give up my state driver's license. I like not having to worry about getting harassed whenever I want to go to a bar.

This is one of my biggest issues with pretty much any ID verification legislation. If the Gov wants to enforce ID verification, it is incumbent on the Gov to bend over backwards to ensure that everyone impacted is given a free, secure ID. I refuse to accept any situation where someone is excluded from public participation because they can't afford or are otherwise unable to acquire an ID.

If you are trying to find someone who did it, in Italy we have "IO" (bad name for SEO purposes but hey....) and that's basically it.

It mostly works.

We already nearly have a national ID. That’s what RealID is clearly building towards. It helps to build a standardized and federated database of state ID cards that meet Federal guidelines. There’s an de-duplication system called SPEXS as well as a standard called Nlets that can be used to search the state databases. There’s a multi-state query (MSQ) that allows law enforcement to query all of the state databases and obtain a lot of the functionality that we get from a national ID. What’s missing from this is citizenship data, but ICE has a system called IAQ/IAR that can help with that. The recent “BBB” bill also tosses a lot of IT funding at DHS and ICE, which might lead to further expansions.

There’s also a system called mDL that allows you to obtain a digitally signed mobile driver’s license that can be used in your smartphone. This is only supported by a few states for now but it’s not hard to imagine this expanding to many more states in the near future, especially now that both Apple and Google are starting to support it. TL;DR we may not have a national ID, but it sure seems like pretty soon we’ll have an effective “national ID” that does most of the same stuff.

You don't need to identify the user, just be able to show that two tokens are the same user and invalidate, log out both users, and make them generate a new token. You can sell your license to kids today, but it doesn't scale and is a terrible idea to give a kid an ID to a place you frequent.

They will also know your habits and kinks etc.

Identity shouldn’t be tied to a private institution that requires you to have a bank account to login.

Two of the well-used solutions to identity in the U.S. are login.gov (government-managed) and id.me (private, but used by government). Basically to get setup, at some point you have to have physical presence to get an actual government-approved physical ID, which can still be a barrier to some, but it doesn’t require a bank account.

Just don’t implement your own like Discourse and Tea.app.

As a Brit that relocated to Norway a decade ago, trust me when I say you cannot fathom the lack of organization around identity that the UK (somewhat intentionally) has. (It’s constantly used for political Godwin’s-law fear-mongering)

There is no centralized ID number, the closest is your social security number but this is basically only outbound for PAYE tax and haphazardly correlated to your pension payments in late life.

Everything operates on a “trust system” where you often present paper (!) with whatever address you claim to be living at as proof you are real (e.g. opening bank accounts).

Passport loss is rectified by seeking out “professionals” with government-approved occupations that are not related to you that can vouch you are actually the person you are trying to replace a passport for.

The entire thing is a mess and living in digital-identity-native Europe is a dream come true that you should be extremely thankful for.

This is the way. Belgian banks joined forces years ago to create such a platform for identity verification and private companies can get granular acces when needed and after they are vetted. It's all based on the 2014 eIDAS regulation.

https://en.m.wikipedia.org/wiki/EIDAS

Yeah, it's more about the future. Maybe in a year or three, you'll be able to write a website that does age verification using a standard web API, without processing any identity documents yourself, and expect it to work.

And sometimes kids will put fake ID's on their phones, or borrow a phone, but that's not your problem.

"Very soon" is last year in this case

It was available with ctrl+shift+I for forever in their desktop client. It only changed in the last 2 years or so.

Pretty sure it's just a flag somewhere to re-enable.

Paging @patio11

You just described DRM

My non-expert understanding is that in the short term mDL is linkable to a cert serial, but those are supposed to be regularly rotated. So you might have 2) for a day or whatever the rotation period is. I think I've seen it asserted that it is possible to have a ZKP framework that doesn't require this, but I don't know how that might work.

The age verification bills in the US at least also make it illegal to record that information, sometimes with high penalties (e.g. my reading of Texas's is that it is up to $10k per retained record).

That just seems like a standard anti-tampering measure, I don't think it necessarily means the model is local or anything

And they have also long had places for collecting persistent, searchable information alongside their IRC presence; usually public bug trackers and/or forums.

It has become all too common for a project to offer only Discord, which not only makes all community-collected information more or less ephemeral, but also locks it away behind some corporation's ever-changing terms and conditions, some of which are onerous.

GP's complaint is not that ephemeral chats exist, but rather that there is often nothing else.

Except there were open, archival solutions for IRC for projects to take advantage of. Are there any for Discord?

You can read HN without an account, and making an account doesn't require providing a phone number. (Discord in some cases locks you out of an account entirely if it thinks that you are "suspicious" until you provide a one-time sms code from a phone # that satisfies them)

VPN ads do list actual use cases. The most popular one I've heard is geolocation-based pricing on airline tickets.

(I still don't really know what people are actually using VPNs for.)

VPN ads talk about bypassing streaming region locks all the time.

This should work the other way: a website must send a header that the content in the response is safe for those under 18. If there is no header, the browser doesn't display the page. It is easy to implement and there is no need to change existing websites for this.

I’ve often talked about in private settings about how running open source OSes and DRM-free setups would likely become illegal in the future. With every passing day this vision seems closer to reality.

First, there are too many brackets, second, I think the age should be set by a store, not by the user because obviously all kids will state that they are over 18.

So cat ~/.user_age ?

There's three groups:

First, a vocal minority of security freaks lead by Tony Blair who think that forcing everybody to carry ID cards around is a proportionate way to protect Britain from terrorists, illegal immigrants and other foes.

Second, a large proportion of the country who think that the introduction of optional ID cards is a slippery slope towards the first group getting what they want.

Third, another large proportion of people who think that the risk of the first group getting what they want is overblown, or else think that the convenience of being able to prove identity more easily outweighs the inconvenience of having to carry an ID card around everywhere.

In the great ID card battle of the late-00s, the second group won decisively and politicians have been too scared to take up the issue ever since. Except for Blair, but having the face of your political campaign be a war criminal is of negative value to that cause.

I wouldn't describe myself as a very very vocal person, but I'm not a fan of the UK introducing identity cards as it would almost certainly be misused by the government and the data would be leaked as the UK government is utterly incompetent (when it comes to computers).

Voter ID rears its ugly head.

It's compulsory now so it's doable. Especially since voter registers are available to certain companies* regardless of the voters' consent.

*eg political parties, credit bureaus.

>How about we accept that children are part of society and not try to put them in little cages like songbirds?

It's the correct idea but the way it should be done is by coming to a democratic consensus that helicopter parenting is bad, not by attempting to hobble the infrastructure of government. If only for the practical reason that it'll simply be outsourced and privatized. In US states where the police can't scan license plates, there's a private industry doing that and then selling the data back to the police. The same result but now you pay a premium.

Lee Kuan Yew was fond of making this point. Weak "horizontal" administrations will creep in ways that are more opaque and without checks than strong "vertical" ones.

Children are part of society, but adults need to have their space to do their adult things, some of which are actually hurting children. The "little cages" are actually supposed to aid a healthy mental development.

But whatever age-verification solution I have seen so far sucked, really badly. And I can't believe people promote something like a government based age check. People need their privacy.

Tangential discussion, one thing I like a lot about the Netherlands is that it's not common to flaunt wealth, at least not as much as in some other countries. For all their other flaws, isn't this something that comes from the protestants? Or is there a different historical background here?

I am fairly certain it can be done in a zero-knowledge way, but regardless, parents should be taking care of this.

It's worth being careful with broad characterizations like this. Attributing complex policy opposition to fringe beliefs or bad faith motives oversimplifies the issue and shuts down good faith discussion. Whatever one’s views, that kind of framing isn’t helpful.

The funny thing is voter suppression doesn't actually help either party consistently over time. Right now the marginal voter is Republican, and so are all the "low-information" voters (this is the polite term politics people use for, you know.)

So voter ID laws would make them lose every election. But of course, that's not permanent either.

Would Passports not be considered a "national identity system"?

In Germany it's not the case, but in Germany they have to store your IP address, and your IP address records are linked to your passport. It is illegal to get an Internet connection without a responsible party. The person who provides their passport is liable for all misuse no matter who did it. Public wifi was effectively illegal in Germany until recently due to this rule, until a special exception was made for public wifi but the rule is otherwise still in place.