undefined | Better HN

story

0 pointscodedokode9mo ago0 comments

No, "digital credentials" is an awful idea because it requires to store your ID on your phone and thus make it accessible to Apple and Google and secret courts. What I suggest is simply to store a single "isAdult" bit on device, without revealing any identity, and make apps like browser do the censorship on device, without sending any data to a webite. The algorithm is as follows:

    if isAdult == 0 and website doesn't send a "safe-content" header, then:
        browser refuses to display content
    if isAdult == 0 and photo in a messenger doesn't contain a "safe-content" metadata, then
        photo viewer refuses to display content
    if isAdult == 0 and the app is not marked as safe, then
        app store refuses to download the app and OS refuses to launch it

With my approach, you don't need to store your ID on your device, you don't need to send your ID anywhere, and website operators and app developers do not need to do anything because by default they will be considered not safe. So my solution's cost is ZERO for website operators and app developers. As a website operator you don't need to change anything and to verify the age.

0 comments

jbjbjbjb9mo ago

I think you misunderstood how the digital credentials api works. It keeps it in your phone’s secure element and lets you share just a “yes/no” proof like “over 18” without revealing anything else. It’s basically the cryptographically secure version of the isAdult bit you’re describing. It also has trust by cryptographically signing the proof and it can handle different jurisdictions.

codedokodeOP9mo ago

Not keeping the ID in a phone is better than keeping it in a "secure element" and having to upload it there using closed-sourced software with unclear functionality.

jbjbjbjb9mo ago

I’m not sure it has to keep the id on the device, it keeps the signed digital credentials not the original id document. The government would sign the “facts” like isAdult etc and they currently issue and sign all current ids anyway.

_Algernon_9mo ago

What stops the under age user from setting isAdult = 1?

imtringued9mo ago

Their parents. The alternative is complete government surveillance of literally everything and I mean literally everything, starting from resource extraction and knowledge needed to manufacture electronics and the policing of every planet in the universe that is capable of giving rise to sentient intelligent life.

codedokodeOP9mo ago

Proprietary closed-sourced OS, the same thing that prevents you from installing Debian on your phone (unless it is Google Pixel).

_Algernon_9mo ago

Removing the ability to install a custom OS is just as big of an erosion of rights if not bigger.

The war on general purpose computing is still going strong, if this is suddenly considered the lesser evil.

j / k navigate · click thread line to collapse

0 comments

jbjbjbjb9mo ago

codedokodeOP9mo ago

Not keeping the ID in a phone is better than keeping it in a "secure element" and having to upload it there using closed-sourced software with unclear functionality.

jbjbjbjb9mo ago

_Algernon_9mo ago

What stops the under age user from setting isAdult = 1?

imtringued9mo ago

codedokodeOP9mo ago

Proprietary closed-sourced OS, the same thing that prevents you from installing Debian on your phone (unless it is Google Pixel).

_Algernon_9mo ago

Removing the ability to install a custom OS is just as big of an erosion of rights if not bigger.

The war on general purpose computing is still going strong, if this is suddenly considered the lesser evil.

j / k navigate · click thread line to collapse