- cross-posted to:
- privacy@programming.dev
- cross-posted to:
- privacy@programming.dev
Finally it seems the end of Reddit is near.
“Reddit has stressed that this system is only to verify users’ age, and it has no interest in your identity. Lee further stated that Persona won’t know what subreddits you visit, and has promised it won’t keep users’ uploaded images more than seven days.”
Press X to doubt.
Time to go to LemmyNSFW
Under the new UK law, lemmynsfw would also need to have some kind of age verification for UK users.
This. Can’t believe we’re seeing “lol Reddit sucks” when this is a country-wide implementation and has nothing to do with Reddit in particular.
So, the UK sucks.
You are correct. But this doesn’t lessen the extent to which reddit sucks.
Or it can just defederate from UK based instances.
.zip has already been trying to figure out how to handle this law, its also UK based.
Lemmy.zip blocks uk users on its front end but I think its contents is still federated.
.zip blocks users from the UK iirc.
Very careful wording there to switch between Persona and Reddit to conveniently omit one from the justification given by the other.
It is not just that, I don’t trust Persona security, if a malicious actor installed a silent program that monitors users and sends it to a command and control center they probably won’t know for months or even years. Cyber security is very bad in most companies.
Google uses reddit for its AI training. Just saying.
Presses X furiously
Why doubt, I mean they promised?
Meh, just upload a dick pic.
Next in the news: “500k Usernames, Passwords and biometric data leaked in the latest hack”
Hm, I’m going to need some software engineers to critique an idea I have that could at least partially solve the fears people have about their personal details being tied to their porn habits.
The system will be called the Adult Content Verification System (or Wank Card if you want to be funny). It’s a physical card, printed by the government with a unique key printed on it. Those cards are then sold by any shop that has an alcohol license (premises or personal). You go in, show your ID to the clerk, buy the card. That card is proof that you’re over 18, but it is not directly tied to you, you just have to be over 18 to buy it. The punishment for selling a Wank Card to someone under the age of 18 is the same as if you sold alcohol to someone under 18.
When you go to the porn site, they check if you’re from the UK, they check if you have a key associated with your account. If not, they ask for one, you provide the key to the site, the site does an API call to
https://wankcard.gov.uk/api/verify
with the site’s API key (freely generated, but you could even make the api public if you want) and the key on the card, gets a response saying “Yep! This is a valid key!” and hey presto, free to wank and nobody knows it’s you! If you don’t have an account, the verification would have to be tied to a cookie or something that disappears after a while for all you anonymous people.As a result, you can both prove that you’re over 18 (because you have the card) and some company over in San Francisco doesn’t get your personal data, because you never actually record it anywhere. All you have is keys, and while yes, the government could record “Oh this key was used to verify on this site”, they’d have to know which shop the key was bought from, who sold it, and who bought it, which is a lot more difficult to do unless the shopkeeper keeps records of everyone he’s ever sold to.
So… Good idea? Bad idea? Better than the current approach anyway, I think.
I’m a security dev and this is a good idea!
How would you solve replay attacks? Like a million people, of age or not, sharing the same key?
Maybe you could limit the number of verifications a key can have in a day? Limit it to say 10 verifications per day. So if you’re on Pornhub and have an account, you can have the key associated with the account, verified, and so you don’t need to re-verify. But if you go on 10 completely different sites and verify for each one, you can’t verify after that 10th one within the same 24hr period?
You could maybe also include guidelines for integration where if a key is associated with an account, that key can’t be used for any other account. You can include that under some requirement that says you have to make ‘best efforts’ to ensure that a key is only ever used by one account at a time. That way, if a million people are sharing the same key, you’d have to trust that all one million of them will never associate that key with their account because if they do, it invalidates that key for every use other than through that account on that site.
Yeah, fuck all that.
Guess we’re transitioning into a VPN only future.
We have the opportunity to head into a utopic or dystopic future and we’re absolutely choosing the dystopic one.
They’ll criminalize personal VPN users for non-work purposes, next.
Work VPN doesn’t look any different to any other VPN to the people tapping the lines.
Once businesses fully implement zero-trust, VPNs are redundant.
I agree, and whilst I don’t personally bother with vpns myself because I prefer other solutions, it’s one of the things that helps prevent insane UK politicians’ bad hottakes on tech becoming law
Edit: an apostrophe
I’ll just use a VPN to hide my VPN use and then they’ll never know.
Good luck, I’m behind 7 proxies.
A VPN future? Haha. Not if they don’t want to. There are many ways to prevent VPN from operating when you’re a government.
You can just plain ban encryption, which sounds really crazy, but yeah, they’re trying to.
You can just say “it’s illegal to use a VPN”. It’ll technically still work, but if there’s a trace of trafic from your house to a known VPN endpoint, you’re it! Great!
They can force custom proprietary spying software on your devices. Sounds equally crazy as the thing above, right? But rest assured they’re ALSO trying to do that. Multiple times, even. And in some places… they did. Of course, nothing forces you to have such software on your device. Especially if your devices are not supported; it also turns into a “you have to buy this or that big name device, everything else’s de-facto illegal! Fuck you, we’re the government!”. And if you get caught for whatever, and your phone, PC, or anything isn’t “compliant”? Bam. Guilty.
Plenty of option. All of them completely stupid and would weaken both privacy, individuals, and governments at large. It never stopped legislation from being pushed forward.
They can force custom proprietary spying software on your devices.
- That would block Linux from their borders, which means goodbye Steam Deck in the UK among other things.
I don’t think we ever really had a choice
Indeed. With our current system it was only a matter of time. As soon as the internet became a default thing which everyone needed to access just to function in their daily lives, it would of course be subjected to the exact same exploitative mechanisms that the non-internet part of our lives have suffered from since the dawn of history.
The “won’t somebody please think of the children” rhetorical tactic is always just a pretext for authoritarianism, mass surveillance and data privacy intrusion. Always. It’s the perfect motte-and-bailey: when you attack the actual motives, the motte becomes, “So you don’t care about children?”
UK is full blown authoritarian now. They have been arresting journalists who are covering the genocide in Gaza and designated a direct action protest group as a terrorist organisation.
These assholes are all pedophiles and they use it to control the planet. To get to high levels of government, you must enter the shadow contract of pedophilia. It is easy to control people and trust people with that kind of shadow on them, so it is required.
Then they turn around and use pedophilia to control everyone else. Any tech that threatens their power, they can immediately shutdown by pedo-bombing it. The counter to pedobombing is authoritarian moderation. Once you have that, it is over. The government they control now can control the mods, and that means they control the narrative. THAT is one of the core enemies to fight. An alternative to Reddit or any other system is not enough.
Because pedophilia is such a taboo / social death sentence, it is among the most powerful shadow contracts.
This is a combination of terrible legislation in the UK meets awful social media site.
The Online Safety Act is an abomination, compromising the privacy and freedom of the vast majority of the UK in the name of “protecting children”.
I’m of the view parents are responsible for protecting their children. I know it’s hard but the Online Safety Act is not a solution.
All it will.do is compromise the privacy and security of law abiding adults while kids will still access porn and all the other really bad stuff on the Internet will actually be unaffected. The dark illegal shit on the Internet is not happening on Pornhub or Reddit.
The UK is gradually sliding further and further into censorship, and authoritarianism and all the in the name of do gooders. It’s scary to watch.
The online safety act isn’t actually about protecting children. That’s a smoke screen for a surveillance bill. They want to eliminate anonymity online.
If a politician says it’s to help the children, it’s almost safe to assume they themselves rape children, at least in America.
POV: You’re the intern tasked with reviewing the selfies.
It’ll almost certainly be an AI model doing it.
That brings up an interesting thought. What if people uploaded AI generated selfies?
So long as its generated by the same (or a better model) it shouldn’t be able to tell.
Yeah, this is showing up at roughly the same time we can get (almost) free 5 second video generation from some services, and fast still picture generation on consumer grade hardware. It’s the perfect combination of useless, stupid, and obsolete, all in one very pricey and very dangerous precedent-filled package.
thats not what pov means, upload a selfie as punishment
That could very well be the POV of the intern having to approve career gooners
POV = point of view. The intern’s point of view. They’re looking at the selfies submitted by gooners. The picture is a gooner. Idk what you’re talking about.
Like father, like son, I guess.
Yeah, I will definitely trust an internet stranger with my face so they can verify that I’m not underage to access content which could, in case of being leaked, damage my reputation or even destroy my life.
DEFINITELY
u/spez was the lead moderator of r/jailbait, and when he was caught, he got rid of mod transparency. Ghilisaine Maxwell was likely a l lead moderator of news Reddits as well (u/MaxwellHill). Reddit has always been compromised.
The speed they banned r/pizzagate was illuminating.
I’m not defending Spez, I think he’s a piece of shit and he did edit other users’ comments that were critical of him, which is fucked up, but I don’t think he was actually involved with that sub. It was possible to appoint mods without their knowledge or consent, and he’s a huge target, someone must have done it as a joke.
Keeping the age verifier seperate from the content host is good. Destroying the files used for verification is good. On paper it’s not too a bad system for age verification, but it really hinges on if you can trust them. Given the track record of basically almost every company and government ever…
Problem is, how do we know that the company is reputable, audited, and so on?
I’ve seen more places requiring verification - and each one of them seems to use a different verification company. How are there so many of these places, and why aren’t they more commonly known? Like Experian for credit, etc.
Sure it might sound good to keep them separate - but all that is doing is absolving the content host from liabilities for providing the adult content (somewhere) on their platforms and sites. Reddit don’t want to get involved, and I’ll bet they found the cheapest and easiest provider, or the first one in the search list and thought “good enough”.
I think it’s good that Reddit is trying to continue to allow adult content within the legal framework in which it must operate.
I guess what I’m not clear on it is what the legal framework is for verification services. Absent rules that require robust privacy protections market forces will push a race to the bottom in terms of cost and data security will be the first to take a hit.
I know this might seem weird but I think this is one of those cases where a blockchain based smart contract might be the best solution. I’m not exactly sure, as any system that allows one to consume content generally also allows one to copy it, but having a system defined in code in a publicly auditable manner that cannot be changed without notice seems to me to have the capacity to grant the most reassurance.
I mean I assume that all the verification company is doing now is verifying a person’s age and then giving a kind of authorization token that’s cryptographically secure that basically says “the owner of this cryptographic key is of age”.
If the UK is going to require adult verification it should be built into your internet contract. Yeah, I’m an adult. I’m paying my bills, of course I’m a fucking adult. I over pay for this garbage internet.
Uploading a selfie? The ai is going to determine if you’re over 18? Can the ai determine if the selfie is also ai?
Can the AI determine if I’m just uploading photos of Kier Starmer as my ID?
it should be built into your internet contract
This works fine with personal contracts like your mobile. (EE has a porn filter that you can disable in your account.)
But it doesn’t quite work for contracts that usually have multiple users. Like your home Internet. Because a child could connect to your WiFi and access that shmutz.
Parental controls exist. Why should single adults be forced to jump through hoops because most parents are lazy fucks who don’t take responsibility for their kids?
because most parents are lazy fucks who don’t take responsibility for their kids
These laws aren’t a response to a real problem. The kids are fine. The parents are usually fine. These laws are posturing at best.
Because it’s always a few fuckwits ruining it for the rest.
Well, I guess i am going to be regularly updating the metadata on my most recent selfie.
Oh dear. What a dreadful business.
Anyway, this is mine.
We thought the same thing about Netflix with the sharing password bans. Yet they retained more profit than ever the next year.
Who’s to say if this is what will make Reddit end, or did they actually just got more successful after the end of 3rd party apps compared to the declaration of so many users back then?
Digital personal verification is just going to become a fact of life in the future for everyone born after about 2012. They will use online ID cards, biometrics, location metadata that is constantly uploaded by our devices, maybe even implanted RFID encrypted chips for account verification. Passwords are becoming outdated and outmoded for security as we speak here. 2FA is the minimum security for online today but that may soon become outmoded as well.
LOL. No “we” didn’t. A few idiots did.
These large tech companies have e focus groups and can do extensive research on how their markets will react to these changes.
Any analysis on social media just doesn’t have access to that data.
That’s because Netfilx is basically a media powerhouse & kind of a monopoly.
& your average person doesn’t know how to effectively pirate