Most active commenters
  • ivan_gammel(5)
  • al_borland(3)

←back to thread

Supreme Court's ruling practically wipes out free speech for sex writing online

(ellsberg.substack.com)
693 points macawfish | 12 comments | 12 Jul 25 18:14 UTC | HN request time: 0.03s | source | bottom
Show context
al_borland ◴[12 Jul 25 18:53 UTC] No.44544145[source]
All these ID check laws are out of hand. Parents are expecting the government, and random websites, to raise their kids. Why would anyone trust some random blog with their ID?

If these laws move forward (and I don’t think they should), there needs to be a way to authenticate as over 18 without sending picture of your ID off to random 3rd parties, or giving actual personal details. I don’t want to give this data, and websites shouldn’t want to shoulder the responsibility for it.

It seems like this could work much like Apple Pay, just without the payment. A prompt comes up, I use some biometric authentication on my phone, and it sends a signal to the browser that I’m 18+. Apple has been adding state IDs into the Wallet, this seems like it could fall right in line. The same thing could be used for buying alcohol at U-Scan checkout.

People should also be able to set their browser/computer to auto-send this for single-user devices, where it is all transparent to the user. I don’t have kids and no one else’s uses my devices. Why should I need to jump through hoops?

replies(36): >>44544207 #>>44544209 #>>44544223 #>>44544253 #>>44544375 #>>44544403 #>>44544619 #>>44544667 #>>44544797 #>>44544809 #>>44544821 #>>44544865 #>>44544875 #>>44544926 #>>44545322 #>>44545574 #>>44545686 #>>44545750 #>>44545798 #>>44545986 #>>44546467 #>>44546488 #>>44546759 #>>44546827 #>>44547088 #>>44547591 #>>44547777 #>>44547788 #>>44547799 #>>44547881 #>>44548019 #>>44548400 #>>44548482 #>>44548740 #>>44549467 #>>44560104 #
1. Eavolution ◴[12 Jul 25 20:32 UTC] No.44544926[source]
I am never providing my ID to anyone who can store it indefinitely. I am an adult and have no problem showing it in a shop if required as it isn't stored. Unless it can be proven it wont be stored (i.e. the bytes are never sent from my laptop) I will not provide it.
replies(1): >>44545123 #
2. ivan_gammel ◴[12 Jul 25 21:00 UTC] No.44545123[source]
Your ID is effectively stored by the issuer indefinitely. What’s the difference between one and two entities? What’s the difference between two and a hundred?
replies(3): >>44545278 #>>44545554 #>>44548174 #
3. al_borland ◴[12 Jul 25 21:20 UTC] No.44545278[source]
The more people you give your personal information to, the less personal it becomes.

The servers storing this information have been hacked in the past and it will happen again in the future. The fewer places your ID lives, the lower the risk of it leaking.

Even if you don’t view the data as sensitive, it still associates a person with a website. Depending on the site, that can have negative ramifications in a person’s life. This is especially true when certain websites get associated with various political leaning and when the data leaks, the people who happened to be registered (for whatever their reason) get attacked.

replies(2): >>44546203 #>>44554053 #
4. andrepd ◴[12 Jul 25 21:59 UTC] No.44545554[source]
What's the difference between a state agency issuing a document, and sending that document to 100 random websites. This is your question, correct?
replies(1): >>44548652 #
5. delusional ◴[12 Jul 25 23:44 UTC] No.44546203{3}[source]
Where I'm from we sorted this out with laws. It's not hard to figure out if one of your workers are associating with a union, but you're not allowed to treat them differently based on that. Laws make sure you don't, even though you technically could.
replies(1): >>44546678 #
6. al_borland ◴[13 Jul 25 01:19 UTC] No.44546678{4}[source]
The tricky part is proving you’re being treated differently and that’s the reason why. Trying to legislate human behavior at that level doesn’t seem to work well.

My company has rules against retaliation. Good luck proving that’s the reason you didn’t get promoted, or were left off of a project. People get left off projects and don’t get promoted all the time. Keeping your job because the company is legally obligated to sounds like an uncomfortable working environment.

7. rocqua ◴[13 Jul 25 07:13 UTC] No.44548174[source]
The difference between one and two is being able to link two things I did. If you know who I am, that barely affects me. But if you can then cross-check whether I also went ballroom dancing, or went to a golf course, or went to a sexclub, or went to a ball-game. Then it starts affecting me.
replies(1): >>44548574 #
8. ivan_gammel ◴[13 Jul 25 08:32 UTC] No.44548574{3}[source]
Just don’t consent to sharing your data to third parties for marketing or research purposes. In civilized world there exist laws which give you this right. It is surely not the problem with ID verification or storage.
replies(1): >>44549096 #
9. ivan_gammel ◴[13 Jul 25 08:46 UTC] No.44548652{3}[source]
That’s a strange assumption. ID verification is part of entering the contractual relationship in many parts of this world, it’s absolutely normal thing. You don’t show your ID to random sites, only to those where you want to become a customer. If you don’t want to sign the contract, you don’t show your ID. I don’t know how many places have a copy of my passport (many hotels, for sure) and I don’t care as long as they are compliant with the laws. Tracking via ID is economically much less effective, since most websites won’t require ID verification anyway, so the biggest concern should be identity theft - but there having a copy of your ID is rarely enough in countries with developed government ID infrastructure. E.g. in Germany you must present original ID to open a bank account or change your residence address. In countries with digital IDs and government services identity theft often goes via easier routes by hijacking digital ID accounts.
10. sethammons ◴[13 Jul 25 10:17 UTC] No.44549096{4}[source]
Giving your data to a website is the same as giving it to a stranger on the bus. Maybe closer to going to a seedy part of town and giving your ID to random criminal and hoping they don't do anything unscrupulous.
replies(1): >>44554015 #
11. ivan_gammel ◴[13 Jul 25 21:42 UTC] No.44554015{5}[source]
It is not the same, it’s a classic straw man argument. First of all, not just some data, but your ID details - this is important detail. Second, not to a random website, but to a website you wish to engage in a contractual relationship and where your ID is actually required. Third, they are unlikely criminal and there are legal protections in this scenario in most civilized countries. Fourth, the way it goes, it is very unlikely that you will be presenting your ID, instead providing attribute proof through a third party. See e.g. Nect Wallet and similar apps. ID verification will not increase your risks of identity theft etc compared to leaks of other PII. Probably the risk will be lower due to higher compliance requirements.
12. ivan_gammel ◴[13 Jul 25 21:47 UTC] No.44554053{3}[source]
ID verification does not increase risks for majority of people. Most people don’t use single use email aliases and thus harmful association can happen for them in any leak of their account data, with or without ID details. It is likely that higher compliance requirements will actually reduce the risk of a leak. And of course, chances that every website doing verification will store your ID are very low. It‘s costly, so it will likely be outsourced to a third party provider specializing in this job (which will be much more secure than doing it with some WordPress plugin or other shitty custom solution).