←back to thread

Supreme Court's ruling practically wipes out free speech for sex writing online

(ellsberg.substack.com)
693 points macawfish | 8 comments | 12 Jul 25 18:14 UTC | HN request time: 0.225s | source | bottom
Show context
al_borland ◴[12 Jul 25 18:53 UTC] No.44544145[source]
All these ID check laws are out of hand. Parents are expecting the government, and random websites, to raise their kids. Why would anyone trust some random blog with their ID?

If these laws move forward (and I don’t think they should), there needs to be a way to authenticate as over 18 without sending picture of your ID off to random 3rd parties, or giving actual personal details. I don’t want to give this data, and websites shouldn’t want to shoulder the responsibility for it.

It seems like this could work much like Apple Pay, just without the payment. A prompt comes up, I use some biometric authentication on my phone, and it sends a signal to the browser that I’m 18+. Apple has been adding state IDs into the Wallet, this seems like it could fall right in line. The same thing could be used for buying alcohol at U-Scan checkout.

People should also be able to set their browser/computer to auto-send this for single-user devices, where it is all transparent to the user. I don’t have kids and no one else’s uses my devices. Why should I need to jump through hoops?

replies(36): >>44544207 #>>44544209 #>>44544223 #>>44544253 #>>44544375 #>>44544403 #>>44544619 #>>44544667 #>>44544797 #>>44544809 #>>44544821 #>>44544865 #>>44544875 #>>44544926 #>>44545322 #>>44545574 #>>44545686 #>>44545750 #>>44545798 #>>44545986 #>>44546467 #>>44546488 #>>44546759 #>>44546827 #>>44547088 #>>44547591 #>>44547777 #>>44547788 #>>44547799 #>>44547881 #>>44548019 #>>44548400 #>>44548482 #>>44548740 #>>44549467 #>>44560104 #
alwa ◴[12 Jul 25 19:00 UTC] No.44544207[source]
And we could call this way… zero-knowledge proof! :)

https://en.m.wikipedia.org/wiki/Zero-knowledge_proof

I bet we could even get a major phone OS vendor to support such a thing…

https://blog.google/products/google-pay/google-wallet-age-id...

replies(7): >>44544256 #>>44544433 #>>44544457 #>>44545411 #>>44545492 #>>44545617 #>>44547292 #
1. Aerroon ◴[12 Jul 25 22:09 UTC] No.44545617[source]
I bet that in practice, at scale, these zero knowledge proofs end up being a lot more than zero.

Not to mention that you're almost certainly going to have to tie this stuff to specific accounts that will then forever and ever keep your habits collected. One day somebody enterprising is going to add all that data together too.

replies(2): >>44546306 #>>44546565 #
2. Tadpole9181 ◴[13 Jul 25 00:03 UTC] No.44546306[source]
VPNs and zero knowledge proof systems are vulnerable to traffic analysis (based on packet size and timestamps) and there's almost no cure.

Mullvad is the only VPN I know of that has a mode that normalizes all packets to the same size (going into the VPN) and sends fake packets that don't get sent as real traffic. But that's only obfuscation and, at low traffic or high bandwidth (videos) or with sufficient heuristics, it can be beaten.

The US has basically zero regulation on selling this data. I can imagine a world where within a couple decades the US has one of the largest blackmail crisis ever seen, as foreign governments target civil workers. Or, I guess, at this point, the US government against the "undesirable" party within this administration.

replies(2): >>44546585 #>>44547129 #
3. bawolff ◴[13 Jul 25 00:59 UTC] No.44546565[source]
> I bet that in practice, at scale, these zero knowledge proofs end up being a lot more than zero.

Zero knowledge proof is not a marketing term, its a math term. Maybe sometimes they are implemented wrong, but if they are implemented correctly its pretty rock solid. Certainly more rock solid than much cryptography which rests on sketchy foundations.

4. bawolff ◴[13 Jul 25 01:03 UTC] No.44546585[source]
> VPNs and zero knowledge proof systems are vulnerable to traffic analysis

Zero knowledge proofs are not vulnerable to traffic analysis the same way VPNs are.

replies(1): >>44547419 #
5. cryptonector ◴[13 Jul 25 02:59 UTC] No.44547129[source]
> VPNs and zero knowledge proof systems are vulnerable to traffic analysis (based on packet size and timestamps) and there's almost no cure.

All comms are subject to traffic analysis except surreptitious, covert channels (which can't be covert if the implementations are widely available).

6. Tadpole9181 ◴[13 Jul 25 04:09 UTC] No.44547419{3}[source]
It really depends on the implementation around it, how a user conducts themselves, and what data you can buy. While there is zero knowledge inside the proof, its use creates a side channel that reveals information.

For instance: The relying party server needs to call the auth server on novel users. Thats a new, unavoidable indicator!

How large are token batches and how long do they last? Will the implementation force them to wait a time period between redemption and use?

A bad implementation means the user IP will talk to the A server, then it will contact the RP server, who will contact the A server. Because this happens once per connection (or 60 minutes in this bill) and takes maybe a few hundred milliseconds. there's not going to be a huge number of candidates to have to sort through. And that's just the handshake.

replies(1): >>44547457 #
7. bawolff ◴[13 Jul 25 04:17 UTC] No.44547457{4}[source]
> For instance: The relying party server needs to call the auth server on novel users. Thats a new, unavoidable indicator!

Not really. There is no requirement here for an auth server to neccesarily even exist.

That said, your broader point is correct, that the details matter a tremendous amount.

replies(1): >>44547950 #
8. Tadpole9181 ◴[13 Jul 25 06:19 UTC] No.44547950{5}[source]
Oh, that's my bad, I re-read the privacy pass protocol to brush up and it does use signing without requiring the RP to necessarily make another call to the original approver server. I also see there's been work on hidden witness ZKP, so the RP may not even know who approved a given token.

Very cool! Always happy to be proven wrong with cool tech!