←back to thread

Supreme Court's ruling practically wipes out free speech for sex writing online

(ellsberg.substack.com)
693 points macawfish | 1 comments | 12 Jul 25 18:14 UTC | HN request time: 0.001s | source
Show context
al_borland ◴[12 Jul 25 18:53 UTC] No.44544145[source]
All these ID check laws are out of hand. Parents are expecting the government, and random websites, to raise their kids. Why would anyone trust some random blog with their ID?

If these laws move forward (and I don’t think they should), there needs to be a way to authenticate as over 18 without sending picture of your ID off to random 3rd parties, or giving actual personal details. I don’t want to give this data, and websites shouldn’t want to shoulder the responsibility for it.

It seems like this could work much like Apple Pay, just without the payment. A prompt comes up, I use some biometric authentication on my phone, and it sends a signal to the browser that I’m 18+. Apple has been adding state IDs into the Wallet, this seems like it could fall right in line. The same thing could be used for buying alcohol at U-Scan checkout.

People should also be able to set their browser/computer to auto-send this for single-user devices, where it is all transparent to the user. I don’t have kids and no one else’s uses my devices. Why should I need to jump through hoops?

replies(36): >>44544207 #>>44544209 #>>44544223 #>>44544253 #>>44544375 #>>44544403 #>>44544619 #>>44544667 #>>44544797 #>>44544809 #>>44544821 #>>44544865 #>>44544875 #>>44544926 #>>44545322 #>>44545574 #>>44545686 #>>44545750 #>>44545798 #>>44545986 #>>44546467 #>>44546488 #>>44546759 #>>44546827 #>>44547088 #>>44547591 #>>44547777 #>>44547788 #>>44547799 #>>44547881 #>>44548019 #>>44548400 #>>44548482 #>>44548740 #>>44549467 #>>44560104 #
conradev ◴[12 Jul 25 19:57 UTC] No.44544667[source]
You mean like this?

https://webkit.org/blog/16993/news-from-wwdc25-web-technolog...

It’s a W3C spec led by Okta, Apple and Google based on an ISO standard and it is being rolled out as we speak.

This part

  other iOS applications that have registered themselves as an Identity Document Provider.
Has some fun history: California went with an independent contractor for its mDL implementation, which ultimately pressured Apple into integrating open(-ish) standards to interoperate.
replies(5): >>44545214 #>>44546545 #>>44547146 #>>44547326 #>>44548570 #
al_borland ◴[12 Jul 25 21:13 UTC] No.44545214[source]
This is interesting, but I’d like to go a step further. I watched the first quarter of the video on where they go over how it works. The site requests data from your ID and they get that data. The site chooses which data it needs and if it will store it or it or not. Sites these days have a tendency to ask for more than what they need, and to store it for profiling purposes. The user can deny the request, but then can’t use the site. They are then left with a dilemma. Give up this personal information or not have access at all? Companies are betting on users giving up privacy in exchange for access.

What I’d like to see is for the site’s request to contain their access rules. Must be over 18, must be in country X, etc. Then on-device it checks my ID against that rule set, and simply returns a pass/fail result from those checks. This way the site would know if I’m allowed to be there, but they don’t get any specific or identifiable information about me. Maybe I’m 18, maybe I’m 56… they don’t know, they both simply send a pass. For a simple age check, a user’s exact birthday, name, address, etc are irrelevant, but I bet companies will get greedy and try to pull it anyway.

I see the monkey paw of the ID spec as leading to more companies seeking to get all our data, when they really don’t need it, and have shown they can’t be trusted with it.

I already see this with Apple Pay. When buying a digital item, some companies are awesome and simply take the payment with no other data. Others pull name, address, email, etc to make a payment when none of that is required.

replies(3): >>44545418 #>>44548053 #>>44550006 #
conradev ◴[12 Jul 25 21:39 UTC] No.44545418[source]
The spec is being implemented by Apple, who is sensitive to privacy issues.

The intent of the ISO spec is to allow you to request fine-grained data, like birth year only, but if you read the W3C standard, they explicitly call out privacy as a complex thing that maybe should be regulated.

The spec spells out the complexity: some ID verification processes actually need a lot of info! But some, like an alcohol age check, do not. The spec can do both, but it’s hard to differentiate these technically. The spec does lay out what user agents should do to make it clear which information is going where.

A bad scenario would be designing an API that is too hobbled to replace the invasive “photo of an ID” companies, which this spec seeks to do.

I’d prefer an open web standard that can be abused (with user consent) to a closed App Store-only API or the status quo

replies(2): >>44546122 #>>44548124 #
1. chme ◴[13 Jul 25 07:03 UTC] No.44548124[source]
> The spec is being implemented by Apple, who is sensitive to privacy issues.

I generally agree with your points, but I wouldn't trust Apple, or any publicly traded company, to have any kind of ethics. Just because their incentive to make as much profit as possible, leads to them trying to differentiate themselves from other companies, and thus they choose to temporarily align with privacy concerns doesn't mean they will not compromise on them, if they see better profits elsewhere.

I rather have privacy enforcing regulations like the GDPR or policies that go even further, than relying on publicly traded companies to protect their users.