Many might’ve seen the Australian ban of social media for <16 y.o with no idea of how to implement it. There have been mentions of “double blind age verification”, but I can’t find any information on it.

Out of curiosity, how would you implement this with privacy in mind if you really had to?

    • actually@lemmy.world
      link
      fedilink
      arrow-up
      14
      ·
      20 days ago

      Doesn’t this assume the issuing agency has all employees who are morally sound and not leaking data, unnoticed by an internally badly designed system, which is designed by people who are out of touch? Most things like this are designed that way, irregardless of country .

      I’m sure one can make it watertight but it’s so hard and still depends in trusting people. The conversation here is about one thing of a larger system. There are probably a hundred moving parts in any bureaucracy.

      • demesisx@infosec.pub
        link
        fedilink
        English
        arrow-up
        37
        arrow-down
        2
        ·
        20 days ago

        This is the understanding ANYWHERE. How do we know there aren’t back doors in our OS’s? We literally have no clue. We do THE BEST WE CAN using the clues we have.

        • pro3757@programming.dev
          link
          fedilink
          arrow-up
          19
          ·
          edit-2
          20 days ago

          Yeah, these things quickly boil down to the trusting trust thing (see Ken Thompson’s Turing award lecture). You can’t trust any system until you’ve designed every bit from scratch.

          You gotta put your trust somewhere, or you won’t be able to implement jack.

          • socsa@piefed.social
            link
            fedilink
            English
            arrow-up
            1
            ·
            18 days ago

            This isn’t as limiting as it seems at first glance though. Sending pictures of a true one time pad cipher doesn’t rely on the security of the transport or the camera. From there you can choose to make a compromise of convenience and get to things like Private key cryptography where the ciphers are done via basic xor arithmetic you can do by hand.

        • actually@lemmy.world
          link
          fedilink
          arrow-up
          7
          arrow-down
          2
          ·
          20 days ago

          I don’t know anything about cryptology; I have an imagination about how many things can go wrong hooking up parts and running them.

          If it’s the law to make an age verification system then it will be made.

          But I think one either has an age verification or privacy, but not both, in any country in the world.

          I’m totally sure many of the discussions here about crypto are way above my head. But I’m equally sure while any one part will look fine in paper, the sum total will be used by an expanding government agency, crime, or both.

    • leisesprecher@feddit.org
      link
      fedilink
      arrow-up
      12
      arrow-down
      7
      ·
      20 days ago

      God I hate cryptography so much for making me feel stupid every time I read anything about it.

      I want to feel smat!

      • demesisx@infosec.pub
        link
        fedilink
        English
        arrow-up
        25
        ·
        edit-2
        20 days ago

        I find it intimidating for sure. They say “never roll your own crypto” and I take those words to heart. Still, it would suck to have to hire someone and just trust their work. That person could be another Sam Bankman Fried or Do Kwan and you’d be party to their scam and you’d have no idea.

        • leisesprecher@feddit.org
          link
          fedilink
          arrow-up
          2
          arrow-down
          12
          ·
          20 days ago

          I’m not sure what these things have to do with each other. How exactly would cryptography have prevented SBF, you know, a crypto bro.

          • demesisx@infosec.pub
            link
            fedilink
            English
            arrow-up
            16
            arrow-down
            4
            ·
            20 days ago

            It wouldn’t have. You totally misunderstood my comment. Reread it.

            To paraphrase: when you hire a cryptographer to work on your project you have to hope that they are not a scammer because they could easily lie to you about the soundness of their cryptography and you’d have no idea. You see, SBF and Do Kwan were liars. If they had been cryptographers (they aren’t and weren’t) their employer would have to believe them since they would be an expert in something nearly impossible for a layman to understand.

            Do you get it yet?

            • leisesprecher@feddit.org
              link
              fedilink
              arrow-up
              4
              arrow-down
              8
              ·
              20 days ago

              I get what you’re trying to say, but I’m not sure it makes sense.

              I mean, that’s literally every field you’re not an expert in. And most of us are experts in less than one field.

              You don’t know about medicine, car engines, electricity or tax laws, you have your guys for that. Even in our field, we have guys for databases, OSes, networking, because quite frankly nobody understands those really.

              So I’m not sure what the point of your comment is. That having experts is good? Yeah, I guess? Did we need to have that reinforced?

              • demesisx@infosec.pub
                link
                fedilink
                English
                arrow-up
                13
                ·
                20 days ago

                If a doctor or mechanic was wrong, at least you’d have an inkling that things were wrong and you’d be able to sue them. Whereas with cryptography, no one has ANY IDEA WHATSOEVER if there are back doors until they are used to rob people blind. In all of the cases you mentioned, victims of those abuses have recourse whereas in cryptography, if things are wrong, they often CANNOT be patched and it’s even exceptionally hard for an expert to prove what went wrong.

      • MalReynolds@slrpnk.net
        link
        fedilink
        English
        arrow-up
        5
        ·
        20 days ago

        I’ve always thought that it should be the relevant ID issuing organisation, with whom the damage to privacy has already been done, might as well leverage it.

      • demesisx@infosec.pub
        link
        fedilink
        English
        arrow-up
        23
        arrow-down
        5
        ·
        edit-2
        20 days ago

        You seem to be joking but ZK and Homomorphic encryption don’t necessarily need to involve blockchain but they can.

        This is like someone mentioning UUID’s and you leave a weird sarcastic comment about databases (and everyone suddenly villainizing them due to them being used for scams).

        • PoolloverNathan@programming.dev
          link
          fedilink
          arrow-up
          11
          arrow-down
          5
          ·
          20 days ago

          I believe they were referring to last year’s trend of blockchain being introduced to everything unnecessarily (as a marketing buzzword, similar to AI).

          • demesisx@infosec.pub
            link
            fedilink
            English
            arrow-up
            17
            arrow-down
            4
            ·
            edit-2
            20 days ago

            I got the joke. What I didn’t get is why it was even remotely relevant to the discussion at hand since ZK is used a lot in crypto but it’s also used everywhere else. It muddied the waters and made the joke somewhat nonsensical, IMO. Perhaps OP was unaware of how prevalent ZK is in the crypto world…

            Oh well. Have a good day.

            • jonathan@lemmy.zip
              link
              fedilink
              arrow-up
              3
              arrow-down
              5
              ·
              edit-2
              20 days ago

              You say you got the joke, but everything else you said suggests you didn’t. Just to be clear I wasn’t being critical of your reply, I was mocking the cryptobros the other poster mentioned.

                • jonathan@lemmy.zip
                  link
                  fedilink
                  arrow-up
                  3
                  arrow-down
                  1
                  ·
                  20 days ago

                  looks at post history I mean lazy as my joke was, now I understand how you got so upset about it.