upvote

points

by mcv8 hours ago |
comments
upvoteby shiandow7 hours ago|
next
[-]
That very much isn't the only right way, and it is far to close to government tracking activities online. For one it effectively allows governments to disallow someone from accessing the internet.

All this to let you do stuff you were allowed to do anyway.

The problem is handing kids admin level access on a device with full unfiltered access to several communication networks. You do not fix that by demoting everyone's access.

reply
upvoteby fc417fc8025 hours ago|
parent|
[-]
I wholeheartedly agree. Worse, these verification "solutions" distract from fixing the actual underlying issue.

We need better supervision which demands better parental controls which demands better content filtering which demands better content classification.

So fix the root. Legally mandate a standardized protocol for self reporting the content rating of resources.

reply
upvoteby Terr_3 hours ago|
parent|
[-]
Yep, recycling a post about reasons to do it that way:

> 1. Most of the dollar costs of making it all happen will be paid by the people who actually need/use the feature.

> 2. No toxic Orwellian panopticon.

> 3. Key enforcement falls into a realm non-technical parents can actually observe and act upon: What device is little Timmy holding?

> 4. Every site in the world will not need a monthly update to handle Elbonia's rite of manhood on the 17th lunar year to make it permitted to see bare ankles. Instead, parents of that region/religion can download their own damn plugin.

reply
upvoteby EnderWT6 hours ago|
prev|
next
[-]
There's already a spec for this (ISO/IEC 18013-5) and it's been implemented in a variety of jurisdictions. https://en.wikipedia.org/wiki/Mobile_driver%27s_license

The person gets to see what information the service is asking for and can approve or deny. This'll likely end up being the future of how citizens access government services online.

reply
upvoteby nedt3 hours ago|
parent|
[-]
That's more for age verification and prove of identity, especially in the real world. It's weird that the wikipedia page is talking about drivers license, because I have the Austrian app and I use it with my normal ID card.

To access government service we have something different. Here in Austria it's called ID Austria and you sign with an app when you try to access government services, but also others like health insurance etc.

reply
upvoteby 1970-01-017 hours ago|
prev|
next
[-]
1000% this. Fake info for everything that isn't directly tied to money or government. HN doesn't have my info. Apple doesn't have it. Google doesn't have it. Amazon doesn't have it. Microsoft doesn't have it. They don't care who I really am, and that hasn't, ever never, been a problem for using their stuff. They want your real ID. They do not need it. At all.
reply
upvoteby londons_explore6 hours ago|
parent|
next
[-]
Remember that just typing 'John Smith DOB 1/1/1900' into a random webform and clicking submit to get in is technically wire fraud.

Sure, it usually won't be prosecuted... Until you upset the wrong person and they're looking for a crime you did...

reply
upvoteby fc417fc8025 hours ago|
parent|
next
[-]
I don't believe it's wire fraud unless you deceive the other party for monetary gain. I realize that's not quite the correct definition but AFAIK it's quite close to it.
reply
upvoteby londons_explore4 hours ago|
parent|
[-]
The gain is that you get to access the website. Fraud simply requires gain, not necessarily monetary benefit.
reply
upvoteby 1970-01-014 hours ago|
parent|
[-]
That's not it. There is 2 parts 2 fraud.

Part 1: misrepresentation of fact

Part 2: harm or loss due to that misrepresentation

You must prove both.

https://definitions.uslegal.com/f/fraud/#:~:text=and%20upon%...

reply
upvoteby araes4 hours ago|
parent|
prev|
next
[-]
Fraud (Wikipedia, United States):

  - Misrepresents a material (non-trivial) fact in order to obtain action or forbearance by another person
  - The other person relies upon the misrepresentation
  - The other person *suffers injury* as a result of the act or forbearance taken in reliance upon the misrepresentation.
Damages in fraud cases is normally computed using

  - Recovery of damages in the amount of the *difference between the value of the property* had it been as represented and its actual value
  - Out-of-pocket loss, which allows for the recovery of damages in the amount of the *difference between the value of what was given and the value of what was received*.
Usually also heavily implied it needs to involve money in some significant way:

18 U.S.C. § 1343

  (...)'any scheme or artifice to defraud, or for obtaining money or property by means of false or fraudulent pretenses, representations, or promises'(...)
Fraud cases also usually heavily apply burden of court practice on the prosecution, to prove fraud and substantial losses. If you type 'John Smith DOB 1/1/1900' the "victim" has to prove it caused them to suffer injury and that there was a significant difference between the value of the property (non-trivial).
reply
upvoteby 1970-01-016 hours ago|
parent|
prev|
[-]
So is breaching all your PII into the universe. Choose your battles or they will be chosen for you. Aside, I'm technically 126 years old in some DBs. Nobody cares.
reply
upvoteby cloverich4 hours ago|
parent|
prev|
[-]
> They want your real ID. They do not need it.

I think that is exactly backwards. Many of the companies integrating with KYC/AML providers (such as my company) definitely don't want to be dealing in ids, just like most companies don't want to be dealing in storing credit card numbers (and the compliance that goes along with it). Its why Stripe exists, and its why ID verification companies exist.

reply
upvoteby x0x04 hours ago|
parent|
[-]
I'd like to agree, but I don't. If companies didn't want to be involved, they would aggressively be pushing governments to provide ways to confirm age w/o transmitting any other data. Primarily because you can't leak data you never had in the first place. I don't see that happening.
reply
upvoteby ticulatedspline7 hours ago|
prev|
[-]
even better would be a solution that didn't require even proxy or direct government log in.

like if you could be issued an E-id that could perform a local signature/challenge-response that allowed the site to confirm an age bracket (like 12 or below,13-17,18-20, 21+), assert the entity that issued the id but not assert a stable identifier (not even pairwise) and not pass any data between other parties.

Obviously not foolproof, credentials can be stolen (same in your scenario) but the site doesn't need to care, they should be legally in the clear. Basically it would let you anonymously assert your age.

reply