Hacker Timesnew | past | comments | ask | show | jobs | submitlogin

Which part of that is avoiding the distopian control?

the very first line, government issued digital id - we have been avoiding that for a very long time

how does this work on an open source operating system?



> Which part of that is avoiding the distopian control?

Your ID is already controlled by your government, and we don't call that dystopian control. With privacy-preserving age verification online, the government doesn't learn what you do with the cryptographic token that proves that you are old enough, and the website doesn't learn who you are. So it's exactly the same situation as today, except that now there is age verification.

> how does this work on an open source operating system?

First, it can be open source and have DRM and attestation. Android is open source, for instance.

This said, I hate the idea of remote attestation. And for age verification, I strongly believe that it is not needed. We don't need to make it work everywhere all the time, it just needs to help. I can imagine a privacy-preserving age verification system that helps with some problems (e.g. make social media or porn less accessible to kids) without bringing dystopian control and without making it super hard for adults to access social media and porn.

But I absolutely hate the idea of remote attestation.


> Your ID is already controlled by your government, and we don't call that dystopian control.

The expression "papers, please", a classic exemplar of dystopian control, is referring to what?

> First, it can be open source and have DRM and attestation. Android is open source, for instance.

When people say "open source" in this context they mean that the user or third parties can make changes to the system, not that the source code is thrown over the wall from time to time. The situation with Android is exactly the thing that we don't want.


> When people say "open source" in this context

Do they? My experience is that often they don't know what "open source" means in the context of software or that they don't know that the system they were criticising is actually open source.


It's not hard to not realize that Android is open source because doing it that way compromises nearly all of the advantages of something open source.


Does it, though? There are many, many, many AOSP-based systems. DJI remote controllers run AOSP, and of course there is LineageOS and GrapheneOS.

I can read the sources of AOSP, I can modify it, build it and install it on my device.

I can read the sources of AOSP to find bugs or security issues.

I can read the sources of AOSP to understand how it works and get inspiration for my own projects.

What does it compromise to you?

Maybe you're unhappy about the fact that it is not open development, but that's a completely different question and many, many open source projects are like that. I have offered PRs to multiple projects that never bothered reviewing them because they did not care, and that is exactly how open source works.

There are so many reasons to complain about Google, the fact that Android is open source is not one of them.


The California age "attestation" system is a really good idea. It just delegates to the device owner, assuming anyone who can buy a device is the parent or is close enough to being an adult it doesn't matter. And then it makes using any other signal illegal unless you're a bank.


> Your ID is already controlled by your government

In the US, there are no national IDs, each state is responsible for their own. Transitioning to a national ID is not even legal currently, it would require a constitutional amendment... and I think most people do not want that for multiple reasons.


I am not sure how that is relevant, rather than nitpicking.

In the EU, there is no concept of EU ID, each country is responsible for their own.

Still, there is a governing entity that is responsible for your ID and controls it. Unless a US state is not a "governing entity"? Though the head of a US state is called a "governor", right?


I think the relevance is that there can be no requirement by the US federal government for states to support any particular technology, which makes age verification continue to be a state-specific unregulated free-for-all.

Even the REAL ID Act only mandated requirements for a license when used to enter government owned or regulated property, and states can still choose not to abide by it.


Yes but that is irrelevant to the discussion here. It doesn't matter if the federal government runs the age verification or if each government does it. The point remains: that "governing entity" already knows your identity, so by running an age verification service they do not learn your identity.


there is no single government id in the UK at the moment, they currently do not control my identity

you specifically talked about an OS without user changeable software, thats the definition of open source


> there is no single government id in the UK at the moment, they currently do not control my identity

Wait, so you live in a country where there is no government that can provide an ID? How does it work when you travel abroad? Do you have multiple legal identities, with different names and nationalities, that cannot be individually tracked back to one government?

> you specifically talked about an OS without user changeable software, thats the definition of open source

No? Open source is about your ability to reuse the code. You can modify and install Android (or let's say AOSP) on most Android devices (look at the list of devices supported by LineageOS for instance).

The one thing you cannot do is modify it and get your changes signed by Google.

Remote attestation is about preventing you from leveraging open source software, but the software is still open source.


they provide passports for travel, driving licences for driving, national insurance number for taxes, but its not a single id that everyone is required to have

there is no point in it being open source if i cannot modify and run it


> they provide passports for travel, driving licences for driving, national insurance number for taxes, but its not a single id that everyone is required to have

I am not sure what point you are trying to make. The government controls your passport, your driving licence, your national insurance number for taxes, but because those are 3 different IDs, it doesn't count as "your government controls your ID"?

Feels like you're just nitpicking for the sake of it.

> there is no point in it being open source if i cannot modify and run it

Well I for sure hate the idea of remote attestation, I agree with you on that. I was just pointing out that saying "it's not possible to have remote attestation on an open source system" is wrong: it's possible, that's a big part of why "they" like remote attestation: because they have control even if you can tamper with your system.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: