EU parliament accepted a last minute amendment, mandating age verification for pornographic (whatever that is) content online, punishable with up to one year prison sentence.
This was rolled into a directive concerning CSAM. Because adults accessing porn need to be de-anonymised to avoid child exploitation?
You must log in or register to comment.
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 124 users / day
- 1.05K users / week
- 1.3K users / month
- 4.58K users / 6 months
- 1 subscriber
- 4.15K Posts
- 105K Comments
- Modlog
the problem is that people are being verifiably linked to their ‘adult’ preferences. this is data that is being generated, in bad faith, and handled by multiple parties. your legal identity should not need to be tied to this information. this information can be used against you both now and in the future.
we’ve already seen in the US where there is a push for information about gender and basic sexual education being labelled as ‘adult’. when i was in school, information about countries like Cuba, Afghanistan or China was considered ‘too mature’ (or marked as ‘terrorism-related’ by the school firewall) for children; i could see this thus extending to require age verification before you can access ‘subversive’ information, on the basis of ‘protecting children’ from ‘political extremism’.
Double blind means that the age provider doesn’t know why your age is requested, and the service (website) doesn’t know you, they only know that the age provider says “yes” or “no”.
cc @iii@mander.xyz
How does one “follow the tokens” then?
We don’t know what they do with the information, as it’s closed source.
Assuming it’s based on this EU prototype:
They don’t know why it was requested, but do know who, where and when.
So they gather the logs of A, the token provider. Is the target present? They have his token. They also see where and when the token was used. Did you have a fun time yesterday evening, on your phone at home, on websites B, C and D?
Next up, if they want even more detail, gather the logs of B, look for the token. That way they can pinpoint the exact search terms, categories, watch time, etc
In summary: centralizing the de-anonymisation this way makes mass surveillance easier than if it were decentralized, in sometimes foreign jurisdictions.
It also shifts the conversation away from the best solution: don’t deanonymise in the first place.
the provider knows who’s asking because of the IP address and API key of the requester. if it uses a form with a redirect, they even know your IP and what page you were on, tied to your legal identity. if the provider makes any API requests to a government registry, now that knows the when, the how, and (categorically) the what. short of a statement of ‘no logs’ and an audit to confirm as such, there is definitely logs. hackers love this information. data brokers love this information.
the problem is not the service knowing. it’s anyone knowing. the provider deänonymised you the moment you gave your id. the precise implementation details are important here.