Ironically, I saw a street food shop about a decade ago that used real butter as a condiment but called it margarine in the menu. He said he was doing that because customers preferred margarine over butter.
There is a theoretical difference, but in practice they are the same thing, and we all know it [1]:
> Social media platforms have admitted verifying user ages would likely involve surrendering personal IDs, as the Albanese government forges ahead with its under-16 ban.
> Why not set up a government api where a site can get a yes/no answer about age using tokens, so the site itself gets no information but if the age is ok?
As I mentioned in yesterday's thread, an online API still allows the government to track and monitor residents, which is arguably worse. You no longer have plausible deniability when the government asks you to hand over your social media credentials because they now know that you have, or at least attempted to open, an account with that provider.
The better solution would be an offline, cryptographic "wallet" (similar to the EU Digital Identity Wallet) that only exposes the age information and nothing else, but I wouldn't get my hopes up.
I got surprised by that too, and while comparing its size to the next organism (Tardigrade) I learned that every member of the same species of tardigrades has the exact same number of cells [1], which was even more surprising for me:
> Eutelic organisms have a fixed number of somatic cells when they reach maturity, the exact number being relatively constant for any one species. This phenomenon is also referred to as cell constancy. Development proceeds by cell division until maturity; further growth occurs via cell enlargement only.
ZKP is better, but still not foolproof. Depending on the implementation, the government may now know that you have an account, or at least attempted to open an account on that service. You will have a hard time denying it in the future if the government asks to see your posts (as the US is currently doing at their borders).
I disagree. I can't think of an implementation mistake that would allow just the government to see what services you sign up for.
You could of course screw it up so everybody could see. If the government put a keylogger on your device then they could see. However broadly speaking this is not something that can be screwed up in such a way that just the government would be able to see.
The protocol wouldn't even involve any communication with the government.
> a government API could provide the simple assertion
Yes, it could, but we don't have that, do we? They launched the ban without implementing a zero-knowledge proof scheme as you described. In a very short amount of time the providers will have associated millions of people's accounts to their biometric information and/or their government issued IDs.
Correct. Django 6.0 comes with a standardised API, with 2 testing backends (ImmediateBackend and DummyBackend). You need a third-party backend to store and execute tasks.
django-tasks is the reference implementation for django.tasks, by the same author. It's up for discussion if and when the DatabaseBackend gets merged, and it seems likely to me that a Redis-based backend would be suggested at some point. It takes time and energy though!
I agree. I don't remember the last time I saw an expired cert, and it was probably an abandoned web site (which would eventually expire even with a 3-year certificate as well). At least with Let's Encrypt you have to automate it.
reply