Jeff @social.rights.ninja Boring enough to use #Debian, fun enough to use #Arch • #Hardware & #Software Development • #RapidPrototyping • #EmbeddedSystems — he/him
I don't post exclusively about one topic. Expect random stuff on #coding, #retrocomputers, #DIYsolar, or things I'm passionate about like #livablecities, #a11y.
I love to chat about my own interests, but also boost/share things that are new to me that I find interesting. #art, #literature, #food, and whatever else, I'm excited to explore it all!
Syncing is fine, but I want to be in control of what is doing the syncing.
That's not to say that social groups putting limits on association is _always_ a good thing, just that it's a necessity for maintaining a healthy group.
@PriorProject @PorkrollPosadist
All the examples you provided were infrastructure, not social communities, so I think it's a poor comparison.
Instead, I'd compare AP federation to _social_ constructs. Communities, clubs, groups of friends. Even larger constructs like cities or nation states.
In _those_ examples it's clear that limiting association is commonplace and healthy.
@Toasteh Exactly, that's why the system I proposed doesn't require you to submit ID.
As mentioned in the original post I don't think these systems are worthwhile in the first place. My suggestion is just proof that you can still provide reasonable age-gating without sketchy ID systems.
It would also remain very simple for mobile connections, which I think is a major area of concern for the parents pushing for these laws.
It can't tell the difference between an adult and a child but only the adult would have access to the ISP account credentials.
You're right that, using a simple captive portal system, there's no way to differentiate between devices on the local network, but if each session is short enough that's not too big of a deal.
Let's say it requires reauthentication for each different domain and a domain will stay unblocked for only 5 minutes after traffic to that site stops.
It's imperfect, but _any_ system is going to be imperfect. I'm inclined to optimize for low friction for users and no additional PII being sent.
You wouldn't necessarily have to actually give a CA any details about yourself, just integrate this into the existing ISP portals.
An adult can log into the provider's website and click to generate any client certs they need.
I think this method is maybe a bit _too_ technical (compared to a simple captive portal like you get on public wifi) but I think it would work okay as long as end-users didn't have to go to a 3rd-party or provide any additional information to their ISP to use it.
I definitely agree that these types of blocking are ineffective and generally do more harm than good, but if governments are going to push for this stuff, it would be good to have a solution that doesn't harm people's security and privacy.
There are lots of ways around doing a full SSO integration, though.
In the simplest form, the ISP could simply use a captive portal of some sort directing the user to authenticate first.
While captive portals can't serve the correct certificate most browsers these days are smart enough to detect a captive portal redirect and give the user a smoother experience.
My scheme doesn't require any identity information to be provided by the user.
The ISP already has PII, but that's a risk that already exists today.
It might hurt their bottom line, but the big companies operate in so many different markets and I don't think there's any risk of _all_ of them enacting these types of restrictions.
I'm on mastodon, so I can't downvote (only "like", which translates to an upvote).
It's the US republicans who want to do this, not me, I'm just approaching this as an interesting problem.
As for my suggested solution, the only database would be the list of sites with adult content. No new personal data would be stored about individuals.
I'm not suggesting that ISPs implement photo-ID checks, just a login with your ISP username/password (an account you already have).
I don't think there's any risk of _any_ of these schemes killing off internet porn.
The current government schemes all rely on porn companies opting in and on the government/ISPs to catalog all porn sites on the internet.
US States enforcing new age verification for adult content—how could this be done properly?
US States enforcing new age verification for adult content—how could this be done properly?
Seeing the news about Utah and Virginia over in the US, there's been a lot of discourse about how unsafe it is to submit government ID online. Even the states that have their own age-verification portals are likely to introduce a lot of risk of leaks, phishing, and identity theft.
My interest, however, focused on this as an interesting technical and legislative problem. How \could\ a government impose age-verification control in a better way?
My first thought would be to legislate the inclusion of some sort of ISP-level middleware. Any time a user tried to access a site on the government provided list of adult content, they'd need to simply authenticate with their ISP web credentials.
Parents could give their children access to the internet at home or via cellular networks knowing this would block access to adult content and adults without children could login to their ISP portal and opt-out of this feature.
As much as I think these types of blocks aren't particularly effective—kids will pretty quickly figure out how to use a VPN—I think a scheme like mine would be at least \as effective\ as the one the governments have mandated without adding any new risk to users.
What do you all think? Are any of you from these states or other regions where some sort of age-restriction is enforced? How does this work where you are from?
Edit:
Using a simple captive portal—just like the ones on public wifi—would probably be the simplest way to accomplish this. It's relatively low friction to the end-user, most web browsers will deal with the redirect cleanly despite the TLS cert issues, and it requires no collection of any new PII.
Also, I don't think these types of filters are useful or worth legislating, I'm just looking at ways to implement them without harming security or privacy.
Yeah, it's quite the rabbit hole.
I'm curious to know what Zorin features you find are most useful as someone coming from Windows.
I think there's still a place for certain types of pre-orders.
There are many projects where the production of the product requires an upfront cost and a pre-order is needed to cover these.
I have pro-ordered many a small batch electronics device and have had no issues. However, in these cases the design of the device is already complete and the features/specs all known in advance.
The same goes for all the books I've pre-ordered from indie publishers, for the same reason, the book is already finished but production is too expensive for a small publisher to cover without pre-sales.
The issues come when pre-ordering something that _isn't_ complete, especially if it's working on an as-of-yet unsolved problem. Frankly, I wish that platforms like kickstarter would have a dedicated section for "production cost" pre-orders that had a different sales agreement and some vetting to ensure that products got delivered and were as advertised.
I think one of the best things about the fediverse is that it allows for a diverse set of paradigms.
A "twitter-like" experience isn't for everyone and it's great to have variety. I have friends who mostly use bookwyrm—a fediverse "goodreads" alternative—and it's awesome that I can still follow and interact with them even though I picked a different fediverse option.
It's definitely a shame that reddit is making these changes. The fall of reddit is going to have pretty negative affect for a lot of people.
I'm no fan of corpo platforms—I'd love more widespread adoption of open protocols and software—but I don't want _users_ to get hurt by the loss.