this post was submitted on 23 Feb 2024
290 points (98.0% liked)
Technology
59296 readers
4550 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Can't pretty much any government get that info today by just requiring ISPs to give them the identities of anyone who visited X site
This just gives them more avenues I suppose
There's technically a warrant process required so you have to be operating on a reasonable proof of misconduct from an individual.
Realistically there are issues with Digital IDs. Like the ones that currently exist are for Service Canada websites and services so stuff like disability benefits, healthcare interfacing stuff, tax ans employment insurance related stuff. It's basically just supposed to be an extra encryption key that makes it easier for users and cuts out password issues... So it's basically just government encryption operating on government sites.
An authentication system requires both halves of an equation to have the program and so backwards engineering the whole thing is very possible by anyone working for the vendors. It opens vectors for nasty blackmail material if someone uses a digital ID to feign access to things. Even without the blackmail angle it can be dangerous...Like if someone posts illegal child porn before a moderation influence flags it someone who knows the system could clone your Digital ID to watch it and you could end up with the legal charges.
This is likely to just push people to go further underground to illicit sources for their porn. The ones that aren't legal businesses or platforms. Essentially it could end up meaning more audience and financial support for the illegal platforms and infrastructure who produce the stuff we desperately want to stop.
Are you telling me that Digital IDs don’t operate with a private/public key model; with the private key stored and inaccessible in a chip leveraging WebAuthn (or WebAuthn-like) privacy-respecting tech from a trusted vendor like Yubico; with unique IDs generated per vendor the user signs up with; all within the ID cards/driver licenses that are freely issued by the government; with the ability for a user to mark another WebAuthn device (like a Yubikey) as trusted/untrusted through a government portal that undergoes regular security audits? Because if they did, the scenarios you outlined wouldn’t be feasible without someone’s device (and PIN) being physically taken or the vendor’s site being compromised.
The government would still be able to determine what you viewed if they had access to the sites’ internal data and the vendors stored your info, but that would still require a warrant.
And if they don’t use that or a similar approach, the approach they’re using for their “Digital IDs” is probably garbage.
The current ID system for accessing government services is sort of like that as I understand it... But the Conservatives haven't really been very forthcoming about how they actually intend to enforce a digital id legislation on a bunch of privately owned digital vendors from multiple countries that are already slippery. They haven't really outlined what active enduring measures would be required to keep up this sort of digital regulation for it to be maintained in perpetuity. It all feels like trying to stop a river by installing a net...perhaps maybe closer to Trump's "building a wall" move politically.
Passing something without outlining any specs or plan on how they actually achieve their ends is very much the regular Conservative MO. I don't even nessisarily think they want it to pass it to be honest. I think they just want something that sounds easy to your regular joe but is fraught with practical and logistical issues so they can make the incumbent government look like it is obstructionist or morally bankrupt. If they actually passed this it would be a dog who caught the car senario but as is they know the incumbent government absolutely does not want to be on the hook for making a big messy new department that would take time off the floor for other issues while it's hashed out, require a massive expense to explore options and then further budget to create a government service in perpetuity all while their opposition gets to whine about how the incumbent government are too far over budget and too slow to get things done. The Conservatives know their constituents have the memories of goldfish and won't seriously ask why the things the Conservative party seemed to care about so much when they were opposition will be completely dropped when they are elected.
Yea, but all that's going to do is give the IP of the household, anybody in the house could be looking at whatever
This will give them a concrete identity tie in to a specific person
And if it's over Wi-Fi they isn't strictly secured it's essentially impossible to tie it to anyone at all. It's why the average person doesn't need to be afraid of piracy. Oh and then there are vpns to bypass that even harder.
That defence might help if you find yourself standing in front of a jury... but porn is legal so that's never going to happen.
But for blackmail? Presumption of innocence won't help you in the slightest.
Fair