TutaLet's remind everyone what a safe internet actually means. 🌐🌍
Share this & Spread the word!
Nuno Gomes@Tutanota Just a note. Age verification is not mutually exclusive to everything that is on the safer column. If the real world has age requirements in some operations, it's acceptable that the digital world also has the same. Making the Internet lawless is what drives attacks on other liberties.
soderling@soderling No, it is not. Any digital service could query a digital gov ID just for age verification (yes/no signed key) and nothing else is stored in either side. A government audit can run on all users just to make sure they have those signed keys WITHOUT knowing who they are.
Aubrey@gonun13 @soderling And how do you guarantee that the government is not saving which keys are they looking up?
@aubrey @soderling They can save it, it's pointless, it's just a valid age verification token. The critical point is the authentication system that by law and governance, would be made in a way where you only authorise an age verification not sharing private data with the digital service OR logging on the government side what site you're trying to use. There are more technical steps available for privacy like key pairs, blockchain, owning your data I would prefer first but it is possible.
@gonun13 @soderling Well, then the government gives me a token for something. First, they know I requested a token at this time (which is also a privacy problem, but not that big). I give that token to the site I want to use, that is okay still. But then the government asks the site owner to give them all the users with all their tokens. Now the government can match the users with real people based on the tokens they gave out.
@aubrey @soderling That's not exactly the sequence. Service -> govID -> you authenticate with govID -> you share age verification with service -> they store a valid age verification token -> gov can check valid tokens not who made them (by law).
The are other conversations involved like anonymity vs privacy. Public vs private data. But it is technically possible, it's more on how we setup our digital legal governance.
The are other conversations involved like anonymity vs privacy. Public vs private data. But it is technically possible, it's more on how we setup our digital legal governance.
@gonun13 @soderling (by law) is the problem. Why should I trust my government is actually doing that. I don't think it is possible to trust the government is not saving any of that data without having access to their servers. And even if it was possible, I don't think the government is going to implement it that way. Governments love to collect anything they can. (EU and Chat control for example)
Azarilhⓥ@aubrey EU is doing such software and it's open source. They are very transparent about how it works.
@aubrey True thus we should fight governments with better solutions. But the digital world can't become a lawless place or catered just by big corps.
@aubrey
Yes that is true. The Verification by the EU App is 1. on Smartphone only 2. The Credentials are saved on that Smartphone 3. the App Talks every time your're Verify your age with the gov server in a hack of a lot times
@gonun13 @soderling
Yes that is true. The Verification by the EU App is 1. on Smartphone only 2. The Credentials are saved on that Smartphone 3. the App Talks every time your're Verify your age with the gov server in a hack of a lot times
@gonun13 @soderling
I am wondering that this is not criticized. Why you are not asking why it should be a Smartphone? Why should it not disconnected to the Credentials Physically to the Device? Why should i let my IP address to a Server for Verify?