nixCraft 🐧8h ago

RE: https://infosec.exchange/@SecurityWriter/116305873092655616

if people stopped giving all these corporations their age or id/kyc info and just canceled their subscriptions or accounts for 4 months we'd see how fast they stop asking once those next quarter results show up.

governments would wake up pretty fast with less VAT, GST, and Tax revenue, too. you give them an inch and they will take a mile. cut that inch and cut their source of revenue, and they will all fall in line.

that is the only solution to all these stupid laws.

Show threadnixCraft 🐧8h ago

the only time you should hand over your ID like a passport or stuff like that is when you absolutely need to. for example like crossing international borders, opening or operating a bank account or applying for a driver's license. those are all valid cases and highly regulated.

but this for profit corporation will just use your data to target you for profit. they even sold mobile phone numbers used for 2FA to advertisers. can you really trust them now with this nonsense?

Show threadtxtx 🇪🇺8h ago

@nixCraft I should be able to walk to a post office or bank where, after presenting an ID card, they give me a single use token I can use to prove to an organization I'm a real human — or that I'm of a certain age, etc.

I think this should work well enough even if no personal information is stored on that token.

I would happily join a Mastodon server that only accepts authentic users...kind of like the "blue checkmark" of Twitter but democratized so it's not just celebrities.

Show threadnathanael7h ago
i give the token to a bot...

CC: @[email protected]
Show threadtxtx 🇪🇺7h ago

@nathanael And there are people who hire a kidnapper, assassin, human trafficker...

I don't need to live in a crime filled world because someone found a clever way to abuse a system.

@nixCraft

Show threadnathanael7h ago
no i wouldn't. i wanted to show you, that your solution doesn't work like you intend it to work. you don't prove with a token that you are a certain age or are a real human. you just prove that the token was obtained by a real human

CC: @[email protected]
Show threadtxtx 🇪🇺7h ago

@nathanael To stop 99.9% of bots, this is enough, so it works.

Russians working at a troll factory are creating millions of accounts. Having a few accounts isn't doing much for them.

It should be possible to ban future tokens from an individual as well. Like any good bar, you ban someone from ever coming again if they are a nasty jerk.

Show threadtxtx 🇪🇺

@nathanael Every social media site is already or is in danger of becoming infested with propaganda agents, nazis, scammers, etc.

Mastodon hasn't been hit as hard yet because it's not as popular — but from what I've read from server owners, it's heading in a bad direction now.

1:53pmMastodon for Android
Show threadtxtx 🇪🇺7h ago

@nathanael It's no wonder that age verification is so popular amongst the general population. People don't want their kids to turn into nazi q-anon weirdos, as it turns out.

Unfortunately, because much of the tech community is only pushing to maintain the broken status quo, politicians are responding without guidelines from the people who have the knowledge to change things for the better.

This is what happens when we point our fingers while burying our head in the sand.

Show threadtxtx 🇪🇺7h ago

@nathanael Anyway sorry for the reply deluge. You are not wrong that there are possibilities to abuse this kind of hypothetical system.

I will admit I get a little bit frustrated since I do think that there are valid uses for authentication. I don't like how it's done now, or many of the current proposals.

But if we don't bother brainstorming better solutions, we'll be stuck with whatever is given to us.

Show threadnathanael6h ago
all good. it seems to me that age verification doesn't work. it didn't work when i wasn't allowed to drink alcohol and i can't see it working online...