Big tech are going to be the ones selling the verified ID solutions and the laws are going to effectively make it mandatory. There’s a potential future where we’ll all be paying for a subscription to a verified ID system that we don’t want.
Big tech is probably lobbying for it behind our backs.
I don't even know if Gnome and Gnome Shell are the same thing. One thing I do know is the default install of Gnome on Debian 13 leaves you without a dock, without a system tray, and without minimize/maximize buttons. They purposely remove the three most important tools the average user relies on for navigation.
It's like trying to make a car without any round edges because "square edges are better". Good luck with the wheels!
I can fix that somewhat with extensions, but every normal person I know will take one look at the defaults and abandon it. That's a reasonable choice in my opinion. Why use something where the first interaction gives you a clear indication you're going to be fighting against developer ideology?
The thing I don’t get is that IMO Americans have a higher standard of living due to demand for the dollar. Being a net importer means they make less and the countries they’re importing from make more. Money = labor = people working, so people in other countries are working harder than Americans to benefit Americans with a higher standard of living.
It’s like a roofer working for a contractor that’s a millionaire and the contractor is upset because he’s paying the roofer while having a higher standard of living because of the profit made off the roofer’s labor.
No one is working for that rich contractor if his money is worthless. Isn’t a weaker dollar for America a disaster? The world works to serve America right now because of the dollar. Life’s going to be tough when America has to “get a job” and start earning their keep with real productivity contributions, isn’t it?
Maybe I’m just dumb, but all I can see is a massive drop in the average standard of living if the US maintains their current trajectory. It might even be too late already.
You assume that these economic policies are dictated by some sort of common good. The reality is that most policies are dictated by corporations and are designed to benefit their shareholders and not the average american. In addition, the US is now pivoting towards authoritarianism which implies future policies will be determined mainly by a tight group of people who are going to use them as a means of enriching themselves.
>massive drop in the average standard of living if the US maintains their current trajectory.
Very rich people control the narrative in the US and get poor people to repeat their claims. Hence where we get statements like this from.
>“John Steinbeck once said that socialism never took root in America because the poor see themselves not as an exploited proletariat but as temporarily embarrassed millionaires.”
The thing is the billionaires/trillionaires don't care as long as they get more power. They'll eat the goose that lays the golden eggs.
You see a ton of this with Trump voters like my grandma that are getting screwed over with medicare changes and live in some kind of grand delusion that Trump is doing exactly what he said he was going to do in cutting benefits, and yet somehow it's all the democrats fault (???).
It would be amazing if the tech leadership is so far gone they think AI is so great that everyone will beg to pay for it and it gets locked behind subscription fees. The only way it could get better is if the users that are paying get some kind of flair or label so I can ignore them.
> may make provision for the provider of a relevant VPN service to apply to any person seeking to access its service in or from the UK age assurance which is highly effective at correctly determining whether or not that person is a child
I think you're reading it wrong. Regulations may have a provision that allows providers to apply age assurance [systems ?] if the age assurance is highly effective at determining age.
I'm always surprised how ambiguous the writing is for this kind of stuff. Maybe that's the point. If the regulations don't (may is optional) have the provision, does that mean they need to demand ID?
IMO, highly effective = our buddies' tech that we declare highly effective. The whole ID push around the world is big tech trying to set up government mandated services that you're going to be forced to pay for, either directly or via taxes.
The end game is probably digital IDs with digitally signed requests for everything you do. And, of course, corrupt individuals and criminals will somehow be able to get as many digital IDs as they want.
That money should be spent on education. We're being robbed.
> I'm always surprised how ambiguous the writing is for this kind of stuff.
That's because--
(a) The actual legislators vaguely realize that they're too lazy and stupid to get anything right in detail, so they delegate to the regulatory apparatus.
(b) Neither the legislators nor the regulators are ever quite sure what they can politically get away with actually demanding, or how fast they can politically get away with moving, so they want both the ability to grab anything that looks like they can hold it, and the ability to deny that they ever meant to ask for anything that's blowing back too hard on them.
(c) Both the legislators and the regulators want to be able to threaten various actors with draconian actions that are at least possibly authorized under that kind of vague language, in order to get concessions that they are not authorized to demand (and that would be too hot politically to give them authorization to demand).
They store passwords and proxy everything at the same time they’re pushing OAuth, authenticators, passkeys, etc. for their own services. Everyone should have revolted when they bought Acompli and started doing this kind of thing.
Seize the generational wealth they accumulated. Make their parents, siblings, kids, grandkids, cousins, etc. demonstrate how they earned their money and take every penny they can’t link to honest means.
The discussion around billionaires needs to move away from taxing their income and beyond taxing their wealth. We need to start talking about how much of their wealth we should be taking away. Light it on fire or delete it. The whole world will be better off.
I considered this a month or two ago when Google safe browsing was erroneously putting domains self hosting Immich on the block list. My family domain got put on the block list and it took me a few hours to figure out that I needed to sign up for Google Search Console just to figure out what sub-domain got flagged.
I thought about filing a claim for enough to cover my time in small claims court, but decided not to. I didn't track my time super well because initially I though it was my fault, but, by far, the huge deterrent is the "what if".
What happens if I take Google to small claims court for damages to a domain I've been using for 20 years? I have that domain tied to a legacy Google Workspace account which was a huge mistake. It's been tied to my email for at least 15 years and, even worse, I've never owned an Android phone that hasn't been tied to that Workspace account.
I don't depend on cloud services for much, but if I want to prepare for retaliation I'd have to migrate my email somewhere else and be ready to deal with family members that have their phones connected to the Workspace account. Who's been duped into photo "backup"? Who's been duped into using Google Docs? How many Play purchases do they have? And, the big one, who's been duped into using sign-in with Google?
Google, Apple, Microsoft all make choosing what's best for the consumer very high friction compared to choices that trap users and give all the power to big tech. Even though I constantly help my family members try to understand why the don't want to get locked into those services they always get deceived into using them. The number of family members unwittingly duped into uploading all their data to OneDrive is in the range of 100%.
Apple, Google, and Microsoft need to be broken into 10 or 20 companies each. Excel should be it's own company. Phone OSes and app stores should be different companies. OneDrive should be it's own company and to compete with Dropbox with zero Windows integration. The web browsers should be separate companies. The AI divisions should be separate companies. Split them up with a wood chipper IMO.
The safe browsing scam is the biggest fraud ever because providers can't opt out of it when it "accidentally" detriments independent or self-hosted solutions.
> How does the issuer (e.g. the republic of France) know that DOCUMENT is bound to a given fingerprint? This is still under discussion, but as a first bid, a French citizen goes to city hall with his phone and obtains DOCUMENT after producing a fingerprint on the citizen's phone (as opposed to a device belonging to the republic of France).
Are you saying that someone goes to city hall, shows ID, and gets a DOCUMENT that certifies age, but doesn't link back to the person's identity? And it's married to a fingerprint in front of the person checking ID?
Is there a limit on how many times someone can get a DOCUMENT? If not, it'll become a new variation of fake id and eventually there's going to be an effort to crack down on misuse. If yes, what happens if I get unlucky and lose / break my phone limit + 1 times? Do I get locked out of the world? The only way I can imagine limiting abuse and collateral damage at the same time is to link an identity to a DOCUMENT somehow which makes the whole ZKP thing moot.
I'd be more worried about the politics though. There's no way any government on the planet is going to keep a system like that limited to simple age verification. Eventually there's going to be enough pretense to expand the system and block "non-compliant" sites. Why not use the same DOCUMENT to prove age to buy beer? Sanity for guns? Loyalty for food?
What happens if the proof gets flipped to run the other direction and a DOCUMENT is needed to prove you're a certified journalist? Any sources without certification can be blocked and the ZKP aspect doesn't matter at that point because getting the DOCUMENT will be risky if you're a dissenter. Maybe there's an interview. Maybe there's a background check. Has your phone ever shown up near a protest?
It's just like the Android announcement that developers need to identify themselves to distribute apps, even via side loading. The ultimate goal is to force anyone publishing content to identify themselves because then it's possible to use the government and legal system to crush dissenting views.
Big tech caused most of the problems and now they're going to provide the solution with more technology, more cost, and less freedom which is basically what they've been doing for the last 2 decades so it's not a surprise.
I somewhat understand your argument about how to prevent misuse, but I'd say one could do that by embedding the key in an ID card and someone will have to connect the ID card to the phone/computer (e.g. via NFC). So obviously you can pretend you lost your ID card and get a new one, but I would say that you can only do that so often until someone will get suspicious, just as if you would ask for a new passport every couple of months someone would start asking you some serious questions.
Regarding using the document to buy beer, that's already done, you need to provide ID. I also hope you being asked to provide ID for buying guns, but then again I'm not from the US, so I have quite a different opinion on gun ownership.
All that said though, we are currently watching some of the most significant civil rights abuses by authorities, all without any ID system and people are worried about age verification? If the government wants to abuse their power they don't need an ID system, they just look at your social media profile at the border.
This post is restricted to the context of the European Union and is intended to be factual.
The EU age verification app is intended to be a pilot to the EU Digital Identity Wallet (EUDIW), which EU law requires to be deployed everywhere in Europe by the end of 2026. (Thus your "worry" is in fact the explicit plan of record.)
The EUDIW will store more attributes than age. Think of it as a digital form of a passport (with name, address, etc.). The exact set of attributes is determined by local laws.
Thus, the DOCUMENT that you obtain is tied to you, and of course the state knows what is in the DOCUMENT since the state creates the document in the first place.
The state does not generate proofs. The phone generates proofs. Given a proof (and only the proof), nobody can associate the proof to the phone or to you.
Now I switch to less factual statements, which are still approximately correct.
Why would you trust the wallet software not to phone home to the state or us (Google)? The EUDIW regulations require that the wallet software be open source. However, states will only issue DOCUMENT to their own certified wallet software---you cannot just take the open source and recompile it, since the state won't issue DOCUMENT to your uncertified wallet. (Maybe your gym will issue a gym membership to your raspberry pi wallet, since it's not a big deal.)
The reason for this strictness is that the EUDIW is intended for official or semi-official uses. For example, you can open a bank account with it, or use it as ID to get a mortgage. The bank must by law accept DOCUMENT, the state guarantees that DOCUMENT is correct, and you get better privacy than handling over a piece of plastic that is then photocopied by who knows whom. This is the tradeoff of the current EU law. It would be inappropriate for this kind of official, passport-like documents to store attributes such as your profession (journalist or whatever), and nobody is talking about it.
Thanks for replying to me. I'm having a tough time understanding how it's zero knowledge, but also tied to a person's identity. At some point I'm going to try to read the manuscript you linked to someone else, but I started skimming it and I'll be lucky if I understand a tiny fraction of it.
> The state does not generate proofs. The phone generates proofs. Given a proof (and only the proof), nobody can associate the proof to the phone or to you.
I get that part. I visit a website and it basically asks me to prove my DOCUMENT has an attestation for age and my phone generates the proof. The part I don't get yet is how it proves the issuer.
> However, states will only issue DOCUMENT to their own certified wallet software---you cannot just take the open source and recompile it, since the state won't issue DOCUMENT to your uncertified wallet.
I don't get why that would matter. I think of it in terms of proving you have a signed DOCUMENT (like a signed executable), but that concept doesn't work for a proof with a subset of data in the DOCUMENT. The wallet can't be trusted either, can it? What would stop me from running a proxy to tamper with the responses?
> Why would you trust the wallet software not to phone home to the state or us (Google)?
To be honest, I don't and I think calling certified wallets "tamper proof" is incorrect. They're tamper proof from the perspective of the users, but the designers, maintainers, policy makers can "tamper" at will.
> For example, you can open a bank account with it, or use it as ID to get a mortgage.
This starts to get into the biggest issue for me. As an average person, all I know is that I have this DOCUMENT with all my vital personal information on it and some of that information can be sent to a 3rd party that asks for it. Because it's such a complex technical system I have no way of understanding what's happening or verifying I'm only sending the information I expect them to be asking for. If it's a permission system like we have on phones, that's broken. People have been conditioned to think they need to click yes on everything or things won't work. I'd worry that suddenly people will be giving away vital information without even knowing.
> you get better privacy than handling over a piece of plastic that is then photocopied by who knows whom
On a technical level, that's right. On the level of an average person understanding what information they're handing over and how it's being used (or potentially misused), that's wrong. I understand perfectly what I'm handing over when I give someone my credit card or drivers license. A digital ID system is basically opaque to me.
We have to put 100% faith in a few companies; Google, Apple, etc.. We need to trust they're acting in good faith and getting the implementation perfect. The saying is trust but verify, but what happens when the system is so complex that not enough people can verify it does what it says, or, more importantly, that policy makers aren't giving classified orders that force the handful of certified wallets to change the way things work?
The technology is very cool. When I see documents like that manuscript you linked I'm envious. I wish I could understand the math well enough to conceptualize the whole system. I think there's a ton of value in leveraging technology to modernize identity. I also have no doubt the people working on the implementation are acting in good faith. Flat out though, I don't trust the institutions. There's always someone willing to act in bad faith for one reason or another.
I think it's important to understand there's a difference between analog verification systems and digital verification systems. If someone is checking my ID or comparing my face to pictures in a book of banned patrons, that has a natural limit on the scalability. Once things are digital, all bets are off. Think of the difference between a manager banning someone from a single store vs facial recognition being used to ban someone from every store in a chain. Digital IDs could very well be the next step up where people can be banned from participating in society.
Also think about the difference between fingerprint unlock for releasing a digital ID vs Face ID. With a fingerprint, you're creating a limit on what people will tolerate in terms of the number of times their ID is queried. With Face ID, people will tolerate a much larger volume. If the biometric ID is cached and allows multiple uses of a digital ID within X minutes, the number goes even higher. With a watch that's unlocked until you take it off your wrist, it's unlimited.
So, if you're working on these systems, consider there's more than just an algorithm and the implementation can leverage what the average person will tolerate to act as a bit of a check on the system. The fingerprint unlocking above is a good example where 1 fingerprint scan = 1 proof. People can understand that. Please don't build a system that allows for continuous identification.
Thanks for trying to explain some of the goals and how the system actually works. It's really hard to separate the politics from the technology, because they can't be separated, but I find it helps to have a better understanding of the technology as it helps when trying to focus on pragmatic concerns.
> Eventually there's going to be enough pretense to expand the system and block "non-compliant" sites. Why not use the same DOCUMENT to prove age to buy beer? Sanity for guns? Loyalty for food?
You're not wrong to be concerned about those impulses, but I think this is getting into "perfect is the enemy of good" territory.
A really authoritarian government isn't going to make an effort to misuse the system that way: They'll tear it down entirely and go back to worse-alternatives which we already use, where they do know all parties involved and exactly when and what was being checked.
Big tech are going to be the ones selling the verified ID solutions and the laws are going to effectively make it mandatory. There’s a potential future where we’ll all be paying for a subscription to a verified ID system that we don’t want.
Big tech is probably lobbying for it behind our backs.
reply