What I'd really like to see is some kind of iframe that pins JS/wasm code within it to a particular bundle hash and prevents modification at runtime (even from chrome extensions).

Something more like a TEE inside the browser of sorts. Not sure if there is anything like this.

Author of the linked post here. This is actually a pretty interesting idea, I'll pass it to the team.

Enabling the `integrity ` attribute on iframes would help: https://github.com/w3c/webappsec-subresource-integrity/issue...

But then you'd also want the frame content to use `integrity` on nested resoures.

CSP frame-src can help for now.

Would benefit from cost-of-living data (e.g. something like numbeo), on top of the housing data.

And something like Hoodmaps to discern safe/unsafe suburbs in a city (quality of life differs a lot within a city, often more than between cities)

100%, we want to add that but the data is expensive. If this has legs we will probably spring for Zillow or Redfin API access.

We actually hit a rate limit with the image API tonight, but we're caching everything we pull into a DB, so the more people use it, the less we'll have to rely on API calls.

Because it's not about age verification, it's about setting up infrastructure to enable incremental enchroachment on privacy.

Fun fact: many ZK identity solutions run centralized provers and can be subpoenaed. Need to use something that generates proofs client-side.

> Because it's not about age verification, it's about setting up infrastructure to enable incremental enchroachment on privacy.

Yes. You are emphasizing a reason it would be a good idea.

Sideline the ulterior/hidden motive. Or at a minimum, force it into the open, where it has less of a chance. (Ulterior motives are kept quiet for a reason.)

> Fun fact: many ZK identity solutions run centralized provers and can be subpoenaed. Need to use something that generates proofs client-side.

Subpoenas are one of the many privacy problems solved by this.

If there is no log of your real identity tied to visiting a site, there is nothing to hack or subpoena.

A verifier can report you got keys validated. But they don't know what sites they were for.

Sites can ensure users are vetted for age. Without knowing who they are.

This is such a classic cryptography scenario, I don't know how it isn't being pushed to the center of this debate. Anything that reduces the practical tension between divisive goal posts is going to have practical benefit, and make worst case legislation much less likely.

You're confusing concepts and blockchain fundamentals. "Uncloneability" is the double-spending problem solved by proof-of-work/hashcash scheme. The 51% attack is not the problem, it's just a requirement for a PoW based blockchain to work. Just like how you have 1/3 honest node requirements in traditional BFT distributed database designs.

So cloneable cryptocoins is a thing? Where do I sign up wink.

IMHO cloneablitiy IS the problem, PoW is just a (very, very unfortunate) solution to that. PoS (stake as in possession, not pledging) is IMHO inherently impossible, so PoW is all we got, now and for ever...

The 10x engineer manifesto /s

Curious, what do you think of Sellfy? It gives you email lists, and analytics.

I'm currently building an e-commerce platform like Etsy, and tossing up some ideas of what kind of features to provide for sellers with respect to their brand, email list, and analytics, paywalled content etc.

I want to like envoy, but honestly the documentation for all areas of the framework is poor, with no support.

He's not attacking his credibility, just bringing up the point that there may be bias in reasoning.

Wait until lockup period ends for discount prices.

And over time, what was an O(n) emission rate becomes O(n!)