Who's trying to break the internet today?

Ungnome

Ungnome

Grand Empress of the Empire of One Square Foot.
Citizen
See, your average Linux distro doesn't require an account on some server to work. Just more proof that lawmakers have no clue what they are doing when it comes to the internet.
 
CoffeeHorse

CoffeeHorse

Hanging in there
Staff member
Council of Elders
Citizen
Maybe Microsoft will lobby to kill this once they realize they're going to be forced to patch all the government computers still running Windows XP.
 
Pocket

Pocket

jumbled pile of person
Citizen
Ungnome said:
See, your average Linux distro doesn't require an account on some server to work. Just more proof that lawmakers have no clue what they are doing when it comes to the internet.
Click to expand...
Then this will result in a blanket ban of Linux. Which is damn convenient for Microsoft, Apple, and Google and their lobbyists, who I'm sure have been looking for an excuse for a long time and might even be the ones responsible for this in the first place.
 
Ungnome

Ungnome

Grand Empress of the Empire of One Square Foot.
Citizen
Could be, but what are they gonna do, audit everyone's PC to make sure they aren't using Linux. There's also the issue that the bulk of the internet runs on Linux servers.
 
Pocket

Pocket

jumbled pile of person
Citizen
The idea is for the OS to be able to provide an ID validation to websites without the individual websites needing to check themselves, so I guess they would demand that all websites wanting to do business in their state to request said validation from the user's computer, and deny them access if it can't provide one. Which would at the bare minimum require Linux users to figure out a way to generate convincing fake validation codes to access sites that are complying with the new law.

Now that I think about it, I wonder if this is intended to work like the "Chave Móvel Digital" system they have in Portugal, which they use not just for age checks but as a secure login system for things like banking sites. Someone on Reddit brought it up a couple years ago and they made it sound like an actually good solution to this issue (except for, you know, people who think it's a basic human right for underage people to access material deemed 18+ by the powers that be). I still have the comment archived; here's how they explained it:
So, when you make or renew your ID, a letter is mailed to your fiscal address containing the PIN to activate your digital key. You then go to the government website and login using the credentials on that letter to activate the key.

If that is your first time activating the key, you must go to the fiscal offices to confirm your identity. Your key is then linked to your biometric data, more specifically your fingerprints and a scan of your face, which are required when activating the key in a new device.

After activating the key on that device, you can use wither your biometrics or your secret PIN to login, and your key can be used for a multitude of things, like digitally signing documents, accessing all government services, etc.
Click to expand...
 
CoffeeHorse

CoffeeHorse

Hanging in there
Staff member
Council of Elders
Citizen
So now when your key gets compromised, instead of changing your password and recovery questions you get to journey through the bowels of bureaucracy to get the government to mail you a new one.

Hug that. I won't do it.
 
Pocket

Pocket

jumbled pile of person
Citizen
That's the part I don't know, whether Portugal's system is actually as secure as it sounds or if an expert would have the same reaction that they do to the idea of online voting. I would have to have access to my own panel of experts, and I am not Randall Monroe. Really, any time the idea of "We should just adopt the system Europe has, 1:1" comes up, we should be asking if there's some significant existing difference between us and them that would make us more likely to cock it up. After all, if there wasn't, wouldn't we have already adopted their system? Isn't the same thing that causes us to consistently make worse decisions than they do also going to hamper our ability to run things properly?
 
NovaSaber

NovaSaber

Well-known member
Citizen
Since AI is only part of the reason I guess this fits here better than the AI thread, but...AI and greedy assholes who make paywalled dowload managers for sites they don't own are breaking game preservation.

bsky.app

Squibbus (@squibbus.gay)

so as it turns out AI has ruined preservation too because guess what all of those servers need that's unaffordable now that's right, storage!
bsky.app bsky.app
bafkreic3gckxmduw2uog4whjeers4r7phqizamtflpez62jpuj2lbf6hym@jpeg
 
Anonymous X

Anonymous X

Well-known member
Citizen
www.bbc.co.uk

MPs reject call for under-16s social media ban, backing more flexible powers

The House of Lords had backed a move to ban under-16s in the UK from social media platforms in January.
www.bbc.co.uk www.bbc.co.uk
Well, at least the British government aren’t going for “Australia style” bans, at least for now. Blanket bans of internet services based on age of users is something I now strongly reject. Because I can’t see how those controls won’t lead to virtually everything on the internet needing an ID/face scan (etc) to access.

(Already loads of smaller web forums based in the UK have had to close during the last year or so because of rules put in place by Ofcom, the UK equivalent to the FCC, and I don’t want any more of that.)
 
NovaSaber

NovaSaber

Well-known member
Citizen
No idea how much information they're going to ask for of what level or privacy invasion they're going to do to verify it, but at least one online game (Yu-Gi-Oh! Master Duel) already has an in-game notification about how they're going to start "age and location verification to comply with local laws" in April.
 
Dekafox

Dekafox

Fabulously Foxy Dragon
Citizen
So about that OS level verification thing in some states:
https://redlib.catsarch.com/r/linux/comments/1rshc1f/i_traced_2_billion_in_nonprofit_grants_and_45/

Here's what concerns me most from a privacy perspective. These bills don't just verify age once. They create a persistent identity layer inside the operating system that applications can query at will.

The commercial age verification vendors who would provide this infrastructure (Yoti, Veriff, Jumio) charge $0.10 to $2.00 per check, require proprietary SDKs, demand API keys tied to commercial accounts, and operate cloud-only with no self-hosted option. Your age verification data goes to a third-party cloud service. Every time.

Compare this to what the EU built. The EU Digital Identity Wallet under eIDAS 2.0 is open-source, self-hostable, and uses zero-knowledge proofs. You can prove you're over 18 without revealing your birth date, your name, or anything else. No per-check fees, no proprietary SDKs, no data going to a vendor's cloud. The EU's Digital Services Act puts age verification obligations on Very Large Online Platforms (45M+ monthly users), not on operating systems. FOSS projects that don't act as intermediary services are explicitly outside scope. Micro and small enterprises get additional exemptions.

The US bills assume every operating system is built by a corporation with the infrastructure and revenue to absorb these costs. The EU started from the opposite assumption and built accordingly.
Click to expand...
 
Pocket

Pocket

jumbled pile of person
Citizen
Oh hey, another person confirming that the EU has already rolled out a system that does what this one pretends to do and does it without any flaws or downsides. I guess the thing Portugal has is just their name for this system? I wonder how long ago they passed it; I'm surprised the entire EU has this and I'm just now hearing about it.
 
Dekafox

Dekafox

Fabulously Foxy Dragon
Citizen
infosec.exchange

Vini B 「thecoding」 (@[email protected])

Attached: 1 image 🇧🇷 Lula's totalitarian Digital ID verification law in Brazil has already made its first victim, disguised as made to "protect the children" (bs) and pushed by paid celebrities and "journalists" the Arch Linux 32 distro has just blocked access to Brazilian IPs restricting...
infosec.exchange infosec.exchange
 
Ungnome

Ungnome

Grand Empress of the Empire of One Square Foot.
Citizen
Dekafox said:
infosec.exchange

Vini B 「thecoding」 (@[email protected])

Attached: 1 image 🇧🇷 Lula's totalitarian Digital ID verification law in Brazil has already made its first victim, disguised as made to "protect the children" (bs) and pushed by paid celebrities and "journalists" the Arch Linux 32 distro has just blocked access to Brazilian IPs restricting...
infosec.exchange infosec.exchange
Click to expand...
I somewhat believe that these laws are actually being pushed by commercial software vendors to try and kill open source projects. The tech savy will bypass the restriction and run what they want anyway, though.
 
Dekafox

Dekafox

Fabulously Foxy Dragon
Citizen
Well, if your distro uses systemd, it looks like it'll have a birthdate field available soon:

Aaron Toponce ⚛️:debian: (@[email protected])

Systemd merged age verification to comply with California state law. If you want to enter a birth date, I recommend "Friday, 13 December 1901 20:45:52". I like this for a few reasons: 1. This is the earliest date possible for a 32 bit datetime integer in C. 2. It's malicious compliance. 3...
fosstodon.org fosstodon.org

The other option is January 1st, 1970, and make the websites or apps think they have a bug since that's the 0 date.
 
You must log in or register to reply here.


Top Bottom