This is the first perfect solution I've heard!
Granted it's a little slow but it meets all the requirements xD
- Posts
- 2
- Comments
- 120
- Joined
- 3 yr. ago
- Posts
- 2
- Comments
- 120
- Joined
- 3 yr. ago
It would also reveal to the government that the user was accessing 18+ content (though not what that content is if the token is blinded).
It also doesn't stop the easy circumvent of someone who is an adult providing a service for children or others who don't want to auth with the government.
- The 18+ site provides Child c with a token T and it's blinded to b(T)
- The child sends b(T) to a malicious service run by a real adult (Mal)
- Mal sends the token to the AVS to create s(b(T))
- Mal provides s(b(T)) to the child who gives it to the 18+ site as a legit S(T)
How does this work to protect privacy though? Wouldn't the site need to know who you are to be able to look you up with the government?
Or is it more like an SSO/Oauth callback style thing where you sign into the government and they send the "age bit" digitally signed and your browser gives it back the service? Either way the government would know when you're accessing 18+ material and possibly what specific site you're accessing? Or is there more to it?
they could set up an online system which allows anyone to generate a proof of age and generates keypairs on demand for a requested site
This is the issue I have with most cryptographic solutions. There's usually a way for someone to just share their private keys or run a service that generates valid site-specific credentials. If a user can generate something that says they're over 18, it would be trivial to do that on behalf of others and set up an easy automated system for it. Adding some kind of rate or use limiting would just make it frustrating to use on multiple sites and add more implementation complexity on the side of the site.
Once such a system exists, the whole thing becomes trivial to circumvent. I guess the governments could try to play whack-a-mole with some kind of revocation capability but if the resulting keypairs are anonymous, then that wouldn't work because they wouldn't know who is creating them.
So should we just assume that nothing is conscious?
Not at all! In fact, I believe that we should assume almost everything is conscious. I think it's a bit of human arrogance to think that we brain creatures have a monopoly on perspective.
Nobody knows why they produce consciousness or what particular mechanism is responsible for human awareness.
Exactly my point.
That's... irrelevant
I don't think it is. If the argument is that it's unethical to poke a neuron because it might have consciousness, would the same argument not apply to anything else? I think you might be getting a bit hung up on the "think like a human" thing. My point is not that it's okay to torture something if it doesn't "think like a human." It's that there are potentially a lot of things in the world that are conscious that don't often get the same consideration.
capable of experiencing suffering
This is an interesting one. It shifts the question from "does it have a consciousness?" to "does it have a consciousness that is suffering or able to suffer?". The idea of suffering is a very human concept that we have a whole section of our brains devoted to. There's a lot of ethics devoted to alleviating suffering (eg. Humanitarianism) and we sorta use it as a means of directing our goals - we avoid things that make us suffer and seek things that bring us happiness. What makes us happy or makes us suffer varies a bit from person to person due to experience and learning/training but a lot of it is biologically evolved. Physical and emotional pain makes us suffer for evolutionary reasons.
So in one sense, you could define suffering as a stimulus that some conscious system avoids? In which case, training neurons essentially teaches them what suffering is. They're trained to activate or not activate based on what avoids irregular stimulus (suffering) and results in regular stimulus (happiness).
If that's how you define it though, there could be many other systems that work the same way. Obviously animals and plants and fungi etc. But also Computers and lots of mechanical systems do that too. If making decisions to avoid or seek electrical stimulus is suffering then a computer is basically a pleasure/torture box.
Personally I think that suffering is more than that. I think it's a larger system we brain creatures have developed that doesn't necessarily apply very well outside the context in which we use it. Would a vat of 20 billion neurons be able to suffer? I think that depends on how they're arranged and whether they have that concept.
Whether it's ethical to murder an entire village of your enemies "depends on your ethical framework and philosophical worldview." See what a slippery slope moral relativism is?
Just because different ethical frameworks and worldviews exist, doesn't mean they should all be treated equally. Sure, if someone is super utilitarian they might be fine with torturing people for medical research when they feel that the ends justify the means. If someone has a strict deontological code of ethics that tells them homosexuality is a sin punishable by death, they might campaign for that. I think those people suck and their beliefs are evil because of my own ethics and worldview.
When it comes to a question like "is an ant capable of suffering?" Or "is it okay to swat a fly or set a mouse trap?" Or "how many human neurons does it take to suffer while changing a light bulb?" You'll get varying answers from people based on who they are. Personally, I think the right answer to those questions is dependent on the brain of the person answering them.
Moral universalists have the same slippery slopes you mentioned. If right and wrong are fixed and objective and not dependent on people, then groups claiming to know the one true morality will use it to persecute those labelled as evil or morally bankrupt (see the homophobic asshole example above).
Moral relativism doesn't mean that morality doesn't matter or that it's wrong to fight against what you think is evil. I believe you should fight for what is right and I'm hopeful that the things that I think are good will win out against the things that I think are evil. Absolutism is maybe a bit easier for that because it simplifies moral choices a lot, but I think it's hubris to think that evil is the same everywhere to everyone and not an artifact of the human mind.
There's a lack of evidence for anything not being conscious.
Neurons work by generating electrical signals in response to stimulus (either electrical inputs from other neurons or physical/sensory inputs activated by light or touch etc.) and they do this in a physical way.
If they're conscious, then there's a pretty good chance that power plants are conscious, computers are conscious and pretty much everything else in the world is conscious.
I'm not sure there's any requirement for consciousness to include "human-like reasoning" or "understanding" for it to have some kind of experience and perspective or awareness. Humans make a lot of assumptions about the world to make it fit the patterns we're used to.
A cluster of neurons trained to play doom might have consciousness but it's not likely to think like a human, just like a rock or a plant or an ant or an iPhone might have consciousness.
Whether it's ethical to squash an ant or turn off an iPhone or stimulate a lab-grown neuron depends on your ethical framework and your philosophical worldview.
I don't think they've actually published this one? They have a bunch of related publications and they released the code on GitHub though.
Code here: https://github.com/SeanCole02/doom-neuron
Science here: https://corticallabs.com/research
- Jump
I'm struggling to think of any online services for which I'd be willing to verify my identity or age
Those things come with a big convenience and implementation trade-off that slows adoption.
If it's hard to export for technical reasons (eg. Needs to be in a tpm) then that adds hardware requirements and complexity and makes it difficult to log in on other devices. If it's a software thing, then it's rippable. Either way "install our government app to watch porn" is not an enticing prospect for people.
Aggressive rate limiting is also frustrating if you want to log into multiple things and it keeps blocking you because you're using your key too fast, but if it's not aggressive then it likely won't be effective unless all the kids sharing a key are trying to use it at once.
If it's a temporary thing where you have to auth with the government to get a fresh signing key that expires, you have the issue of having to sign into the government when you want 18+ content which is super uncomfortable.
I can see it being a browser-based thing set up a bit like video DRM but that would still need to talk to a government server each time for a temp key (like how licence servers work) and you'd need to be logged into their systems. It might still be the best option but it does still leak "X person wants to access 18+ content right now" to the government.
I'm really interested in seeing a technical/cryptographic solution that actually works but so far I haven't really and I'm starting to doubt that it's possible.
I think they supported the pixel fold which has the same sort of second flippy screen thing. I think the multiple screen stuff is just in the aosp base.
- Jump
I'm struggling to think of any online services for which I'd be willing to verify my identity or age
Whenever this comes up, this style of zero-knowledge proof/blind signature thing gets suggested. But the problem is that those only work if people care about keeping their private keys secret. It works to secure eg. "I own $1" but "I'm over 18" is less important to people and it won't be hard for kids to get their hands on a valid anonymous signing key on the web. Because the verification is anonymous and not trackable, many kids can share the same one too, so it only takes one adult key to leak for everyone to use. It's one of the reasons they push biometrics that at least appears to need a real human. Requiring ID has a lot of the same issues on top of being a privacy nightmare.
I'm starting to think that actual age verification is technically impossible.
It is sloppy but I'm not sure it's misinformation. Here's the manufacturer: https://www.ajinomoto.com/innovation/our_innovation/buildupfilm
I also enjoy their msg
For the unprivileged container thing, containers tend to be lighter on resources than VMs at the cost of a little isolation (they share the same kernel as proxmox which could have security implications).
The ability for lxc containers to run unprivileged with all the restrictions that entails alleviates a bit of that security risk.
Both options are generally considered pretty secure but bugs/vulnerabilities could break isolation in either case. The only real 100% safe isolation is bare metal.
I tend to run containers unless I have a really good reason to need a VM, and run unprivileged unless I have a really really good reason not to.
My recommendation is a VPN server to connect in from outside and have the default gateway for the VPN clients be a server that acts as a router that's set up with your commercial VPN.
That way, you can be outside on a phone or a computer, access your internal network and still have your public internet traffic go out through your commercial VPN without having to be able to configure multiple VPN connections at once (eg. Android doesn't support that).
Eg. 2 debian proxmox containers. One that runs wireguard (head/tailscale might also work here?) for external access and one that runs mullvad(or whoever) VPN cli and IP forwarding to be the gateway for your clients.
Only downside is the extra hops to send everything through your home network first rather than straight to the commercial vpn which is probably fine depending on your speeds. You can always disconnect and connect directly to the commercial VPN for faster internet traffic if you need to.
But I don't want a bunch of huge images in my face. Isn't that what pixelfed and Instagramy things are for? I only want to click on the things I'm interested in, not be shown an ugly frustrating stream of giant, semi-traumatic political pictures one after the other. Thumbnails exist for a reason and claiming they're bad UX is incorrect, it's the industry standard design pattern for any control that allows a user to browse quickly through multiple images or to provide an impression to a user before they decide whether or not to open the full content.
Lemmie/piefed is more about text and conversations so titles should always be the largest clearest part so you can read them quickly to know whether you want to engage with the post or not. Otherwise, how is it different from pixelfed? Likes vs upvotes is not a big difference.
"known by scientists for a long time" doesn't necessarily mean true. Medical science believed in the four humours and thought most disease was caused by an imbalance in bile, blood and phlegm for like 1200 years before being replaced by the idea that it was actually miasma and stinky air.
Germ theory's claim that tiny monsters are eating your insides, maybe like invisible poisonous insects or miniature demons and you need to wash them off your hands - Sounded Batshit crazy by comparison.
Questioning long-held assumptions and challenging scientific norms is a good thing, but every human has a grift that they're vulnerable to and for some people, even smart, sciencey people, that grift is conspiracy alt science anti vax flat earth hollow earth aliens built the pyramids and the government doesn't want you to know the truth.
Their concept artists are allowed to use some generative AI tools to explore ideas and speed up their workflow. They're currently hiring a bunch more concept artists (both juniors and a senior character artist) so if you're trying to get a job: https://larian.com/careers/4fd694b3-ece7-4307-9949-15cac512a815
Great place to go if you're looking for a concept artist job.
The big flaw in this strategy is that once you have set up a signed anonymous key from the government and you can make zero knowledge proofs with it, there's nothing stopping you from distributing that key to every kid who wants it. If it's in the browser or an app, etc. you can publish that signed key for anyone who wants to be over 18.
PKI only works if the owner of the private key wants it to be private. It's effective for things like voting or authenticating because the owner of the key doesn't want anyone else to be able to impersonate them. But if it's only for age...
At that point, it might as well just be a file that says "I pinky promise that I'm over 18" that the government has signed and given to you.
Unfortunately that's not really all you need. It needs integrity too. Need to be able to verify that the output came from the input and hasn't been modified or tampered with.
Also need to ensure that, despite being anonymous, people can only vote once and can't vote on behalf of someone else.
Also that whoever is receiving and counting the votes can't miscount or lie about the count or figure out which votes came from where by decrypting individual votes as they're received.
The scheme they were using is "Helios" which involves people encrypting their votes such that a group of authorities can combine all the encrypted votes together homomorphically to count them and then decrypt the results without ever knowing any one vote. They then use zero-knowledge proofs to prove that they did it correctly and nobody could have known what any vote was or tampered with any results at any point.
Someone just derped and lost their private key so they couldn't decrypt the results after they'd been combined...
How do they deal with the other requirements though? What's stopping someone from setting up a service that uses their yivi account to sign "I'm over 18" for anyone who wants to be over 18?