Surveillance is not safety: A statement on the UK's latest threat to privacy [pdf]
Posted by g0xA52A2A 1 day ago
Comments
Comment by michaelt 1 day ago
Did they think, as they worked to transfer final say from users to corporations, by technical means, that politicians couldn't transfer that control to themselves by political means?
Did they think they could lock things down to extract their 30% app store fee while enforcing rules through app review (and demonstrating censorship of sites like Tumblr) that politicians wouldn't want that same rule-setting, censoring power?
Did they think their employers were going to prevent that transfer, that the trillion-dollar companies would become some sort of Che Guevara style insurgents, running a guerrilla campaign to overthrow the very system that made them trillion-dollar companies?
Comment by yason 1 day ago
This is akin to how two kinds of people respond to law. The first kind think "This is the law, we must follow it" and the other kind think "This law doesn't make sense, we must change it".
People who look at pedestrian traffic lights and cross when it's green vs. people who look at cars and cross when there are no cars coming. The first say you must follow traffic rules and the second kind say they wouldn't be alive if they looked at the green/red light of law instead of whether there are oncoming cars: a green doesn't mean it's safe to cross and a red doesn't mean you can't cross if only there are no cars.
Comment by Zak 23 hours ago
https://www.nytimes.com/2003/06/30/business/technology-a-saf...
Comment by coldtea 23 hours ago
The mindset the parent described extends to what they're asked to do. They don't challenge it. It doesn't have to already be law for them to accept it and build it. It's enough that the ask comes from authority (a boss, a government) and pays.
Comment by jjav 17 hours ago
Indeed. I can't understand the people who blindly believe any law is good just because. Stop, think. Is the law good? What's good about it? What's bad about it? Can it be abused? Then maybe it should be changed?
I advocate that every law should have an annual review to catalog every case where it has been applied. How many were sensible positive outcomes? How many were unintended consequences? How many were clear abuses of the letter of the law? Every legislator should vote on the record based on that annual review to either renew or cancel the law.
Comment by yason 16 hours ago
I think many people have an expectation that (all) laws are just and needed because... somehow they're the law.
In reality, laws can be unjust, unnecessary, biased, and completely arm-wrestled together by people strictly following an agency of their own. Other laws are put together by sheer ignorance and lack of thinking beyond mere good intentions. The first question shouldn't even be "is this law fair" but "was this law made fairly".
It creeps me that people treat laws as axioms whereas they're just polished and reinforced opinions. Sure, many laws we can agree on, and many others that don't agree on aren't worth changing, but you should always question the law and question where it came from before choosing to accept it.
I can see the same pattern with technology such as the various digital restrictions management (DRM) schemes.
Comment by Ajedi32 10 hours ago
Personally I would put myself somewhere between your two "kinds of people". Many individual laws are bad and should be changed, but the rule of law itself is a good, stabilizing force that should generally be respected. If people only followed laws they 100% agree with then that would be chaos, therefore even bad laws deserve at least a modicum of respect.
Comment by solenoid0937 15 hours ago
Comment by abustamam 10 hours ago
I like this idea but frankly I don't trust our lawmakers to do a fair assessment of this. Maybe there's an independent, non-partisan committee that does this.
Comment by HiPhish 1 day ago
I like to call those people "ventablackpilled". Being blackpilled is all about gloom and doom, but being ventablackpilled is beyond being blackpilled. It is when you actively want the world to be a worse place because you believe that that is how the world works.
Comment by arthurcolle 23 hours ago
Comment by dgroshev 23 hours ago
The solution to avoiding dictatorship is engaging in politics and preventing dictatorship directly through that. Trying to retreat into the (perceived) wilderness and build barriers to dictatorship doesn't really work. But since people drafting that statement don't believe that politics work and it is, in fact, possible to both have a vibrant political scene (we have what, five viable political parties vs the American two?) and not let kids send nudes, they try to drag everyone into the same mind frame.
Comment by metalman 15 hours ago
Comment by okanat 1 day ago
I sometimes work with people who worked on or at least worked with DRM-like stuff (Trustzone etc.). The people who make those systems and the structures that allow it falls squarely on banality of evil. It is not a big evil org or people with their own evil agendas (unlike Palantir, i think they are the true "ventablackpilled" ones). They are thousands of developers who push JIRA tickets like everyone. Many of them live in the developing world and they just pray to keep their jobs. The reason that big tech attracts developers despite their obvious and much bigger (IMO) evils is the same reason that attracts developers who make systems that can be completely closed down.
Many of the developers are not outright evil either. They sometimes voice their opinion. Their opinion doesn't matter in comparison to the business goals.
Sometimes it is understandable to write blocking software. Not all equipment is sold. Many industrial equipment is leased. So the actual owners want guarantees that their devices cannot be modified by renters.
The amount of info you can extract from an Apple phone or Graphene OS is limited due to same restrictions working in your favor too.
Similarly phones can be locked down due to radio restrictions. Nobody wants infinitely exploitable SDNs in peoples hands. It makes such SDNs a juicy target for enemies like Russia to exploit and turn into scalable attack vector as spoofing and jamming devices.
The reason those are attack vectors is also banal. We made our bed as engineers, voters, governments and business leaders one sloppy work at a time. We made shitty chips and shitty software with no care for security or safety. We sold millions of them and nobody wanted to pay to "do it right way". Worse is better. Silicon Valley style scaling up is the goal. Competition is for suckers. All those and every single one of us ate the fruits of shitty hardware and software that are protected by closed down systems. We engineers got the cushy jobs, our business leaders made 10x 100x gains from our work. We either had little voice (because making a big noise is guaranteeing that your cushy job no longer exists) or whatever we had is ignored in the hubris of shipping shit to billions of people.
Comment by iugtmkbdfil834 1 day ago
I dunno. By that I mean, I am sure it happens, but I am not sure this is the reason for it. FWIW, I am not an engineer, but I have a window into that world.
In my little corner of the universe, we are going through belt tightening exercises already. So it is an interesting game of less meetings, shoving as much as you can onto others and the classic 'doing more with less'. In other words, even for internal customer's 'doing it the right way' is imply not a priority. On the other hand, getting more people, bigger budgets and somehow money saved is. 'Doing it the right way' is a distant ideal.
All that said, I don't think you are that wrong with the 'banality of evil' thought.
Comment by aleph_minus_one 11 hours ago
There exist more kinds:
- the "rebel": "this is a law/rule, so I have to trespass it". This often holds for people who are either annoyed by rules or red tape or for people who see no hope of changing the law. An example are the "blade runners" in London who organize to destroy lots of surveillance cameras at once, in particular those that are used to enforce low-emission laws. [1]
- the "evil": "this is law, so I will (ab)use it for my personal gain".
[1] https://www.independent.co.uk/news/uk/crime/ulez-cameras-van...
Comment by cortic 10 hours ago
The evil is just a subset of the first type, abuse and use are functionally the same action within a poorly or properly constructed law/policy.
Comment by dspillett 11 hours ago
Some are also doing it for the technical challenge, especially those working on new tech rather than refining what already exists. Like the people who try to solve the great problems of mathematics/physics (or find interesting new ones) for the challenge of it (and sometimes refuse prizes & recognition if they do solve or otherwise discover something vital).
This sort of person is often blinkered to the possible extreme long-term outcomes, or are able to mentally separate themselves from them (“I just made the discovery, I didn't use it to do anything bad” or “I was paid for it, follow the money source and blame them”). Of course once a genie is out of the bottle, other sorts of people are more than eager to ask it for wishes…
Comment by AnthonyMouse 13 hours ago
Suppose there is some peon at Microsoft who is ordered to write code for Pluton and then does it because they don't want to be fired, expecting to hide behind the Nuremberg defense. The people in your second group will naturally disapprove of this.
But regardless of that, we can ask the same question of the person giving the orders. Someone in these companies initiated these programs, so are they merely fools who couldn't predict the obvious consequences that others did, or are they truly malicious?
Comment by aleph_minus_one 11 hours ago
I would rather say: people who are too "rebellious"/"non-obedient" don't get into a position where they are ordered to write code for Pluton.
Comment by try_the_bass 1 day ago
What? I don't understand how this is a "two kinds of people" generalization, when the two categories aren't even mutually-exclusive?
One can think a law is bad and should change, while simultaneously recognizing the rule of law and following it.
It's pretty weird to try to pit those two perspectives against each other
Comment by trumpdong 22 hours ago
Comment by socalgal2 20 hours ago
There's zero point in changing the law if you don't expect it to be obeyed and enforced. Those positions are not opposites.
Comment by AnthonyMouse 13 hours ago
You can follow it anyway and make no attempt to improve the situation, allowing the stupid consequences to follow indefinitely. (Notice that anyone who follows the law while doing nothing because they've been convinced reform efforts will be ineffective are in this group.)
You can follow it anyway while trying to change it, attempting to limit the time the stupid consequences exist.
Or you can refuse to follow it.
But the people in the last group should still be trying to reform the law, both so that they don't have to risk being prosecuted for doing the right thing, and in order to get the people in the first and second groups to stop doing the stupid thing the people in the third group are already refusing to do.
Comment by LadyCailin 16 hours ago
Comment by account42 13 hours ago
Comment by trumpdong 13 hours ago
Comment by FpUser 14 hours ago
It is a dynamic world where respect for law, trying to change law and plainly saying: "go fuck yourself, not gonna do it" should and do coexist.
Absolutely all laws followed strictly to the letter would kill a society.
Comment by Cassell 1 day ago
Comment by abustamam 10 hours ago
That said, I'm not going to pretend I'm one of those people who say "this law doesn't make sense, we must change it." it's more like "this law is not convenient to me right now and I am willing to suffer the consequences of breaking it" but frankly I'm not going to start a grassroots effort to try to change it.
Comment by cucumber3732842 22 hours ago
Don't forget the selfish jerks who simply ask for whatever class of traffic that isn't them to be punitively regulated to their benefit.
(both literally and transferrable to other issues as a metaphor)
Comment by KaiserPro 16 hours ago
The problem with that is it generally requires a central point of trust.
Sure you can allow multiple points of trust, but for the unskilled user, that means that the little lock symbol becomes unreliable (or whatever)
Without commenting on the UK governments stuff (It is probably full of shit, but then thats what lobbying does) We as technologists need to engage with wider society and understand on their terms, the worries they have.
For this particular "proposal" it strikes at the core worry of today's kids. They are sadder, more insular, more dependent on mobile comms and exposed to much nastier stuff than millennials were at the same age.
AT my school in the very late 90s, a group of 14 year old girls went to the beach and took a disposable camera. Standard photos apart from one, which was a group of them topless. One of them brought them back from the developers into school. Somehow the topless photo was stolen and passed around various classes.
It ruined her month, even though she got the photo back. I suspect it left scars longer than that.
Now imagine not being able to get that photo back. Thats the problem for todays kids. One moment of stupidity and a lifetime of consequences. (under a certain age, if they took photos or videos of other kids, that makes them liable to be on a list, for life.)
You could say "oh education" but did you listen at that age?
Whats worse now is that there are no gates on what photos can be developed by the normal person. If you took any photo that was explicit, it almost certainly wouldn't be printed (hence why there were very little dick pics from that era).
Is what the UK government proposing workable? well looking at the OSA, almost certainly not.
However unless we, as a tech community engage with society, with useable answers that are understandable to the normal person, then we are going to be crushed by the weight of "something must be done". Absolutism is not our friend here. We need to engage and choose compromises, or lose wider freedom for ever.
Comment by cogman10 9 hours ago
While I don't doubt that's a motivation, the problem I have is it's really a question of likelihood. I feel that in terms of security focus it's very common for people to put on blinders and ignore the likelihood of an exploit in favor of "Ooooh look at this thing that COULD be exploited!"
It's fundamentally the problem I have with how CVEs are reported and handled in general.
In terms of secure boot stopping problems. Yes, it does stop someone from rooting a device which is great. However, someone that has access to root a device almost certainly also has the ability to just install a virus in the OS startup scripts. Or to modify a user executable. Or to modify the user's PATH environment variable to inject a malicious app in front of a commonly used one.
That's what I wish security focused people would weigh more heavily when they evaluate these sorts of threats. "What other damage could a malicious individual do if they had the same permissions to pull off this exploit."
Comment by KaiserPro 7 hours ago
Yes, its more like a popularity contest.
But secure boot stopped(or stops) a whole bunch of driver/rootkit exploits, which was a big thing in the late 2000s. It means that a random driver that is inserted by some script kiddie raises a whole bunch of warnings, which it wouldnt have done before.
We have come a long way since windows 2000
Comment by AnthonyMouse 13 hours ago
The problem with it is that the people who want to use a central point of trust as a chokepoint for censorship, surveillance and monopolization keep claiming that this is required when it isn't.
> Sure you can allow multiple points of trust, but for the unskilled user, that means that the little lock symbol becomes unreliable (or whatever)
The premise being that if you have a monopoly then ordinary people can trust it. Only that isn't the case. A monopolist not only can be just as malicious or incompetent as any of the multiple players in a competitive landscape, they're more likely to be because the lack of competitive pressure allows them to be more abusive and complacent and more capable of capturing the government.
> under a certain age, if they took photos or videos of other kids, that makes them liable to be on a list, for life
That seems like a problem caused by the law. Why is it possible for any actions taken as a minor to cause someone to be put on a permanent list when we recognize that minors aren't mature enough to be held responsible for that?
> Now imagine not being able to get that photo back.
Now imagine what would be necessary to get it back. It's on some other person's private device. Either you invade everyone's privacy and private communications to check if they might have it or be privately sharing it, or they could be. The cure is worse than the disease.
Comment by KaiserPro 7 hours ago
Its a second order effect. The problem is predators get children to take pictures and distribute them. To stop them escaping justice it requires a certain level of absolutism. In Common law, there are exceptions. However people exploit the system.
> Now imagine what would be necessary to get it back. It's on some other person's private device. Either you invade everyone's privacy and private communications to check if they might have it or be privately sharing it, or they could be. The cure is worse than the disease.
I mean there are loads of ways to look at this. But if we want to have strong controls over your data, then sharing should be controlled by the owner, not the platform. Currently there are no trusted environments that allow people to share securely and privately data without it being copied.
My understanding of what is being proposed is that cameras will have basic nudity detection on them, and they will refuse to take the pictures if the device is registered to a person under the age of 18.
That, more or less is not privacy invading, depending on how its done.
The central point that you are missing here is that something which was quite hard to happen in 1999 was destructive to a child life. Now its much easier to do, and there is an actual economy in sourcing, exploiting and trading these pictures/videos.
Comment by AnthonyMouse 4 hours ago
It isn't. The solution is obvious. You punish the predators and not the children.
> My understanding of what is being proposed is that cameras will have basic nudity detection on them, and they will refuse to take the pictures if the device is registered to a person under the age of 18.
Which seems both problematic (now every device needs to be registered?) and ineffective (the predator has the children use a device registered to an adult or an older device without any such constraints).
> The central point that you are missing here is that something which was quite hard to happen in 1999 was destructive to a child life. Now its much easier to do, and there is an actual economy in sourcing, exploiting and trading these pictures/videos.
This seems to be your central premise but it's also not even true. If a predator got children to take such pictures with film camera in the 20th century and was then in possession of the negatives, there was no centralized system to detect this or prevent them from having a darkroom to make and distribute copies. The solution is to have the police arrest them, which continues to be the solution even now without needing to compromise the devices of every innocent member of the public.
> But if we want to have strong controls over your data, then sharing should be controlled by the owner, not the platform.
You're assuming the conclusion -- that there should be a platform in a position to control (i.e restrict) sharing. If communications are end to end encrypted, no one other the parties even knows what it is. That is what you are by implication prohibiting -- unintermediated private communications.
Comment by jpfromlondon 14 hours ago
We were the vanguard blocking this to the public's benefit, now they've voted for it our only duty is to ourselves; to make sure the rules don't apply to us.
Comment by KaiserPro 14 hours ago
I think its perfectly winnable argument. For example we already _had_ age gating in the UK, its just it was at the network level on mobile internet. It worked and was unobtrusive.
The antidote to the OSA was to just extend that to domestic internet.
That argument was lost, and lost hard. mainly because we didn't engage properly with a believable solution.
> to make sure the rules don't apply to us.
The point is, they don't really apply to the determined. the same argument could be made for painkiller blister packs. The level of friction that the packs provide reduce drug based impulse suicide by 40% (depending on which study you reference)
The argument against it is "I can't be arsed with pressing the little shits out, I just want it easy". The Populist approach is making it prescription only.
Unless we engage properly, on the right level, then we are going to be worse off.
Comment by trumpdong 12 hours ago
Comment by cryptonector 20 hours ago
Comment by MrDrMcCoy 19 hours ago
Comment by cryptonector 19 hours ago
Comment by MrDrMcCoy 19 hours ago
Comment by cryptonector 19 hours ago
Sure, they have MEs that maybe you can't disable, but you can firewall them.
Server kit is just not like consumer kit. Even laptops are [still, for now] a lot better than smartphones in this regard.
Comment by michaelt 16 hours ago
Believe me, the people writing the age verification laws care a great deal whether the age verification can be turned off by the device owner.
The whole exercise would be pointless if teenage device owners could turn the censorship off.
Comment by AnthonyMouse 12 hours ago
A sufficiently adversarial teenager could get a different one, but they could do that regardless since it generally costs even less to get some 18 year old high school senior or homeless adult etc. to lend you their ID than to buy another device.
Comment by trumpdong 12 hours ago
Comment by raverbashing 18 hours ago
Comment by bragh 1 day ago
Comment by JohnFen 1 day ago
It's a kind of blindness. The kind that is, in my opinion, is one of the major reasons why we ended up building a world that's more than a bit dystopian.
Comment by account42 13 hours ago
Comment by trumpdong 12 hours ago
Comment by account42 12 hours ago
Comment by izacus 12 hours ago
Comment by GZGavinZhao 1 day ago
Comment by trumpdong 22 hours ago
Comment by account42 13 hours ago
Comment by cortesoft 22 hours ago
Comment by autoexec 22 hours ago
Comment by cortesoft 4 hours ago
I have seen time and time again that individual, principled stands like this do nothing to change anything and only hurt the individual. Unless you are part of an organized movement against something, opting out doesn't help.
Comment by trumpdong 22 hours ago
Comment by autoexec 22 hours ago
Comment by fluoridation 20 hours ago
Comment by pepperoni_pizza 16 hours ago
Comment by fluoridation 10 hours ago
Comment by userbinator 21 hours ago
Comment by account42 12 hours ago
Comment by uniqueuid 1 day ago
I think you can learn about it most by reading clever, capable people from big tech corporations. Their framing often involves tradeoffs against a slow but inevitable societal pressure that is helped by compromising on freedom.
So I don't believe they are ignorant of all your points; it's rather that they don't see a realistic way how tech, corporations, and perhaps even ordinary people can go forward (being better, or richer, or more sophisticated or whatever) without making that compromise. It's as if they saw the forking paths of the future, and none will end up without technical restraints, regardless of whether they do it or whether things just get worse and someone else then does them.
Comment by vasco 1 day ago
Comment by trumpdong 22 hours ago
Comment by vasco 18 hours ago
If you don't understand this, then you just don't understand.
Comment by wolvoleo 23 hours ago
- Oh but you can turn it off so it's no issue (secure boot). Well yeah but more and more stuff just won't run then (eg iOS apps on Mac). It will become the norm to stay inside the fuzzy walled garden just like it already is on phones. And if you stray you will just be blocked from any app that does something useful.
- But companies need to be sure you are who you say you are (attestation). Yes but they will abuse that power if they can profit from it.
Comment by trumpdong 22 hours ago
Same thing is happening with age verification. We had the chance to just ask if the user is over 18 when setting the computer up, but we didn't do that so they're using a solution from a mass surveillance company instead.
Comment by jjav 17 hours ago
Having argued these topics for decades, I think that a lot of people just truly can't foresee the inevitable consequences. I don't know why, the consequences seem obvious but because they are not spelled out, many people say it won't happen.
Comment by Swizec 1 day ago
Makes me think of the most sobering line I ever saw in a museum (Berlin): The biggest atrocities were committed by people with a spreadsheet and a performance goal.
Comment by trumpdong 22 hours ago
Comment by shiandow 1 day ago
Comment by account42 12 hours ago
Comment by shiandow 10 hours ago
Comment by rbanffy 14 hours ago
Comment by account42 13 hours ago
Comment by trumpdong 12 hours ago
Comment by naishoya 6 hours ago
If EVERYONE that got hired to build the enshittification of humanity would just speak up about what they were asked to build there is no 'next guy' - ar at least we all know that the 'next guy' is wilfully complicit in the evil done at the company and you can disinvite him to family reunions and refuse him membership in the golf club for humanitarian violations.
I.E. What good is a mortgage payment when the next guy cant hire a plumber because the whole town knows he's a vile POS?
But the line of people doing the work, and keeping their mouths shut about it is nearly an unbroken chain from start to end. And here we are because no one wants to be the only one speaking out against evil, when we all should be.
Comment by xeonmc 1 day ago
...and it was allowed to give breath to the image of the beast, so that the image of the beast could even speak and cause those who would not worship the image of the beast to be killed.
Also it causes all, both small and great, both rich and poor, both free and slave, to be marked on the right hand or the forehead,
so that no one can buy or sell who does not have the mark, that is, the name of the beast or the number of its name.Comment by madaxe_again 1 day ago
Or even surveillance, for that matter.
Plenty of hubris, mind.
Comment by dreambuffer 21 hours ago
Comment by arethuza 16 hours ago
Comment by TimTheTinker 1 day ago
Communism and fascism were both fueled by atheism (either explicit or functional), not a Judeo-Christian worldview.
"Ohne Gott und Sonnenschein bringen wir die Ernte ein." (Without God and without sun, we will get the harvest done.) - the slogan of East Germany in 1975 when people were hungry and it kept raining during harvest.
Comment by sophrosyne42 23 hours ago
Comment by autoexec 22 hours ago
Comment by TimTheTinker 20 hours ago
Comment by trumpdong 12 hours ago
Comment by TimTheTinker 10 hours ago
Comment by wmf 1 day ago
Arguably this plan is mostly working for Apple.
Comment by photios 19 hours ago
I'm not saying we should lynch them, but a good deal of public shaming is in order. Who knows, their kids might pick a different vocation.
Comment by account42 12 hours ago
Comment by like_any_other 1 day ago
Corporations are already hostile enough that it doesn't really matter:
The report says that between 30 and 40 Rockstar employees working in multiple offices in the UK and Canada were fired on October 30, all of them part of a private trade union chat group on Discord. - https://www.pcgamer.com/gaming-industry/rockstar-accused-of-...
Leaked Amazon Whole Foods Docs: Workforce Diversity Helps Prevent Unions - https://www.informationliberation.com/?id=61403 (summarizing https://www.businessinsider.com/whole-foods-tracks-unionizat...)
Microsoft Are Fixated on “Hate Speech” With Lopsided XBOX Live Enforcement Strike System - https://www.techopse.com/microsoft-are-fixated-on-hate-speec...
Comment by gnerd00 1 day ago
The game of GO delivers an idea where a very large construct can be built then in one move the entire thing flips to a different purpose... seems relevant somehow..
Comment by stodor89 21 hours ago
Pretty sure they didn't do a lot of thinking.
Comment by Nursie 16 hours ago
Why does that matter? If it's bad for politicians to usurp that power, it's already bad for corporates to have it in the first place.
I'd rather politicians use power in a way that includes democratic oversight than, say, Peter Thiel doing whatever the hell he likes.
Comment by HiPhish 1 day ago
Comment by 1vuio0pswjnm7 1 day ago
Silicon Valley has its own ideas of what "privacy" and "surveillance" mean
To those folks, it does not mean privacy from Silicon Valley companies
The Signal app will keep on trying to connect to the mothership
Because to the people who work on Silicon Valley software, that is not a privacy violation
The battle is over _control_ over software not privacy or surveillance. The later is not possible without the former
Silicon Valley does not want the user to have control any more than they want the government to have control
Comment by trumpdong 22 hours ago
Comment by 6510 13 hours ago
Comment by verisimi 18 hours ago
At a corporate level, no one cares about lots of freedoms, except if it is a selling point.
If 'keeping freedoms' is a selling point then the ideal position is to gain the kudos of appearing to support this whilst also getting the benefits of the loss of freedoms. Why not get both?
Comment by trumpdong 12 hours ago
Comment by bigstrat2003 22 hours ago
Your argument is flawed here. The truth is that measures such as secure boot do have real security benefits. They can be misused, like any technology can be, but that is not an inherent feature of the tech, but rather how it is implemented. And as the developers of such measures are not a monolith, it is unfair to paint them as merely trying to exert control. I'm not going to argue that some involved parties were trying to exert control. But lots of others were trying to implement a genuine security benefit for the users, and they don't deserve to be reprimanded as if they were some kind of apologists for authoritarianism.
Comment by michaelt 16 hours ago
You can argue that exerting control is a good thing - a clever scam artist convinces a vulnerable user to paste an attack at the command line, and the benevolent OS vendor uses their control makes the attack impossible, no matter what the scam artist tells the user to do. A greedy software maker produces a spyware-laden, cookie-stealing update and asks the user to enter the admin password to install the update. The benevolent OS vendor uses their control to make such malicious updates impossible, even with the administrator password entered.
But even if the control is being used exclusively for good, it is, ultimately, control.
Comment by trumpdong 22 hours ago
Comment by briandear 1 day ago
Comment by komali2 23 hours ago
See: the PRC. Support for surveillance is allegedly high. Anecdotally, talking to PRC citizens in circumstances where they don't need to worry about said surveillance (e.g., when they're vacationing in Japan and I want to pester someone and practice my mandarin), they generally like it. Makes them feel safe.
The CPC has sold them on a vision of them as members of the state-race "Chinese" (which is not really an ethnicity any more than "American" is) and the surveillance as a thing that keeps them and their "Chinese" lifestyle safe from non-Chinese. Uighurs have to be extra surveilled until they're also Chinese, which, many are now according to the CPC.
So PRC citizens feel safe and cozy among in the country for "their people," not realizing this whole ethnonationalist concept is at best 100 years old, maybe even younger. During the Qing dynasty, there's a whole hell of a lot of people that think of themselves as "Chinese" that definitely weren't by the dynastic government.
I smell similar happening in Russia, the USA, and Israel, with State support. It looks like right wing groups are trying to pull it off in the UK and Germany as well.
Comment by Levitz 23 hours ago
I'm not sure you are aware that China has monitoring operations for its citizens outside China.
Comment by komali2 10 hours ago
Sure, you and I know that, but most PRC people don't really believe in that or are aware. At least nobody I've met.
Comment by trumpdong 12 hours ago
Comment by itishappy 1 day ago
Comment by matheusmoreira 21 hours ago
Good tech empowers individuals and subverts authorities, corporations, oligarchs and governments. Bad tech subverts individuals and empowers authorities, corporations, oligarchs and governments.
Comment by mc32 8 hours ago
Comment by jmyeet 23 hours ago
Scams, stealing credentials, stealing money, botnets, viruses, losses of data, ransomware, etc etc etc.
What is better for most people is a locked down device like an iPad where each app has to be approved and they're incredibly sandboxed. 20 years ago we had people installing malware because a strange email promised them smiley face emojis.
When we transitioned from the single-user ODS-based Windows model (ie Win98/SE were the last of that line) to a multi-user restricted privilege model based on NT 3.0/3.5/4.0 (first as WinXP) it was meant to be better but privilege escalation was still too easy because of what users had become accustomed to doing and of what was needed to install software you downloaded.
Things like an App Store (on Mac and eventually on Windows) are actually a good thing. Signed apps are a good thing. Having to go out of your way to install unsigned apps is a good thing.
I really abhor "technical libertarians" because they never address these issues. It's all principle-based while ignoring reality, human nature and whether or not unfettered access gives users something they even need.
Also, other people pay the price. Where do you think these DDoS attacks come from? Compromised Windows PCs (primarily).
Comment by autoexec 22 hours ago
I'd argue that giving governments and corporations control over our devices has also been an unmitigiated disaster. You could say the same thing about any kind of freedom though couldn't you? Freedom is so dangerous after all. Look at all the problems it's caused. Giving up all of our freedoms would surely make the world better right?
Comment by bigstrat2003 22 hours ago
> I really abhor "technical libertarians"...
Well, I abhor those who try to take freedom away from people. So the feeling is mutual I guess.
Comment by dfedbeef 12 hours ago
Comment by trumpdong 22 hours ago
Comment by fartfeatures 19 hours ago
Comment by trumpdong 13 hours ago
Comment by fartfeatures 10 hours ago
Comment by thin_carapace 1 day ago
Comment by SidewaysView 1 day ago
It'll be best for society if things are a little more regulated, a little safer. And I'm happy to help where I can. Listening to the terminally online about it would be counterproductive.
Comment by big85 1 day ago
1. You need a camera on your computer to allow a third party to verify your age before viewing adult content
2. It applies to social media too
3. It applies to your operating system too
4. Unless you age verify, the law demands your computer must be powerful enough to run an AI, or be internet-equipped and send your private photos to a third party, to detect and prohibit nudity. It must be capable of running in real-time, presumably, to work on Facetime calls and such.
Next step, certainly to outlaw most operating systems and older devices. Excellent news for Google, Apple, and Microsoft, bad for Linux and alternative operating systems. Remember when schools handed out Raspberry Pis?
Edit: And they are asking for this to be implemented for free in three months, because nobody knows how software engineering works. Great job
Comment by KaiserPro 17 hours ago
However the original proposal was pretty much aimed at phone manufactures. It is perfectly possible for current gen phones (and previous gen) to detect nudes in camera. Infact most phones do that already in order to adjust the exposure, its just you dont see that.
The problem for the UK is that they are not legislating technically. The original proposal was tightly scoped. The problem was, because of the way government runs in the UK it was shelved. Now that its not, the original scoping has been mashed, as its been blended with an child social media ban (quite what makes them think social media is ok for elder millennials++ is also interesting)
If they actually decided to make laws like they did for building materials or cars (ie all phones must conform to EU/BS standard x/y/z) then life would be much easier for everyone. But alas we have forgotten how to govern. something must be done now
Comment by ProllyInfamous 1 day ago
They won't have to.
Instead, they'll just make some new essentially mandatory tech which older devices cannot run – update or stop existing, societally.
----
Phones and email already seem this way (i.e. "required") – from my perspective as an internet user whom doesn't use phone/email, personally. Nobody believes me when answering "no phone, no email" – free-est man alive - their loss is disbelief.
Comment by pesus 1 day ago
Comment by dgellow 11 hours ago
Comment by bigbuppo 1 day ago
Comment by dgellow 11 hours ago
Comment by madaxe_again 1 day ago
Comment by londons_explore 1 day ago
Comment by subscribed 17 hours ago
The question - why hand that to Farage and his far right? Is Keir Starmer a far right operative in Labour? His track revord would suggest so, but do we have any receipts?
Comment by madaxe_again 17 hours ago
Comment by subscribed 12 hours ago
I'm afraid it's a malicious intent here, and I also wish I could see a competent government, but until one takes on FPTP and media dictating the policy, nothing changes.
The hope is in the angry youngsters, maybe they could vote Greens+LibDems in.
Comment by trumpdong 12 hours ago
Comment by cryptonector 19 hours ago
Comment by alkonaut 1 day ago
Comment by EmbarrassedHelp 1 day ago
Comment by trumpdong 22 hours ago
Comment by TheOtherHobbes 23 hours ago
Comment by dgroshev 23 hours ago
Comment by alkonaut 17 hours ago
Why would anything else even be needed in that space? The interest of parents and tech companies likely align here.
Comment by Bender 1 day ago
Comment by areoform 1 day ago
The Government is going to put a snitch on every phone, tape every bedroom, and listen in every evening on every home. Every doctor's visit. Every therapy session. Every pub. Every street. Every store.
When the snitches phone home, what you type to your lover may get the cops sent to your home.
Artificial stasi in every desktop, laptop, tablet, camera, and phone. Around every corner. In every living room. No one will be exempt from their gaze.
Are you ready for your vacuum cleaner to phone home?
Comment by thenthenthen 1 day ago
Comment by autoexec 22 hours ago
Comment by ryan_n 21 hours ago
I hadn't heard this before. Doesn't that kind of defeat the entire purpose of using the app?
Comment by autoexec 21 hours ago
A service that advertises itself as privacy focused refusing to update their privacy policy while adding features like this seems like a pretty big dead canary.
Comment by throwaway349520 18 hours ago
If you don't want to use the cloud version, there's a feature to store backups locally on-device.
Signal blog: https://signal.org/blog/introducing-secure-backups/
Comment by trumpdong 12 hours ago
Comment by autoexec 9 hours ago
Every app offering cloud-based backup is in fact designed to "collect and store" sensitive data. That at least is opt in. The app also collects your name, photo, phone number and worst of all a list of your contacts and permanently keeps that in the cloud and there is zero way to opt out of that data collection. No matter what excuses you want to make for them there is no getting around the fact that the device does collect and store sensitive data. Just like it can't be denied that they've added several new features none of which is reflected in their privacy policy because they've frozen it in time.
This is an app which is advertised to whistleblowers, activists, and others whose lives/freedom could depend on how well they understand the risks involved yet Signal outright lies to them about those same risks.
Comment by dgellow 11 hours ago
Comment by saltwatercowboy 1 day ago
Comment by iugtmkbdfil834 1 day ago
Comment by Nevermark 23 hours ago
Knowledge is power. Forced revelation of our inner lives puts each of us in a position of vulnerability.
Even when "not abused", the very real latent threat actively takes away freedoms of thought and action.
It is extreme abuse.
It undermines any sense that the state works for the people, when it operationally embodies a maximalized one-way threat over all citizens.
AI collation exponentially compounds the threat, the passive and active damage.
One of the wisest ethical/safety concepts ever: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated."
Democracy that sets up the levers of total autocracy is the greatest possible perversion and threat to democracy. Democracy only works as long as it recognizes government is the greatest threat to freedom. And that strict limitations on its power over citizens is the only defense.
Comment by budududuroiu 1 day ago
Comment by Ajedi32 9 hours ago
Due to the fact that it can't easily be modified without the source, software is uniquely able to act against the interests of its owner in a way almost no other product can. Client side scanning wouldn't be viable if people could just install a mod that disables it, and remote attestation would be a much harder sell if the availability of such mods were expected.
Maybe software copyright should require releasing the source and build tools just like patents require releasing the design...
Comment by leavenotracks 1 day ago
What a dreadful legacy to leave - a sad attempt to get the biggest possible bang for the smallest possible buck. Also, 3 months? Perhaps that is as long as he expects to be pm.
Comment by varispeed 1 day ago
Comment by circadian 1 day ago
This step forward is instead of building understanding of, and solutions for, the erosion of communities, trust and empathy for others. I feel these things might (MIGHT!) be overlooked symptoms of poor investment, policies and governance for healthy society. Crikey, perhaps I shouldn't try and call that into account, it sounds like I might be cynical about politics. Oh dear...
Comment by TheOtherHobbes 23 hours ago
The earliest example I can remember is the Clipper Chip. That was dead three years after it was proposed.
This current idiocy - proposed by a PM who promoted a very good friend of the most notorious paedophile in recent history to ambassador, against the recommendations of the civil service - is similarly doomed. Three months to implement huge changes to every OS on the planet? Like that's even remotely likely.
Comment by purpleidea 1 day ago
There's no reasonable reason why a 501(c)(3) won't put this out there to make sure there's redundancy so we could built an alternate network if they're compromised by some gag order.
Comment by Chu4eeno 1 day ago
The trade is we get (hopefully) people very dedicated to keeping the org developing the stuff alive and well-funded, and gaining mainstream acceptance/attention.
Comment by pseudalopex 1 day ago
Comment by ageedizzle 1 day ago
Comment by trumpdong 12 hours ago
Comment by autoexec 21 hours ago
Comment by stronglikedan 1 day ago
Maybe not, but as long as the average person thinks it is, it may as well be.
Comment by rockskon 1 day ago
Comment by pixl97 1 day ago
The average person hold all kinds of conflicting views.
The average middle class parent will surveil the shit out of their children, for example.
Hence the title of the article is not completely correct. The outcome of surveillance is the intent of the entity surveilling. In the case of the parent, this is likely the safety of their offspring. In the case of a state entity, it's likely the safety of the people in power of the state. This second type of safety is very dangerous and does not include your safety.
Comment by iugtmkbdfil834 1 day ago
Comment by trashb 14 hours ago
Most of those parents will argue that they have the right to do that and are actively recommending other parents to do the same. It happens so much that a local celebrity actually said the following recently (paraphrased)"As long as you live in my house I(the parent) have the right to go through your room, your stuff and your phone whenever I want".
In my country this is actually illegal as kids have a right to privacy just like the parents, though it happens so much since kids don't have the resources to sue their parents therefore people think this is normal (and kids grow up thinking it is normal).
Comment by cucumber3732842 1 day ago
Check out any comment section on transportation policy, environmental policy, professional licensing for trades other than software. Look at how HN, people who should know how this sausage is made, schemes about how policy and technology can be used by government to enforce it's will and preferences upon other people in ways they cannot avoid or resist. It's not a case of divide and conquer, it's a case of completely lacking principals. Nobody believes in privacy, civil rights or that the application of government (violence) should be expensive and difficult and politically fraught when it's an application that they like. Nobody is thinking far enough ahead to wonder how those systems will be used when the whims and dispositions of government and society shift.
Just this morning I was reading a comment where some jerk was scheming about how the government should (the implication being that now that AI makes it easy to automate) scrape property listings and fine people for not pulling permits when there's a diff from the prior listings and that the whole thing can be automated and anyone innocent can just have the government tour their home to prove it.
Comment by iugtmkbdfil834 1 day ago
Tech.. it truly is a tool and something of a true reveal of character. It immediately shows what you do with power.
Comment by cucumber3732842 22 hours ago
Comment by madaxe_again 1 day ago
Comment by pydry 1 day ago
This certainly isn't a result of democratic overreach by a concerned group of citizens. No demographic is demanding this.
It's one of those "create the infrastructure for stasi 2.0" the epstein elite tries to periodically ram down our throats ironically using "think of the children" to manufacture consent.
The last time they did this they contracted saatchi and saatchi to run an a disturbing campaign: https://londondaily.com/revealed-uk-gov-t-plans-publicity-bl...
Comment by circadian 1 day ago
Comment by Animats 1 day ago
Comment by cwmoore 1 day ago
Comment by cyanydeez 1 day ago
It's not like it's the average person pushing it.
Comment by ktallett 1 day ago
Comment by ibejoeb 9 hours ago
> Despite [iphone age verification] children can still take, view, share and save nude images. The government therefore wants Apple and Google to block nudity across the whole device by default, so they can only be deactivated via age assurance.
We tolerate the systematic child rape and run cover for the perps, but teens sending n00dz is a bridge too far. It's time for the UK to nut up and start holding these kids accountable. This works well, too, because it's deactivated on the devices used by adults, so they can continue to view their child porn, I guess.
Is there another reading of this?
Comment by toephu2 7 hours ago
It’s simple: when the risk of getting caught is too high, crime plummets."
Comment by Havoc 1 day ago
Comment by jamesu 22 hours ago
Sounds great until you realize anyone that does that effectively gets their residential address publicly doxxed and archived by archive.org (unless they can use a separate company address or spend money on a po box). And to make it worse, unless you have an obvious named company it's basically useless for looking up data controllers.
Comment by EmbarrassedHelp 1 day ago
Comment by Morromist 23 hours ago
I'm thinking something that automatically scans your computer for porn or other things, like ripped film mp4s and sends it to the goverment to be analysed.
Or perhaps little gps trackers that children are mandated to wear at all times.
Comment by EmbarrassedHelp 21 hours ago
Comment by dgellow 11 hours ago
Comment by varispeed 1 day ago
Comment by windowliker 1 day ago
Comment by iugtmkbdfil834 1 day ago
Comment by rimeice 9 hours ago
> Child safety looks like well-funded education, robust social services, and meaningful guardrails on the very AI technologies and platforms the current government is eagerly courting.
is such a weak, unrealistic, slow and idealistic solution to the real suffering of children. I was hoping this thread might offer up some better alternatives.
Comment by ajb 1 day ago
The counter must be as visceral is the claim. They make an emotional pitch:your children are in danger, surveillance is the solution. The counter must show the dangers in visceral, emotionally relevant way. This surveillance is actually a risk to parents and children as well - that by the accusation of an opaque, unaccountable system, you will be labelled a pedophile, and your kids taken away. That when sharing a picture of your own child with your own mother, you will have to worry about what the electronic bureaucracy will label your picture as.
Abstractions like privacy,and categorical claims, aren't going to reverse this. A properly pitched campaign could do. Sure, complain that politicians and the public are dumb. That may make you feel better but it won't change this an iota. Talking to people in the terms they care about might.
Comment by lifeisstillgood 1 day ago
I 100% agree on the need to counter emotional fire with emotional fire. And this is the right way to combat this sort of overreach
However, I do think that “the choir” need to rethink what is and is not privacy - a huge amount of the benefits of having our every waking moment monitored by the virtual world (which is going to happen) can be lost if we don’t allow epidemiology to follow our digital selves.
Detecting one’s word use is slipping might signal a trip to the doctors or a thousand other digital tells that will help us improve our lives. If we have to fight against ads and digital searches for terrorism, at least let’s get the benefits too.
Comment by ajb 1 day ago
Comment by lifeisstillgood 1 day ago
Let’s say we define personal data about, generated by or inferred from the actions of a natural person as owned by the society as a whole. And misuse is liable to 5% of annual turnover. It’s more or less GDPR. That seems viable - and I am sure an army of class action lawyers will be happy to help out
(Ok I need to work on a better proposal but I think this is more doable than you are allowing for)
Comment by ajb 17 hours ago
Data using organisations often seem to prefer fig-leaf laws that aren't effective, and lobby against ones that might be effective. "My data use is a good use, therefore I should not be subject to restrictions and oversight". Instead, anyone with a use of data which is valuable to the public should not see themselves as on the same side as the advertisers and surveillance vendors. They should see themselves as on the opposite side.
Comment by varispeed 1 day ago
Comment by mysterium 12 hours ago
Comment by trumpdong 12 hours ago
Comment by EmbarrassedHelp 1 day ago
Comment by Morromist 22 hours ago
They are just plain embracing a culture of paranoia, cowardice and extreme surveillance. I wouldn't care because I don't live there except the dystopian tech and business models they're developing ends up crossing the seas.
Comment by jjgreen 15 hours ago
Comment by bloak 10 hours ago
Some people will tell you that they need a pointy knife for cutting tomatoes but they should try using a serrated knife instead: it's much better.
Comment by jjgreen 9 hours ago
Comment by trashb 14 hours ago
I agree that this is the wrong direction to develop into.
Comment by adammarples 12 hours ago
Comment by brikym 1 day ago
Comment by BLKNSLVR 1 day ago
Education is hard but effective whilst surveillance is easy and ineffective. Guess which option politicians take?
Comment by rbanffy 14 hours ago
We should guard against the misuses and create enough legal frameworks to protect individuals' privacy (and aggressively uphold those protections). Private companies already do that - if I query a database for PII without proper approvals, or I query it outside the approval's boundaries, it'll take a couple minutes for me to receive something between a harshly worded e-mail and a visit from a couple large people who appear surgically incapable of smiling.
Comment by trashb 13 hours ago
What is it a tool for, it is a tool for observing while no person is present therefore breaking privacy.
Privacy, a state in which one is not observed or disturbed by other people.
Comment by rbanffy 11 hours ago
A nuclear weapon is a tool. You can use it to blast a city-killing asteroid, one you just noticed, into pieces that'd burn in the atmosphere (and miss the city). You can also use it to mass murder an entire population.
> it is a tool for observing while no person is present therefore breaking privacy.
The capacity exists, but it's not necessarily used all the time. We should create the legal frameworks to protect ourselves from the misuse of the technology.
Comment by mcurist 10 hours ago
Then it hits reality and it takes about 5 minutes for governments to start abusing it and when caught will retroactively legalise their actions https://www.bbc.co.uk/news/world-asia-23769206
Comment by trashb 10 hours ago
By choosing not to engage with a tool you are deciding that the tool serves you and your goals (perception of good) best by not being used. You can make it illegal to use the tool but as long as the tool exists it does not mean it won't be used.
Think of the millions devices part of a botnet or web accessible camera's that are being used illegally by malicious actors.
Isn't it worth considering if we actually need and/or want this tool to be build in the first place?
"Your scientists were so preoccupied with whether or not they could, that they didn't stop to think if they should"Comment by rbanffy 7 hours ago
Not all misuse will be prevented, but we need to build the tools (which aren’t more technology) to prevent the abuse.
Comment by themoose8 17 hours ago
The statistics on global child porngraphy rings are quite shocking. The UK is a big market consumer for these images/streams.
Comment by naishoya 10 hours ago
Comment by trashb 14 hours ago
Actually withholding the image may make it harder to fight the accusation (in court) if wrongly categorized.
For now the category argued seems to be "nude children" but what safeguards are there that prevent another category "politically sensitive"?
Comment by naishoya 10 hours ago
Are any of us expecting that there are safeguards in today's global political environment? in tomorrow's?
Honestly, the only safeguards against abuse of surveillance are that the surveillance not happen in the first place.
Once it has happened, the only safeguards keeping the owners of the system from using it to coerce and control the masses exist in the form of pitchforks and ropes wielded by the masses, and the days when that was a real potential for repealing any such coercion and control are fully in the distant past.
These systems are made possible and installed beyond the reach of any constituent based consent - see the current condition of Ring cameras, Flock, and the many tools created by Palantir et. al and much like the boiled frog analogy the citizenry has sat in their movie theatre and restaurant seats telling each other soothing lies about how the goal was to make us even safer from ourselves and now we are steps away from the fully immersive per-person verified identity and 24-7 observation of what everything, everyone read, writes, says, and does. Exactly as the 'foil hats' have been telling them would happen if they didn't speak up sooner.
Tough cookies, we all get exactly what we deserve for letting it get this far out of hand. It's no use crying over spilt milk.
Comment by trumpdong 12 hours ago
Comment by greenleafone7 1 day ago
Comment by coretx 1 day ago
Comment by vivzkestrel 20 hours ago
- how do you know that it doesnt cut down crimes or deter criminals or make identifying criminals easier?
- no seriously think of me as the stupidest person on the planet and explain to me why everyone is super duper paranoid about surveillance
- what other methods do you recommend for tracking , catching criminals, terrorists and anti social elements?
Comment by briandear 23 hours ago
Orwell identified the genetic defect in the British genome 80 years ago.
Comment by gambiting 17 hours ago
And if you saw these media posts, I'm sure you'd agree with those arrests in majority of the cases.
>>It’s also a crime in the UK to offend someone.
Is that what American "news" tell you? Because it's absolutely not true.
Comment by trumpdong 12 hours ago
Comment by varispeed 1 day ago
Comment by doublerabbit 23 hours ago
Comment by t0lo 1 day ago
Comment by cantalopes 1 day ago
Comment by ktallett 1 day ago
Comment by Lio 1 day ago
I find they way that Peter Kyle and Jess Philips have dismissed privacy concerns about online surveillance particularly condescending.
Come the next general election they are going to be paid back for this.
(Oh, and I appreciate Signal speaking up and have just donated to them again for doing so).
Comment by ls612 1 day ago
Comment by trumpdong 12 hours ago
Comment by christoph 1 day ago
Notice the same people will also talk during the daytime about morals and equality, while then conducting genocide in the evening.
Comment by dgroshev 23 hours ago
It's also technically incoherent: the exact same kind of "surveillance" is already applied by every single phone, because that's how the Photos app (or whatever it's called on Android) searches for cat pictures based on the text "cat". I can't recall any Signal statements about cat recognition technology leading to "reporting people to government authorities".
The "cover-ups" link right in the beginning is a real mask-off moment though. This is not a measured statement informed by the reality of modern Britain. It's an American view informed by the twitter cesspool and divisive rhetoric of the far right. It's a real shame to see Signal falling so low.
Comment by pcthrowaway 9 hours ago
Are you suggesting that the automatic scanning of photos on a phone (which has led to wrongful arrests[1]) is not surveillance?
[1]: https://www.eff.org/deeplinks/2022/08/googles-scans-private-...
Comment by smashah 22 hours ago
Comment by BLACKCRAB 16 hours ago
Comment by kolesnikov-arch 11 hours ago
Comment by nelox 16 hours ago
Comment by skynotblue 1 day ago
Comment by 0xbadcafebee 1 day ago
Comment by skynotblue 1 day ago
Comment by big85 1 day ago
MI5, MI6, and NCA are immune to Freedom of Information, and you cannot sue in open court; you can take it to the Investigatory Powers Tribunal, who will not even let your lawyer see the relevant information to the case.
Comment by skynotblue 17 hours ago
Comment by stodor89 20 hours ago
Comment by skynotblue 17 hours ago
Comment by stodor89 7 hours ago
Comment by userbinator 21 hours ago
Many criminals don't seem to care if they're being watched. They do still have an instinct of self-preservation, however.
Comment by pesus 1 day ago
Comment by skynotblue 1 day ago
Comment by pesus 1 day ago
Comment by skynotblue 18 hours ago
"Privacy is dangerous" - i never said that.
Internet pseudonymity from other strangers on a public forum is very different from being anti-surveillance. I am not sure how you could equate the two.
I would have absolutely no problem if the state contacted HN to obtain my IP access logs and other identifying information if I were to post something illegal here. Expecting privacy from random internet users is not the same thing as demanding immunity from law enforcement.
Comment by big85 1 day ago
Security cameras in public areas, I don't have a problem. Government mandated scanning software running on my PC, yeah, I have a problem. It amounts to a warrantless search.
Comment by dgroshev 23 hours ago
Comment by big85 22 hours ago
> The government therefore wants Apple and Google to block nudity across the whole device by default, so they can only be deactivated via age assurance.
All smartphones and tablets will be required to detect and block adult content on the device. You can avoid it by showing photo ID, but it's bizarre that the default state should be to assume the user is not an adult until proven otherwise.
Article 1 of the ECHR guarantees that "every natural or legal person is entitled to the peaceful enjoyment of his possessions". "Until they show government ID" isn't in there!
Perhaps I'm jumping the gun to assume this will be used as a precedent to require on-device scanning for illegal content, and further extended from smartphones to desktop PCs. However, I'm not optimistic.
Comment by dgroshev 22 hours ago
You don't need to show a government ID, I never did. Also, I trust Apple-mediated age verification with a single bit output to any vendor much more than a random B2B SaaS.
More generally, the backstop on abusing system is always political. It can't be just a passive immutable barrier with any variation seen as a slippery slope (see the US government just buying commercial intel on citizens). Our political system just saw two ~new national parties spring up in additional to already established three (plus national parties) and MPs revolting at a mild inconveniences to their constituents. We're alright.
Comment by big85 22 hours ago
Comment by franga2000 1 day ago
In terms of everyday threats to my life, billionaires are a bigger one than criminals.
Comment by skynotblue 1 day ago
The cost is manageable as long as it's used for the right reasons and that the data is kept secure. The benefits of deterring violence outweigh those risks.
Billionaires may be a bigger threat but criminals are a threat nonetheless.
Comment by JohnFen 1 day ago
Two things that we have yet to be able to even reasonably ensure.
Comment by mrpeek 1 day ago
Comment by notepad0x90 1 day ago
First of all, age verification is not mass surveillance, it is possible to verify your age without disclosing who you are to the site you're visiting, and without disclosing what site you visited to the government. There are even age verification services (and I do despise them fully, this should be a government provided service!) that use only facial features to determine your age (you can call it surveillance, but not "mass").
See, the thing is, no matter how good your intent is, no matter how noble your cause, if you use lies and half-truths to further your argument or resist change, it only serves to undermine it all. For example "They do not deserve surveillance," is so disingenuous, if a site is required to verify age, the only children whose age might be verified are those who might have been exposed to that harmful content otherwise anyways, they're not being selected for surveillance, no one is trying to spy on children (or could possibly benefit from doing so using this method, since it is so unreliable), but they're framing it as it is so.
This isn't like "DRM" or "the nsa is spying on everyone", and there is a big difference between Signal (how are they involved in all this? is this just opportunistic politicking?) being required to verify peer-to-peer messaging from a porn site or or a live-cam site for sex workers requiring both parties to be age verified (where children do get trafficked!!).
Don't get me wrong, I don't like the idea, i really hate it but the prevailing positions in areas of the internet like here is so irrational and unreasonable.
You can't flash your private parts at children, you can't take children to a strip club, they're required by law to check IDs (even night clubs are!!). if that same interaction happens on the internet, suddenly no age verification is needed?
Is it because this problem has been left unaddressed for so long that so many are just too used to "the old way of doing things" despite the ever increasing human suffering caused by lack of regulations and laws like this?
I hope legislators grow a pair and stand up to these tech-crusaders who will burn down the world so long as they feel their corner is safe and secure.
Shame on everyone who refuses to have a nuanced discussion on this and instead takes an all-or-nothing position against any sort of legislature that would reduce (not eliminate) the harm being done. To mean, such people are no different than catholics, teachers, administrators, and anyone else in a position to do something about harm against children but turned the other way because their little world would be too shaken otherwise. Hiding behind "mah privacy!!" doesn't absolve you of the responsibility to at least attempt to be nuanced about it, at least propose an actual solution instead of just "I don't what the solution is, but not this" or "parents are at fault, I don't care" or something lazy like that. I wish I didn't know that when it comes to their own interests, wannabe technocrats like these are ingenious in developing tech like homomorphic encryption, differential privacy and zero-knowledge-proofs; this isn't about anyone's privacy or mass surveillance, it's about preservation of the status quo, apathy and faulty slippery-slope fallacy thinking.
Comment by big85 1 day ago
I can't believe people are really okay with a system where you have to show your real face to access websites. Cameras on phones went from a novelty to a government mandate so you can be observed.
There are various other potential methods to verify one's age, all of which are forbidden by OFCOM. Account age, zero-knowledge proofs, key signing, some kind of OAuth thing, physical tokens that require proof of age to buy, etc. The only permitted ones require your to link your real-life identity. This is a huge boon to the intelligence services and law enforcement.
Even among the few permitted verification methods, there are obstacles. Each site usually provides only one verification method at one verification provider. You may have to trust a company you never heard of before. Sometimes the photo fails (maybe their system thinks you don't look old enough) and they ask for ID too, or the photo fails and you are locked out of verification. Some services only allow credit card verification (e.g. Steam), so if you have poor credit you aren't able to even view the store page despite being of age.
What I say is, we don't need any of this. For thirty or so years we had client-side optional Parental Controls, and it worked fine. Many adult sites voluntarily use a <meta name="rating"> tag to ensure sites are correctly identified. The ability of adults to access adult content was not impeded. Parental Controls work better than verification because 1) many sites will not deploy age verification, and 2) it's trivial to overcome photo-based ID by holding your device up to a picture of an adult on a television set.
Comment by dgroshev 23 hours ago
This is just not true. See 4.17 here, for example [1]
[1] https://www.ofcom.org.uk/siteassets/resources/documents/cons...
Comment by notepad0x90 21 hours ago
Then let's talk about THAT!! why is that not the discussion instead of "nah, we'll find a solution some other day, for now, let's not solve anything"??
> Even among the few permitted verification methods,
These laws are still being debated, what's permitted has not been decided, why is Signal not advocating for a privacy friendly alternative. Why are our options lose all privacy to the most horrible people ever who will do us harm versus let the children suffer!
> You may have to trust a company you never heard of before.
Why do I have to? Why can't the government itself issue something as simple as a timestamp CA certificate signature for a secret that expires every few weeks, requiring facial/ID verification directly with the government to generate a new secret? the site only needs to verify that the signature is correct. a signed token you show random sites. and this is the most naive idea i brought up for discussion without things like zkp even considered. Lawmakers aren't being told by the likes of Signal "there is a better way to do this, let's discuss" they're being told "ignore what all the scientists, research, law enforcement, social workers are telling you so we can watch porn in secret".
> For thirty or so years we had client-side optional Parental Controls, and it worked fine.
It absolutley did not work fine! the toll of human suffering is inexcusably abominable! I shudder in confusion between whose head i should rip off or why this damn planet hasn't been burned down to ashes already at the very thought of all that has been perpetrated using this technology. The internet multiplied and empowered many things, chief amongst them is human cruelty and apathy.
> For thirty or so years we had client-side optional Parental Controls, and it worked fine....
Save your breath, even amongst those who genuinely wish to do well, they have employees and user generated content they can't keep up with. There is no excuse for this. Forget about the tiny span in human history that is the past 30 years. How many people died of industrial accident at the begining of the industrial revolution, how many people died because of car accidents before all the car safety and traffic laws were in place. Take that and multiply that by like a billion and that might come close to painting a fair picture of the internet. Just because you don't see it, doesn't mean it doesn't happen. The internet isn't special, it's just a tool, a technology that connects people. Except billions are connected, and now they can abuse and harm each other across national borders , timezones and continents and maximize their profit from it.
HN and tech-world in general is like any other industry that caused massive suffering until it was regulated. I keep making the same simple comparison of a stripper IRL vs live cam porn over the internet, and no one in this thread even wants to attack that simple example that I picked because it isn't overly sensationalized and universally accepted that laws should force strip clubs to check IDs in any country on the planet. I didn't bring up pedos, human trafficking, revenge porn and so much more in between. and that's just the sexual dramatic stuff, not the seemingly harmless stuff that is easier to brush away and dismiss.
People can see your face and make decisions when they interact with you IRL, they can't over the internet. The problem is huge and the fact that the internet has been young and unregulated does not excuse looking the other way.
I can't believe I'm defending politicians' (however ill intended) agendas against HN/tech-world. but here we are. If things progress this route, I would even cheer as everyone (self included) loses any semblance of privacy or democracy because the alternative was these masses keeping looking the other way at human suffering instead of finding sensible middle grounds, especially when the tech is there. This is insane to me! things crypto-bros (both kind!) have been trying to make main stream like zkp and homomorphic encryption and so much more can actually solve a critical fault of the internet, and the choice is to just let people suffer instead of risking a potential slipper slope.
Comment by bcjdjsndon 14 hours ago
Bare in mind we aren't banning the internet, just kids on social media.
> Take that and multiply that by like a billion and that might come close to painting a fair picture of the internet
A billion people have died from.... the internet? Youve GOT to explain this one lol how exactly?
Comment by bcjdjsndon 14 hours ago
Man you're just reaching at this point... Should we ban telephones, and written correspondence also? You're hysterical
Comment by EmbarrassedHelp 1 day ago
Comment by notepad0x90 21 hours ago
The problem with this whole thing is the expectation of privacy online for interactions where their IRL equivalents don't have such an expectation. Even if there was no harm being done to anyone, it isn't a rational argument if you subscribe to the ideal of equal treatment under the law.
Comment by Magnusmaster 20 hours ago
Comment by notepad0x90 7 hours ago
Governments are banking on being able to purchase that site visit data anyways, bypassing their own laws that prohibit them to do surveil, we can require them by means of technology to comply with laws and for the last time resolve the "but the children" argument.
Comment by trumpdong 12 hours ago
Comment by lII1lIlI11ll 12 hours ago
Comment by trumpdong 10 hours ago
Comment by lII1lIlI11ll 1 hour ago
Comment by notepad0x90 7 hours ago
Comment by mysterium 11 hours ago
Of all the topics I’ve had to work with in my career, this one has caused me by far the most frustration. I like to think the hacker community is generally scientifically-minded and open to rational debate, but online discussion of this subject uniquely tends to cause people to hunker down, refuse to engage productively, and resort to name-calling. This might feel righteous, but ultimately leads to own-goals from us.
Firstly, to make one thing clear, it’s _absolutely_ possible to do age verification in a privacy-preserving manner. A technology called Privacy Pass exists that separates the roles in the age-verification question. This would make it possible to have a solution where the government can attest to your age without knowing what website you’re trying to visit (e.g. pornography, or an online casino, or just purchasing alcohol online). This is just a matter of fact. I’d recommend reading RFC 9576 for more details on the separation of roles here, it’s a really nice protocol.
There seems to be some misconception that privacy-preserving solutions for age verification aren’t permitted under various legislations. I don’t know where this comes from, but certainly Ofcom _mandates_ the minimisation of unnecessary data collection. This doesn’t mean that suboptimal technologies aren’t in use, but there’s certainly nothing precluding the use of fully privacy-preserving solutions.
We should be pushing for privacy-preserving age verification. It’s easy and convenient to say it’s the job of parents, and label anyone who doesn’t use parental controls as a bad parent, but at the end of the day, a government’s job is to look after its citizens regardless of whether they have good parents. If instead of engaging productively we stonewall the topic based on a vaguely-directed-but-intense distrust of Government, then governments will implement it anyway, and the solutions will be bad. We know this is the case, because it already happens.
I participated in a very productive workshop last year with representatives from government as well as various privacy-conscious companies, including Mozilla. I was pleasantly surprised at how productive we could be when we all worked together on this. We all walked away with a much better understanding of some of the problems, some of the nuances involved, and some possible paths forward.
Comment by ryanisnan 1 day ago
Also looking to get involved with the meshtastic project.
Comment by purpleidea 1 day ago
Comment by ryanisnan 1 day ago
Comment by Cider9986 1 day ago
That's why you can't block youtube ads with DNS, only with a browser-level adblocker because the browser adblocker is able to block the specific paths.
You can view the full encrypted traffic with something like mitmproxy, but there's ways apps can detect or prevent it.
Comment by ryanisnan 23 hours ago
For me, right now, I think it's conceivably a security advantage if the source isn't public. I know security by obscurity isn't a strategy alone, but with an incredibly difficult surface area to attack, I think user's using the app are very well protected, except for against nation states.
Comment by trumpdong 12 hours ago
Comment by OnlyNoobsRunJS 1 day ago
Palpable irony present when a chat provider whom requires personally identifiable information to use their service complains about privacy...
Comment by Terr_ 1 day ago
"Yet you participate in society. Curious!"
Comment by Terr_ 1 day ago
> It's obvious why we might prefer to substitute voting or shopping for politics: they're activities you do alone. You don't have to find anyone else to do them with you. [...] Individual consumption choices don't change the world, but if you've been convinced that the only way to change the world is by voting with your wallet then when the world stays terrible, you can only conclude that your friends and neighbors have ruined by things by voting (shopping) wrong. [... and] every political disappointment in your life is down to your friends' personal defects.
Comment by HiPhish 1 day ago
Comment by big85 1 day ago
There are already phones with an anti-nudity feature as a parental control option, but the key there is that it's optional. The major pivot with age verification is that all devices treat all users as a child until they identify themselves with a third party. This allows a rhetorical paradox that the controls are only for children, when they apply to adults too by default.
Comment by pesus 1 day ago