There is a freedom problem, there is a hardware problem and there is a social problem.
The freedom problem is this: you will not be able to roll your own keys.
This is probably the biggest nail in the coffin for a ton of computers out there. In theory you could simulate via software the workings of a TPM. If you built a kernel module the browser would have no real way of knowing if it sent requests to a piece of hardware or a piece of software. But the fact that you would have to use Microsoft's or Apple's keys makes this completely impossible.
The hardware problem is this: you will not be able to use older or niche/independent hardware.
As we established that software simulation is impossible, this makes a ton of older devices utter e-waste for the near future. Most Chromebooks themselves don't have a TPM, so even though they are guaranteed updates for 10 years how are they going to browse the web? (maybe in that case Google could actually deploy a software TPM with their keys since it's closed source). I have a few old business laptops at home that have a 1.X version of the TPM. In theory it performs just as well as TPM 2.X, but they will not be supported because, again, I will not be able to use my own keys.
Lastly there is the social problem: is DRM the future of the web?
Maybe this trusted computing stuff really is what the web is bound to become, either using your certified TPM keys or maybe your Electronic National ID card or maybe both in order to attest the genuineness of the device that is making the requests. Maybe the Wild West era of the web was a silly dream fueled by novelty and inexperience and in the future we will look back and clearly see we needed more guarantees regarding web browsing, just like we need a central authority to guarantee and regulate SSL certificates or domain names.
Citation needed. I'm pretty sure all Chromebooks have a TPM and it's a firm requirement for making one. ChromeOS uses the TPM extensively and fully supports remote attestation:
TPMs have been a requirement on PCs since at least 2016 I think, and in reality most came with them before that too (but there's a v1 vs v2 difference).
> a 1.X version of the TPM. In theory it performs just as well as TPM 2.X but they will not be supported because, again, I will not be able to use my own keys.
This is all wrong. TPM 1.2 uses SHA1 for everything which is a broken hash function so there is a major difference in robustness between them. That's why TPM 1.2 is being phased out. It has nothing to do with "using your own keys" which is out of the domain of what TPMs do anyway, TPMs are always owned by the device user. You're thinking of firmware boot signing and other things that are separate to the TPM chip but even there, you can use your own signing keys.
SHA1 is not for encryption, it is a signature algorithm.
It is considered broken because there is a faster way than simple brute force to create a collision. The currently know approach is still computationally expensive.
It is correct to call it broken, but I don't see the implications for TMP at all. TPM is shitty tech in the first place in my opinion, but aside from that there is little practical relevance.
The wild west internet did perform perfectly. There are some problems here and there that could be improved. None of them are addressed by suggestion like this. This is for control and market reach, nothing else. Secure boot was as well. Evil maid problem is at least believable in a corporate context. These suggestions are just fluffy crap.
Really? Spam, scams, seo trash, bots and AIs, are utterly rampant.
I don’t want Google and Microsoft to have the keys to the kingdom, but on the other hand, I really want a way to know that I’m having genuine interactions with real people.
It can (that's why it's being pursued) and that, ironically enough, could even empower decentralized and P2P networks. Hear me out.
If you look at the history of the internet it's basically a story of decentralized protocols with a choice of clients being outcompeted by centralized services with a single client, usually because centralized services can control spam better (+have incentives to innovate etc, it's not just one issue).
The reason spam kills decentralized systems is that all the techniques for fighting it are totally ad-hoc security-through-obscurity tricks combined with large dollops of expensive Big Data and ML processing, all handled by full time teams. It's stuff that's totally out of reach for indy server hosters. Even for the big guys it frequently fails!
Decentralized networks suffer other problems beyond spam due to their reliance on peers being trusted. They're fully open to attack at all times, making it risky and high effort to run nodes. They're open to obscure app-specific DoS attacks. They are riddled with Sybil attacks. They leak private data like sieves. Many features can't be implemented at all. Given all these problems, most users just give up and either outsource hosting or switch to entirely centralized services.
I used to work on the Gmail spam team, and also Bitcoin, so I have direct experience of the problems in both contexts.
Remote attestation (RA) isn't by itself enough to fix these problems, but it's a tool that can solve some of them. Consider that if USENET operators had the ability to reliably identify clients, then USENET would probably have lasted a fair bit longer. Servers wouldn't have needed to make block/allow decisions themselves, they could have simply propagated app identity through the messages. Then you could have killfiled programs as well as people. If SpamBot2000 shows up and starts flooding groups, one command is all it takes to wipe out the spam. Where it gets trickier is if someone releases an NNTP client that has legit users but which can be turned into a spambot, like via scripting features. At that point users would have to make the call themselves, or the client devs would need to find a way to limit how much damage a scripted client can do. So the decision on what is or is not "approved" would be in the hands of the users themselves, in that design.
The above may sound weird, but it's a technique that allows P2P networks with client choice to be competitive against centralised alternatives. And it's worth remembering that for all the talk of the open web and maybe the EU can do this or that, Facebook just did the most successful social network launch in history as a mobile/tablet only app that blocks the EU. A really good reason to not offer a web version is because mobile only services are much easier to defend against spam, again, because mobiles can do RA and browsers cannot. So the web is already losing in this space due to lack of these tools. Denying the web this sort of tech may seem like a short term win but just means that stuff won't be served to browsers at all, and nor will P2P apps that want to be accessible from desktops be able to use it either.
Anyway it's all very theoretical, because at this time Windows doesn't have a workable app-level RA implementation, so it's mobile-only for now anyway (Linux can do it between servers in theory, but not really on the desktop).
No, it can't -- see bellow; there's also no quantitative objective stated or communicated. Hence, it is not controllable, whether it achieved the stated objective or not. What would happen, if it doesn't achieve it? Nothing, because it was not promised clearly enough, just in some vague way.
But it happens to achieve different goal -- for example, even more concentrating the control over general computing into fewer hands.
Would it be rolled back, if it doesn't achieve the stated goal? Of course not; it will achieve the hidden ("it just happened, who could ever know, pinky swear") goal, and that's important. Not the pretend-goals that was used to sell it to the general public.
Now, why it won't achieve the stated goals: because spam is problem also with closed systems. Ever got a junk call? Users use only "approved" devices, and even if the system can put limits on the source, it also limits how the destination can protect itself. The important thing with spam, scams, etc. is, what whenever there is a possibility to make money, the scammers will find a way. Even with low-tech approach (like hire a bunch of human operators of the approved machines). They weren't stopped even when what they did was illegal, why do you think RA achieve what the law didn't? To make things worse, the closed nature made it more difficult for the victims to save evidence of the spam, scam.
So of course it won't reduce the scams. But it will make the situation worse for us all. And web losing to proprietary platforms? It will certainly lose, when it is turned into one of the proprietary platforms.
Spam is much less of a problem with closed systems. BTW phone calls aren't a great example. The global telco system has enough players that it's closer to email than Facebook, and telcos are classed as common carriers so there's a limit to how much spam fighting they can do.
I don't really know what to tell you. This stuff does work extremely well, it's unambiguously the case. Google already use a software-only form of RA on the web and have done for years. It cut through spam like a knife through hot butter. They could already detect 10 years ago if a Python script was pretending to be Chrome, or if Chrome was pretending to be Firefox, or if IE was being driven by VBScripts or an IE WebView was embedded into apps that then manipulated the web page externally. No hardware chips or new web standards needed! But, the approach used is/was in the end just a neat hack, and it's guaranteed that spammers will eventually defeat it. Perhaps they already did. I guess there must be a reason why this proposal surfaces now, given the ideas aren't new.
> To make things worse, the closed nature made it more difficult for the victims to save evidence of the spam, scam.
I don't quite follow the logic here. Why wouldn't they be able to save evidence?
> at this time Windows doesn't have a workable app-level RA implementation
To make this work, I suppose it will finally be necessary for Windows to disallow all user-space code injection (e.g. in-process hook DLLs), including from assistive technologies. I guess this tightened security could be a per-app opt-in feature, at least initially. UI Automation on Windows 11 may finally be ready to take over the work that in-process injected DLLs (particularly from screen readers) previously did without performance regressions, though as far as I know, this hypothesis hasn't really been tested yet (or if it has, that happened inside the Windows accessibility team at Microsoft after I left). The trick will be to give the third-party screen reader developers a strong incentive to prioritize moving away from third-party code injection, without harming end-users in the process (i.e. not suddenly releasing a browser or OS update that breaks web browsing with screen readers).
What other changes or API additions do you think will be necessary to enable workable app-level RA on Windows?
Yes, it's harder for Windows. Desktop operating systems don't have all the details figured out especially around detecting and controlling automation. RA has been around as a concept for decades, and implementations in consoles/phones/servers do pretty much work for a while, but RA that works on general purpose desktop computers is very new and really only Apple has it.
The Windows team would need to at least:
- Get apps using MSIX (package identity)
- Design an API to get an RA for an app that has package identity. Make a proper keychain API (or better) whilst they're at it.
- You don't have to block debuggers or code injection, but if those things occur, that has to leave a trace that shows up in the RA data structure.
- Expose to apps where events come from.
- Compile databases of machine-level PCRs that reflect known good configurations on different boards. Individuals can't do that work, it's too much effort to keep up with all the different manufacturers and Windows versions that are out there. MS would need to offer an attestation service like Apple does.
Some of that stuff is already there because they pushed RA in an enterprise context for a long time. I don't know how widely adopted it is though.
Apple is no general computing platform by far and I believe the flexibility is what makes general computing attractive.
How would you not block debuggers if those aren't verified? This adds insane busy work for little advantages and again would make Microsoft the gatekeeper of hardware.
Macs are general purpose computers. In what way are they not? Is there some task you just can't achieve with them?
There are no problems with debuggers. For one, debugging an app that isn't compiled in debug mode is very hard. If you're at that point something has gone badly wrong somewhere already. For another, there would only be a problem if you're trying to debug a production build of the browser whilst simultaneously accessing a service that wants to measure your environment. That would be an extremely specific scenario that virtually nobody would ever encounter, especially not compared to the much more common scenario of being asked to solve horrible CAPTCHAs.
The force for centralization is that for social networks it simply is the natural topography. People are drawn to where everybody else is, so something being central is a main attractor, even if we disregard the ambitions for reach. Spam is a secondary factor at best.
While Spam is a problem and affects decentralized systems more easily (if they have a critical number of users), the cost of client attestation is just too high.
I am perfectly happy if the web and stays open and a lot of people go into the app space and stay there. I am happy for facebook and don't think I am missing out on the web. I don't use any apps for social media and exclusively use browsers. I wouldn't want a second app space on the web at all because the mobile environment is an ugly abomination of software crap.
If we have a form of RA, it will get worse for users and developers alike. It will be a far worse hassle than killing a bit of spam and we give the wrong players too much power.
Perhaps. Email, IRC, USENET and the phone system are or were all decentralized social networks. They did fine in their heydey.
If you're a 2023-web purist who's willing to just avoid whole services because they're not on your preferred platform, then hw-backed web RA would make no difference to you even if it could be implemented (which IMO it can't): you'd avoid the services that use it just like you already do today.
This is not realistic outlook. If such systems are present, I would see additional hurdles along the way, just we see by Cloudflare if your requests aren't of the usual kind. This does make web discoverability much worse.
It is simply the wrong approach to focus on the negative, in this case spam or in general hostile bots.
> If SpamBot2000 shows up and starts flooding groups, one command is all it takes to wipe out the spam. Where it gets trickier is if someone releases an NNTP client that has legit users but which can be turned into a spambot, like via scripting features. At that point users would have to make the call themselves, or the client devs would need to find a way to limit how much damage a scripted client can do
At which it comes back to not allowing anything but the most locked-down clients, and disempowering users... and still failing, bcecause all clients can be turned into spam bots with the most trivial application of autohotkey et al.
- The OS can trivially expose to the app whether events are coming from real hardware or another app, information the app can then either report or not report.
- The attested user-agent string given can be extended to include information about any scripts that are driving it, e.g. script hashes.
And so on. Then these things can have reputations computed over them. If there's a script hash that shows up reliably in spam, and never shows up in ham, then you can auto-mark those posts as spam. If the scripts aren't known then messages can be throttled until enough users have voted on whether the messages are spam or not. All this is fairly straightforward to code up, again, in a theoretical world in which operating systems expose information like whether events are emulated or not (today they don't).
The trick is that clients don't have to be locked down. The tech is fundamentally about letting you prove true statements. Those statements can be as complex as needed to allow whatever level of customization and control is desired. The more malleable clients are the more complex it becomes to determine what is and isn't considered OK, but in a decentralized system that policy complexity is up to the end users themselves to decide. They can share logic in the same way USENET users used to share killfiles.
Anyway, my point isn't to try and design a full system here. It's research level stuff. Only to point out that this stuff brings spam/abuse control out of BigTech-only world back into the realm of small scripts that can be written and shared by users in a decentralized way.
> If there's a script hash that shows up reliably in spam, and never shows up in ham, then you can auto-mark those posts as spam. [...] All this is fairly straightforward to code up, again, in a theoretical world in which operating systems expose information like whether events are emulated or not (today they don't).
And in a world that has zero outliers or unusual users. In reality, I guarantee my accessibility software would get flagged as emulated input (because it is) and marked as spam.
Then maybe we can also take into account whether the emulated input comes from remotely attested assistive technology. Yes, this will have the effect of at least restricting third-party assistive technology, but we have to keep in mind what's best for the largest number of people (including disabled people who aren't hackers) in the big picture, rather than taking an absolutist stance on hacker freedom.
That makes the tech far more expensive because you introduced useless overhead without gaining anything relevant.
You didn't protect non-tech savvy users at all, on the contrary, you introduced a point of failure for their devices. Some have customized ones which would need to be verified. Doesn't sound like a good idea at all.
Again, it's all chainable. If an app is being controlled by accessibility software, the identity of that software can show up in the RA, so readers can say "it's OK if this app is automated as long as it's by something on this community maintained list of genuine accessibility tools".
Sorry, but don't be silly. Government is part of the problem here. This is the reason why naïve freedom of wild west internet become what it is now is government's actions.
Corporations and govs are actually the same structure. Look to healthcare, pharma, military it is so tight connected. Now IT is just part of the puzzle.
If government were, they would just be acting to further enhance the moats of the largest companies, which finance their campaigns.
At least in the US. I’m not sure how EU politics is actually motivated, though they seem to advance the most useless political solutions to technological problems (browsers not having good defaults for cookies? Let’s make website owners show confusing cookie modals within the website context, that don’t usually even work!)
I live in Turkey and would totally love my government to distribute a national OS and a browser, even if with national TPM keys. Even if I did not trust my government to act in my interest. Because WEI and remote assertion will create absolute dependencies on American companies (who have no incentive to act on my interests anyway), even more than ever. And I don't think this is any good in terms of national security. F16 fighters sold to us which didn't fire on targets USA didn't want us to comes to my mind. Thankfully we were able to be independent from USA in weaponry in the recent years. What is a freedom problem for you is a national independence problem for us as well.
> But the fact that you would have to use Microsoft's or Apple's keys makes this completely impossible.
Yes completely impossible to fake by design. Otherwise whats the point? But I think the root of trust is whatever signs the hardware TPM module. So, Intel, AMD and Apple.
If I understand it correctly, the secure chain of trust will be something like, hardware TPM module -> secure boot -> windows signed kernel -> Chrome (signed binary). Its not clear to me if desktop linux will be able to participate in this ecosystem at all - which is ironic given how much google uses linux. Maybe a couple of the big distributions like Canonical will be able to sign their linux kernel builds.
> Lastly there is the social problem: is DRM the future of the web?
Its opt-in by website operators at least. Assuming this happens, there are two big questions in my mind:
1. How much of the web will go dark to anyone not using a corpo software stack? I imagine bank websites will adopt this technology immediately, while sites like HN, personal blogs and wikipedia won't touch this stuff. How much of the web will stop working on my terrible "hacker" computer where I use firefox on linux?
2. How will this interact with browser extensions and dev tools? If websites won't function outside of chrome, will we be able to continue to drive chrome programmatically? Will chrome's dev tools still work? Will websites be told about my ad blocker extensions? Will webdriver (and similar tools) be blocked?
I really hate it - banks are already so inaccessible these days that it is a nightmare. Why isn't there a read-only key that I can use to programmatically and automatically pull transactions? I need to login though third-party OTC apps from an "unmodified" mobile phone (I only bought for banking, which I consider as e-waste the other 99% of time), download the proprietary PDFs, process them in some custom and complex Python code I hacked together, to finally extract the information into a proper usable format.
Just think about it: I really conceptualized how I can hook my Android phone to my server, add a digital camera to photograph the OTP-Code, OCR it and have a docker based Selenium script with chromedriver to login to my bank to pull the PDFs. All that just because big banks can afford to be so customer unfriendly.
Well, perhaps it will drive adoption of Web3 and permissionless decentralized open protocols — * ducks *
I mean — all this doom from HN about huge centralized corporations, about banks being inaccessible, but the moment you mention the only viable (at the moment) alternative — many people reach for their trusty downvote button.
I mean, with all the hate towards all alternatives to trusting Big Tech corporations, with all the effort to actively bury any potential to build and improve decentralized systems, some of you deserve to live in a world controlled by large states and corporations. This would be your future dystopia, because you actively dismissed every alternative out of hand. But it won’t be your future — because many people outside of HN continue to build systems like MaidSAFE, IPFS and BitTorrent which do not have these restrictions. There are far better and nore scalable networks coming out that are beyond blockchain and beyond smart contracts that allow building backends which CAN’T discriminate against clients, and let anyone generate their own public-private keys. Even though you may hate on these technologies and downvote any post mentioning them, they’ll be there when you finally need them. You’re welcome!!
> How much of the web will go dark to anyone not using a corpo software stack?
If you can detect if anyone is using a system that supports this then you can ban only them instead of allowing only them, right?
Maybe we should nip this in the bud? If even 10% of sites banned anyone with this enabled from day zero before anyone else is requiring it, users would turn it off and then it wouldn't be there for anyone else to use.
> I imagine bank websites will adopt this technology immediately, ...
I don't see banks adopting it at all for consumer banking. I work for a bank; I can tell you a bank isn't interested in adopting any technology that introduces friction for high-balance customers. What would they gain? A little extra fraud protection? You'll find lots of articles online spelling out the reasons that the optimal amount of fraud is not zero.
Plus they may start to see in person traffic soar. I won't have signed software, so now I'll go to the bank for all transactions while also filing FTC complaints.
I imagine many elderly folks that haven't kept their systems current or updated may also face the same issue.
For now. But in many countries you already have to show ID to buy a SIM card. This could be extended to all devices that have this key on them. And then it could become a dereliction of duty for certain types of websites not to do checks they could easily do.
> But in many countries you already have to show ID to buy a SIM card.
I can buy a SIM card that gives internet pretty much everywhere around the world with bitcoin with silent.link. Granted you don't get an IP matching the local country, but still...
You can do all sorts of things to circumvent all sorts of rules for all sorts of reasons.
But over time rules are tightened, penalties increased, more loopholes closed and fewer people will have the expertise, the determination, the funds and the nerve to work around the rules, even if it is theoretically their right to do so.
Eventually only hardened criminals and highly knowedgable and principled activists and professionals will realistically have access to some of these options.
This is the actual missing key bit. The problem that Google is trying to solve here is not actually a hardware / computational problem, it's a Real Identity problem. Hardware / TPMs are a poor proxy for solving that problem.
There's drastically less eWaste and impact on software freedom if you seek attestation from a national ID provider than if you seek attestation from one of a handful of personal electronics OEMs. National ID providers can offer to sign not only Real Identity attestations, but also anonymized attestations to protect citizen privacy. A web operator can decide whether to allow for attestations from only their own national ID provider, foreign national ID providers, private ID providers, or none at all if they just have a read-only site and don't really care.
The truth is that government inaction is forcing Big Tech down the road of violating user privacy and freedoms to solve Big Tech's problems. But getting the government to offer a flat Identity Provider playing field would solve these problems in a way that doesn't require such violation.
And what if I don't trust and don't want to rely on my citizenship government?
Being a Russian passport holder who lives abroad for years, I don't want to be in touch with my gov in any way possible, and moreover depend on it.
That's actually the case for millions of people from different countries with dictatorships, do you propose just to discriminate everyone outside of 20-30 countries with more or less democratic systems ? Those countries don't care about "citizen privacy".
Apart from that, we all see the bill in the UK which is as much a disaster to human freedoms as Russian and Chinese laws, for example. So even being a citizen of a more modern country is not a guarantee.
People don't always live in their country of citizenship, they don't always live in one place (see digital nomads) and have a residence, they don't always trust their government and they should not be discriminated on internet usage because of that. That makes a person more of a government property rather than a human being.
> Being a Russian passport holder who lives abroad for years, I don't want to be in touch with my gov in any way possible, and moreover depend on it.
Real identity doesn't necessarily mean passport. It can mean, for example, a visa issued by your host government; being a valid visa holder therefore grants you a valid digital identity issued by that country.
> People don't always live in their country of citizenship, they don't always live in one place (see digital nomads) and have a residence, they don't always trust their government and they should not be discriminated on internet usage because of that. That makes a person more of a government property rather than a human being.
Then let's get rid of passports. Sounds like the deeper issue, no? Wouldn't you agree that freedom of movement and immigration is a higher and more important freedom than freedom of internet access?
This is the world we live in. Immigration concerns exist. Government-issued identity is real. It just hasn't caught up to the 21st century.
That's true, I also don't understand why some people are "better" by the right of birth and not by things they did in life and pure merit.
There is basically no reason for, for example, African young person to be more restricted in his freedom of movement than European one, but we are where we are.
Though I believe while we have outdated and unfair system of belonging to some borders, it's better not to make it even worse by adding new layers of dependency on these IDs.
Wouldn't be better to add more opportunities equality instead of hardening it?
> Wouldn't be better to add more opportunities equality instead of hardening it?
I couldn't agree more, but you gotta apply the right leverage to the right problem, put the round pegs in the round holes and the square pegs in the square holes. Real digital identity does for the digital economy what credit cards did for the retail economy: dramatically reduce the cost of friction, and therefore dramatically expand, how much activity there will be. It is this reduction in friction which opens additional opportunities even to people with identities issued by less-favored governments. Separately, we can and should push to make qualified immigration simpler, faster, and for more applicants.
Digital (not strictly connected to real) identity is a not a bad thing in itself. But I honestly don't think that digital identity should be managed by governments or corporations, they already have too much leverage over individuals.
I am a bit opinionated about that, because I already saw lots of that in Russia with all these fancy "security" and "convenient" digital tools and how it ended.
Digital Id should be solved by some kind of WebOfTrust, private DIDs and somehow distributed reputation systems, not by centralized government databases. It's a straight way to tyranny.
> I honestly don't think that digital identity should be managed by governments or corporations, they already have too much leverage over individuals
The reason why it needs to be managed by the government is because legal contracts are ultimately enforced by government courts. Many things that, today, rely upon pen-and-paper signature (and Docusign-style electronic variants, which are just digital facades to the pen-and-paper reality), to get them enforced, require submitting more mountains of paperwork and physical appearances etc. We can't get out from behind that paper legacy, really start to explore contracts that can be disputed and enforced with simple online forms and no in-person appearances (everything from employment, to real estate / housing, to credit...) until the courts have a trustworthy to say, for this digital identity that signed that agreement, we know that it really was such-and-such a real person.
> It's a straight way to tyranny.
You'll disagree, but I would argue that it isn't more powerful tools that make government tyrannical, but a lack of education, poor culture, and a lack of checks-and-balances on government power. The government is supposed to have a monopoly on various parts of life, first and foremost a monopoly on violence (police, courts, and justice). "Democratic" but weak governments (consider e.g. Mexico, in the context of the drug wars) are ineffective at securing the blessings of life, liberty, and the pursuit of happiness; America has a history of strong governmental institutions that protect these rights. "Technology is neither good, nor evil, nor neutral, it simply is," and indeed, improving governmental strength by pushing past technical barriers is simply an orthogonal concern (IMO) to whether or not governments are just or tyrranical.
Pushback against voter ID laws would be ridiculous if those laws were accompanied with measures to make it cheap and easy for citizens to obtains the necessary ID. If those laws were accompanied by such measures most of the pushback would go away.
But in most of the states that have been pushing such laws that is very much not the case. The deliberately pick forms of ID that are less prevalent among poor and minority voters and that for many are expensive to obtain. In several they have also taken measures to make it even more difficult for those people to obtain ID.
For example if they require an ID that you get from the state's department of motor vehicles (DMV) they (in the name of budget cuts) close many DMV offices, and in the ones that remain open the cut back on the hours during which they will issue licenses to a few hours on weekdays. The closures mostly hit in poor and minority districts.
Yes, some of those laws do make some forms of acceptable ID free, but only in the sense that there is no fee to obtain that ID. Obtaining the documents necessary to obtain the ID will still have fees.
I’ve seen this argument repeated ad infinitum by opponents of voter ID. The idea that minorities and poor people are incapable of acquiring proper identification is so prejudice. Proper ID is essential for so many things. Almost everyone has one and can acquire one.
OP offered a bunch of reasons why the law proposals are discriminatory and insidious things they do to make it hard to obtain an ID.
You claim to believe it's not and offer no counter point outside of you feel it in your gut and a desire to deflect and attack OP for making the point by calling the poster prejudice.
I just read through each link and now fully understand the point you were making based on facts and evidence. You are right. I stand corrected. Thank you for taking the time to include so many sources. I really appreciate it.
It disenfranchises more people than fraudulent votes it prevents. Like, orders of magnitude more. If your goal is to accurately assess the opinion of the electorate, voter ID laws get you further from that goal, not closer to it.
It's theoretically possible, but for a year of my life, for example, I didn't have a residence and moved around. Lots of people do that to optimize their taxes. Why would you require to be a resident from a person to use an internet in the first place?
Being nobody's resident doesn't mean that you're not a human.
And anyway, there are a lot of people inside Russia, China, Iran, etc. And instead of helping them to use services with better privacy and consume uncensored views from outside id based system will give an impressive way to censor internet usage by government attesters. Have wrong views - say goodbye to the internet.
Dodging is illegal, being nobody's (or some low/zero tax country) tax resident and not paying anyone is perfectly fine, nothing wrong with that. Apart from maybe US with their specific global tax residence regulation.
You can stay in UAE for half a year, start being their resident with 0% tax and then moving around stayng less than 183 days anywhere. It's of course better to be connected to UAE or other low tax jurisdiction in case of "personal connection" taxes requirements. Nothing unethical, illegal or bad in that. As far as it's perfectly legal in lots of countries, that's optimizing and not dodging or avoiding.
If you are staying UAE resident this way, you probably will have some troubles receiving gov services, because you don't live there in fact most of the time (and you are still just a tax resident and not always resident in terms of long-term living permit).
Anyway, placing a person to be "managed" by some government is a really dystopian concept.
Bear in mind as well, you need to be earning a ton for the tax savings to offset the price of flights + price differential of short-term housing compared to long-term housing. You may have moral reasons for not wanting to pay taxes to a particular government, and there are of course quality-of-life benefits to being able to travel to so many places that can make it worth the cost, but I'm wary of claims that such nomadship actually saves anyone money.
Yeah, it's more profitable to reside in a low tax jurisdiction as I do, for example, but he asked me to elaborate on the idea and I know that such way of life exist and works perfectly fine for lots of people.
Th main idea as that I strongly disagree that a person must have an ID outside of some questionable country and that's more of an example. I personally traveled just because I wanted to travel a lot, it was before the war and stuff, but as I know currently lots of Russians, Ukrainians, Belorussians are changing countries to find the best for them. When you don't have home anymore, there is no reason to settle to the first place you visited.
BTW, 3 flights per year with 2-3 bags will cost you around 3k USD, you will probably overpay around 300-400 USD per month staying in Airbnb in low-cost of living countries like Thailand, so in fact the whole cost of moving will be around 7-10k USD per year. If you earn IT remote salary, you will probably save a lot.
Though you'll need a tax consultant to avoid breaking any tax law accidentally, but that's not so expensive outside of the EU and the US.
Any kind of digital National ID is a privacy disaster in itself because then things will use it to correlate your activity across different devices and services. That should not exist.
This entirely depends on what uses it. If every website on the planet starts requiring you to attest to your identity to view the site, then yes. If it's actually just banking and e-filing taxes, even if you're doing that over Tor from a burner laptop running Tails on library WiFi, the activity is attached to your identity anyway.
But if it's actually just banking and e-filing taxes then you don't need a "digital National ID" you just need a login to your bank and one government website, which have no real reason to even be the same login.
> Any kind of digital National ID is a privacy disaster in itself…
Ah, ha!
The PR spin necessary to kill this in the US would be to connect it national ID. I hadn’t thought of that.
A narrative about national ID with some vague “mark of the beast” insinuation thrown in and suddenly a large political faction who otherwise would care about this would be opposed. I like it.
I know your post is in jest, but I think you might not be aware of how suspicious right wing populists (especially bible reading right wing populists) are of Fed + Big Tech alliance. It will not take much to rally this group against these types of initiatives. There has been plenty of evidence of collaboration between Feds and Big Tech to suppress their political voice in the last 12 months (twitter files, FBI whistleblowers, etc)
I think a political strategy of getting rural school districts + 20 State governments to go on record saying they will not purchase or use computers that have Google WEI could be very effective.
No jesting on my part. I don’t buy into the “mark of the beast” narrative but if it works to help hold on to the freedom we have with personal computers I’ll hitch my wagon to it.
> I don’t buy into the “mark of the beast” narrative but if it works to help hold on to the freedom we have with personal computers I’ll hitch my wagon to it.
It's also worth considering where this stuff comes from instead of ascribing anything the other team says to superstitious fools and their invisible sky man.
Branding people like cattle wasn't invented in modernity. It's infamous Nazi behavior, and the Nazis weren't the first to do it either. It's so old that people centuries ago saw how bad it turns out and put a warning against it in their ancient book.
You don't have to believe in the devil to believe that history repeats and learn a lesson from the people who came before.
> It's also worth considering where this stuff comes from instead of ascribing anything the other team says to superstitious fools and their invisible sky man.
I didn’t say any of that. You have no idea what I believe beyond that I don’t buy into the “mark of the beast”. Anything else you read into my comment is something you read in.
That you went straight to comparing my comment to Nazism seems a bit uncharitable.
Why does everyone assume that a reply is meant as a dispute?
I'm not comparing your comment to Nazism, I'm comparing universal identity systems to Nazi behavior, because that's what they are. Their primary use, the major thing they do that decentralized credentials systems don't, is to facilitate mass surveillance and authoritarianism.
My point is that this has been understood for a long time, and the people who say "mark of the beast" have a legitimacy to their concern that has been demonstrated throughout history, regardless of whether or not you believe the fine details of the allegory.
> Why does everyone assume that a reply is meant as a dispute?
I took your particular reply as accusing me of being critical of religiosity-- specifically "...ascribing anything the other team says to superstitious fools and their invisible sky man."
I took your statement about "branding people" as a statement on this perceived accusation that I was speaking unfavorably about religiosity.
Your clarification that your were comparing universal identification to Nazism makes me read your comment in a different light.
Do you remember when electronic voting machine fraud was a mostly left-wing concern? Today I'm seeing the same sources dismiss the possibility out of hand. That was a bit of an eye-opener.
That entirely depends on how the mechanism is implemented.
For example you could have the website never knowing your actual ID but simply passing an encrypted string to the national server, which would return a 200 response if the document is valid. You could also have additional requests like "is the user 18+".
The website will just know the request is coming from something which has a valid ID available. The state will also not know which pages you browsed, only the domain of the request, just like with HTTPs your ISP does not know exactly the pages you browse but just the websites themselves.
And before someone talks about the state knowing your browser history: they already can by calling up your ISP, and they would get a lot more information than this mechanism would provide.
There's a lot of trust in that model. I would have to trust that the web server isn't passing extra information like the page I visited, that the government isn't passing back extra info like a unique identifier, and that the scripted strong is completely anonymous and single use.
If any of that trust is broken my privacy is at risk.
> And before someone talks about the state knowing your browser history: they already can by calling up your ISP, and they would get a lot more information than this mechanism would provide.
That depends on how you browse the internet today, and how the ISP tracks it. Simply using a different DNS service goes a long way, and using a VPN or the tor network may not be totally fool proof but should get around the basic drag nets am ISP is likely to use.
No, there isn't. It's basically an OAuth login flow. The spec is publicly documented, anyone can register applications and check if the government is responding as desired, both by correctly requesting auth for the correct scopes in the government-hosted auth page, and by checking that the data returned from the gov matches what the spec promises.
It will never work. It'll all come down to a single ID. No one is going to do an ipta more eork than necessary
Dissuade yourself of this illusion. Besides which, any type of "nerfed" system that avoids abusive patterns by design will just get
A) used as political chaff for jockeying by power hungry politicians as distraction fodder or FUD material
B) centralized by the intelligence community of your country, or an allied country with an agreement that they'll do the work for your government that your government can't.
There are things that simply should not, nay, must not be made.
The Single Identification Number is one. We have all the tools to do it today. The only thing keeping it from happening is refusal to implement at the grassroots level.
> The website will just know the request is coming from something which has a valid ID available. The state will also not know which pages you browsed, only the domain of the request, just like with HTTPs your ISP does not know exactly the pages you browse but just the websites themselves.
Just the domain is still a pretty major information leak.
> And before someone talks about the state knowing your browser history: they already can by calling up your ISP, and they would get a lot more information than this mechanism would provide.
Yeah, but they have to ask. This creates a system that requires preemptively sending them that information.
My ISP will tell them I spend most of my time connected to Mullvad VPN, and Mullvad will tell them they don't know anything about what any particular IP address was doing.
Having to give identity attestations either directly or proxied by a government server would make such anonymous browsing much more difficult, if not impossible.
Really the only way to defeat it would be by having all the citizens share their keys openly so no activity was ever guaranteed to belong to the credential owner.
With the system you propose, the state would positively know that "citizen 24601 is being age verified at ObscenePornForConsentingAdults.com".
The ISP, with SNI implemented, would only be able to tell the state that "a device connected through this physical location accessed a server through Cloudflare".
1. 18+website tells the browser age verification is needed, gives a random token
2. Browser signs a verification request with the local ID card (or a key temporality allowed to do so), forwards it to government server
3. Government server sees the request with random token, signs both, answer the browser
4. Browser forwards signed attestation to 18+website.
The government server only sees the random token. The website only has the attestation. There are other things that can be nitpicked against, but not this. For instance, can we require local ID cards? What about foreign visitors? Possibly an attestation from their passport? And of course, browsers sit in the middle and see everything.
However, this could be a useful mechanism to have. For age verification, nationality check, or even identity check on official websites. And if we have this, it's bound to be abused in some ways (Facebook could require an ID check).
Also worth noting that if the system is designed in this way then anyone can set up a "pretend I'm 21" service which will sign anybody's token using a random adult's ID because it can't be traced back to them.
Conversely, that system is not secure if the site conspires with the government, because the government could record the signature (or the token) and then compare it to the one the site has to violate the anonymity of a legitimate user. There are forms of encryption that prevent this (the user does a cryptographic operation on their own device that munges the data so the site can still verify the signature but can't tell which one it was), but now you need the government to implement that system -- and update it if any vulnerability is found -- and do a coordinated update of all the sites in the world with the new protocol that patches whatever vulnerability is found -- and do this rapidly and competently because in the meantime the system would have to be taken offline to avoid it being actively exploited.
France has an app in beta right now called "France identité".
It can replace your physical ID but it also has other useful features.
The most useful one is the ability to generate Identity Proofs that contain only the minimum required information to prove your identity.
They even have an expiration date, a named recever and a motive.
Of course the receiver can verify their legitimacy in the app.
No more sending copies of your ID !
I also think one of the features is proof of majority without revealing your identity. Probably made for adult websites because a ruling was made a while ago that they would have to enforce age restrictions better.
I think there is a 10% probability of a new, decentralized network forming in the next 5 years, replacing the internet / web as it becomes more authoritarian and centrally controlled.
I speculate that it might start off as a mesh network, maybe using unregulated spectrum on a local level. It will probably resemble BBS fidonet, but with more modern features. bandwidth and E2E latency will be terrible, but it will be free.
As long as there are skilled engineers who have the spirit of freedom, there will always be an 'open' network for humanity to communicate (with all the good and ills that comes with 'open').
Do you honestly think any significant amount of people will put up with the setup, latency, and inability to use their bank's website that would entail?
Most people don't know how the internet works, don't care as long as it works and do not think about it beyond that.
The high water mark of Joe Q. Public giving a damn about DRM or anything related to it was when Keurig added DRM to their coffee machines. As soon as the normies who cared enough to do something about it (which still was nowhere near a majority of Keurig owners/users) found a simple workaround they stopped giving a damn again.
The general public doesn't care, and won't care until it actually materially affects them. Until then they'll look at the people who do care as weirdos. And even then, plenty of people still won't care so long as they can access their social media etc. on their shiny new iPhone 28 or whatever version is out when that time comes.
The web was successful because it wasn't a lock down platform, any client could talk to any website.
Google is essentially hijacking the web and turning it into something that it can entirely control and dictate, since Google owns not only critical infrastructure (Chromium, the most used browser), but the most visited websites (Youtube, Search). That's a coup d'état, no more no less.
And the slippery slope is abrupt dude, we went from EME which was already spyware to WEI, and there will be a next step, since we would have already accepted Google's supremacy.
I wonder if the internet will migrate to a radio spectrum allocation type system (I'm aware of APNIC - yes it's the same legally) where there's the Google spectrum, the MSFT spectrum etc...and they run all these enclaves but with their own credential tokens
In which case the internet we all grew up creating will effectively turn into the "Ham radio" of digital computer communications and will be effectively bandwidth throttled the way amateur spectrum allocation is
Doesn't seem crazy that something like this would be the end result
they're looking for a way to completely capture the "boons afforded by digital assets" (digital goods)
if they control your computer, they can prevent you from incurring in 'illegal' activities such as piracy
but it all boils down to the logic of the market, the raw fact that capitalism works even with marginal costs. but when copying (and distribution) costs go lower (less than 'marginal' down to zero cost) it all starts to break down
if people aren't selling digital assets to each other (which doesn't make sense with the technology we have right now), they cannot be taxed and so on.
solution: fix the technology. make it so that only those with specially authorized keys (trust worthy actors) can copy digital information at will. everybody else will have to pay them for this privilege.
oh and nevermind the fact that computers work by copying bits all over the place
There's going to be some harsh language in the post, because this stuff pisses me off to no end, and what you're talking about, ultimately, is none of those things.
We've allowed a lot of people to become really fucking lazy. That's the bottom line. Baby Boomers, some Millennials (not all), and a lot of Gen Z.
Generation X had no choice but to gain a strong knowledge of computers if they wanted to do anything on the Internet, because it was still difficult, it still required a little reading, and you couldn't just press the WPS button on your router to connect your new MacBook Pro.
Every single problem the web faces is that. Period.
A lot of people never had to learn jack shit, so they don't know jack shit. They can't tell the difference in a legitimate website versus one that isn't. They don't know how to read a web address. They can't figure out that irs.gov is legitimate and irs.4doad04ldud.com isn't. I have met people who are 50+ years old who have used Windows computers since they were 22 years old, but look absolutely goddamned dumbfounded when you tell them, "Just click on the Start button and go to Word."
Fuck.
Them.
Fuck every single one of them. We have tolerated lazy uninterested users for long enough. I'm not saying every computer user needs to be able to debug assembly code and fix their own driver issue by rewriting it from the ground up. I'm saying that as a society, we have progressed past the point where you can throw your hands up and say, "I'm JuSt NoT A CoMpUtEr PeRsOn!"
To quote Captain Jean-Luc Picard, "NOT GOOD ENOUGH! NOT GOOD ENOUGH, DAMMIT!"
And the entire industry across the entire planet and every single national, state, county, city, provencial, whatever government is going to have to get onboard, come together, and say, "Okay, here's a baseline set of knowledge about how computers and our communications systems work that every single human being needs to have."
You cannot "tech" your way out of this problem. Not without massive corporate and government overreach and invasion of people's privacy. Lazy shitty people are just going to have to be made to suffer until they stop being lazy and shitty. There are plenty of average IQ people who can grasp the basics of how their computer and the Internet work - but they're never made to. Well it's time to start making them.
The dumbing down of every single technological product and concept does our species no favors.
Not sure why this has no reaction. While this is the very forceful version of it I think the piss poor education of people is very obviously a huge contributor here and to nearly every other problem in the past few years.
>Maybe this trusted computing stuff really is what the web is bound to become, either using your certified TPM keys or maybe your Electronic National ID card or maybe both in order to attest the genuineness of the device that is making the requests.
If this is the future, I'm going to say "fuck the internet" and return to the soil.
The freedom problem is this: you will not be able to roll your own keys.
This is probably the biggest nail in the coffin for a ton of computers out there. In theory you could simulate via software the workings of a TPM. If you built a kernel module the browser would have no real way of knowing if it sent requests to a piece of hardware or a piece of software. But the fact that you would have to use Microsoft's or Apple's keys makes this completely impossible.
The hardware problem is this: you will not be able to use older or niche/independent hardware.
As we established that software simulation is impossible, this makes a ton of older devices utter e-waste for the near future. Most Chromebooks themselves don't have a TPM, so even though they are guaranteed updates for 10 years how are they going to browse the web? (maybe in that case Google could actually deploy a software TPM with their keys since it's closed source). I have a few old business laptops at home that have a 1.X version of the TPM. In theory it performs just as well as TPM 2.X, but they will not be supported because, again, I will not be able to use my own keys.
Lastly there is the social problem: is DRM the future of the web?
Maybe this trusted computing stuff really is what the web is bound to become, either using your certified TPM keys or maybe your Electronic National ID card or maybe both in order to attest the genuineness of the device that is making the requests. Maybe the Wild West era of the web was a silly dream fueled by novelty and inexperience and in the future we will look back and clearly see we needed more guarantees regarding web browsing, just like we need a central authority to guarantee and regulate SSL certificates or domain names.