During covid I was not allowed to leave house. Permits were only issued to local SIMs, which I did not had!

If I respected the rules, I would starve to death!

I assume you’re talking about another country, because in Denmark there was no general curfew under Covid (attendance to events might have required proof of negative COVID test or vaccination, but shops never did).

>If I respected the rules, I would starve to death!

respecting rules is more important that saving your life. /s

The amount of things you can't do in Denmark without a smart phone is terrifying. Technically you can still manage, but it's becoming increasing difficult. Way everything needs to be a fucking app is beyond me. Accessibility and alternatives for the elderly, or just people who doesn't want a smartphone is pretty much just ignored.

I'm glad to know that I'm not the only one who hates MitID. I really don't think that any software that has so much trust in the user has a good security model. What are they protecting against exactly? If someone else wanted to impersonate you with your consent you could just tell them your login credentials!

LOL, what? My (teenage) kids use my phone all the time, especially in the car, when I'm driving, but also at home. It's not like I have porn or banking apps on it, but what is the age verification going to help there? If the kids would install an app or used browser to see naked people, then my face would be available to these services, right? Better mine than the kids', I suppose!

(We're not in Denmark, but I wonder how it is going in our jurisdiction ...)

The Danish MitID identity "service" is actually pretty clever, except for the app used to approve actions or requests on your behalf. It's designed in a way that ensure that it can verify your age, but reveal nothing else about you. It isn't going to be used for "Porn ID" though. Instead it will provide your age information, basically 15+ or 18+ (I think those are the options), to an identity wallet, which in term will validate your age to the porn sites. Unlike the UK version there's no reason to have your face scanned, because the Danish government already knows your age and can provide that information via a trusted channel, MitID.

That's probably the issue the other post aludes to. The identity wallet will only be available via Google Play or the Apple App Store (as far as we know). So without a phone and a Google or Apple account, you're won't be able to provide your age information to e.g. PornHub.

Exactly this. Except the new service is not released as part of MitID but as part of the new digital wallet app (den digitale tegnebog). This is a separate and "voluntary" app which is meant to be offered as a convenience. Except it isn't really voluntary when the app is introduced together with new regulation that requires you to verify your age in places where you were previously anonymous, and the only way to actually stay anonymous and retain access is via the app.

it looks like MitID is basically country-wide SSO, isn't it? then isn't MitID collecting every website you authenticate to via the redirect uri?

Yes, but MitID is also only intended to be used in places where you are not anonymous to begin with, so this is actually OK and also gives you access to a central audit log of where your MitID credentials were used.

MitID is different from the proposed app-based solution for age verification which is designed to not leave a trail. The age verification app will initially be enrolled using MitID (or perhaps by a physical visit to a citizen service point where you can show physical credentials and answer security questions), but subsequent presentations of age verification proofs to service providers will be done without involving a central party.

All in all it is a good design from a privacy perspective. The major issue with it is that ONLY a smartphone based solution is planned, and that there is a high likelihood that it will depend on Play Integrity attestation. This will force everyone to be customers of Google or Apple if they want access to the full internet. I think it is technically possible to also offer alternative solutions based on secure hardware tokens which would still enable people without smartphones to verify their age in a privacy preserving way, but this is not planned.

When it comes to age verification - I still don't understand how you'd make it subpoena-proof? Like, the ones I've seen proposed protect you from the site itself getting more data than it should. But what about a government agency subpoenaing the website to see what credential this account was verified with and then comparing with the age-assuring agency's logs?..

Ah, yeah, that actually makes sense: now that the USA no longer shares intelligence information with some countries it previously did (or can't be trusted to do so), they have to implement alternatives.

route everything through a vps?

It's not a full solution. I've seen UK sites that, following the Online Safety Act, simply require all users to verify their age rather than bother to figure out whether you are actually a UK customer or not. I guess it's easier to implement and many sites mainly rely on domestic customers anyway so they don't care if international users are affected.

Also, this isn't just about porn. For example, I can barely use Reddit now if I connect with a UK IP address: the merest hint that there might be some NSFW angle to a post is enough to trigger their algorithm into requiring age verification.

It's a temporary solution though. It's only going to get more draconian. Next thing you know the talk is about punishing VPN users, because now they can be painted as evading the law.

i mean yeah but you cannot do shit all about a vps. commercial vpns yeah you can ban and monitor. a vps is your own device just elsewhere

> i mean yeah but you cannot do shit all about a vps

Of course you can. The AS numbers of major hosting providers are well known and it is already common practice to ban associated IP addresses for stuff that should only be done by legitimate users.

you cannot ban aws or linenode my dude

Why not?

because half of the internet is there

But in many cases a server operator doesn't expect any legitimate traffic from that half of the internet, or is willing to block traffic from it.

For example, there's generally no reason a customer would use their internet banking app with traffic routed via a datacentre other than for the reason you proposed (masking their IP address), so if the bank wants to prevent people doing that then blocking all data centre traffic is an effective way of doing it.

That's why I explicitly wrote: "for stuff that should only be done by legitimate users".

That means Netflix et al can (and do) ban everything that even remotely smells like a datacenter IP range and not a residential one, because that is a common method of evading regional bans or undermine pricing structure.

And on top of that... if the focus of your website is humans, you might want to cut off all datacenter originating traffic as well. Save yourself the hassle of dealing with AI scrapers.

I would much rather fight this and retain my rights instead of participating in some kind of privacy and censorship arms race.

you fight this by the arms race

> or uploading my face to a porn site.

I assume that in the pornography you've decided to consume, the participants are not clad in balaclavas.

They're showing their faces to everyone, in perpetuity, which many may no longer want to, and - considering the exploitative nature of the pornography industry, where rape is endemic - some didn't consent to in the first place.

So maybe consider that when you're complaining that your own face may be linked with pornography. Is what you're doing ethical? Do you reasonably have any right to complain?

Yes I do, and you argument is ridiculous. First of all, porn actors are operating legally and consent to what they are doing. There are real problems with the industry, but the fact that porn actors have their face shown does (of course) not mean that consumers of porn should logically have to also disclose theirs to online services.

Second, porn is just the beginning. This will also be rolled out to social media, and I wouldn't be surprised if in a few years this will be required in lots of places where children could be exposed to something that politicians find offensive.

What kind of argumentation is this? Just because someone decides to show stuff, everybody else is also required to show themselves? e.g. If I go to a theater where the actors are clearly identified, I have to be okay to get a facial scan as well?

Some people tend to demonize porn, and it might be unethical in their eyes, but fact is: it is not illegal (in most countries). I don't argue that there are issues in the porn industry, but this is an issue with the platforms, that they don't allow the upload of non-consentual material, or and have processes to take it down. This is a 'THEIR' problem (the platform not the victims).

There some of these issues also exist in the standard movie and music industry as well. Hell, it even goes up to company executives and politics. But this is up to law enforcement do their job and to remove the illegal stuff and prosecute the involved persons, not by branding everyone as a suspect.