Fox8: Watching porn now requires age verification in Louisiana because of new law. Adult sites pull out (😏) of Virginia due to new law.

[Llevron]

4 minutes ago, PokerPacker said:

Are they asking for my ID?  Privacy violated.

How do you intend to prove it in a way that ensures privacy?  If they could come up with a zero-trust model that would would be able to verify credentials without the possibility tracing it back to the individual, then we can talk.  But knowing how the world works, both government and business, nobody is willing to utilize this type of model because everybody wants to hoover up as much information as possible.

It’s pretty easy. Read only database that is queried. Database contains only numbers, don’t even have to match them with people (or the numbers physically on their IDs). Each number placed in this database is representative of a person who is over 18. 
 

Number exists welcome to porn heaven. Number doesn’t exist sent back to your aunts facebook. 
 

The government uses this everyday to process PII. Well, they send other agencies the work. They own the PII and they allow contractors to do the work without compromising by literally keeping the numbers and the people separate. Unless they are collecting data there is no reason not to do it this way. It’s easy, it already exists and it gets the job done. 
 

Now you just have to trust your porn provider is protecting your data and not collecting without telling you. Which I admit is the flaw here. Trust doesn’t exist. You need to pay someone to audit them. And that costs money. And that’s where the conversation ends cause they don’t want to spend it. 

[Renegade7]

There's no way to make the porn industry do this. Too many of these sites are out of US jurisdiction, let alone Louisiana or Virginia.  Not just Eastern Europe but good luck with .onion sites only accessible by Tor.

 

I acknowledge the overall feeling that something needs to be done...there's jus such a high risk of circumvention and poor implementation that it is really hard to sell me on how to do this properly and it actually getting the intended results.

 

In no way shape or form should the porn site store anything outside of "yes. They are over 18" in their logs, cookies, or internal databases.  Obfuscation, hashing, that kinda security for websites notorious for embedded XSS? 

 

It jus feels hopeless, but I expect to see more trying because too many can't accept not.

[Llevron]

4 minutes ago, Renegade7 said:

 

In no way shape or form should the porn site store anything outside of "yes. They are over 18" in their logs, cookies, or internal databases.  Obfuscation, hashing, that kinda security for websites notorious for embedded XSS? 

I wouldn’t want them to store it just query it. Government stores it on a DMZ and they give the site the ability to connect just for auth. That’s it in my mind. The site has no access to do anything but read. 
 

I agree it will never happen and there are many reasons for that but privacy doesn’t have to be a reason. It doesn’t have to be intrusive or violate your privacy for it to work. Like I said, trust is the only real issue. Everything else there is a fix for 

[Renegade7]

1 hour ago, Llevron said:

I wouldn’t want them to store it just query it. Government stores it on a DMZ and they give the site the ability to connect just for auth. That’s it in my mind. The site has no access to do anything but read.
 

 

Anyone is free to critique or correct me on this as I'm jus speaking outloud right now...

 

You have to stop calling it authentication then, because it's not if in your setup the porn site is only taking an alphanumeric string and seeing if it's in a database table of alphanumeric strings that would only be there if the individual had a legal government ID issued by a DMV (such as drivers license, walkers license, motorcycle, etc) and also 18 years or older. 

 

That's not authentication, that's more like authorization; this alphanumeric string by itself as a unique identifier ( that without access to additional tables in the DMV database would be nearly impossible to tie back to any other PII from the web session alone because you only have the license #) is then authorized to enter said porn site.

 

The intent is to have as little identification here as possible and no real attempts at authentication as traditionally talked about because the goal isnt to prove anyone is anything except their DMV issed ID has a unique alphanumeric string in a database table only populated by individuals 18 years or old.  You don't want anything to help with nonrepudiation and other typical security buzzwords tied to authentication here to make anyone even remotely comfortable with it. 

 

The session between the porn site and DMV system needs to be a locked version of "do you have this alphanumeric string someone gave me" and nothing more (or as close to that as possible, imo).  Almost like a giant access control list (ACL) run by each state.

 

Hash the string on both ends and make sure the session involves an HTTPS certificate that's been vouched for by reputable certificate authority.

 

Maybe that's a start...the answer as to whether that drivers license number is authorized to enter the site along with the drivers license number does have to be stored on the porn site web server at least long enough to make the session cookie on the porn site, the answer has to come back so the matching and authorization can be completed on the porn site end.

 

Allowing it be done on the government agency end opens door for someone to jus manipulate a page and send it to the porn site tricking it into thinking everything is good.  I've seen people test stuff like this jus by messing around with developer tools in a regular web browser, let alone something like burp suite.

 

To get every porn site to do this is not a privacy issue, it's a governance and compliance issue, completely different conversation.

 

Quote

I agree it will never happen and there are many reasons for that but privacy doesn’t have to be a reason. It doesn’t have to be intrusive or violate your privacy for it to work. Like I said, trust is the only real issue. Everything else there is a fix for

 

Privacy conversations are nearly impossible in this country because of how many people have given up the idea of Privacy being a right since 9/11.  It's not specifically protected in the constitution, merely inferred by a couple ammendments like the 4th.

 

Same time Europe has GDPR and they take Privacy so seriously US based companies have to beg for exemptions or threaten to leave altogether if they don't.  Germany's response to Facebook shoulda played over megaphone all over our country, but it wasn't (for reasons we don't really have go speculate as to why):

 

Edited June 27, 2023 by Renegade7

[Llevron]

8 minutes ago, Renegade7 said:

 

Anyone is free to critique or correct me on this as I'm jus speaking outloud right now...

 

You have to stop calling it authentication then, because it's not if in your setup the porn site is only taking an alphanumeric string and seeing if it's in a database table of alphanumeric strings that would only be there if the individual had a legal government ID issued by a DMV (such as drivers license, walkers license, motorcycle, etc) and also 18 years or older. 

 

That's not authentication, that's more like authorization; this alphanumeric string by itself as a unique identifier ( that without access to additional tables in the DMV database would be nearly impossible to tie back to any other PII from the web session alone because you only have the license #) is then authorized to enter said porn site.

 

The intent is to have as little identification here as possible and no real attempts at authentication as traditionally talked about because the goal isnt to prove anyone is anything except their DMV issed ID has a unique alphanumeric string in a database table only populated by individuals 18 years or old.  You don't want anything to help with nonrepudiation and other typical security buzzwords tied to authentication here to make anyone even remotely comfortable with it. 

 

The session between the porn site and DMV system needs to be a locked version of "do you have this alphanumeric string someone gave me" and nothing more (or as close to that as possible, imo).

 

Hash the string on both ends and make sure the session involves an HTTPS certificate that's been vouched for by reputable certificate authority.

 

Maybe that's a start...the answer as to whether that drivers license number is authorized to enter the site along with the drivers license number does have to be stored on the porn site web server at least long enough to make the session cookie on the porn site, the answer has to come back so the matching and authorization can be completed on the porn site end.

I mean yea this is exactly the kind of setup I’m talking about. We use it all the time to protect PII. I forget you know what I’m talking about better than I do sometimes which makes this easier. Authorized/authenticated aside we are on the same page. To a certain degree I don’t care what it’s called as long as it works. Which brings me to…

 

8 minutes ago, Renegade7 said:

Allowing it be done on the government agency end opens door for someone to jus manipulate a page and send it to the porn site tricking it into thinking everything is good.  I've seen people test stuff like this jus by messing around with developer tools in a regular web browser, let alone something like burp suite.

here is where you lose me. But what you are saying is that it can be broken and without too much effort. Right? If so fine — we ain’t trying to keep everyone out. I’m trying to keep out the 12 y/o that just googled whitehouse dot com like I did in front of my mother that one time. 

 

8 minutes ago, Renegade7 said:

To get every porn site to do this is not a privacy issue, it's a governance and compliance issue, completely different conversation.

Absolutely. It’s why I keep stressing trust in the gubment. Cause if we trusted them it wouldn’t have to be a problem of privacy. 

 

8 minutes ago, Renegade7 said:

Privacy conversations are nearly impossible in this country because of how many people have given up the idea of Privacy being a right since 9/11.  It's not specifically protected in the constitution, merely inferred by a couple ammendments like the 4th.

 

Same time Europe has GDPR and they take Privacy so seriously US based companies have to beg for exemptions or threaten to leave altogether if they don't.  Germany's response to Facebook shoulda played over megaphone all over our country, but it wasn't (for reasons we don't really have go speculate as to why):

 

My ideas on privacy would amuse you lol. I bet you can guess where my head is at. It would just derail us further. 

[Renegade7]

21 minutes ago, Llevron said:

I mean yea this is exactly the kind of setup I’m talking about. We use it all the time to protect PII. I forget you know what I’m talking about better than I do sometimes which makes this easier. Authorized/authenticated aside we are on the same page. To a certain degree I don’t care what it’s called as long as it works. Which brings me to…

 

Apprciate that and Bet, but if you want a patent so you can buy us all beers when you get rich, be specific : )

 

21 minutes ago, Llevron said:

here is where you lose me. But what you are saying is that it can be broken and without too much effort. Right? If so fine — we ain’t trying to keep everyone out. I’m trying to keep out the 12 y/o that just googled whitehouse dot com like I did in front of my mother that one time. 

 

Gotcha, my advice would look into difference between server side processing and client side processing. If we're talking about making something ultra-simple but also highly resistance to circumvention, have to limt the ability for a client to manipulate the processing on their end to get what they want as much as possible.

 

We must not underestimate this generation coming up after us, they are growing up with this technology and learning stuff we figured out way earlier then us, even being taught in school stuff we might not of heard about until college.  You tie that to the motivation of a teenage sex drive...FAAFO...

 

21 minutes ago, Llevron said:

Absolutely. It’s why I keep stressing trust in the gubment. Cause if we trusted them it wouldn’t have to be a problem of privacy. 

 

My ideas on privacy would amuse you lol. I bet you can guess where my head is at. It would just derail us further. 

 

I bet, start a thread : )

 

Jus because I trust someone doesn't mean I'm fine with telling them all my private information.

 

People should have the right to separate the two and make absolutely clear it has nothing to do with trust, doesn't need an explanation, and that's a huge part of what makes Privacy a right (that barely recognized by our government but taken very seriously in other parts of the world).

 

 

Edited June 27, 2023 by Renegade7

[PokerPacker]

I used the term "Zero Trust" in a prior comment; I meant "Zero Knowledge".

[Califan007 The Constipated]

1 hour ago, Renegade7 said:

 

I acknowledge the overall feeling that something needs to be done...there's jus such a high risk of circumvention and poor implementation that it is really hard to sell me on how to do this properly and it actually getting the intended results.

 

 

I still like the method I mentioned earlier in the thread: make a dot-xxx (.xxx) instead of a dot-com (.com) and require all porn sites to use it by law, and then require all browsers block all sites with the .xxx extention by default, with the ability to unblock with a password. Then leave it in the hands of parents to monitor the blocking/unblocking on their PCs and their kids' phones. It won't be perfect but that would seriously cut down on kids having access and puts the responsibility in the hands of parents, and kids would have to work MUCH MUCH harder to see the stuff they are seeing now just though an innocent Google search. Yes, some kids will still get around it by sharing their phones or showing their friends at homes where the parents don't block it or the kid figured out the password or hacking the browser code if possible, but that goes for everything in life...kids right now get a hold of alcohol, cigarettes, pot--hell, even guns--so finding a way to see some porn will always be there.

[mcsluggo]

On 6/25/2023 at 7:42 PM, dunfer said:

what a pedophile would say Alex

 

Alex, I'll take "how to lose an argument" for 100.

[mcsluggo]

On 6/25/2023 at 9:45 PM, The Evil Genius said:

 

No, you're talking about children. I find it amusing that children are always the first thing that conservstives think about when it comes to nude bodies. But not when its guns. Or poverty. 

 

 

this needs to be repeated.  over, and over, and over again.   

 

With the addition that "conservatives" are also all for protecting kids from teachers and science; from unions; from child labor laws; from child marriage laws.... the list goes on and on and on...  

[mcsluggo]

On 6/25/2023 at 8:56 PM, dunfer said:

is it allowed to link a video the most depraved **** on pornhub here? Ill have to check but im guessing id get banned.

...

 

so... you expect people to support your blanket ban on everything if you can find one thing that other people find gross?   and you don't see a hole in that logic? 

 

If i can find a repulsive picture of a person that clearly should not have been shot with a gun, are you O.K. with banning all guns?   If I find a picture of some cheeto eating a well-done steak with ketchup, would we need to ban all grills??    (...... this could go on for a while......   )   

[Califan007 The Constipated]

10 minutes ago, mcsluggo said:

 

so... you expect people to support your blanket ban on everything if you can find one thing that other people find gross?   and you don't see a hole in that logic? 

 

If i can find a repulsive picture of a person that clearly should not have been shot with a gun, are you O.K. with banning all guns?   If I find a picture of some cheeto eating a well-done steak with ketchup, would we need to ban all grills??    (...... this could go on for a while......   )   

 

 

It's the debate-by-anecdote method wildly popular on Twitter lol...commonly used to argue against trans rights, CRT, drag shows, gun control, abortion rights...

[mcsluggo]

7 hours ago, Destino said:

it’s weird how some of you liberals and leftists turn into libertarians when porn is mentioned. Should we stop carding people at bars because parents should be responsible? Should we allow tobacco companies to market in ways that make smoking cool to children, because well their parents should be on top of that ****. No responsible parent would let them see such ads, much less actually smoke a cigarette. Wagging your finger at parents isn’t a good faith argument, it’s horse****.

 

and if any parent went to the lengths required to actually stop their kid from watching porn, and monitoring their online activity to verify that their steps were still working… they’d be called terrible parents for spying at not giving their kids an ounce of privacy.

 

 

actually, it is because i don't give a ****ing rats ass about your, or anyone else's sense of "morality", and undeclared definitions when it comes to porn.    I find it utterly repugnant that THIS is the item on the information superhighway highway that gets people's panty's wadded.   You and the moron on your side of this argument aren't talking about protecting children from getting sucked into the depths of porn MAKING dungeons, nor about the penalties for revenge porn, nor about protecting the adult performers that are involved in an industry that is populated by cretins and predators BECAUSE the ****stick morality police drives it into the under-crevices/back alleys (well...MORE populated by those under-regulated creeps... it would attract its share of creeps anyway, which is why it needs to take place more in the bright sunlight of usual labor protection and other regulatory laws). ... you and the moron aren't talking about meaningful protections at all.  ANY of them.   Instead you are focused on allowing dip**** morality police to ban whatever undefined range of things that they want because you can think of SOME THINGs that are gross.   

 

as of this month, my kids aren't kids anymore.    They are 18, 20 and 21 and are MUCH more puritanical in their tastes than i.   I am sure they have probably peeked into some seedy sites (but given their personality... ridiculously tame "seedy" sites), and that fact is about 900,000th on my worries of the dangers that they could run into on the internet.   I trust their ability to choose what is repugnant in "art" that isn't the slightest bit artistic.   I am worried about the ability of actively malignant souls to deceive them or to compromise them in specifically nefarious ways.   

 

 

falling for the "there are disgusting snuff flicks out there, so we have to put everyone in a burqa" trap is just plain stupid.    

[dfitzo53]

10 hours ago, PokerPacker said:

Here's a list of things I don't want the government or anyone else to know about my porn habits, regardless as to how trustworthy the entity may be:

• Everything

That list isn't limited to Porn, either.  They don't need to know what my favorite sex position is.  They don't need to know my sexual orientation.  They don't need to know what I like to eat for ****ing breakfast.  It is not for them to know unless I wish it.  It's nobody's ****ing business.  **** off with this "if you you have nothing to hide" bull****.  Privacy is a basic human right, not just something for people hiding nefarious deeds.

What are you hiding?

[Califan007 The Constipated]

I feel like this video belongs here lol...

 

 

 

[PokerPacker]

3 hours ago, dfitzo53 said:

What are you hiding?

 

[Mufumonk]

13 hours ago, Llevron said:

It’s pretty easy. Read only database that is queried. Database contains only numbers, don’t even have to match them with people (or the numbers physically on their IDs). Each number placed in this database is representative of a person who is over 18. 
 

Number exists welcome to porn heaven. Number doesn’t exist sent back to your aunts facebook. 
 

The government uses this everyday to process PII. Well, they send other agencies the work. They own the PII and they allow contractors to do the work without compromising by literally keeping the numbers and the people separate. Unless they are collecting data there is no reason not to do it this way. It’s easy, it already exists and it gets the job done. 
 

Now you just have to trust your porn provider is protecting your data and not collecting without telling you. Which I admit is the flaw here. Trust doesn’t exist. You need to pay someone to audit them. And that costs money. And that’s where the conversation ends cause they don’t want to spend it. 

 

What do people think happens with their credit card when they make a purchase online? 😂

[purbeast]

16 hours ago, Llevron said:

It’s pretty easy. Read only database that is queried. Database contains only numbers, don’t even have to match them with people (or the numbers physically on their IDs). Each number placed in this database is representative of a person who is over 18. 
 

Number exists welcome to porn heaven. Number doesn’t exist sent back to your aunts facebook. 
 

The government uses this everyday to process PII. Well, they send other agencies the work. They own the PII and they allow contractors to do the work without compromising by literally keeping the numbers and the people separate. Unless they are collecting data there is no reason not to do it this way. It’s easy, it already exists and it gets the job done. 
 

Now you just have to trust your porn provider is protecting your data and not collecting without telling you. Which I admit is the flaw here. Trust doesn’t exist. You need to pay someone to audit them. And that costs money. And that’s where the conversation ends cause they don’t want to spend it. 

I am assuming you were aware of this?

 

https://en.wikipedia.org/wiki/Office_of_Personnel_Management_data_breach

 

Using the government's tactics to protect PII isn't something I'd necessarily want to replicate.

[Captain Wiggles]

3 hours ago, Mufumonk said:

 

What do people think happens with their credit card when they make a purchase online? 😂

 

[Llevron]

4 minutes ago, purbeast said:

I am assuming you were aware of this?

 

https://en.wikipedia.org/wiki/Office_of_Personnel_Management_data_breach

 

Using the government's tactics to protect PII isn't something I'd necessarily want to replicate.

 

Yea and believe it or not I actually worked there at the time of the breach. And I currently work for one of the agencies whose cyber group noticed and alerted OPM that they were getting hacked before they even noticed it themselves. They brag about it all the ****ing time. Its annoying. 

 

This is a great example of trust being an issue though. The processes would have worked had they followed them. Specifically, they did NOT follow recommendations made and it cost them. Simple ****. Like users having admin access. Or sharing admin passwords among the IT staff. I still remember the network admin password from that time and it contains the word password lol. And I worked for the ****ing helpdesk. I had no reason to have that info. The problem was not the tactics or the process there. The problem was them not following it.   

 

Difference is how the government polices themselves, versus how they police others. It is very possible for this stuff to work if taken seriously. 

[Destino]

17 hours ago, mcsluggo said:

 

actually, it is because i don't give a ****ing rats ass about your, or anyone else's sense of "morality", and undeclared definitions when it comes to porn.    I find it utterly repugnant that THIS is the item on the information superhighway highway that gets people's panty's wadded.   You and the moron on your side of this argument aren't talking about protecting children from getting sucked into the depths of porn MAKING dungeons, nor about the penalties for revenge porn, nor about protecting the adult performers that are involved in an industry that is populated by cretins and predators BECAUSE the ****stick morality police drives it into the under-crevices/back alleys (well...MORE populated by those under-regulated creeps... it would attract its share of creeps anyway, which is why it needs to take place more in the bright sunlight of usual labor protection and other regulatory laws). ... you and the moron aren't talking about meaningful protections at all.  ANY of them.   Instead you are focused on allowing dip**** morality police to ban whatever undefined range of things that they want because you can think of SOME THINGs that are gross.   

Ah yes, the great moral terror of age verification. One step shy of witch burnings for sure.
 

Im not talking about the subjects you listed in this thread because that isn’t the topic we’re discussing. Which should be obvious. If you want kids having unrestricted access to any and all porn because you think it’s somehow beneficial in combating some sort of moral danger you dislike, then just say that. See how that works out for you. It would be creepy as ****, but at least it would be honest.

 

 

17 hours ago, mcsluggo said:

 

as of this month, my kids aren't kids anymore.    They are 18, 20 and 21 and are MUCH more puritanical in their tastes than i. 

“why aren’t you as freaky as I am, son?” Is definitely a conversation I’m glad I never had with dad. lol

 

 

 

17 hours ago, mcsluggo said:

 I am sure they have probably peeked into some seedy sites (but given their personality... ridiculously tame "seedy" sites), and that fact is about 900,000th on my worries of the dangers that they could run into on the internet.   I trust their ability to choose what is repugnant in "art" that isn't the slightest bit artistic.   I am worried about the ability of actively malignant souls to deceive them or to compromise them in specifically nefarious ways.   

 

falling for the "there are disgusting snuff flicks out there, so we have to put everyone in a burqa" trap is just plain stupid.    

Yes the great burqa of age verification. First the age verification, next mandatory church music everywhere. I must be stopped.
 

 

[PokerPacker]

4 hours ago, Llevron said:

 

Yea and believe it or not I actually worked there at the time of the breach. And I currently work for one of the agencies whose cyber group noticed and alerted OPM that they were getting hacked before they even noticed it themselves. They brag about it all the ****ing time. Its annoying. 

 

This is a great example of trust being an issue though. The processes would have worked had they followed them. Specifically, they did NOT follow recommendations made and it cost them. Simple ****. Like users having admin access. Or sharing admin passwords among the IT staff. I still remember the network admin password from that time and it contains the word password lol. And I worked for the ****ing helpdesk. I had no reason to have that info. The problem was not the tactics or the process there. The problem was them not following it.   

 

Difference is how the government polices themselves, versus how they police others. It is very possible for this stuff to work if taken seriously. 

The real key is creating a system that doesn't require trust.  Zero-knowledge proofs don't require you to trust that the other party won't sell you out because you never gave them anything to sell.

 

1 hour ago, Destino said:

Ah yes, the great moral terror of age verification. One step shy of witch burnings for sure.
 

Im not talking about the subjects you listed in this thread because that isn’t the topic we’re discussing. Which should be obvious. If you want kids having unrestricted access to any and all porn because you think it’s somehow beneficial in combating some sort of moral danger you dislike, then just say that. See how that works out for you. It would be creepy as ****, but at least it would be honest.

 

 

“why aren’t you as freaky as I am, son?” Is definitely a conversation I’m glad I never had with dad. lol

 

 

 

Yes the great burqa of age verification. First the age verification, next mandatory church music everywhere. I must be stopped.

The problem is that it isn't just age-verification.  It's identification.  If you can create a system that can verify age without being capable of passing on any more information then you'll probably get a lot more people willing to play ball.

[Jabbyrwock]

37 minutes ago, PokerPacker said:

The real key is creating a system that doesn't require trust.  Zero-knowledge proofs don't require you to trust that the other party won't sell you out because you never gave them anything to sell.

 

ZKP's are so friggin cool.  I just want full homeomorphic encryption with ZKP's...do they do that yet?   The idea that other parties could do calculations for you on your data, and never know whats inside it, is just awesome.

 

 

[tshile]

So this zkp thing, is this like anonymized data do they have data to work on they just can’t tie it to you

 

or are you talking about a handshake that allows them to authenticate access without knowing who you are? 

So I googled it and read two sentences so never mind I figured it out 

[Jabbyrwock]

19 minutes ago, tshile said:

So this zkp thing, is this like anonymized data do they have data to work on they just can’t tie it to you

 

 

One of the best named papers ever by a guy named Goldreich:  "A short tutorial of Zero Knowledge"

 

Reminds me of Terry Pratchett's professors at Unseen University : "The chair of indefinite studies" and "the Lecturer in Recent Runes"

Edited June 28, 2023 by Jabbyrwock