"Next, even assuming the whole thing is perfect and has been checked and confirmed by independent experts, how do you guarantee that once the infrastructure is in place the whole age-gating software isn’t just made closed source and covertly of changed to turn it into a full-blown civil society surveillance system?"
For chat control app: blockchain where only recognized child safety organizations can add photo-hashes For age verification app: it’s zero knowledge proof, so you get a white card without any private data? so how can that turn into full blown surveillance system? The only thing I don’t like is uploading my ID online to the app, let me get verified by showing my ID to municipal services without uploading it, would be good ig
Oh man, so much superficial stuff there.
For starters you did not answer my main question: How exactly does any of this stop the authorities from just making the app close source and changing it to do whatever the fuck they want?
Next “recognized child safety organizations” just moves the problem of “who choses what gets blocked” around. Who “recognizes” an organisation as genuinelly for child safety? Who authorizes them to add photo-hashes to the blockchain? What is the official process for all of that? Where is the Judicial oversight? Where is the fucking Judicial oversight? You know, the way by which for example an artist can get their tasteful drawing which is not adult but “had too much skin” for some moralistic type in one of those organisations taken of the blockchain.
Further: Who gives you the “white card without any private data”? How do you for sure it doesn’t have some kind of ID and it’s not in some database right linked with your personal info?
“Also, who gets to chose which sites are locked behind age-gates and which are not. Is the list open? Can it be appealed? How easy it is the appeals process? Is there Court supervision of the whole process or is it some people in a closed room with no Judicial oversight choosing what gets put behind that lock and what doesn’t.”
Child safety organizations? Independent organizations with clear criteria or something? But yeah good questions idk
Again, PROCESS. Who approves anybody to oversee this? What power do they those people have? What’s the process to reverse bad decisions?
Further, you can hardly reconstruct the picture for validation from the hashes in blockchain, so it’s not really public, now is it?! The hashes are public but the content represented by them is not, so de facto the list of what’s being blocked is not public, so how would the public know that it’s actually correct and not, say, some moralist blocking sex-education images?
I mean a very common trick by politicians in areas prone to Corruption, such as public contracts or public-private initiatives is to set some shit up with potential to abuse and then a toothless or captured “independent” overseer - it provides the appearence of honesty whilst in practice being the very opposite.
Further, your answer is again superficial. “Child safety organisations”? Meaningless without a detailed definition of what’s considered child safety, how they’re overseen to actually abide by such definition rather than say, being moralists or well-meaning but incompetent amateurs. If I was to proclaim to the Estonian Authorities that “I’m a ‘child safety organisation’” would they just let me put whatever I wanted on that blockchain? Dive beyond the surface with even the minimum analysis of the problem space and, as usual, the devil is in the details.
This isn’t just a technical problem, it’s a process problem and a regulatory problem - if this is not done properly whatever technical appearence of anynomity you have can be defeated by the process side of things (like having a record somewhere linking that “anonymous” white card with you or whatever state sanctioned app mandated to run in your devices being turned closed source and changed to covertly track you) and that applies not just on the user side but also the lists side of things (how the sites to block are chosen can be abused to block people from seeing things which are not adult but rather political) and the server side of things (as in, is there any software the sites have to run and what independent oversight is there for what it does).
Tech does not work in a vacuum and is not the whole system by itself - it exists in a human context, not least because it’s done by people (or at least in accordance to the specifications of people if you’re vibe coding it), it’s installed or distributed by people, it gets data that ultimatelly comes from people, and it’s use by people - there is literally no point in tech that does not in some way affect or is affected by people - and thus tech can be abused and subverted by the human/process side of things. This is why good hackers also use social hacking - because you can subvert tech via the human side.
So the bits that have to be protected for this to not just do what it’s claimed by people that it’s supposed to do (and to keep on doing it even when bad actors get a hold of it), extend all the way to the process side of things and into things like Judicial oversight (because any human process that’s not overseen by a powerful independent entity gets abused sooner or later). And, guess what, all of that if far heavier than a pie in the sky list of tech fads.
My core concern is that a technical infrastructure of mandatory government software in people’s devices (which is a requirement of this, otherwise there’s nothing there to stop children from acessing whatever the fuck has hashes in that blockchain), once in place can be abused, and as we’ve already seen in Europe, Democracies can and do turn into Fascism at any point and Fascists just love to have an infrastructure in place that can easilly be changed (just push an updated version down) to, say, eavesdrop on people or block everybody from accessing specific political content.
Oh man, so much superficial stuff there.
For starters you did not answer my main question: How exactly does any of this stop the authorities from just making the app close source and changing it to do whatever the fuck they want?
Next “recognized child safety organizations” just moves the problem of “who choses what gets blocked” around. Who “recognizes” an organisation as genuinelly for child safety? Who authorizes them to add photo-hashes to the blockchain? What is the official process for all of that? Where is the Judicial oversight? Where is the fucking Judicial oversight? You know, the way by which for example an artist can get their tasteful drawing which is not adult but “had too much skin” for some moralistic type in one of those organisations taken of the blockchain.
Further: Who gives you the “white card without any private data”? How do you for sure it doesn’t have some kind of ID and it’s not in some database right linked with your personal info?
Again, PROCESS. Who approves anybody to oversee this? What power do they those people have? What’s the process to reverse bad decisions?
Further, you can hardly reconstruct the picture for validation from the hashes in blockchain, so it’s not really public, now is it?! The hashes are public but the content represented by them is not, so de facto the list of what’s being blocked is not public, so how would the public know that it’s actually correct and not, say, some moralist blocking sex-education images?
I mean a very common trick by politicians in areas prone to Corruption, such as public contracts or public-private initiatives is to set some shit up with potential to abuse and then a toothless or captured “independent” overseer - it provides the appearence of honesty whilst in practice being the very opposite.
Further, your answer is again superficial. “Child safety organisations”? Meaningless without a detailed definition of what’s considered child safety, how they’re overseen to actually abide by such definition rather than say, being moralists or well-meaning but incompetent amateurs. If I was to proclaim to the Estonian Authorities that “I’m a ‘child safety organisation’” would they just let me put whatever I wanted on that blockchain? Dive beyond the surface with even the minimum analysis of the problem space and, as usual, the devil is in the details.
This isn’t just a technical problem, it’s a process problem and a regulatory problem - if this is not done properly whatever technical appearence of anynomity you have can be defeated by the process side of things (like having a record somewhere linking that “anonymous” white card with you or whatever state sanctioned app mandated to run in your devices being turned closed source and changed to covertly track you) and that applies not just on the user side but also the lists side of things (how the sites to block are chosen can be abused to block people from seeing things which are not adult but rather political) and the server side of things (as in, is there any software the sites have to run and what independent oversight is there for what it does).
Tech does not work in a vacuum and is not the whole system by itself - it exists in a human context, not least because it’s done by people (or at least in accordance to the specifications of people if you’re vibe coding it), it’s installed or distributed by people, it gets data that ultimatelly comes from people, and it’s use by people - there is literally no point in tech that does not in some way affect or is affected by people - and thus tech can be abused and subverted by the human/process side of things. This is why good hackers also use social hacking - because you can subvert tech via the human side.
So the bits that have to be protected for this to not just do what it’s claimed by people that it’s supposed to do (and to keep on doing it even when bad actors get a hold of it), extend all the way to the process side of things and into things like Judicial oversight (because any human process that’s not overseen by a powerful independent entity gets abused sooner or later). And, guess what, all of that if far heavier than a pie in the sky list of tech fads.
My core concern is that a technical infrastructure of mandatory government software in people’s devices (which is a requirement of this, otherwise there’s nothing there to stop children from acessing whatever the fuck has hashes in that blockchain), once in place can be abused, and as we’ve already seen in Europe, Democracies can and do turn into Fascism at any point and Fascists just love to have an infrastructure in place that can easilly be changed (just push an updated version down) to, say, eavesdrop on people or block everybody from accessing specific political content.