Email or username:

Password:

Forgot your password?
All posts ansuz / ऐरन's posts Post Back to profile
Top-level
ansuz / ऐरन

(16)

> In order to prevent and combat online child sexual abuse effectively, providers of hosting
services and providers of publicly available interpersonal communications services should
take reasonable measures to mitigate the risk of their services being misused for such abuse,
as identified through the risk assessment. Providers subject to an obligation to adopt
mitigation measures pursuant to Regulation (EU) 2022/2065 may consider to which extent mitigation
measures adopted to comply with that obligation, which may include targeted measures to
protect the rights of the child, including age verification and parental control tools, may also
serve to address the risk identified in the specific risk assessment pursuant to this
Regulation, and to which extent further targeted mitigation measures may be required to
comply with this Regulation.

"reasonable measures" assumes a lot, especially coming from agencies that believe client-side-scanning doesn't undermine e2ee.

This is the first mention of "age verification" in the document, but it comes up quite a lot afterward. Usually that line of thinking converges on requiring people to provide some government id in order to use the internet, which is terrible for a multitude of reasons...

13 Sep 2023 at 16:24 | Open on social.cryptography.dog
4 comments
ansuz / ऐरन

Thomas Lohninger of epicenter.works gave a talk at the recent chaos communication camp about what the EU is doing in this area:

media.ccc.de/v/camp2023-57548-

he notes that the EU is working on some methods to do age verification without disclosing government id explicitly - some involving zero knowledge proofs - but he makes a few critical points:

1. the "digital wallet" system they are proposing is going to be a very high-value target with a fairly large attack surface

2. government-issued hardware wallets are not accessible to undocumented migrants

3. not everyone has a phone they can use for this purpose

(16a) says the age verification should be "non-discriminatory and accessible", but I don't see how that's possible given the points above without falling back to scans of government id

Thomas Lohninger of epicenter.works gave a talk at the recent chaos communication camp about what the EU is doing in this area:

media.ccc.de/v/camp2023-57548-

he notes that the EU is working on some methods to do age verification without disclosing government id explicitly - some involving zero knowledge proofs - but he makes a few critical points:

13 Sep 2023 at 16:34 | Open on social.cryptography.dog
ansuz / ऐरन

I'll keep reading so that I have an idea of what's to come if this passes, but I'm only on page 12 of 199 and there's no sign that things will get any better, so I'm not going to livetoot the whole read-through.

I'll just reiterate that the #chatControl legislation is an absolute shitshow.

The people pushing for this are either ignorant or malicious. They claim to want to protect the public, but their manner of doing so will very obviously harm large groups that are already marginalised.

13 Sep 2023 at 16:41 | Open on social.cryptography.dog
ansuz / ऐरन

my last point for now is that while this particular legislation concerns the EU, it is a part of an international effort to expand surveillance.

There's similar efforts in a number of other countries. Even if you aren't a citizen or resident of one of those nations, you are most likely a user of at least one service that will be affected.

This legislation absolutely needs to get shut down now, because every such measure that passes makes it easier to enact similar ones in other nations.

13 Sep 2023 at 16:49 | Open on social.cryptography.dog
drathir

@ansuz Finally someone logicaly thinking to stop tie everything to mobile phones (no matter if number or apps with madly sensitive permissions access)

13 Sep 2023 at 16:43 | Open on mastodon.social
Go Up