this post was submitted on 10 Dec 2023
133 points (97.2% liked)

Technology

59207 readers
2845 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Another State Lawmaker Wants To Criminalize Porn Through Age Verification::Here we go again, everyone. Another far-right state lawmaker has introduced a bill requiring age verification in order to access porn sites from within state limits. This time it is Tennessee state Rep. Patsy Hazlewood who introduced yet another extreme age verification proposal that essentially makes it a crime to own a legally operating porn…

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 15 points 11 months ago (1 children)

I agree it's a global and concerted effort but just because they are all banging on about porn and using it as the Trojan horse, this isn't about porn or nudity or sex.

You remember when 'Arab Spring' happened? And all the usual suspects said how great it was and that the internet had a democratising influence? The were welcoming the changes in the Arab world but saw the true power of the unmediated internet in those coordinated protests and vowed they'd never let it happen to them.

Within five years we're going to see gigantic walled gardens where people can only sign in using their given name and confirming by a passport or driving license. We can already see sites where you have to use a OTP or authenticator code on a smart phone to sign in. Extrapolating your identity from that info is trivial.

I think there will be another internet available only by using other protocols but it will be forever looked down upon and payment providers will not service any monetisation there.

[–] [email protected] 4 points 11 months ago (1 children)

Uhh are you assuming MFA is... somehow a bad thing?

[–] [email protected] 1 points 11 months ago (1 children)

MFA

No, but it does present more data for the unscrupulous.

[–] [email protected] 2 points 11 months ago (1 children)

Aside from SMS/email, which should be avoided anyway for other reasons, or proprietary solutions like MS’ or Steams approach, there is nothing to be gained from TOTP or WebAuthN.

TOTP (the 6 digit code that changed every 30 seconds, usually) is just a hash of a shared secret between you and the server, and the current time rounded to the nearest 30 seconds.

WebAuthN/FIDO2/U2F is private by design. Keys/authenticators derive a unique key for every credential pair, you can even register the same key multiple times because of this. About the only thing you gain is knowing what type of authenticator is being used, which is of questionable value at best.

[–] [email protected] 2 points 11 months ago (1 children)

Thank you for this, I learned something today.

I wasn't rubbishing 2FA I was saying that in order to use it you usually need to use a mobile phone and it's the phone that I regard as being a security risk for any number of reasons.

[–] [email protected] 2 points 11 months ago

Ah I see, and you’re most welcome. 2FA is something I am very passionate about, to the point I’m trying to convince my whole family to use security keys, but I come up against a lot of resistance to it