top | item 44544499

(no title)

chgs | 7 months ago

Site generates random key

Key and verification passed to verifier

Verified list is published

Site pulls list and checks its number has been verified

Site doesn’t know who it is, and verifier doesn’t know which site was verified against

discuss

_Algernon_|7 months ago

How do you prove that the generated key by the site is actually randomly generated? I certainly don't trust a random porn site to do this right.

If the verified list is tied against identity, there is only a simple law change required to de-anonymize everything.

chgs|7 months ago

Doesn’t really matter surely, you only need to trust the identity provider not to leak your identity and your porn provider not to have a key that your identity provider can link to.

thinkharderdev|7 months ago

You don't trust people who run a massive-scale streaming video platform to have the technical chops to generate random numbers?

sigwinch|7 months ago

Break the key in half.

Otherwise, why wouldn’t I just try the last entries from that list?

chgs|7 months ago

They key would be hashed with the user’s details (ip address, value in a session cookie etc) so someone else can’t reuse it. Hell there are things like elliptic curves and DH which still seem magic to me.

Now sure if the identity provider and the site work together they could negate the anonymity, but given that for the identity provider anonymisation would be the key selling feature they wouldn’t want to risk that. Mullvad I’m sure would be trustworthy enough.