Privacy

45920 readers

2089 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS

274

Discord will require a face scan or ID for full access next month (www.theverge.com)

submitted 3 days ago by mr_MADAFAKA@lemmy.ml to c/privacy@lemmy.ml

103 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] Ferk@lemmy.ml 1 points 1 day ago* (last edited 1 day ago) (1 children)

if you don’t want the government to know what sites you visit, have sites route the request through a proxy.

I feel a proxy would not really make much of a difference. If the government keeps a mapping of which eID corresponds to each real person from their end (which they would do if they want to know what sites you visit) then they can simply request the services (and/or intermediaries) to provide account mapping of the eIDs (and they could mandate by law those records are kept, like they often do with ISPs and their IP addresses). The service might not know who that eID belongs to.. but the government can know it, if they want.

The government needs to want to protect your privacy. If the government really wants to know what sites you visit, there's no reason why they would want to provide you with a eID that is truly anonymous at all levels and that isn't really linked to you, not even in state-owned databases.

[–] mcv@lemmy.zip 1 points 22 hours ago (1 children)

Of course, a government has many ways they can legislate your rights, freedom and privacy away. But if you want to do this in a way that preserves privacy, this is how you do it.

Of course the government knows who you are; they have to. They issue your ID, and that makes them the only organisation that can issue your eID. But a government that serves its people would provide this an a service, with the proxy, to ensure privacy is respected.

And of course with a warrant they can and should be able to demand access to the proxy's or the website's logs. But only with a warrant. That is the bar that the government should always have to clear before they can get access to any citizen's privacy.

[–] Ferk@lemmy.ml 1 points 1 hour ago* (last edited 1 hour ago) (1 children)

I agree that a government that wants privacy can actually do it in a way that ensures privacy. That's also what I was saying.

My point was that this is up to the government, and no amount of "route the request through a proxy" would patch that up, that's not gonna help this case. If the government wants to protect privacy, they can do it without you needing to use proxies, and if the government wants to see what sites you visit using these certificates, they can do it even if you were to use proxies, because this is not something that's tracked in the networking layer, it's in the application layer.

[–] mcv@lemmy.zip 1 points 35 minutes ago (1 children)

If the proxy is independent, I don't see how the government can know what the requesting site is. They can only see the proxy. I don't mean a standard network proxy of course, but a proxy for the entire request. That's probably the source of our misunderstanding.

[–] Ferk@lemmy.ml 1 points 22 minutes ago* (last edited 41 seconds ago)

They don't need to know the requesting address in order for them to know if it was you the person corresponding to that proof of age, because the information is in the data being exchanged. These kind of verifications don't depend or rely on IP address or networking, these are credentials that are checked on the application layer.

In fact, they don't even need to directly communicate with the government for this.

This is equivalent to a registration office for a service asking you provide a paper stamped by the government that certifies your age without the paper actually saying who you are.. the service does not need to contact the government if they can trust the stamp in the paper and the government official signature (which in this case is mathematical proof). And even though the service office can't see your name in the paper, the government knows that the number written in the paper links to you individually, because they can keep record of which particular paper number was issued to which individual, even if your name wasn't written in the document itself.

The traceability is in the document, not in the manner in which you send it. It does not matter if you send the document to a different country for someone else to send it from a different address, on your behalf. If the government can internally cross-reference it as coming from you personally, they can know it's yours regardless of how it reached the offices.