• 0 Posts
  • 6 Comments
Joined 3 years ago
Cake day: June 12th, 2023
  • TechLich@lemmy.worldtoTechnology@lemmy.worldI'm struggling to think of any online services for which I'd be willing to verify my identity or ageEnglish
    1·
    7 minutes ago

    Those things come with a big convenience and implementation trade-off that slows adoption.

    If it’s hard to export for technical reasons (eg. Needs to be in a tpm) then that adds hardware requirements and complexity and makes it difficult to log in on other devices. If it’s a software thing, then it’s rippable. Either way “install our government app to watch porn” is not an enticing prospect for people.

    Aggressive rate limiting is also frustrating if you want to log into multiple things and it keeps blocking you because you’re using your key too fast, but if it’s not aggressive then it likely won’t be effective unless all the kids sharing a key are trying to use it at once.

    If it’s a temporary thing where you have to auth with the government to get a fresh signing key that expires, you have the issue of having to sign into the government when you want 18+ content which is super uncomfortable.

    I can see it being a browser-based thing set up a bit like video DRM but that would still need to talk to a government server each time for a temp key (like how licence servers work) and you’d need to be logged into their systems. It might still be the best option but it does still leak “X person wants to access 18+ content right now” to the government.

    I’m really interested in seeing a technical/cryptographic solution that actually works but so far I haven’t really and I’m starting to doubt that it’s possible.

  • TechLich@lemmy.worldtoTechnology@lemmy.worldI'm struggling to think of any online services for which I'd be willing to verify my identity or ageEnglish
    2·
    22 hours ago

    Whenever this comes up, this style of zero-knowledge proof/blind signature thing gets suggested. But the problem is that those only work if people care about keeping their private keys secret. It works to secure eg. “I own $1” but “I’m over 18” is less important to people and it won’t be hard for kids to get their hands on a valid anonymous signing key on the web. Because the verification is anonymous and not trackable, many kids can share the same one too, so it only takes one adult key to leak for everyone to use. It’s one of the reasons they push biometrics that at least appears to need a real human. Requiring ID has a lot of the same issues on top of being a privacy nightmare.

    I’m starting to think that actual age verification is technically impossible.

  • TechLich@lemmy.worldtoSelfhosted@lemmy.worldHow do I access my services from outside?English
    4·
    11 days ago

    For the unprivileged container thing, containers tend to be lighter on resources than VMs at the cost of a little isolation (they share the same kernel as proxmox which could have security implications).

    The ability for lxc containers to run unprivileged with all the restrictions that entails alleviates a bit of that security risk.

    Both options are generally considered pretty secure but bugs/vulnerabilities could break isolation in either case. The only real 100% safe isolation is bare metal.

    I tend to run containers unless I have a really good reason to need a VM, and run unprivileged unless I have a really really good reason not to.

  • TechLich@lemmy.worldtoSelfhosted@lemmy.worldHow do I access my services from outside?English
    8·
    11 days ago

    My recommendation is a VPN server to connect in from outside and have the default gateway for the VPN clients be a server that acts as a router that’s set up with your commercial VPN.

    That way, you can be outside on a phone or a computer, access your internal network and still have your public internet traffic go out through your commercial VPN without having to be able to configure multiple VPN connections at once (eg. Android doesn’t support that).

    Eg. 2 debian proxmox containers. One that runs wireguard (head/tailscale might also work here?) for external access and one that runs mullvad(or whoever) VPN cli and IP forwarding to be the gateway for your clients.

    Only downside is the extra hops to send everything through your home network first rather than straight to the commercial vpn which is probably fine depending on your speeds. You can always disconnect and connect directly to the commercial VPN for faster internet traffic if you need to.