this post was submitted on 30 Nov 2024
121 points (99.2% liked)

Programming

22204 readers
197 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev

founded 2 years ago
MODERATORS
snowe@programming.dev
Ategon@programming.dev
MaungaHikoi@lemmy.nz
UlrikHD@programming.dev
121
How could digitial age verification be possibly implemented with privacy in mind? (programming.dev)
submitted 8 months ago by onlinepersona@programming.dev to c/programming@programming.dev
77 comments fedilink hide all child comments
 

Many might've seen the Australian ban of social media for <16 y.o with no idea of how to implement it. There have been mentions of "double blind age verification", but I can't find any information on it.

Out of curiosity, how would you implement this with privacy in mind if you really had to?

you are viewing a single comment's thread
view the rest of the comments
[–] hedgehog@ttrpg.network 2 points 8 months ago (1 children)

What are you hiring this cryptographer to do? It sounds like you’re hiring them to roll your own crypto (it’s for your project, therefore it’s “yours”). That’s where you went wrong.

If you go with an established cryptographic algorithm / OSS implementation, then that solution will be one that has received a great deal of review by cryptographers. If it has obvious vulnerabilities, those will have been noticed and documented. Many non-obvious vulnerabilities will have been documented, too.

If you roll your own, even if you’re an expert, your algorithm will not have had the benefit of those thousands of hours spent reviewing it.

But that doesn’t mean that your work can’t be reviewed. Even a developer who didn’t specialize in cryptography could potentially notice an issue, assuming they at least had some background, though it having experts review it would be better.

If you’re following best practices and are using an established solution, then the reviewer doesn’t have to fully understand the field of crypto. It’s much easier to confirm that an algorithm is being implemented faithfully or that best practices are being followed.

If a cryptographer you hired is trying to intentionally build an algorithm with backdoors, that may be difficult to notice, but if “no one has ANY IDEA WHATSOEVER if there are back doors until they are used to rob people blind” then that’s because you didn’t have enough experts review their work.

[–] demesisx 4 points 8 months ago

I disagree with nothing you’ve said here. This is exactly what I would do and exactly what IS done in industry.