The spec contradicts itself in various places, with sections saying that the app interacts with the attestation provider only once and that the attestation cannot be reissued, and other sections implying that the attestation gets reissued every three months and that the tokens are single-use.

It also isn't clear about whether they are actually using 18013-5 or are just requiring companies to implement a few tiny fragments of the spec.

I was left more confused after reading the spec than I was before.

Looks like I spoke too soon. The specification massively contradicts itself. 3.4.2 requires reissuance every three months, and requires that it issue 30 attestations at a time, and that they be single-use.

That part is architecturally correct, though allowing access to only 30 adult sites per three months is dubious. And if getting a new proof requires a new request at some point, then it becomes possible for the trusted list provider, conspiring with the proof of attestation provider, to cross-correlate the timing of requests and unmask a user with high probability.

And then, there's this:

So you still have a value that is potentially usable for tracking across multiple websites. It's just a timestamp. I'm not sure if I'm reading what they're saying correctly. If they mean all 30 in a batch have the same value, this is a disaster. If they mean always set the value to 00:00:00 so you get only one day of precision, that's better than nothing, but when the request comes from an area with low population density, it is still potentially inadequate for anonymization.

I can't make heads or tails of this specification. It contradicts itself in too many places, and it buries you in minutia while lacking a clear overview. It's the kind of spec only a bureaucrat could love, because it is perfect for verifying compliance, but makes it nearly impossible to quickly verify that the spec makes sense. It lacks a section on threat models and how it addresses those threats, which is the first thing I'd expect to see.

At this point, I have no idea whether this protects privacy or not. And that's perhaps more disturbing.

It is possible, in theory. But calling this "completely anonymous" is hopelessly naïve, IMO, unless I'm missing something *huge*.

Announcing that this is "technically complete" is laughable. I have not seen a single public white paper on the subject. We should have seen years of back and forth between academics, crypto experts, operational security experts, privacy experts, and other groups, as they all tear apart the design over and over again until it is refined into something that actually provides the claimed anonymity.

The lack of this public discourse leads me to the inevitable conclusion that it almost certainly provides the illusion of protecting privacy, while in fact massively violating it to a greater degree than ever before.

And sure enough, I started skimming the technical specification, skipped the whole first section, which was mostly justification, and almost immediately found a fatal flaw.

Unless I'm missing something, this is a show-stopper, and points to the entire architecture being fundamentally unusable:

What this means is that a user gets a magic token that proves that the person is of a particular age, then submits that token to sites for verification. Here's a list of problems with that approach:

• The same attestation is sent to every site. So the fingerprint of that certificate becomes the *ULTIMATE* tracking cookie. Every adult website will effectively know who you are. They won't know precisely who you are, but they will be able to correlate activity across sites, target ads to your specific behavior across multiple sites, etc.
• It is impossible to regenerate that token, so once your privacy has been thoroughly raped and random websites are showing you adds for hardcore porn, you can never turn it off.
• As soon as you pay for anything with any of those adult sites, your identity is now known, and can be correlated with your activity across all adult sites.

Using the words "privacy rape" to describe this technology is not nearly a strong enough statement, but it is the strongest phrasing I could come up with.

Protects anonymity, my ass.

About the only good thing that can be said about this is that because they didn't specify minimum requirements for storage protection, chances are it will get hacked in the first week, and a few adult users' attestations will show up on the dark web and will get used by a few million underage users' devices, making it useless as proof of age, and hopefully resulting in the folks who thought this approach was adequate quickly shutting it down.

Like I said, give us a public comment process, articles published in multiple reputable journals, etc. and in five to ten years, this will be ready. It's not ready. It's not close. It's not even in the right ballpark.

For this to be completely anonymous, it must not be possible for a government actor with control over infrastructure to perform timing attacks on anonymity, e.g. user requests auth token from government, government knows who that user is, government sees unencrypted DNS request to porn side ten seconds earlier, correlates the requests.

Doing this correctly is genuinely really, really hard. You need:

• A different token sent to every site, with no common data that can correlate accesses across multiple sites.
• No ability to correlate the timing of the user's request for proof and the timing of a user connecting to a website.
• No ability to correlate the timing of the user's request for proof and the timing of a verification request from a website to the verifying authority.

This starts by the verification authorities outsourcing the verification to the "RP" (relying party). Public keys used to verify the signature. That way, the government entity doing verification does not have any record of verifications to correlate with requests.

This continues with the client queueing up a thousand or so pre-signed certs from the signing authority, and requesting replacement certs on a time-based schedule (once per day, with randomization of the replacement rate, with the client silently discarding excess certs so that you maintain a consistent pool size).

This is a starting point. I'm not saying that these things are sufficient, just that they are necessary.

IMO, that's redundant. Holding companies are where brands go to die. Nothing specific to AEG. :-)

Everybody knows all birds aren't real. :-D

... because we have shoes, and can outrun the competition.

My guess would be soon as the warranty expires, given that this affects TVs released as recently as last year....

The music publishers own the mechanical and/or streaming rights. That's where it could be a problem. But given that this probably drives interest that makes them money rather than taking money away, there's a decent chance they won't care unless they think it will get them a big payday somehow.

No, it really doesn't. What it does is:

• makes it impossible to click the links at the bottom of the page (e.g. terms of service)
• forces the company to ensure that there will always be more to see by cramming in more and more padding to stretch out the limited useful data
• hides the fact that there's nothing left to see, making you waste more time on the site

There is literally never a situation where this is inherently the right thing to do (except for the company's ad-driven bottom line), because the quantity of data available is always finite. And the very design of infinite scrolling creates a perverse incentive to fill the feed with garbage and ads and padding and boosted posts and groups you might like and everything else under the sun, rather than telling you that none of your actual friends have posted anything new since you last looked.

More to the point, it disguises how much less actual use people are making of Facebook. And as people use it less, it requires padding the content with more and more garbage to hide the reduction in organic content, which reduces the production of organic content even more, eventually turning in a death spiral. But they'll hide that for as long as they can by packing in more and more fake engagement opportunities.

Agreed. Where we disagree is that I think infinite scroll inherently leads to that abuse. :-)

A lot of it really is the social media companies' fault. When I look at Facebook, my feed used to be 99% stuff posted by my friends and family. Now, it is only about 20% stuff posted by my friends and family. The rest is a combination of groups that I'm in (20%), random influencers and groups and pages that are being promoted (50%), and straight-up ads (10%). There is more garbage than content. And there's no good way to get the trash out, no matter how hard you try.

And yet, that steaming pile of garbage is being shown because for some subset of the population, seeing things that drive interactions, rather than things that genuinely deeply interest the user, causes those users to come to the site more and stay on the site more.

Meta, realizing that they have hit peak user count and can't realistically grow much bigger, have to find a way to keep the stock price from cratering because of zero growth potential, so they are abusing users to try to gain more eyeball time instead. They deliberately feed the addiction of those who have short attention spans and need continuous input to stimulate them.

The moment they started chasing engagement instead of users was the point when they became a net harm to society. And all of this social media addiction stems from that. Very nearly all of the harm that they cause stems from that. It stems from sites designed to continuously route you towards content that will be more engaging to keep you on the site longer. This is not to say that there is not room for some of that on a broad scale, but doing it too narrowly leads to rabbit holes, which are a net negative.

Fixing this requires keeping companies small, and requiring that big social media companies make their networks available to smaller companies (federation) so that there is actual competition in the marketplace. But the fact that governments should have intervened decades ago doesn't mean that it isn't still the fault of the companies. They had a choice. They could have continued to do business the way they did before, knowing that their stock price would never grow. They chose to seek revenue over user happiness.

The theory is that people will see someone they find attractive and use this to figure out who they are so that they can stalk them. And yeah, that could plausibly happen, in theory.

In practice, Facebook doesn't know where I am right now, and facial recognition on a worldwide database is likely to produce hundreds of hits for every person, and that's assuming the person even has a Facebook account.

Also, in practice, the feature has almost no real-world utility. If you don't already know who a person is, you probably don't need to know that person's name, and if you do, then you are already probably connected in one way or another. Limiting this to people who are within a small-ish number of degrees of separation from you would fix both the stalking risk (for the most part) and the too-many-results problem, and I'd be surprised if they did not already do that, making their concern probably almost purely academic.

Locals can plan for it. People who just flew in from another country may starve to death.

It would also be a nightmare for me. Weekends are when I do personal projects around the house. If I suddenly realize that I need a screw or hinge or piece of lumber that I missed in planning, and if retail is closed on Sunday, the project stops and doesn't resume until the following weekend. And now you've cost me almost an entire week.

This also means that businesses that are only open during the day Monday through Friday might as well not exist from my perspective. I'll never do business with them, because I'll never be available to do business with them.

If I were picking days, I'd say, retail should *only* be open on Saturday and Sunday, plus maybe evenings after 6. Having those businesses open during the day when everybody is at work doesn't make a lot of sense. For businesses like Lowe's and Home Depot, people who work in construction can plan for it and pick up materials the night before. At least they would be set back by only a day if they forget something, rather than a week.

If you're going to have a guaranteed day off, what would be better would be to mandate that each individual place of business have a guaranteed day off. So half the businesses might pick Saturday and half might pick Sunday. And half the Lowe's stores would pick Saturday, and half would pick Sunday. And so on.

Better yet, have a religious freedom law that requires businesses to allow individuals to guarantee that their chosen day of worship is free if requested, plus religious holidays, up to some reasonable number per year. Let businesses figure out how to deal with that. For example, people who attend worship services on Saturday — Catholics, Jews, 7th Day Adventists, occasionally Episcopalians or Lutherans, etc. — could be a hot commodity and demand higher pay because of their availability to work on Sundays. Meanwhile, other churches would be pressured to offer Saturday worship to level the playing field, and in the end, folks would have more choice in worship times.

The name is a misnomer. It isn't backlit LEDs. It is LED backlights.

Being able to display darker blacks is actually kind of a big deal, particularly in a dimly lit room. Having crushed blacks because of inadequate ability to darken the screen makes some shows significantly harder to watch.

And it is even worse for computers. My MacBook Pro has one of those splotchy LCDs that can dim parts of the backlight, and I guess that's better than nothing, but at its dimmest backlight setting, the overall backlight still isn't dark enough to use at night in the dark by a large margin. Having an OLED panel where you just have brightness and contrast to deal with would be a real win, IMO.

You would think, but I've definitely heard of situations where that was not the case, where first responders from fire departments could talk to police, but not the other way around, or other similar situations, and IIRC, they blamed a misconfiguration in the encryption for those problems.

I'm guessing that the encrypted radios have a key that they use for sending, and have multiple keys that they can receive, so that you can always tell which entity's radio is sending. If that's the case, then if radio A had the key to decrypt traffic from radio B, but radio B did not have the key to decrypt traffic from radio A, you could have a situation where communication only goes one way.

But I'm entirely speculating here based on vague memory of a news story from probably at least half a decade ago, so who knows if it has any basis in reality.