While the adjacent comment provides a proper answer to the broader question I thought I'd answer you more directly. A function that consumes one or more characters and then outputs a token will suffice. You turn the character stream into a token stream (or an altered character stream) on the fly. See lisp reader macros for example.
Willing to take ownership, and also forgo a lot of functionality that the device was billed as having when it was purchased. Defending Bambu here seems like the same mentality as supporting a manufacturer that implements a subscription model for heated seats in their cars. (Don't worry, we're an ethical manufacturer so we don't charge a premium for access to heated seats. As long as you have our app on your phone (requires location permissions) you'll be able to make use of them!)
It isn't necessarily but I think it often qualifies. IMO (approximately) activism describes motivation while drama is a characteristic of an action. Thunberg for example is undoubtedly very dramatic.
FWIW that's also how I interpret it. That said, it doesn't bother me because it's YT not HN. They're very different environments. As long as the ensuing discussion here exhibits a reasonable approximation of proper discourse then all is well I figure.
I have yet to see a scheme that would robustly preserve privacy and freedom floated by any of the major efforts. I think the onus is on you to present a workable scheme, but even then I'm not going to support the major efforts which at present are malicious.
Having Privacy in the name doesn't mean it's actually privacy preserving. You can't just ignore attack vectors like collusion between signing entities and websites.
Did you read about how it works? Can you precisely describe an attack that defeats it, or are you just throwing names you've heard without actually knowing how Privacy Pass works? Sounds like the latter to me (yes, I read the RFC).
Well it probably needs a bit more complexity to avoid being trivially broken. Codes are one time use; the service has them attested by the token provider behind the scenes, and the provider is in turn under contract with the government. Tokens are also activated at the point of purchase similar to gift cards in order to prevent bulk theft and resale. A law in the vein of HIPAA prevents collusion between the retail establishment and the token provider.
>> A law in the vein of HIPAA prevents collusion
>
> No need if you use cryptography.
True for age verification, but not true in general. If you have something that can be used illegally, it's very handy to allow firms to rent / hire it out anyway but make the hirer responsible for any illegal activity.
An example is hiring a car, and the car is used to ram-raid a shop. Today this is solved by handing over a government ID to the rental company. Commit a crime in the car and they hand that over to police, but it has the sad side effect of handing over information to the car rental they can use to track you, and worse sell to others.
Using a zero knowledge proof for a valid driver's licence fixes the privacy problem, but at the expense of the hire company not being able to transfer responsibility for illegal activity onto the hirer. I suspect if that happened no one would hire out cars any more.
You can easily design something that is Zero Knowledge to the car hire firm, but includes an opaque token they can hand over to the government on lawful demand. It contains all the details needed to pursue the law breaking hirer. Thus there is still a role for the law here - you can't always do everything with crypto.
This is a very minor quibble - I agree completely with what I think is your main point. This Google change is a privacy disaster. It's a step towards an enshittified internet with the gateways onto it controlled by a few big tech firms.
But I don't think just yelling "just use ZK" is helpful. It's much harder than that - ZK is only part of the puzzle. Passkeys are currently caught up in the same attestation trap, and there is no workable solution in the offing. Banks and other high trust applications need some assurance your FIDO private key is being handled securely. The solutions on the table are Apple not doing attestation, or Google who does at the low low price of selling your true name to Google. Both "solutions" suck, horribly.
ZK proofs of things like licences and age have to solve the attestation problem, and solve extra stuff as well. I'm not holding my breath.
> But I don't think just yelling "just use ZK" is helpful.
Agreed. I am just very frustrated, because I feel it is an important topic. And I wish I saw adult discussions about it. And instead, people who claim to be "tech-savvy" keep whining about the fact that it will fundamentally leak their ID everywhere. Like they somehow understood the point for E2EE, and repeat it here confidently. If tech-savvy people can't be bothered to understand how this works, why should politicians?
I have the same frustration with the anti-5G crowd yelling that it will boil your blood. There are many valid reasons to criticise 5G and have a constructive debate, but they choose to be wrong anyway.
> If tech-savvy people can't be bothered to understand how this works
You underestimate your own abilities. Tech savvy doesn't mean they think much about crypto.
To get a feel for this I asked Gemini "If you were to survey a group of people who would be called "Tech Savvy", what percentage of them would be aware you could construct a zero knowledge proof for a person's age that revealed nothing beyond they were older than a given threshold?". The answer was 5%..10%. That rises to a surprising low 20%..30% for Software Engineers. It's only once you get to Software Engineers who write security systems that you get above 50%.
Gemini didn't give any references so those figures could be complete rubbish, but in my experience they seem on the high side. Many very experienced engineers I interact with clearly have not thought very deeply about how crypto systems interact with human trust. Granted understanding the implications of crypto is yet another step beyond understanding the maths, but I'm amazed at how many technology curious people haven't bothered to take that step.
The good pollies on the other hand probably have a very good intuitive feel for human trust systems and how to navigate them. They rely on engineers to tell them what is possible of course, and they won't care about the details. But what they will care about is whether the engineers can deliver the system they promised, and there I have to admit our track record is appalling. How many government IT initiatives have you seen deliver what was promised on time and on budget? So when you tell them you can build a ZK system that delivers in all these privacy promises, expect a very sceptical reception.
What happens when I set up a tor hidden service that (in conjunction with some client software) stands in for a visitor's device and will proxy any requests back to my personal card? After all the payloads are anonymous so what's the risk to me?
To prevent this sort of abuse, the server would have to request the `pseudonym` field, which contains a hash across the server identity and the card's secret salt, allowing the server to detect abuse but not to track the user across multiple services.
It's probably even simpler than that: say normal users make a few requests once in a while (because they don't need thousands of tokens every day), and one user makes a ton of requests, then it is an indication that this user may be abusing the system.
It would probably be possible to use the service that the parent is suggesting and try to link it to requests to the server based on timing. But I don't even know if anyone would bother trying to identify the OP: probably it would just be enough to rate-limit the requests.
As always: it's easy to criticise, harder to actually get it right.
"Think of the children" is the stated reason but not the actual reason. We've seen this pattern so many times that it's perplexing that people continue to fall for it.
If the children were the actual reason there are much less invasive solutions that enable reliable parental controls such as mandating self classification of content and fining service operators for inaccuracies.
Think for yourself and consider what the possible ulterior motives might be.
> Sure, and in the meantime try to think and read about how privacy-preserving age verification actually works.
This requires you build a whole apparatus around controlling what people can see, say, and do.
The concept of "slippery slope" is often called a logical fallacy, but in reality it's more than often not a fallacy at all. It's the manner in which you boil the frog.
I think it's something like over 50% of adults do not have kids now. Why should we put the majority of people - for the majority of their lives - at risk for a mere 20% of the population to "not see boobs", when good parenting will suffice?
Let's not put a cage around our freedoms. Let's ask parents to be more responsible. In the edge cases where that isn't sufficient, is that really as bad as what could happen to all of our liberties should we go down that path?
We're burning down the whole village because someone saw a cockroach.
> that basically argue "coding has never been the bottleneck"
> we have all this work that needs to be done and not enough people to get the work done
I believe the reasoning is roughly to ask, what was occupying the developer hours? Was the majority of it typing out lines of code or was it reasoning about higher level concerns?
It usually comes up in response to predictions that the role of developer will be completely replaced in the near future. It's possible to observe significant efficiency gains without obviating the need for everything the role was doing.
Of course such reasoning has little to do with projections of future developer employment numbers. Will the switch from push mowers to gas mowers reduce the demand for people who get paid to mow lawns by increasing their efficiency? Will it increase the total lawn acreage across the market? It could well do both. However, if it makes having a lawn affordable for the average joe it could counterintuitively increase demand for the job.
Of course the stated goal of the AI companies is to develop the analog of fully robotic lawnmowers. But despite how impressive recent advancements have been we still have yet to see any evidence of novel abstract reasoning or a theory that would be expected to lead to it.
In other words, people have been speculating about the development of fully autonomous lawnmowers and the risk that they unilaterally decide to cut us all down for the past 50 years. "I, lawnmower" was a smash hit a few years ago. Now gas ones have appeared and continue to make rapid advancements but still no convincing signs of autonomy.
> I believe the reasoning is roughly to ask, what was occupying the developer hours? Was the majority of it typing out lines of code or was it reasoning about higher level concerns?
You're obviously right and the people who think that are the managerial types that think software developers were glorified secretaries writing after dictation.
LLM is great at generating stuff, but it's basically 3D printing. Amazing, but most of the high quality stuff in the world needs to be built at large scale out of aluminum, steel, wood, etc. Yes, I know there are large advances in 3D printing, but maybe 0.000000001% of all manufacturing in the world are done using 3D printing. A lot of stuff will probably never be possible using 3D printing.
reply