Pika

You are correct with this comment yea, the biggest drawback (which as acknowledged we have seen on lemmy) is the anonymous of the account. It’s easy to spin up spam instances, and due to how federation works its hard to combat against it. I remember LW had an issue regarding that a bit ago with someone threatening to just keep changing domains to avoid blocking, which is indeed a problem for any of these style services. I agree at large scale, most sites are not going to want to have to put up with losing that level of control moderation side. It creates a lot of headaches and for most sites it’s just easier to enforce a policy that forces disclosing PII.

tox did something similar with this outcome, but it never took off. Basically with tox each account is actually stored locally, much like how Skype did when it was p2p, but the difference is your account is actually on your device, as in if you lost your “key” you lost your account, when you connected with others, you gave your friends your TOXID which was essentially your public key signature with some added information regarding what you wanted for privacy added to it, and then your messages were relayed through a p2p DHS network. Every communication was encrypted e2e. With tox anyone could create an account with any information, but only people you added were able to message you, and visa versa. The only time you were ever publicly disclosed was during adding contacts to people you didn’t already have, which helped minimize botting on it as bots wouldn’t be able to message you without your ID. The issue with that method was, both parties had to be online to message each other, there was no central server to manage identity and handle users, so every connection was considered trusted since you had to manually add the person via their tox ID.

I expect this solution /could/ be moved into a centralized system for all user accounts, since the only way to add people was manually adding their private key, but I would expect that on large scale, the lack of ability to actually stop problematic users might dissuade platforms from wanting to implement it, since account creation was as easy as just clicking “create account” and no accounts were ever verified server side, which in order to do, brings back to the issue topic: Privacy vs Security

This problem isn’t addressing password authentication, its the website knowing who you are and that you are legitimate. Websites that collect things such as phone numbers during account creation don’t collect your PII as part of your password procedure. They collect it as a verification that you are an actual being and not a fake account/bot. The ease of being able to go through a forgot password thing is just a positive side effect.

This solution would work amazingly for logging in, there’s no argument for that, but it doesn’t address the elephant in the room: That the website wants to make sure you are a person/legitimate account and not a fake alias or a bot to scrape info, and when you are the only one providing that information that claim can’t be verified.

This would deem troublesome yea, being said I firmly believe in separating work and home. I wouldn’t be willing to use a personal number for work related activities, at least not public related activities. Being said, I have no good solution for that, at least you are being paid for the scam call I guess.

I want to preface this response saying I full agree with this, I want something like this to happen, I am responding because of some concerns I have. The real major one: How do you verify the authentication part of the data security chain?

A PGP key alone does not authentically validate that you are who you say you are. When the source is the untrusted party, it doesn’t accomplish the site’s goal. It’s the equivalent to me handing you a piece of paper saying “I’m John Smith and this is what I use to say I’m this” which works amazing for trusted exchanges, but when the source is “just trust me bro” it doesn’t solve anything for the website owner.

Websites get around this by having trust certificates/root servers that are co-signed with the PGP key. However, we lack any system like that for personal identities. Arguably, setting up such a system would isolate most of the known internet, as it is a significant roadblock, much like how SSL certificate usage was a huge roadblock for sites before Let’s Encrypt became a thing.

This setup would be amazing for logging into sites. However, it fails to accomplish what the websites that are asking for PII are looking for, which is verification that their user is who they say they are, and not a random third party.

To reliably use this setup, we would need something similar to Let’s Encrypt, but for user identification. The issue with that is it would become the de-facto attack vector (for both law enforcement and criminal parties), and that site would need to require PII to address the biggest concern on these sites, which is that you are who you say you are, and not Jo Smo or a bot looking to harvest data. Additionally, as mentioned earlier, a massive retraining of the internet would need to be done, which would mostly affect non-tech folk.

I am hopeful that an easy function that won’t violate users privacy comes out, but I don’t think the two topics are compatible sadly

Are internet security and internet privacy incompatible goals?

Yes. They are completely incompatible goals when anything relating to identity/being is linked to it. Examples of this could be anything from your name, to your behavioral patterns, to your phone number

Disregarding the entire possibility that ANY site is hack-able/breach-able, the issue stands that the reasons that most sites request PII is valid, for security reasons. There does not exist any valid method of ensuring users identity that does not violate users privacy. CAPTCHAS are proven inefficient, email domains are easy as a 1-2 click. Once the setup is done server side changing to a new address is as easy as changing your server settings and registering a new domain, then just pointing your MX records there. Heck depending on your postfix setup you might not even have to change server settings, if your account lookup is setup to ignore the domain and it all uses the same database. Even phone numbers have proven troublesome but its the least troublesome method available

The entire reason PII style setups are used, is because its an easy verification site side, but a hard to spoof verification customer side. Like the article says, phone numbers are hard to change for verification, many only let you change so many times in X period, and usually require some form of physical identity to register, and the ones who don’t are forced such as VOIP style numbers get blocked.

We lack currently a good system aside from that, because at the end of the day, how do you prove you are who you say you are, without disclosing your identity. I personally think it should be fine to give up some PII for security purposes, but this NEEDS to be restricted only to security and should never be shared with any entity, and this includes government overreach. Alas this will never happen.

this right here. I stopped getting scam calls years ago, I stopped answering and they just eventually stopped calling. If you don’t interact with the call (interact being ignore it or mute it NOT reject it) and it just goes to voicemail, they seem to eventually stop

I’m confused of how this keeps happening to people.

Like I use my phone on most sites that allow it and I’ve never had spam/scam calls really, but I’ve also explicitly unchecked the marketing boxes that appear on the signup so maybe that it.

The last instance that actually happened to me was with entering my university a few years ago for my BS degree. They 1000% sold my contact information as some part of the deans/honors list process. I reached out to them and stopped that so fast.

There was kids and teenagers calling 911 because the service was down. I think we’re long past that concern

Ohh that makes sense.

I been told Wechat requires phone number, do they not check VOIP numbers or did they just not block your number for creation? That’s super weird.

deleted by creator

Loops has some work if it ever wants to really blow up. I crashed constantly while using it the other day, and it’s feature set needs work. It has potential though.

Apple cried and moaned about that and the battery repair regulation that was placed. They may have been planning to eventually switch but it definitly wasn’t a soon endeavor until forced by the regulation.

They even posted multiple excuses of why they didn’t agree with the decision because they felt the problem that the EU was trying to fix had been resolved since newer charging blocks had USB-C as the input so users could just swap the cable and use the same brick.

Being said, with big tech companies I think regulation is the only way, which means sadly will likely never happen in the US

I’m hoping they do something actually effective against the cheaters, so far the only thing they havd accomplished is screwing over their Linux users. I went to pick the game up again the other day and found it no longer functions for multiplayer under proton because they are too scared it’ll be used for hacking. Meanwhile everyone and their mother is bitching that thd cheating still exists so obviously Linux wasn’t the issue.

Most content creators that I know have either openly stated that they prefer it shutting down because it’s such a royal pain in the ass to use TikTok since it’s audience is so different than their other platforms, or have said they stopped using it without showing a position, the only reason they used it in the first place is because that’s where the audience is but they would much prefer other alternatives

Sadly it needs a lot of work, I went on it the other day and the app itself crashed at least seven times in the 15 minutes that I was using it

The stupidest thing about this whole entire thing about net neutrality.

The entire reason the FCC was created was to prevent the committee from being governed by the government process to avoid corruption for the exact circumstances we’re seeing here

Saying that the Supreme Court and the appeals court has any area of saying what the FCC is legally allowed to do is laughable, as the entire reason for the committee being isolated from the standard Executive Administrative branches was to prevent government overreach like they’re doing currently.

This is 1,000% them saying hey you’re an isolated committee that we can’t touch but you’re not allowed to do the one thing that your committee is supposed to do

Corruption all the way to the top. It’s the American way, ironically I think the slogan “drain the swamp” works for both parties, as it’s clear that the people that are in charge aren’t willing to actually uphold the commitment they’ve made to the people.

I’m struggling to understand how a company as big as Netflix is paying for a cloud service. Like for the cost that they’re charging customers monthly on top of how big they are, I really figured they would be running their own infrastructure at this point it seems like a needless money Leach to not be. Like sure you have to pay for the infrastructure and maintaining the infrastructure, but there is no way that on the scale that Netflix is and with how data transfer heavy it is, that it’s more cost-effective to be running a cloud stack.