Our state-issued eID cards are supposed to have a function that allows anonymous age verification to a trusted party. It should work like this: a requesting party sends a request signed by state-issued certificate to the ID card, the card verifies the request authenticity and responds with a signed confirmation of legal age and that signature then can be verified by the requester.
No personal information is shared.
While I do not aggree with pervasive age restrictions, this is a nice technical solution to privacy preserving age verification
There's an issue with the flow you described; the party requesting verification shouldn't directly interact with the verifying agent (the state) as this leaks to the state the identity of the requesting 3rd party.
The correct flow for preserving anonymity is: the requesting party issues a challenge token to the user -- the token header describes the type of request (>=18yo?) and the token body is completely random(). The user then takes this token and has the challenge verified (signed) on their side, the signed token is then returned to the requester.
This way the state never knows the identity of the challenge issuer.
() Note that this scheme requires good faith on the part of the challenge issuer that the token body is actually random, although it would seem that a simple DH-key mechanism would patch this vulnerability.
I think it is a tradeoff between "everybody can request age verification" and "only state-licensed parties can request age verification". I don't think everybody's ID card should tell anyone if the holder is adult or not, especially wirelessly
You'd know the state they're a legal resident of as they use state-specific keys used for signatures.
If the request allows checking arbitrary ages like Apple's, then you can get their age with a handful of requests. If one has to verify every visit, then you can get exact birthdate eventually.
If the one verifying has to pass data to the verifier site or the request to the verifier has any site/app/company-specific IDs (again, Apple), then you're leaking what you're visiting to the verifier.
And not to beat a dead horse, but as long as there are jurisdictions that don't require age verification in the world, children can easily use a free VPN or proxy to avoid checks altogether at which point, one has to ask, why do it at all?
> If the request allows checking arbitrary ages like Apple's, then you can get their age with a handful of requests. If one has to verify every visit, then you can get exact birthdate eventually.
If you assume a sensible rate limit, that entering the check is voluntary (and unlikely to fail), and that people age monotonically, then it's going to require a lot of cooperation from the victim to get more than a couple of bits of entropy.
I wouldn't trust Apple here regardless, since they are not the state and have their own separate interests.
You can get the age quite quickly with a binary search. If everyone is between 1 and 100, that's no more than 7 requests. The only way this wouldn't hurt privacy excessively is that it has to work the other way around. You, not the app, requests a verification token from a government API that only says you are above 18 which expires once in a while. The token should bear no other information about you and be single use so it cannot be correlated between different sites. For the US, it should also be on a federal level (the verification scheme, not the age verification requirement) to reduce the bits from knowing your state, which is a lot for small states.
"...at which point, one has to ask, why do it at all?"
It seems like this line of thinking would lead you to ask the same question of literally any law, wouldn't it?
Laws often don't rely on being 100%. Even though there is a law saying people need to wear a seat belt, they can just not wear it! So what's the point, &c, &c?
If you don't wear a seatbelt, you can be ticketed. Not only is enforcement practical, but it has a measurable impact on behavior.
If you use a VPN to visit a porn site to bypass age verification, you haven't broken the law as it applies to sites, not users. There will be no measurable impact on underage people visiting since the barriers to VPNs/proxies are almost nil while still costing money to enforce on non-tech savvy adults - an overall detriment to society.
Laws that are unenforceable and don't benefit society are bad laws.
Let me see if I understand the situation you're describing clearly. It seems like you're saying that all or most young people will be able to -- and be inclined to -- use VPNs to visit porn sites, and will do so.
They won't be able to visit porn sites in their own jurisdiction -- let us call it jurisdiction J -- because those sites have to perform age verification, but they will be able to visit porn sites in other jurisdictions, since they can send traffic that appears to originate in those jurisdictions. Those porn sites are not in J and so don't have to enforce J's rules.
When I think about this situation, though, it just seems like it would lead lawmakers to require VPN sites to perform age verification.
Regarding "Not only is enforcement practical...", I'm not sure enforcement is all that practical for this offense -- my understanding is that most instances of it are never caught and never charged.
Just curious: 1) which country/eID is this? and 2) does it send the date of birth back, or does it perform a zero-knowledge proof that the date of birth is greater or equal than a given value (current date minus age requirement)?
The new laws, such as the one that just passed in Utah, require kids to get the consent of their parents to install apps. So now add that complexity to the flow.
I would assume that my private key for pricing my identity to random websites is different than that used to make financial transactions. Why would I ever elect to keep it the same?
How that works when you need to distinguish between "no value provided" and "a value that is not in the list" - in some applications they have different semantics.
You could treat it as an nullable Option<SomeType>.
In practice, as it relates to enums, I don't usually see 'no value provided' as a frequently used case - it's more likely that 'no value provided' maps to a more informative 'enum' value
> We need a license to allow us to make some of the basic functionality of Firefox possible. Without it, we couldn’t use information typed into Firefox, for example.
Like - what basic functionality? Does not sound like "browsing" is that functionality and I am not interested in any other functionality. I do not want you (Mozilla organization) to use any of that information.
Moreover, what if I do not have the right to sublicense the content I enter to FF? Am I legally not allowed to use Firefox?
They literally just mean things like filling out forms. Implicitly or explicitly you have to give Firefox permission to store and reproduce the text you type in this very textarea so that it can submit the form for you.
But I agree with you that this should not require specific legal language. However, I point out that most other browsers have already added that same language, or something similar, to their own ToS. As have programs such as Microsoft Office. If you cannot use Firefox then you cannot use any of them either.
Somehow I use pens, emacs, and curl without sublicensing my IP to BIC, the GNU Project, or Daniel Stenberg.
Why does Mozilla need to be granted a license to my IP to submit form fields, but curl doesn't? These are just tools, used by me personally. I'm not hiring Mozilla. Mozilla is not a party to my use of their tool.
Do you really, honestly believe that the only reason Mozilla wrote terms of use that way but cURL doesn't is that Mozilla has more or better lawyers? Do you actually find it hard to believe that the legal terms attached to cURL are entirely sufficient an that Mozilla is using different terms because Mozilla is planning to take meaningfully different actions with respect to user data?
Mozilla has "larger organizational exposure" precisely because they're tracking users and packaging up that data for sale.
> Do you really, honestly believe that the only reason Mozilla wrote terms of use that way but cURL doesn't is that Mozilla has more or better lawyers?
Yes. Well, that, and Firefox talks to backend services (updates, safe browsing, etc) to do its job for the user, whereas cURL doesn't.
> Do you actually find it hard to believe that the legal terms attached to cURL are entirely sufficient an that Mozilla is using different terms because Mozilla is planning to take meaningfully different actions with respect to user data?
I've known a lot of Mozilla folks for a long time, so, yes.
> Because Mozilla has a dedicated legal team and larger organizational exposure
Sorry, this is BS. Nobody was going to win shit from Mozilla for typing a URL into their browser that runs locally on their machine. Where they might have gotten in trouble is with their telemetry (e.g. Pocket), but that’s sort of screaming to the problem that they’re pivoting to spyware.
That's not how browsers work. The data you put into a text field gets sent to the website.
If anyone claims they need to "store and process" this data, it is explicitly and solely so they can spy on you.
There is absolutely zero requirement of any kind for anyone other than the website to even know you're entering text. There is no reason or excuse for Mozilla to claim otherwise. If Mozilla claims they require a license for text you type into a website, they're lying so they can sell the data you're entering on third party websites.
This is extremely cut and dry. What Mozilla is implying is not how browsers work. This is not how websites work. Mozilla is trying to spy on users and there is no other technically valid explanation.
You’re forgetting that browsers store all of the text you type just in case the browser crashes or the power goes out or the website is offline. Later you can revisit the same page and the form data that you already entered will be refilled for you. It _is_ how browsers work.
This data is stored on your computer, not on anyone elses. (or if the website owner decides, it's stored there, but this would be indepdent of the browser used)
This is completely untrue. Do you work for mozilla? Text entered in forms like the one you use to write comments like this one don't get saved. Any logic to do with saving it is a matter for the developer of the website not the browser. This is like saying that ISP need to be granted license to forward the packages that make up your http request.
Have you never noticed this feature before? I’m starting to feel old. I was there, three thousand years ago. I was there when the strength of men failed. I mean, I was there when both the web and Firefox were really unreliable. We realized how much pain it was causing people to type things into the web browser only for it to crash and completely lose all of their hard work. Or for the webpage to throw up an error and cast their comment into the flames. We decided that the browser should save that text somewhere, so that if (and when) the user goes back it can be placed back into the form as if by magic.
But I agree that it’s stupid that Mozilla now feels you need to give it explicit permission to do this rather than implicit permission. But since only you own the copyright to the comments you write, maybe I can see the point.
I find this part puzzling. I don't have to give a pencil manufacturer rights of any sort to art I make with their product. A notebook seller cares not for such rights either, nor does a musical instrument company. The fact that Firefox seems insistent upon securing content rights suggests they're interested in using the content for things other than local browsing, which I find rather unfortunate. I'd gladly buy a support license for the browser specifically but Mozilla's structure seems to prevent that.
Mozilla's legal team is probably competent, but working under unreasonable constraints where their initial advice to the effect of "don't spy on your users" has been rejected and now they need to find a way to shield Mozilla from legal consequences of a decision that their users won't like.
> Implicitly or explicitly you have to give Firefox permission to store and reproduce the text you type in this very textarea so that it can submit the form for you.
You don't have to give Mozilla permission to store and reproduce what you type into a textarea on a non-Mozilla web site.
Firefox is not a SaaS. More so, it's Free Software so you literally own the program you run on your computer. You, the end user, are granted all the rights (well, except for the Firefox trademark) to do whatever you please with the binary or source code, under the MPL terms, essentially with the only restrictions imposed is that you have to do the same if you distribute it further (modified or verbatim).
If you legally need some license to type into a program on your computer (I don't think so, but let's say you do solely for the sake of imaginary argument) you can just give the license to yourself, no need to involve any third parties at any point here.
If Mozilla says they need a license so you can fill a form in Firefox, then they must've literally forgotten what Free Software even means. I hope this is not true, but merely a misunderstanding of some sort.
I agree that an explicit grant of a license is probably not necessary. I don’t grant `cat` or `less` a license, they just do what I tell them to do. I think an implicit grant is sufficient. If you use the software, you grant it the license to store and reproduce your copyrighted creations.
Note that the MPL grants you the user many permissions, but does not grant Mozilla any. If Mozilla feels that they need to be explicitly granted more permissions then they have to add that somewhere else. They cannot easily change the text of the MPL.
You cannot grant a program a copyright license because a program doesn't need a license. It's running on your computer at your behest, so there's no third-party involved, just you the user, and eventually the site you send that POST to.
I buy a hammer from home depot, I don't need to give Home Depot a license for me to use the hammer. I don't need to give that license to the hammer manufacturer either.
The jackhammer does not store text that you write on your behalf. Firefox does. When you type a comment here on HN, you do so in a form field. Firefox stores that text for you and reproduces it on demand. Since you and only you have copyright on that text, you and only you can legally publish it.
I think it is dumb that they want _explicit_ permission to do this, when we grant _implicit_ permission to all kinds of programs day in and day out to do the same thing. `less` doesn’t ask for permission when I tell it to display a file to me, it just does it. `curl` doesn’t ask for permission when I tell it to upload the file to a server. Etc, etc.
But check out the ToS for other web browsers, for desktop publishing programs, office suites, email clients, etc, etc. Many of them have similar language. Not all of them, but many.
That doesn’t make any sense. You’re not giving the license in the ToS to the program but to the company. But the company isn’t processing any data I enter into the browser. I run the browser myself and they never get access to the data.
Right, but under US law you cannot give a license to a program. Only to people, or groups of people that we call a company. You’re giving Mozilla permission to implement the features in Firefox, since you can’t just give permission to Firefox.
But Firefox doesn’t need a license to give me a program that I can use to do stuff on my device. They only need a license if they get access to the data.
This is not what they mean. My shell doesn't need a goddamn legal agreement to save history or let me mosh into servers (mosh doesn't need one, either), because this is absurd and not a real thing. They 100% do not need a legal agreement for you to use the software on your own machine, even if you're using the software to communicate with 3rd parties, it has nothing to do with why they added this.
> But I agree with you that this should not require specific legal language. However, I point out that most other browsers have already added that same language, or something similar, to their own ToS.
Not so you can submit forms to websites (again, this is absurd) but so they can spy on you and do whatever they want with the data they collect, same as what Firefox is trying to gain the legal cover to do (whether they use that cover or not).
So why did they feel the need to make this explicit for Firefox now?
Why was the previous state of affairs not sufficient? Hasn’t Firefox been letting me type data into a form for nearly 20 years now, _without_ this language?
Wait a minute... Did Mozilla sign an agreement with some AI model company like OpenAI or Anthropic to "help" their hapless users (for revenue like they did with Google and search)?
If so, Tsst. Bad Mozzila! No!
Seriously though, that would be a huge mistake for a supposedly free software company. Especially when people are realizing the "meh" of the value added with most applications of LLMs.
> They literally just mean things like filling out forms. Implicitly or explicitly you have to give Firefox permission to store and reproduce the text you type in this very textarea so that it can submit the form for you.
If they mean that they should say that.
But also it doesn't seem like they would need permission to store data locally, on your own computer. If it's a matter of using Mozilla Sync, then the TOS would apply to Sync and having a Mozilla account, not for using the browser.
Yet, Google is a lot more specific im what, how and why you license the content to Google. And it is not for anything that Firefox does.
Plus:
> Some of our services are designed to let you upload, submit, store, send, receive, or share your content. You have no obligation to provide any content to our services and you’re free to choose the content that you want to provide.
I did not do many things in Delphi but I have studied the language and VCL architecture for the very purpose of determining why it is so aproachable and productive (as compared to C, Java, JS, Python and the tooling around them).
In my opinion, it is the result of following qualities:
1. The language direcly supports concepts needed for live WYSIWYG editing (i.e. properties and events) while other languages only simulate it by convention (i.e. Java Bean specification)
2. The language syntax is simple enough for the IDE to understand and modify programatically, but powerful. The properties files that define the forms are even simpler, support crucial features (i.e. references and hierarchy) but do not bring unecessary complexity as general-purpose formats do (XML files or JSON)
3. Batteries included - you can do very powerful stuff with the included components (gui, i/o, ipc, sql, tcp/ip, graphics - all the practical stuff) without hunting for libraries
4. Discoverability - the visual component paradigm with Property editor lets you see all your possibilities without reading the documentation.
5. Extensibility - you can build your own components that fully integrate with the IDE. This is my litmus test for low-code and RAD tools: For any built-in feature, can I recreate the same using the provided tools? Many tools fail this, and the built-in components can do things that are inaccessible to user-defined components.
6. Speed - both compilation and runtime, thanks to one-pass compilation and native code. Leads to fast iteration times.
7. The VCL component architecture is a piece of art. The base classes implement all the common functionality: They automatically manage memory, can store and load persistent state, have properties for visual placement (position, size) etc. The language features really help here (I remebmer something about interface delegation) but there is no magical runtime that does this from the outside, it's an actual implementation of the component that can be extended or overriden.
But of couse there are the ugly things as well: alien syntax, forward declarations, strict compiler blocking the Form Designer on any error preventing you to fix the very error and most of all: while there is very good abstraction for the components, there is none for data and state. There is no good tooling for data modelling and working with the data models. That leads to poor practices as having state in the visual components or in global variables.
I've often compared Anvil (it's web-IDE for web-apps in Python https://anvil.works) to Delphi. I'm curious how you'd rate it on those qualities (off the bat it ticks a lot of those boxes
> Docker routes container traffic in the nat table, which means that packets are diverted before it reaches the INPUT and OUTPUT chains that ufw uses. Packets are routed before the firewall rules can be applied, effectively ignoring your firewall configuration.
So docker is "effectively" ignoring your firewall in the case of ufw. I don't see how it can be considered to not ignoring your firewall when it ignores the rules you've setup.
I dunno. If I use UFW on Ubuntu, I use it as a firewall, and applications that ignores my firewall, I'd consider them to be ignoring my firewall, regardless if the details say that it's still using NAT rules so technically it's just ignoring one firewall/something not called a firewall, even though it ignores the firewall you've setup.
To be frank, it kind of feels like the kind of technical nitpick argument I'd read from a Docker Inc employee trying to somehow defend ignoring the user's firewall.
The end result is that you setup rules in UFW, and Docker ignores them.
I just flip the coin cell around so it stays in the device but does not deplete (reverse polarity but in fact the contacts will not touch the battery poles so no harm).
Honest question as I don't know almost anything about modern computer graphics: Is it so much performance penalty to upload a small texture to GPU so you can't render the whole string to the texture in 2D and just display the texture onto two triangles?
> Is it so much performance penalty to upload a small texture to GPU so you can't render the whole string to the texture in 2D and just display the texture onto two triangles?
It's not. This technique is more about getting text on the screen in the easiest way possible for debugging. You just add some data to your shader and poof, you get text.
The converse is, you write code to generate a font atlas (so more work), or go find and existing one and need to load it (so need to write loading code so more work). And/Or draw a full message into a texture (more work) and you'll need to cache that result until the message changes (more work)
On top of all of that, you need to manage resources and bind them into the system where as here no resources are needed.
but again, it's a technique for getting "debugging text" on the screen. It is not a solution for text in general.
Note that drawing text to textures is how most browsers and OSes work. They draw fonts into texture atlases dynamically (since a atlas for all of Unicode per font per size would take too much time and memory). They then use the texture atlas glyphs to make more textures of portions of the app's window. In the browser you can turn on show texture edges to see all textures. Rendering->Layer borders will outline each texture in cyan
Generally you want to avoid wasting too much memory on a GPU, even today. That large text box texture also has to go over the PCI bus which can cause stalls depending on when its uploaded and if the GPU ends up having to evict resources. If you end up having a lot of independent texture text boxes being rendered by the comparatively slower CPU, that could add up quickly and cut into your budget.
Drawing using a glyph atlas is still a way better use of resources. Modern text rendering pipelines will also often use either SDF or encoded bezier curves to improve glyph legibility when scaling which is also a great way of saving more memory.
Drawing one quad to cover N characters and picking out a glyph in the shader is going to be faster than drawing individual quads for each character (for monospace fonts, anyway). But there are only so many characters you can fill the screen with, so it's probably not a huge difference in practice.
Regarding the upload part: at the end of the day, you have X bytes of glyphs and they need to get into GPU memory somehow. Whether you get them there as textures, as uniform data or as shader constants doesn't really matter performance-wise. If anything, doing it through shader constants as described in TFA is more expensive on the CPU side, since all those constant declarations need to be processed by the shader compiler.
What does matter on the GPU side is which memory hierarchy you hit when reading glyph data (texture fetches have a dedicated L1 cache on most GPUs, larger than the "normal" L1 cache I think) and what order the data is in (textures are usually stored in some version of Morton order to avoid cache misses when you're shading blocks of pixels). For a production atlas-based text renderer you probably want to use textures.
Edit: I misread the question; you were asking about drawing individual glyphs on the GPU vs. drawing an entire block of text on the CPU, right? This is a speed/space tradeoff, the answer is going to depend on how much memory you want to blow on text, whether your text changes, whether it needs to have per-character effects applied, and so on.
You can render the entire string before upload, but then you are essentially using a CPU render, which will be slower than having the GPU do the same thing.
FWIW, this method is also a texture despite being called “texture-less”; the texture is just stored in a different format and a different place. True textureless font rendering evaluates the vector curves on the fly.
It depends on the application. It’s the easiest way especially if you might encounter right to left script, CJK or emoji. It is worthwhile to cache the textures, most text does not change every frame. It is good enough for us.
Some operations are best with keyboard (i.e. moving, zooming, panning, duplicating, acessing panels) and you need modifier keys quite often. You can map one or two to the stylus buttons, but that may not be sufficient
No personal information is shared.
While I do not aggree with pervasive age restrictions, this is a nice technical solution to privacy preserving age verification