@BackFromTheDud @skinnylatte @minmi

BTW, an interesting POV I learned from Tendayi Bloom, a scholar and editor of the book below (disclosure: of which I am a contributor), is that while #homelessness itself is usually not illegal, the practise of making #natural #human #necessities such as sleeping and excreting waste illegal in public spaces has the same effect as #criminalising being #unhoused.

I am linking the book because there are so many vectors to being treated as non-#citizens that I think it are important to be aware of, even if one is *technically* a citizen, claiming such rights may depend on a number of other systems such as #authenticated #identification to "enjoy" those rights.

Lots of complexity that absolutely could be fixed if policymakers chose to do so.

https://manchesteruniversitypress.co.uk/9781526156419/

#criminalisation
#citizenship
#HumanRights
#dignity
#access
#accessibility

@LukefromDC : it won't be that bad (it will be bad, but in a different way).

ANY website may ask a user to confirm they are 18+ (or whatever age).

There will be a huge amount of AitM (Attacker in the Middle) websites where naive people will be lured to (using fake emails, SMS, chat app messages or falsified QR-codes) and asked to confirm their age.

That AitM website will subsequently obtain a "ticket" (session cookie) from a real "relying party" website (with a potentially very different type of content than the victim is told).

Those "tickets" will be sold (or traded for watching ads and/or paying with privacy).

Reliable authentication requires a trustworthy identity verifier (even if identification is restricted to age+).

@drgroftehauge @fabio @SylvieLorxu

@jwildeboer : modern certificates are used for authentication only, not for secure connections.

OTOH, if you have no certainty that your software is communicating with the server you intended, a secure connection to it is pointless - but the connection remains secure.

Using TLS v1.3, the connection is even secured before the server is authenticated (if, after encrypting the connection, the authentication of the server fails, then the client should at least warn the user - if not immediately disconnect).

Yes, I know, these are boring details, but they are misunderstood way too often by people who SHOULD know how this works (I know you do, but please don't simplify things too much).

@maaikees : the way we look is an important part of how we are (and want to be) recognized by others.

Over the years I became amazed about how the looks of peoples heads differ, and how enormously good people are at recognizing each other.

Changing how you look changes your identity - as others see it.

The #Texas #law requires age verification for any site where more than one-third of the content is sexual material “harmful to minors.” Users must submit digital #identification, a government-issued ID or other forms of proof that they are 18 or older. The law bars the sites from retaining identifying #information, but it does allow them to transfer the #data for
verification purposes.

#privacy #SCOTUS #FirstAmendment

@aral wrote: "If your friends and family are trying to phish you, you have bigger problems."

Phishing means that an adversary *claiming to be* someone you know (including friends and family) convinces you to click on a link.

The purpose of a certificate, telling a receiver *WHO* (human readable) owns the associated private key (the last resort to distinguish between fake and authentic), now has completely vanished.

As if phishing is not already the nr. 1 problem on the internet.

Note: I'm fine with the idea provided that browsers clearly inform users about the reliability of authenticity (I've read your article, did you read https://infosec.exchange/@ErikvanStraten/113079966331873386 ?)

@letsencrypt