Devil's advocate here about the original post, about physical location: This would definitely have prevented the North Korean workers incident a few years back.
I also find it hard to get offended about because there is basically no job, outside of tech, which doesn't involve physical location. >95% of jobs require physical location. Do you think a concrete worker, a plumber, an electrician, or literally anyone who works with their hands, has a right to location privacy? What does that even mean? "I'm totally clocking in to work today and totally installing a light fixture for a client right now and I won't tell you which one"? "I'm totally making a cappuccino for an old lady right now at one of our 30,000 branches, but trust me, you don't need to know which one"? Whining about this is extremely hard for me to generate sympathies for.
This is a really crappy tool for dealing with the North Korean Workers problem; it doesn't sound particularly fraud-resistant and that issue should already be handled by any competent corporate IT department with 10000 better and higher resolution ways to figure out where their assets are located.
Overall it's just kind of a yucky and weird feature; when I worked in an office I really didn't really want my coworkers having a real-time automated feed about where I'm located and one of my chores as a manager was always picking a seating position where I could at least take the drive-by questions before my team got interrupted, which stuff like this bypasses. I could actually see it being useful for field-deployed employees but it's not part of the stated implementation and most people in that scenario already have a solution for that.
I agree that the typical HN-meltdown isn't warranted here; the HN Meltdown Factor on anything related to privacy, cryptography, and security lately has gotten really out of hand (the post you're replying to is a perfect example, actually). But I also don't think these counterpoints are very strong; they're justifying other useful features and products that almost everyone already has. It's weird to me that Microsoft haven't either clarified or backed down on this one given how much press it's gotten vs. the seemingly tiny advantage the feature presents.
You're assuming Hollywood studios would ever release their content without DRM of some kind. They were quite content to ignore computers entirely if they didn't bend.
The world where Widevine doesn't exist isn't a DRM free one; but a world where an iPad or Smart TV can stream and a PC can't. I would support giving them an award though for "most repeated invention that keeps failing."
Nonsense. To give you a sense about how much $100B in revenue is, that would be the equivalent of every person in the United States paying $25/mo. Obviously that’s not happening, so how many businesses can and will pay far more than that, when there’s also Anthropic and Gemini offerings?
> when there’s also Anthropic and Gemini offerings?
For average people the global competitors are putting up near identical services at 1/10th the cost. Anthropic and Google and OpenAI may have a corporate sales advantage about their security and domestic alignment, or being 5% better at some specific task but the populace at large isn't going to cough up $25 for that difference. Beyond the first month or two of the novelty phase it's not apparent the average person is willing to pay for AI services at all.
I think it could get there with business alone, and also with consumer alone given the hardware, shopping, and ads angles. It’s an everything business and nobody on HN seems to understand that.
Not necessarily - how is a kid paying for a VPS server?
A personal debit card (which requires ID verification anyway, and likely has their parents able to see activity)? A personal credit card (which definitely requires ID + 18+)? Stealing their parents' card (works for like 5 days)? Does the VPS company block VPN ports without verification, similar to how most companies handle email? Do you think VPS services have any interest, at all, in an underage clientele?
The proposed law is plenty effective - saying otherwise is like saying kids can bypass age verification at the knife shop or alcohol store by using eBay. No sane mind says that age verification is therefore useless.
If having a credit card and the ability to make purchases was good enough as an ID system, they could have simply made it the law instead of requiring tech companies to collect those sweet, sweet personal ID document photos.
The UK law doesn't say you have to use ID photos, that's porn companies knowing that charging even £1 a visit would be devastating to the business. Credit card verification is a completely legal method in the UK.
They can check for credit cards without requiring any payment. Are you sure that's sufficient given these vaguely worded laws? If so many HN readers could solve the whole problem by making websites which issued digital signatures of random numbers to anyone who can support a £0.01 debit which is then immediately reversed.
The problem is porn companies know full well nobody, nobody, wants that on their credit card statement. Kinda weird that something supposedly as natural as rain needs such levels of privacy; the hypocrisy is notable (if it's so natural and so many people do it, own it).
Authorizations may not show on statements; but they are full well in financial records which could come up in court or a divorce claim later. Credit card companies are absolutely not allowed to turn a blind eye to any kind of usage.
I have always wondered how this would go if you applied for a loan through your bank. Or a rental that wanted 'last three months financial transactions' in the application.
I'm confused by what you mean (I'm an American though).
I don't think I'm unique for putting miscellaneous stuff like this on a credit card, and not even necessarily the one my bank offers. Not to hide the transaction, but because charging to debit/checking would make tracking my monthly expenses less straightforward. Payments online are also safer on credit in case a chargeback is required.
Also, are you sure you don't mean "proof of employment" showing the last three months of direct deposits? I've never heard of anyone asking for any other transactions. Similarly, pretty sure loan applications are based on credit reports. Transactions aren't relevant unless they got flagged for something so bad they showed up in the credit report (fraud, missed/late payments, etc).
All the properties ive rented over the last decade required an application with "full financial transaction history" for three months. I know ive submitted a statement before where a lot of expenses were "paying off credit card" and they complained the credit card expenses werent shown. I would have to imagine a rental agent looking at months worth of pornhub spending is going to count it against you.
Ive never been hit by something like this but I have friends who have:
That's absurd and error prone for even the most cooperative of tenants. What does "full financial transaction history" even mean? Lazy and corrupt is what it means.
If they're too cheap to pay for a basic background check, there's no telling what kind of shady people will be your neighbors or how unmaintained those apartments are. Just find somewhere else or provide the bare minimum that will convince them (checking account only). Clearly they have no way to find what else you have, and nobody else is taking this that literally.
Whilst I agree in principle, its a bit like saying "never apply for a job that requires whiteboard coding or leetcode questions". Our rental market is abysmal and people can spent months sitting through rejections, without doing more of their own.
I once rented a place where you needed either a decent credit rating or three months of full bank statements to prove income. (Paycheck stubs were not deemed sufficient.) Very invasive, fortunately I passed the requirements and didn’t need to provide that info.
When they block adult content behind age gates, children still view adult content, via VPN or via websites that have no interest in complying with the UK but may well have worse motivations to access children's data.
Age gating legitimate VPN or VPS will result in the same thing. Children will end up using less safe services to view what they want to view.
When my children are old enough, if we're still in the UK, I will be providing them with enough education to avoid ill intentioned sites, and will also provide them with a private VPN.
When my daughter was young, maybe 8, she had access to a laptop. She wasnt glued to it, but it was her little computer for fooling around on. One day my PC died and I had important things to do, so I used her laptop. As I typed into the address bar some prior history popped up and I had a moment where I wondered if I should respect her privacy or make sure shes being safe. By the time Id done my emails I decided to take a peek. I regretted it as soon as I saw her search for "funny memes" or something followed minutes later by "funny memes for kids".
To this day she complains that nobody in her age group knows how to use a search engine without writing a full sentence in the form of a question, instead of using key words.
The kid could easily be using a "free" VPN that harvests all your data in return for its services. No payment required. Not the case with VPS. Even free tiers require credit cards.
Not the point. The point is that nobody who doesn't know him knows whether he can be trusted, and the ISO itself might be prepared on a compromised machine unintentionally. This is very much a supply chain issue.
More like the exposure of institutions. It’s not like they were more noble previously, their failings were just less widely understood. How much of America knew about Tuskegee before the internet? Or the time National Geographic told us all about the Archaeoraptor ignoring prior warnings?
The above view is also wildly myopic. You thought modern society overcame populist ideas, extreme ideas, and social revolution being very popular historically? Human nature does not change.
Another thing that doesn’t change? There are always, as evidenced by your own comment, always people saying the system wasn’t responsible, it’s external forces harming the system. The system is immaculate, the proletariat are stupid. The monarchy didn’t cause the revolution, ignorant ideologues did. In any other context, that’s called black and white thinking.
Also it already exists. It's called the RTA header; and it was invented by the porn industry decades ago to try and appear as a responsible self-regulating industry. (Total failure at that.)
RTA seems reasonable to me, on a technical level. But the porn industry can't force anyone to implement the client side of it. Legislators itching to "do something" should've focused on that.
I also find it hard to get offended about because there is basically no job, outside of tech, which doesn't involve physical location. >95% of jobs require physical location. Do you think a concrete worker, a plumber, an electrician, or literally anyone who works with their hands, has a right to location privacy? What does that even mean? "I'm totally clocking in to work today and totally installing a light fixture for a client right now and I won't tell you which one"? "I'm totally making a cappuccino for an old lady right now at one of our 30,000 branches, but trust me, you don't need to know which one"? Whining about this is extremely hard for me to generate sympathies for.
reply