Privacy

Newgrounds, a gaming forum, has some clever ways for non-intrusively complying with the shambling disaster that is the "UK Online Safety Act".

For years, I've been doing something similar to this when generating internal reports on DNA Lounge demographics: e.g., if someone bought a ticket for an 18+ event 5 years ago, they must be at least 23 years old now.

Newgrounds: Here is our current plan for UK users:

1. If your account is more than ten years old, we will assume you are currently over 18. This is in line with one of the methods of effective age assurance, which involves paying a third party to match your email address against some sort of database of scraped data, which determines if your email has been in use for a long time. We have our own long-term data, so we'll use that instead.

2. If your account ever bought Supporter status with a credit card and we can confirm that with the payment processor, we will assume you are over 18 because you need to be 18 in the UK to have a credit card.

3. If your account ever bought Supporter status more than two years ago, we will assume you are over 18 because you need to be at least 16 to have a Paypal or debit card in the UK (assuming we are right about this).

4. If none of the above applies, you will have the opportunity to pay a small one-time fee via credit card as confirmation of your age.

We are not planning to offer things like ID checks or facial recognition because these require us to pay a third party to confirm each person.

cross-posted from: https://lemmy.dbzer0.com/post/50162198

From my understanding, an EU Council position doesn't necessarily mean the legislation will be adopted? This really feels like it'll be the time when it'll be adopted. The worst timeline.

• App: https://chat.positive-intentions.com/

• Code: https://github.com/positive-intentions/chat

• Mastodon: https://infosec.exchange/@xoron

• Reddit: https://www.reddit.com/r/positive_intentions

How it works: https://positive-intentions.com/docs/projects/chat

TLDR: im working on a p2p messaging webapp. webapps are generally not considered secure because of the nature of serving satics over the internet. this is correct, but not a limitation of this project. (selfhosting options: https://positive-intentions.com/blog/docker-ios-android-desktop).

as a webapp, i can provide the app with zero-installation and no-registration. the storage is local-only from your browser/device. so “the cloud”, but the cloud storage capacity is made up of your devices. this allows for things like p2p authentication: https://positive-intentions.com/blog/security-privacy-authentication.

Future: im aiming to create the most secure messaging app out there... (more than signal, simplex, etc). i know i have a have a long way to go to get there. the UI is fairly ugly for the average user, but i think the mechanics are working as expected. i think javascript is underrated in what you can do with it. i actively investigting improving the encryption approach further to align to how the signal protocol works (currently using the classic diffie-helman key-exchange).

Support: i would like to keep this project open source, but open-source funding is not working for me. i dont want your donations because it isnt sustainable for a long-term project. i have so far only experienced grant-funding rejections. i have no idea what im doing in trying to get funding for this project, so any support/advice is appriciated. in recognition of the project in its current state not able to get funding... (sorry) i will have to go close-source (which id like to avoid because it undemines several cybersecurity claims id like to make.)

Presumably, there is some kind of way I can work around it, I saw something about clearing the cache because of stored failures of handshaking, but it seems like on the whole maybe it is time to start fuckin' with Peertube or something instead.

A group representing several major airlines alongside travel companies and airports is opposing a Senate bill that would require the Transportation Security Administration (TSA) to generally use manual ID verification at security checkpoints instead of facial recognition.

The bill, introduced by Sen. Jeff Merkley (D-Ore.), would broadly restrict TSA’s ability to use biometrics and facial recognition, carving out a few exemptions for the agency’s PreCheck and other Trusted Traveler programs. Passengers may still opt in to the use of facial recognition at the checkpoint.

In a letter Monday to Sens. Ted Cruz (R-Texas) and Maria Cantwell (D-Wash.), the air industry groups said the law was a “step backward” and that facial recognition technology made security screenings far more efficient.

Their Matrix Chat post goes like this:

We have updated our Homeserver Terms and Privacy Policy. We strongly encourage you to read these documents in full, but for clarity these are some of the main changes:

• Updated the minimum age requirements for use of the Matrix.org Homeserver to be 18 years old;
• Introduced new measures to comply with our obligations under the Online Safety Act and the Digital Services Act;
• Introduced new payment terms to support paid plans on the Matrix.org Homeserver;
• Describe the new data processors to support paid plans on the Matrix.org Homeserver.

Each of the documents has a detailed version history which we encourage you to review. The updated Homeserver Terms and Privacy Policy take effect on ~~14 August~~ 7 August, 2025. These terms apply to you by continuing to use the homeserver after that date. If you have any questions please drop us an email to legal@matrix.org

Source: https://old.reddit.com/r/privacy/comments/1mdgbi4/matrix_homeserver_the_default_one_set_in_the_uk/

Couldn't find an official blog post from Matrix, if someone has one, feel free to share

“(1) GENERAL DUTY.—In order to reduce the proliferation of the unlawful sale, distribution, or manufacture (as applicable) of counterfeit substances and certain controlled substances, a provider shall, as soon as reasonably possible after obtaining actual knowledge of any facts or circumstances described in paragraph (2), and in any event not later than 60 days after obtaining such knowledge, submit to the Attorney General a report containing—

“(A) the mailing address, telephone number, facsimile number, and electronic mailing address of, and individual point of contact for, such provider;

“(B) information described in subsection (c) concerning such facts or circumstances; and

“(C) for purposes of subsection (j), information indicating whether the facts or circumstances were discovered through content moderation conducted by a human or via a non-human method, including use of an algorithm, machine learning, or other means.

Is there a massive difference between the two? Anything I should be wary of with either of them before I use it? I'm definitely privacy focused and have been trying out both but have been wondering if Vivaldi with uBlock Origin serves my purpose just as well as LibreWolf would.

About the Online Safety Act in the UK and the Digital Services Act in Europe

... Who would have thought?