this post was submitted on 01 May 2026
115 points (98.3% liked)

Canada

11924 readers
470 users here now

What's going on Canada?

Related Communities

🍁 Meta

🗺️ Provinces / Territories

🏙️ Cities / Local Communities

Sorted alphabetically by city name.

🏒 Sports

Baseball

Basketball

Curling

Hockey

Soccer

💻 Schools / Universities

Sorted by province, then by total full-time enrolment.

💵 Finance, Shopping, Sales

🗣️ Politics

🍁 Social / Culture

Rules

  1. Keep the original title when submitting an article. You can put your own commentary in the body of the post or in the comment section.

Reminder that the rules for lemmy.ca also apply here. See the sidebar on the homepage: lemmy.ca

founded 5 years ago
MODERATORS
otter@lemmy.ca
mp3@lemmy.ca
otter@piefed.ca
mp3@piefed.ca
115
Canadian Bill S-209 to implement age verification federally has advanced forward. (www.parl.ca)
submitted 1 day ago by Sunshine@piefed.ca to c/canada@lemmy.ca
52 comments fedilink hide all child comments
 

Has passed third Senate reading 15/4/2026

Has passed first House of Commons reading 30/4/2026.

you are viewing a single comment's thread
view the rest of the comments
[–] tleb@lemmy.ca 25 points 23 hours ago (15 children)

Age verification would be fine if it was an OAuth type thing - I sign in with the government on the government's website, they report back that I have the 18+ grant. I don't know why they're going in this direction of just requiring that private companies collect a bunch of personal information to "verify" me

[–] nik282000@lemmy.ca 15 points 22 hours ago (14 children)

Is there anything to stop the government side from compiling a list of users and the sites that request verification? Because that just makes a centralized target for hacking or internal crime. There's got to be a way that allows for both verification and zero trust :/

[–] JasonDJ@lemmy.zip 13 points 21 hours ago* (last edited 21 hours ago) (11 children)

I mean...yeah...but it sounds really bad on the surface.

Crypto. Namely, certificates or smartcards.

Imagine if your driver's license were a smartcard. It'd essentially just be a cryptographic key pair that asserts that you are "you" because the card says you are and you both have the card and know the unlock PIN.

Now, that sounds like the government could easily track you, but not quite. All that really matters is that the certificate is valid. Not expired, not revoked, and there is a mutual trust in a third party (the issuer).

This doesn't require a query to the issuer. It can, and should, i.e. using OCSP or CRLs. CRLs, in particular, are a bit better here...instead of the service going back to the issuer and saying "is this certificate still good", instead, the issuer periodically publishes a list of all revoked serial numbers that get downloaded by anybody who wants them.

The important thing is, the service provider (i.e. the website) never has to ask about you by name. They know you are you, because you possess your private keys, and they trust that the issuer of your certificate (a corresponding public key, signed by the issuers private key) is thorough in verifying your identity.

I think a mutual-third-party trust model (basically, certificates) is about as good as it can get. I don't think you can verify without trust. That's not how the proverb goes. Not at all.

[–] DiarrheaSommelier@lemmy.ca 3 points 18 hours ago (1 children)

This is the way. There are many cryptographic ways to make this possible without sharing any personal or usage information with any party. Too bad our legislators as a group are too fucking stupid to understand any tech more complicated than two cans with a string.

[–] JasonDJ@lemmy.zip 3 points 13 hours ago

Such is the problem. IME, most people in tech can't wrap their heads around PKI, I have zero faith in legislatures to do so.

load more comments (9 replies)
load more comments (11 replies)
load more comments (11 replies)