Zagorath on the alien site.

Moderating

Real Time Strategy reddthat.com

4d ago

Crossherd #369 2026-03-12
Jump
Zagorath @aussie.zone 4d ago
Crossherd #369⬛️🟩🟩🟩🟩⬛️🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩⬛️🟩🟩🟩🟩⬛️Time: 0:30🐐crossherd.clevergoat.com?ref=shared 🐐

4d ago

The World's Most AI First Database since 1996

It's not true.

But if it was, it wouldn't be a reason to dislike Postgres. Academic AI research in the '90s is a far cry from commercial AI companies today.

4d ago

An 18-year-old woman in Queensland faces two years in jail for wearing a shirt that says "from the river to the sea."

Jump

Zagorath @aussie.zone 4d ago

Close. There are two potentially relevant Farnam songs that may have been conflated in this discourse. One is That’s Freedom, which includes the lines "From the mountain to the valley / From the ocean to the alley / From the highway to the river". And the other is Two Strong Hearts, which repeatedly uses the line "Reaching out forever like a river to the sea". Neither quite uses "from the river to the sea", but together they give the same sort of impression.

4d ago

An 18-year-old woman in Queensland faces two years in jail for wearing a shirt that says "from the river to the sea."

Jump

Zagorath @aussie.zone 4d ago

Australia's constitution has been interpreted by our High Court to contain an implied right to freedom of political communication. Restrictions on that right may be constitutional if they are (1) for a valid purpose and are (2) narrowly targeted towards that purpose.

The law she was arrested under was only passed by the Queensland state Parliament earlier this week (or late last week? I forget). It is definitely going to face constitutional challenge, and there is a very good chance it is ruled struck down. This is because the law literally outlaws two specific phrases from one side of a political issue, and is likely to be seen as stifling free flow of political discourse, rather than being a more "content-neutral" law.

This article, written by a constitutional scholar, gives some great insight: https://www.theguardian.com/commentisfree/2026/mar/08/the-lnps-phrase-banning-law-is-wide-open-to-constitutional-attack-is-it-a-victory-for-the-people-or-a-smart-political-play

4d ago

Australian health insurance premiums just had their biggest hike in a decade. Is it time to scrap private health cover?

Jump

Zagorath @aussie.zone 4d ago

The problem with the Medicare Levy is that you can get out of paying for it if you pay for private health insurance. Being able to do that just sucks money out of the Medicare system. It should be for everyone or (even better) no one (and just pay for Medicare out of general taxation).

4d ago

Two protesters arrested on first day of Queensland’s ‘from the river to the sea’ ban

Jump

Zagorath @aussie.zone 4d ago

Because the people claiming they find it hateful are doing so performatively in order to restrict just criticism of their favourite country's genocidal actions. Or are being earnest, but have been tricked into believing it is offensive by the former group. Either way, the outcome is a pro-genocide one.

4d ago

Two protesters arrested on first day of Queensland’s ‘from the river to the sea’ ban

Jump

Zagorath @aussie.zone 4d ago

The only one sharing hate speech around here is you.

From the river to the sea, Palestine will be free.

4d ago

Circuits #878 2026-03-11

Jump

Zagorath @aussie.zone 4d ago

https://puzzmo.com/play/circuits/121sef1nle/share

4d ago

Crossherd #368 2026-03-11

Jump

Zagorath @aussie.zone 4d ago

Crossherd #368🟩🟩🟩🟩⬛️🟩🟩🟩🟩⬛️🟩🟩🟩🟩🟩⬛️🟩🟩🟩🟩⬛️🟩🟩🟩🟩Time: 0:37crossherd.clevergoat.com?ref=shared 🐐

6d ago

Circuits #877 2026-03-10

Jump

Zagorath @aussie.zone 6d ago

Wow, nice one! I was absolutely hopeless today.

6d ago

Circuits #877 2026-03-10

Jump

Zagorath @aussie.zone 6d ago

https://puzzmo.com/play/circuits/wlru2o1ngv/share

6d ago

Crossherd #367 2026-03-10

Jump

Zagorath @aussie.zone 6d ago

Crossherd #367⬛️⬛️🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩⬛️⬛️Time: 0:40crossherd.clevergoat.com?ref=shared 🐐

6d ago

dumb dumb fart hammers

Jump

Zagorath @aussie.zone 6d ago

There-there?

6d ago

Modern API tools

Jump

Zagorath @aussie.zone 6d ago

Thanks!

6d ago

Is private age verification technically possible and if so how?

Jump

Zagorath @aussie.zone 6d ago

Actually something just occurred to me. Because my system, unlike the one from the Stack Exchange link or the one described elsewhere in the thread using an ID card, relies on a per-site untraceable request to the government, the government would be able to detect if one user is making a suspicious number of requests. It's reasonable for one person to make tens of requests, maybe even low hundreds over the course of a lifetime. It's not reasonable to be making hundreds or more in a day. They wouldn't know which sites are being accessed with it, or even what accounts on those sites. But they could set rate limits to prevent one person creating too many accounts for others, and potentially threaten legal action against them for doing so.

That threat of legal action is part of the same thing that prevents children from being able to go up to a random adult, handing them a $50 note, and asking for $20 worth of alcohol in exchange. You're not going to be able to prevent it on a smaller scale, but you can definitely prevent a small handful of people being able to age verify on behalf of thousands of children.

An additional protection could be added depending on how the age verification works. If she verification is "upload a scan of your photo ID", then yeah, mass verification becomes possible. But if each verification requires you to hold up your photo ID next to your face, speak a specific phrase aloud (with automated lip reading attempting a rough lip flap match), nod your head, write a specific phrase on a piece of paper, and more, all in randomised orders, it becomes a much bigger burden for someone to provide for others.

I'm certainly not advocating this. The level of burden for legitimate users would be too high to consider it reasonable. But it would be possible. Something like this has been used in the past for things like EV code signing certificates, where a larger burden is relatively more reasonable.

6d ago

Modern API tools

Jump

Zagorath @aussie.zone 6d ago

What's the reference here?

6d ago

US state laws push age checks into the operating system

Jump

Zagorath @aussie.zone 6d ago

Honestly, that is how I would prefer it be done. But it isn't what OP asked for.

It would have to be set at an operating system level, with the OS providing an API for the browser to use, while the os itself restricts installation of unapproved apps (and to work, installation of apps would have to use an allow-list or a similar age-tagging system, where any app that includes general web access has to be 18+ unless it also implements age-gating correctly).

But yes, this would be the best system. Parental controls have never been very successful in the past, but I think part of the reason for this is that they've never been properly supported up and down the stack. The government should mandate that it is supported the whole way, so that parents really have the tools they need to enforce parental controls.

Edit: I thought this was a comment in another thread. My reply here only makes sense in that context.

6d ago

Is private age verification technically possible and if so how?

Jump

Zagorath @aussie.zone 6d ago

It would also reveal to the government that the user was accessing 18+ content

Yes, I did mention that. Although ironically, Australia's social media minimum age law, and other similar laws being considered around the world, would actually increase privacy in this respect. The government could have separate keys for each age of legal significance (16 and 18, in Australia) and sign with the appropriate one (either the highest the user meets, or all the user meets—the latter would give the site less information about the user's and).

I don't believe it is technically possible to get around the example you shared there. Even in the real world, it's not dissimilar to a child asking an adult to buy alcohol for them.

7d ago

Modern API tools

Jump

Zagorath @aussie.zone 7d ago

Insomnia > Postman.

I switched to Insomnia around 2021 when Postman started enshittifying and found I liked it a lot more. Insomnia has also been relatively enshittified unfortunately, but it feels like it's to a lesser extent.

7d ago

Is private age verification technically possible and if so how?

Jump

Zagorath @aussie.zone 7d ago

Here's one good answer: https://crypto.stackexchange.com/a/96283

It has the downside of requiring a physical device like a passport or some specific trusted long-running locally-kept identity store held by the user. But it's otherwise very good.

Another option does not require anything extra be kept by the user, but does slightly compromise privacy. The Government will not be able to track each time the user tries to access age-gated content, or even know what sources of age-gated content are being accessed, but they will know how many different sites the user has requested access to. It works like this:

The user creates or logs in to an account on the age-gated site.
The site creates a token T that can uniquely identify that user.
That token is then blinded B(T). Nobody who receives B(T) can learn anything about the user.
The user takes the token to the government age verification service (AVS).
The user presents the AVS with B(T) and whatever evidence is needed to verify age.
The AVS checks if the person should be verified. If not, we can end the flow here. If so, move on.
The AVS signs the blinded token using a trusted AVS certificate, S(B(T)) and returns it to the user.
The user returns the token to the site.
The site unblinds the token and obtains S(T). This allows them to see that it is the same token T representing the user, and to know that it was signed by the AVS, indicating that the user is of age.
The site marks in their database that the user has been age verified. On future visits to that site, the user can just log in as normal, no need to re-verify.

All of the moving around of the token can be automated by the browser/app, if it's designed to be able to do that. Unfortunately a typical OAuth-style redirect system probably would not work (someone with more knowledge please correct me), because it would expose to the AVS what site the token is being generated for. So the behaviour would need to be created bespoke. Or a user could have a file downloaded and be asked to share it manually.

There's also a potential exposure of information due to timing. If site X has a user begin the age verification flow at 8:01, and the AVS receives a request at 8:02, and the site receives a return response with a signed token at 8:05, then the government can, with a subpoena (or the consent of site X) work out that the user who started it at 8:01 and return at 8:05 is probably the same person who started verifying themselves at 8:02. Or at least narrow it down considerably. Making the redirect process manual would give the user the option to delay that, if they wanted even more privacy.

The site would probably want to store the unblinded, signed token, as long-term proof that they have indeed verified the user's age with the AVS. A subsequent subpoena would not give the Government any information they could not have obtained from a subpoena in an un-age-verified system, assuming the token does not include a timestamp.