I am a human least likely to be impacted by pornography legislation, and the new US porn ID checks are stupid, ineffective, and dangerous to cyber security and privacy. A big database of ID info is always a target, and socially engineering people to install malicious evasive tools is way too easy.
Conversation
Notices
-
Embed this notice
Lesley Carhart :unverified: (hacks4pancakes@infosec.exchange)'s status on Thursday, 02-Jan-2025 11:14:12 JST 
Lesley Carhart :unverified:
- Alexandre Oliva likes this.
- Rich Felker repeated this.
-
Embed this notice
Lesley Carhart :unverified: (hacks4pancakes@infosec.exchange)'s status on Thursday, 02-Jan-2025 13:06:41 JST
Lesley Carhart :unverified:
Anyone who’s worked in a SOC can tell you how many people use their work computers for porn while traveling to those states…
Rich Felker repeated this. -
Embed this notice
Mike Enos (mike_enos@mastodon.online)'s status on Thursday, 02-Jan-2025 13:06:51 JST 
Mike Enos
@hacks4pancakes I remember being shocked how many military people used .mil email for Ashley Madison.
Rich Felker repeated this. -
Embed this notice
cR0w :cascadia: (cr0w@infosec.exchange)'s status on Thursday, 02-Jan-2025 13:06:53 JST 
cR0w :cascadia:
@Mike_Enos @hacks4pancakes Ashley Madison was my final "Well, I guess literally no one gives a fuck" moment. It's when I shifted from caring about the immediately impacted individuals to the downstream impacts only.
-
Embed this notice
LeighC2 (leighc2@mastodon.social)'s status on Thursday, 02-Jan-2025 13:11:38 JST 
LeighC2
@hacks4pancakes you never really know someone until you’ve read their browser history. Then be prepared to never look at them the same way again.
Rich Felker repeated this. -
Embed this notice
Lesley Carhart :unverified: (hacks4pancakes@infosec.exchange)'s status on Thursday, 02-Jan-2025 13:11:38 JST
Lesley Carhart :unverified:
@leighc2 I think that's even more, "you don't know the state of humanity, until you see a lot of browser histories..."
-
Embed this notice
j_angliss (j_angliss@fosstodon.org)'s status on Thursday, 02-Jan-2025 13:12:48 JST 
j_angliss
@hacks4pancakes I think what a lot of folks miss from the news is that pornhub hasn't been banned from various states, but those states have mandated age verification. Pornhub has decided that the execution of such to meet policies is dumb and insecure, so it essentially blocks people from those states so it doesn't have to follow those badly implemented rules.
They [hub] have stood for privacy and security in how the verifications work, which is good. More news websites need make this clear.
-
Embed this notice
jay_chi (jay_chi@mastodon.social)'s status on Thursday, 02-Jan-2025 13:13:28 JST 
jay_chi
@hacks4pancakes can you please tell my employer "a big database of id info is always a target"?
(as they outsource every HR function to dinky 30-employee PE-owned companies with techs in China)
-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Thursday, 02-Jan-2025 13:15:22 JST 
Rich Felker
@hacks4pancakes @ferrix Too many people think "lol that'd be embarrassing for those dumb fucks" and not enough think "extremely elevated success rate honey traps" against ppl in power leading to us all getting fucked over.
Alexandre Oliva likes this. -
Embed this notice
Greg Bell (ferrix@mastodon.online)'s status on Thursday, 02-Jan-2025 13:15:23 JST 
Greg Bell
@hacks4pancakes could they just publish the database to all hackers immediately, buy everyone 3 years of placebo credit monitoring and save us the trouble of waiting?
-
Embed this notice
Lesley Carhart :unverified: (hacks4pancakes@infosec.exchange)'s status on Thursday, 02-Jan-2025 13:15:23 JST
Lesley Carhart :unverified:
@ferrix I want the list of pormhub ids attached to viewing habits please
-
Embed this notice
Eleanor Saitta (dymaxion@infosec.exchange)'s status on Friday, 03-Jan-2025 18:51:59 JST 
Eleanor Saitta
@hacks4pancakes So, the way I'd guess they would like this to play out:
1. Successful state porn ID requirements are a model for a federal requirement passed later this month.
2. The federal requirement is a global requirement on US companies, meaning that if you want to host porn, you can't have a US company in the stack.
3. The definition of porn is expanded to include all material that discussed queer and trans people, probably in stages, as well as abortion, contraception, and general reproductive health, at a minimum.
4. It's made clear that the same standard must be met for personal and non-commercial sites, including offline and paper storage, providing an easy avenue for targeted prosecution, especially of queer folks with kids.
5. A requirement is added that all logs must be forwarded to the government for compliance checks, which then provides reasonable for device searches during any other routine interactions with authority, like traffic stops and border crossings.
6. The definition of obscenity (which is what this is — bringing back Comstock is a stated goal) is expanded to include seditious materials, aka left-of-center political material, "critical theory", "DEI", etc., again with the onus placed on companies to positively prove they are not hosting it illegally — again, globally, regardless if the content is legal in the country the company operates in.
It's another looming disaster even if the database is never breached and malware groups never take advantage of it (which they will, obviously).
Alexandre Oliva likes this.Rich Felker repeated this. -
Embed this notice
Eleanor Saitta (dymaxion@infosec.exchange)'s status on Friday, 03-Jan-2025 19:12:57 JST
Eleanor Saitta
Oh, and obvs this is just fallout from this set of laws. There will be other pushes, too — one I'm particularly worried about, once a standard for obscenity is set, is the destruction of paper archives of queer and trans history (many of which are not digitized), and attacks on US-held digital archives. They mean to erase queer and trans culture by whatever means are necessary, and erasing history is a critical component of that. This has happened before, and it must not happen again.
Alexandre Oliva likes this.
All GNU social JP content and data are available under the