Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Whether that solves it just depends on who you're worried about having your data. Something like OpenID would keep your identifying data away from PornHub but it would allow the OpenID provider know when you visit PornHub.

For PornHub that also gives other companies, the OpenID providers, the power to censor PornHub but refusing to verify age or identity.



I dare say this would actually be even more harmful than Pornhub holding people's IDs, as it would then give OpenID immense power to track not only the fact that you watch porn, but also what other services you use as well...


That's my main gripe with OAuth and SSO logins. It's such an obvious tradeoff between convenience and centralizing power.

I don't really want GitHub knowing everything I sign into, but in some cases like Tailscale my only option is to tell GitHub about it or not use Tailscale.


Verifiable Credentials can be used in place of OpenID to allow a user to make verifiable attestations about themselves without the authority having to be present.

It would still have many of the same flaws as OpenID, but at least you accessing a site wouldnt notify the authority.


Ibwas actually trying to find the specific protocol uses for eIDs in Europe and couldn't find much beyond a high level "its secure and private".

Maybe " verifiable credentials" is the keyword I was missing. Thanks!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: