Impressive!

Aah, ISP’s NAT. Yes, in that context, it’s correct that you can’t port forward.

Perhaps you can STUN through, but unlikely to get a good port.

Port forwarding was invented for exactly that

1. Port forwarding
2. Yes, and there’s services that do that for you

Static IP is helpfull but not necessary. Even with NAT and a changeing IP there’s options, such as:

1. dynamic dns.
2. Public reverse proxy or tunnel.
3. Onion routing.

Quick, but sadly incorrect

It makes things easier, but you have options, such as:

1. dynamic dns.
2. Public reverse proxy or tunnel.
3. Onion routing.

Debian LTS with unattended upgrades is my go-to

which one could recommend that tech illiterate family member.

I’ve given up as their thinking is so fundamentally different, and they refuse to meet even one inch towards the middle :-)

They ask for ID card indeed, making it super easy to just make a copy. On top of that, your payment details are stored. You’re on camera. Etc.

Super easy to automate deanonymization. (1).

The confusing diversity of all the options is just not helping the wider public.

Agreed that that’s the case, but don’t quite agree that that’s a problem

My first thought as well :)

Maybe you might like syncthing

So yes, they get your identity, then promise to forget it.

That’s a worst of both worlds proposal: it makes it trivial to deanonymise people, and it doesn’t solve the replay attacks.

I gave an example in the previous post how the identity of the user could be hidden from the service.

In both your examples the government service has your full identity, then pinky promises to forget it.

Unless I’m misunderstanding something?

It would be a lot easier to get that information from the ISP.

Not quite the same, as IP addresses are shared through NAT, VPNs exist, etc. With the proposed legislation it is illegal for website operators to deliver content to known VPN ips, as they cannot confirm that the end user isn’t a EU subject.

is being vouched for by some government-approved service.

The reverse is also a necessity: the government approved service should not be allowed to know who and for what a proof of age is requested.

And because the service has to be in the EU, government-certified with regular inspections, that’s safe enough

Of course not: both intentional and unintentional leaking of this information already happens, regularly. That information should simply not be captured, at all!

Additionally, what happens to, for example, the people in Hungary(*)? If the middle man government service knows when and who is requesting proof-of-age, it’s easy to de-anonymise for example users of gay porn sites.

The 3rd party solution, as you present it, sounds terribly dangerous!

(*) Hungary as a contemporary example of a near despot leader, but more will pop up in EU over the coming years.

deleted by creator

I must not be explaining myself well.

both are supposed to receive information about the user’s age

Yes, that’s the point. They should be receiving information about age, and age only. Therefore they lack the information to detect reuse.

If they are able to detect reuse, they receive more (and personal identifying) information. Which shouldn’t be the case.

The only known way to include a nonce, without releasing identifying information to the 3rd parties, is using a DRM like chip. This results in the sovereignty and trust issues I referred to earlier.

Jekyll

from a single user

Neither 2 nor 3 should receive information about the identity of the user, making it difficult to count the volume of requests by user?