> So as I've mentioned elsewhere, that depends on how much of a stickler we insist on being.
This is an argument about a crypto algorithm. If you somehow fix the mathematical problems I'll start checking how it behaves under ddos conditions and you best have a good answer. And I'm an amateur. With your attitude, I'd strongly advise against mailing the openbsd lists.
> Criminals in foreign countries could do it with stolen credentials, and they'd only need one. But our teenagers would have to pay a foreign company for the service, and ...
Indeed. You see the problem.
So now you're moving to making the system insecure (and obviously insecure). That was also not acceptable ...
You can have the system be:
* anonymous, but guaranteed to be insecure
* secure (or at least, as long as you get to use the police to go after "criminals"), but not anonymous
> If we want to lock things down harder we could go with criminal penalties for intentionally sharing your credentials, which I do not support, but would still be better than pervasive surveillance of everything we do online.
The only way to do this would be regular and surprise offline inspections of every device. Aside from being extremely impractical to do, it would also be much worse than online surveillance.
I'm not sure what my "attitude" is but I'm being pragmatic. This is not a binary situation, where it's either perfectly secure or useless. If our society is not willing to do what you and I prefer and leave things entirely open, then perhaps it's good enough to make things more difficult for teens to access, rather than accept pervasive surveillance to make it impossible. If people think it will improve society enough if most teens stay off certain sites, then we can do that and maintain anonymity.
I'll note that you skipped over my point that even with a "perfect" system, teens could still pay foreign porn sites etc directly. And that using a proxy would require installing an untrusted app on the phone, which would be relatively easy for parents to monitor and could be prevented entirely on iPhone. And that we can probably fix proxies with secure hardware anyway.
And no, the police idea that I do not support would not require surprise inspections. It just requires careless teenagers to occasionally reveal their identities online, with enough evidence to convince a judge to issue a warrant. It's dumb to make a federal case out of this, but not as dumb as losing all privacy and anonymity online. And, as I mentioned, this is not something actually required to make the idea workable.
I'm not going to keep repeating myself so I think I'm done here unless you have a point I haven't addressed in previous comments.