Solutions based on zero-knowledge-proofs would solve the privacy aspect at the massive cost of killing general purpose computing as we know it today, by mandating the use of remote device attestation (as that is the only way to guarantee an otherwise fully anonymous token is not being sniffed and passed onto someone else). That would be in my opinion significantly more dystopian than every service having a copy of my ID, as it would lay the groundwork for corporations and governments to be able to dictate what you can and cannot do exactly with any internet-connected device.
It's not hard for instance to imagine that once every computing device available to the general public is locked down and cannot be jailbroken without also losing the ability to log into any online service, a law would be introduced requiring client-side scanning of all files to check for CSAM, evidence of political dissent or even just plain old movie piracy. The technology to implement this exists (see what Apple tried to do a few years ago) and the exact same legislation is currently being pushed in the 3D printing space, so these fears are not unfounded.
In the farthest along systems, such as the one the EU has been working on for a few years and is now field testing, you only need to have one secure device to store your digital ID, which in the first version will be a smart phone. If you want to use a site that requires proof of age from some other device like a desktop computer or a public computer in a library you can do the age verification on your phone.
I'm not an expert in this area, but I thought blockchain and things like zk-SNARKs solved this.
I agree that if remote device attestation comes bundled in, it's worse overall.
But are we just SOL then? How long before Cloudflare integrates, and then ISPs? What is left of the internet? Are we all going to run pirate LoRa nodes and other such things to get some free (as in freedom) internet?
> Are we all going to run pirate LoRa nodes and other such things to get some free (as in freedom) internet?
I will, if it comes down to it. I wouldn’t love to return to the 1980s with pirate BBSes and floppynet, but I already lived through it and survived. There would be a certain romance to it, like old hacker movies, maybe it would even make cyberpunk cool again.
(To be clear, it would still suck and we should fight this. But even if we lose a battle, the war is eternal.)
The even worse part about PayPal is that they have a whole system of nonsensical fees to fall back to when you inevitably figure out how to evade the obvious ones. For instance, sidestepping their dynamic currency conversion by temporarily changing which currency they bill on your card (which by the way is rate limited to only a few times per month) will result in another "non-foreign transaction but with recipient in foreign country" fee appearing, covering the inherent costs of converting German US dollars to American US dollars or whatever. They will at least hide the fee from you for business transactions, but the merchant still has to pay it.
That’s 100% a US problem. Never had this issue in the EU, PayPal etc are obligated to offer the option to “just bill in transaction currency and let the card issuer handle conversion etc” without fees.
A similar, even higher profile case that shook the electronics industry around a decade ago was chip manufacturer FTDI releasing an update to their drivers that would detect and semi-permanently brick clones of FTDI USB serial bridge chips [1]. The bricking was performed by setting the USB product ID to zero, preventing Windows and macOS from detecting the device at all; the Linux drivers quickly got updated to recognize the new PID, allowing for the development of unbricking tools. Somewhat ironically, the detection relied on errata of the original parts that the clones fixed [2].
The backlash to this measure was massive, as many legitimate products turned out to use counterfeit FTDI parts without the manufacturers' awareness due to unreliable supply chains. Microsoft quickly pulled the update but FTDI seemed not to care for the most part, eventually releasing another similar update a couple of years later that would deliberately corrupt all data sent through clone chips.
Plenty of low-volume industrial software has never really moved on from security dongles. Most modern arcade games for instance still rely on a USB dongle to decrypt game files [1], though nowadays they typically also come with an additional layer of TPM-backed encryption as well as always online DRM (many of them are region locked and operate on a revenue share contract, where the owner has to pay a per-play fee to the game manufacturer).
These measures typically work well against piracy in the markets the game is officially distributed in (mainly Japan), but end up being cracked anyway once the game is popular enough that foreign arcades and private owners start importing older decommissioned cabinets and create demand for a way to get them running again without depending on the manufacturer's servers.
Bayer dithering was also employed heavily on the original PlayStation. The PS1's GPU was capable of Gouraud shading with 24-bit color precision, but the limited capacity (1 MB) and bandwidth of VRAM made it preferable to use 16-bit framebuffers and textures. In an attempt to make the resulting color bands less noticeable, Sony thus added the ability to dither pixels written to the framebuffer on-the-fly using a 4x4 Bayer matrix hardcoded in the GPU [1]. On a period-accurate CRT TV using a cheap composite video cable, the picture would get blurred enough to hide away the dithering artifacts; obviously an emulator or a modern LCD TV will quickly reveal them, resulting in a distinct grainy look that is often replicated in modern "PS1-style" indie games.
Interestingly enough, despite the GPU being completely incapable of "true" 24-bit rendering, Sony decided to ship the PS1 with a 24-bit video DAC and the ability to display 24-bit framebuffers regardless. This ended up being used mainly for title screens and video playback, as the PS1's hardware MJPEG decoder retained support for 24-bit output.
While great on paper, zero-knowledge-proof based systems unfortunately have a fatal flaw. Due to the fully anonymous nature of verification tokens, implementations must have safeguards in place to prevent users from intercepting them and passing them onto someone else; in practice, this will likely be accomplished by making both the authenticator and the target service mobile apps that rely on device integrity APIs. This would ultimately result in the same accessibility issues that currently plague the banking industry, where it is no longer possible to own a bank account in most countries without an unmodified, up-to-date phone and an Apple or Google account that did not get banned for redeeming a gift card.
Furthermore, if implementers are going to be required to verify users per-session rather than only once during signup, such a measure would end up killing desktop Linux (if not desktop PCs as a whole) by making it impossible for any non-locked-down platform to access the vast majority of the web.
I'm unsure how applicable these risks are here. The proofs appear to be bound to the app, which in turn is bound to the user's face/fingerprint (required to unlock it).
If we truly want to point out the ridiculousness of Italian tech regulations, the influencers' registry, the temporary ChatGPT ban from a few years back or even the new AI regulations cannot hold a candle to the 22-year-old war on... arcade games.
A poorly written regulation from 2003 basically lumped together all gaming machines in a public setting with gambling, resulting in extremely onerous source code and server auditing requirements for any arcade cabinet connected to the internet (the law even goes as far as to specify that the code shall be delivered on CD-ROMs and compile on specific outdated Windows versions) as well as other certification burdens for new offline games and conversions of existing machines. Every Italian arcade has remained more or less frozen in time ever since, with the occasional addition of games modded to state on the title screen that they are a completely different cabinet (such as the infamous "Dance Dance Revolution NAOMI Universal") in an attempt to get around the certification requirements.
I guess they were inspired by a very similar law in Greece from 2002[0] where in an attempt to outlaw illegal gambling done in arcades a poorly written law outlawed all games (the article mentions it was in was in public places but IIRC the law was for both public and private and the government pinky promised that they'll only act on public places). I remember reading that some internet cafes were raided by the police too :-P.
Not the OP, but I tried it when it came out. VR headset technology wasn't good enough for screens within screens and it was nauseating more than anything.
There's also impedance mismatch between using the headset controllers and the physical ones in the game. Ideally, I should be able to use my own fightstick in an augmented reality configuration.
The quest 3 is good enough and the Galaxy XR is incredibly high resolution. But it isn't a really ideal way to play arcade ROMs for long term but just to enjoy the nostalgia.
I got it for $75 a month for two years. Visual clarity is incredible and monitor replacement level but comfort is meh so I bought studioform creative head strap which helped a lot. You can use Virtual Desktop to connect to any computer easily.
I'm a sysadmin so I bought it to see if it would work when I want to ssh into systems I'm physically near in racks. It has worked really well for this.
Custom Flash players were actually relatively common in game development during the mid to late 2000s, as Flash provided a ready-to-go authoring solution for UI and 2D animation that artists were already familiar with. Autodesk's Scaleform was probably the most popular implementation but a number of AAA developers had their own in-house libraries similar to Doom 3's; some of them, such as Konami's "AFP" [1], are still in use to this day (the latest game to use it, Sound Voltex Nabla, was released last month).
It is actually much worse than that. Much like banking, the push for digital government services in many countries has ended up more or less requiring every citizen to own an up-to-date, non-jailbroken iOS or Android device. If you blocked your phone from accessing Apple or Google servers (or if it's 6 years old, a dumb phone or runs GrapheneOS), the support staff will just tell you to walk to your closest Best Buy equivalent and grab the cheapest Android device you can find; in the name of "security" there often is no fallback option, and when there is one it's SMS 2FA which is (understandably) rate limited to three uses per year.
If your phone gets stolen, meanwhile, you may find yourself unable to log into the police's portal for reporting it.
It has been enabled mainly by the the advent of streamlined tooling to assist with 1:1 byte-by-byte matching decompilations (https://decomp.me/ comes to mind), which allows new projects to get off the ground right away without having to reinvent basic infrastructure for disassembling, recompiling and matching code against the original binary first. The growth of decompilation communities and the introduction of "porting layers" that mimic console SDK APIs but emulate the underlying hardware have also played a role, though porting decompiled code to a modern platform remains very far from trivial.
That said, there is an argument to be made against matching decompilations: while their nature guarantees that they will replicate the exact behavior of the original code, getting them to match often involves fighting the entropy of a 20-to-30-year-old proprietary toolchain, hacks of the "add an empty asm() block exactly here" variety and in some cases fuzzing or even decompiling the compiler itself to better understand how e.g. the linking order is determined. This can be a huge amount of effort that in many cases would be better spent further cleaning up, optimizing and/or documenting the code, particularly if the end goal is to port the game to other platforms.
It's not hard for instance to imagine that once every computing device available to the general public is locked down and cannot be jailbroken without also losing the ability to log into any online service, a law would be introduced requiring client-side scanning of all files to check for CSAM, evidence of political dissent or even just plain old movie piracy. The technology to implement this exists (see what Apple tried to do a few years ago) and the exact same legislation is currently being pushed in the 3D printing space, so these fears are not unfounded.