> so the trivial solution here is: give out anonymous time-limited tokens from the gov site, with no logging. Essentially a signed timestamp + random number
The trivial workaround is for people to create ad supported websites to hand out those tokens.
If there’s no logging then they can’t determine who’s abusing it or if they’ve even generated a different token recently, so people can generate and hand out all the tokens they want.
So then the goalposts move again, and now there’s some logging in this hypothetical solution to prevent abuse, but of course this means we’ve arrived at the situation where accessing any website first requires everyone to do a nice little logged handshake with the government to determine if they have permission. What could go wrong?
The real workaround is for people (including kids) to buy themselves a VPN subscription for a couple bucks per month and leave all of this behind while the old people are letting jumping through hoops.
The proposal is for SIGNED tokens i.e. only the govt can issue them, and you need a govt issued ID to generate them. The latter mechanism allows rate limiting. This fixes the problem you outline.
The trivial workaround is for people to create ad supported websites to hand out those tokens.
If there’s no logging then they can’t determine who’s abusing it or if they’ve even generated a different token recently, so people can generate and hand out all the tokens they want.
So then the goalposts move again, and now there’s some logging in this hypothetical solution to prevent abuse, but of course this means we’ve arrived at the situation where accessing any website first requires everyone to do a nice little logged handshake with the government to determine if they have permission. What could go wrong?
The real workaround is for people (including kids) to buy themselves a VPN subscription for a couple bucks per month and leave all of this behind while the old people are letting jumping through hoops.