We can't do that yet, and may never be able to be that specific. Trying to do it, however, could be exceedingly dangerous.

N.B.: All bacteria and viruses have a very high mutation rate.

Yeah, I mean thats the thing AI will crack it if it has enough training data.

To be fair, its not open id but a different corporate identity that Sam Altman is also running that is behind it. So like open ai, but much much much much scummier.

> I'm talking about load shifting, you're talking about base load and frequency maintenance.

And I'm saying you cannot effectively do load shifting without storage. Renewables tend to peak mid-day, especially solar, and the ability to soak up that surplus energy is dependent on actually having loads that can be dispatched at that time. We're talking about domestic energy use which is not very flexible; Okay great you can do your laundry with cheap solar electricity at 10AM but that's not helpful if you're not home at 10AM. There's very little a typical homeowner can do here unless they've invested in additional equipment. Storage batteries and water heaters are the most obvious choices and are easily scheduled to take advantage of electricity rates. Taking a half day off work to do all your household chores is a bit less practical.

> If I can shift enough of the load away from 7pm, then I don't have to turn on a coal plant in anticipation of base load need at 7pm.

That's exactly not how coal power works, and that's actually the core problem. You can't turn a coal plant on and off on a whim; it can take north of a full day to get one of those things started. This means you can't afford to turn off a coal plant from 10AM to 3PM when renewables are peaking because you won't be able to turn it back on in time for the 4PM peak demand. The coal plant stays on, and now you have to soak up the surplus energy to avoid blowing up the grid. In case you missed it, this is *exactly* the reasoning discussed in the article.

This is not about saving you, the consumer, money. If electricity is expensive to buy then that cost gets passed on to you. The only economic factor at play is the cost of curtailing renewables - curtailment also costs money and those costs CANNOT be passed on to the consumer. Utilities want to avoid curtailment and would rather give electricity away for free than absorb those costs. This point is, again, in the article.
=Smidge=

The spec contradicts itself in various places, with sections saying that the app interacts with the attestation provider only once and that the attestation cannot be reissued, and other sections implying that the attestation gets reissued every three months and that the tokens are single-use.

It also isn't clear about whether they are actually using 18013-5 or are just requiring companies to implement a few tiny fragments of the spec.

I was left more confused after reading the spec than I was before.

Looks like I spoke too soon. The specification massively contradicts itself. 3.4.2 requires reissuance every three months, and requires that it issue 30 attestations at a time, and that they be single-use.

That part is architecturally correct, though allowing access to only 30 adult sites per three months is dubious. And if getting a new proof requires a new request at some point, then it becomes possible for the trusted list provider, conspiring with the proof of attestation provider, to cross-correlate the timing of requests and unmask a user with high probability.

And then, there's this:

So you still have a value that is potentially usable for tracking across multiple websites. It's just a timestamp. I'm not sure if I'm reading what they're saying correctly. If they mean all 30 in a batch have the same value, this is a disaster. If they mean always set the value to 00:00:00 so you get only one day of precision, that's better than nothing, but when the request comes from an area with low population density, it is still potentially inadequate for anonymization.

I can't make heads or tails of this specification. It contradicts itself in too many places, and it buries you in minutia while lacking a clear overview. It's the kind of spec only a bureaucrat could love, because it is perfect for verifying compliance, but makes it nearly impossible to quickly verify that the spec makes sense. It lacks a section on threat models and how it addresses those threats, which is the first thing I'd expect to see.

At this point, I have no idea whether this protects privacy or not. And that's perhaps more disturbing.

It is possible, in theory. But calling this "completely anonymous" is hopelessly naïve, IMO, unless I'm missing something *huge*.

Announcing that this is "technically complete" is laughable. I have not seen a single public white paper on the subject. We should have seen years of back and forth between academics, crypto experts, operational security experts, privacy experts, and other groups, as they all tear apart the design over and over again until it is refined into something that actually provides the claimed anonymity.

The lack of this public discourse leads me to the inevitable conclusion that it almost certainly provides the illusion of protecting privacy, while in fact massively violating it to a greater degree than ever before.

And sure enough, I started skimming the technical specification, skipped the whole first section, which was mostly justification, and almost immediately found a fatal flaw.

Unless I'm missing something, this is a show-stopper, and points to the entire architecture being fundamentally unusable:

What this means is that a user gets a magic token that proves that the person is of a particular age, then submits that token to sites for verification. Here's a list of problems with that approach:

• The same attestation is sent to every site. So the fingerprint of that certificate becomes the *ULTIMATE* tracking cookie. Every adult website will effectively know who you are. They won't know precisely who you are, but they will be able to correlate activity across sites, target ads to your specific behavior across multiple sites, etc.
• It is impossible to regenerate that token, so once your privacy has been thoroughly raped and random websites are showing you adds for hardcore porn, you can never turn it off.
• As soon as you pay for anything with any of those adult sites, your identity is now known, and can be correlated with your activity across all adult sites.

Using the words "privacy rape" to describe this technology is not nearly a strong enough statement, but it is the strongest phrasing I could come up with.

Protects anonymity, my ass.

About the only good thing that can be said about this is that because they didn't specify minimum requirements for storage protection, chances are it will get hacked in the first week, and a few adult users' attestations will show up on the dark web and will get used by a few million underage users' devices, making it useless as proof of age, and hopefully resulting in the folks who thought this approach was adequate quickly shutting it down.

Like I said, give us a public comment process, articles published in multiple reputable journals, etc. and in five to ten years, this will be ready. It's not ready. It's not close. It's not even in the right ballpark.

For this to be completely anonymous, it must not be possible for a government actor with control over infrastructure to perform timing attacks on anonymity, e.g. user requests auth token from government, government knows who that user is, government sees unencrypted DNS request to porn side ten seconds earlier, correlates the requests.

Doing this correctly is genuinely really, really hard. You need:

• A different token sent to every site, with no common data that can correlate accesses across multiple sites.
• No ability to correlate the timing of the user's request for proof and the timing of a user connecting to a website.
• No ability to correlate the timing of the user's request for proof and the timing of a verification request from a website to the verifying authority.

This starts by the verification authorities outsourcing the verification to the "RP" (relying party). Public keys used to verify the signature. That way, the government entity doing verification does not have any record of verifications to correlate with requests.

This continues with the client queueing up a thousand or so pre-signed certs from the signing authority, and requesting replacement certs on a time-based schedule (once per day, with randomization of the replacement rate, with the client silently discarding excess certs so that you maintain a consistent pool size).

This is a starting point. I'm not saying that these things are sufficient, just that they are necessary.

They may not be, but you can bet that SOMEONE is.

Not exactly. Electricity must be consumed at the same time it's generated, and the stability of the grid hinges on supply and demand being balanced. Load shifting requires storage, which there isn't enough of, so using electricity now usually does not help much to avoid using electricity later unless you have some form of storage (e.g batteries, thermal storage tanks)

That's happening is you have inflexible electricity sources - your so-called "base load generators" - that cannot be throttled down, and renewable power that is very "use it or lose it" since they cannot be dispatched on demand, resulting in a surplus of generation. Wholesale electricity prices go down because supply exceeds demand, and continues into negative wholesale prices because you cannot tolerate a surplus of generation without destabilizing the grid.

So yes it's about "using power when it's there" but it has nothing to do with "not using it when an expensive plant would have to be turned on." It has to do with the fact that you can't turn some plants off and they need to encourage extra usage during times of glut to avoid crashing the whole system. Operators have no problem with people using "expensive" electricity 'cause they're gonna pass those costs on to you anyway.
=Smidge=

Over evolutionary time, starvation was a major killer. It may be rare today (comparatively), but it used to be a real threat. Even today it's not insignificant. And it directly selects for the ability to eat whatever's available.

I think it's more "environmentally induced epigenetic modifications", which *are* a real thing, and sometimes can be inherited...but I don't think inheritance is needed for this argument, as the environment has kept chaning in the same direction. I.e. more fine muscle movement in the upper body, less massive physical effort.

Yep, Trump’s judges will likely just do the same thing they did with Kalshi. They could even use the same argument for all these; “This isn’t obvious thing explicitly supposed to be governed by the state it’s market swap trading”.

Hopefully we can correct this with the midterms ...

I've said it elsewhere but...

At least one electricity company in the UK (Octopus) is already doing this.

Last year I had about a dozen "fill your boots" sessions from them, where they tell you a timeframe and in that timeframe not only is all electricity "free" (they only charge you for what you would have normally used in that period, any extra is free) but they enter you into prize draws, etc. for participating.

I used them to not only do all my chores, heating, cooling, cook dinner, etc. but also to fill my solar battery bank from the grid (which I then used to reduce my grid usage over the next few days). In fact, that's how I discovered what the maximum draw I can pull through my main consumer unit is before the main RCD trips.

I even did things like charged up all my cordless tool batteries and the like too.

This isn't new, but making it "official" and widening it to all electricity suppliers is just obvious.

I don't know what the electricity companies will think about it, because they seem to be largely profit-making worthless privatised entities, and asking them to help people reduce usage of their own product is nonsensical (I remember schemes were the water companies were supposed to encourage less water use, this involved sending you useless tat to drip-feed your plants and suchlike, and similarly for electricity companies, which involved sending you a free lightbulb).

But I suppose with the right incentive (e.g. penalising low usage or offsetting the extra usage against their later energy purchases, etc.) it might prompt them to take up the scheme too.

It's largely irrelevant, long-term, though, because as far as I'm concerned energy production is not democratised. I myself intend to be utility-independent by retirement, and electricity was the first and easiest to achieve, and I'm way ahead of schedule there.

>"Either you made an unfortunate typo or you support melting children down into soap and petrochemicals :-)"

LOL! Yes, I meant "rearing", not "rendering"!

It depends on how you define the term. I tend to consider any choice an act of reasoning (including a simple if test). I know that most people have a different definition, but I can rarely get them to define what they mean by the term. I tend to suspect it's an "I know it when I see it" kind of thing.