That makes this fight so annoying, we have to fight age identification, while at the same time also promoting privacy-preserving age verification for the case it happens anyway.
Quoting an older post...
> In a benevolent dictatorship, sure, go for a zero-knowledge proof verification as your solution. In the reality of democracy, where politicians are corporate puppets who cloak surveillance laws in "think of the children" to rally support from the masses, we need to convince people to see through the lie and reject the proposals outright while reassuring them that they can protect the children themselves via parental controls. You will never be able to sufficiently inform 50.1% of the population of any country of what zero-knowledge proof even means, let alone convince them to support age verification laws but strictly conditional on ZKP requirements. That level of nuance is far too much to ask of millions of people who are not technically-informed, and idealism needs to give way to pragmatism if we wish to avoid the worst-case scenario.
I do not (completely) agree with this. This seems like the very typical US-centric view of politics. A lot of members of the European Parliament are not corporate puppets and have ideals (even if they often do not align with mine). Why would the EU come with a ZKP-based verification reference app if they were sock puppets? The corporate sock-puppet politician would just push the narrative that age verification should be left to the market (which is probably what happens in the US, where most politicians are sock-puppets due campaign sponsoring, etc.).
You will never be able to sufficiently inform 50.1% of the population of any country of what zero-knowledge proof even means, let alone convince them to support age verification laws but strictly conditional on ZKP requirements.
We do not have to convince the population. We have to convince regulators and if it becomes necessary the EU/national-level courts that handle human rights violations.
Also, in the case of the EU, they made a reference implementation of ZKP age verification and asked national governments to roll this out in their apps. One of the large issues though is that the reference implementation relies on Google Play Integrity for device attestation (+ the iOS counterpart), so if national software development agencies use the reference implementation as-is, it shuts out competing systems. They should have used AOSP device attestation, which is also supported by GrapheneOS, etc. So, besides protesting age verification, I'm trying to get the message to politicians that how device attestation is done in the reference implementation is an issue. The thing that might help here is that sovereignty is also high on the agenda.
No, they shouldn't have used any attestation. If they are using sound cryptosystem for their ZKPs, they don't need to care at all about what hardware and software I'm using.
Without the population on your side, it's some insignificant minority's words vs. corporation's power determining where the lines get drawn by regulators. The people can put a leash on politicians who cave too hard to corporations by voting them out of office, but if they don't even understand the issue and have been conditioned to accept age verification, that will never happen.
> One of the large issues though is that the reference implementation relies on Google Play Integrity for device attestation (+ the iOS counterpart)
I am confused as to why you suggest my view is US-centric, and then go on to acknowledge that the EU is currently in the midst of rolling out regulation that de facto enshrines the Google+Apple duopoly in law. The EU bureacracy seems to be just as captured by corporate interests as the US. At times, they put up a token protest against Apple/Google, but generally only insofar as to promote competing European corporate interests where applicable. The EU would certainly prefer to serve European corporations over American ones, but the European people don't seem to factor into the equation at any point.
It isn't, it's not enshrined in law, de facto does a lot of work here. IANAL, but I'm pretty sure such a requirement will not hold up in court either. Besides that, the developers of the reference app have stated that national apps do not have to require strong integrity from Google Play Integrity. It seems like they took the standard platform path either because they did not have time the time or knowledge to do anything else.
At any rate, I'm optimistic that it won't require passing strong integrity in my country. Age verification will be added to our national ID app (DigiD), which does not require passing strong integrity, even if it is used for more security-critical applications than age attestation.
Conspiratorial gibberish
If you could link a piece of legislation that has little support among voters, but was passed due to corporate money, I would be interested.
Politicians lie to voters to get them to accept things they would otherwise not accept. That was literally central to the entire comment you were replying to. "But the children" and "But national security" are essentially a free pass to enact any legislation a dishonest politician wants with support from a population that cannot stay fully informed on the nuances of the incredibly complex modern world.
> If you could link a piece of legislation that has little support among voters, but was passed due to corporate money, I would be interested.
I feel like I could gesture broadly at everything. As noted, people will support something when lied to, but even without public support it's obvious that this happens. Off the top of my head, Trump's corporate tax cuts in 2017 might be one of the most clearcut examples of something that benefitted corporations over individuals, was lobbied for by corporations, and was high profile enough to have public polling while being so blatantly unjustifiable that said polling demonstrated the public was clearly against it.
The 2017 tax cut law was extremely popular among republican voters, so I think that goes towards what I am saying.