It's one thing to be concerned about someone stealing my credential, but another to prevent the transfer of these credentials, especially if they are limited use credentials.
The entire point of age verification systems is to prevent minors from accessing certain resources. I think we all know that this is basically impossible; but what these various governments and social media companies want to do is to make it high friction to do so.
The highest friction version of this is that the credential ties to a real world identity somehow; maybe locked behind legal barriers, etc., but if a minor is caught using someone's credential, then the person whose credential they are using can be investigated, and, if necessary, charged with a crime roughly equivalent to providing alcohol to a minor. Without the possibility of real world enforcement, none of these identity solutions can possibly work.
Keep dreaming of a technological solution -- there is none that does not lead to the world that FIRE is warning about, except to accept that we can only make a solution "good enough" and leave it at that, without expanding into full on identity verification. The solution here is likely to just try to provide better abilities for parents to monitor and limit their children's use of the internet. Let individual parents decide on the level of harm that they are willing to accept, and accept that there will be ways to work around this even if parents are vigilant, but just try to reduce it on the margins.
So the schemes always start introducing features to reduce the anonymity of the tokens or make them more trackable in some way:
> The highest friction version of this is that the credential ties to a real world identity somehow; maybe locked behind legal barriers, etc., but if a minor is caught using someone's credential, then the person whose credential they are using can be investigated, and, if necessary, charged with a crime
Which requires that these identity tokens not be anonymous age-verification credentials. They become a traceable identity token tied to your government-issued ID.
Not if you use a challenge-response protocol where the client returns a zero-knowledge proof of age, where the proof incorporates a random string sent by the website.
The traceable stuff is private information that the website never sees. If a minor is caught with it, then law enforcement has local access to the minor's hardware and can probably view the private data.
At that point, the private key can be put on a public revocation list. The zero-knowledge proof can include a proof that you're not on the revocation list. Once you've been revoked, you have to go through the hassle of setting this all up again, which might be enough incentive to keep it reasonably secure.
If there's a simple piece of software that can be installed, it's not meaningfully increasing the barrier. Also, there are negative consequences to introducing "rules that you're expected to break" like this. It makes the law unserious.
And if it's a phone app, it's not going to be on app stores and you already know the person giving you the app is a criminal.
So you're installing an untrustworthy app to risk criminal charges, and the customers of this scheme are kids who mostly don't have a lot of money.
So the schemes inherently add some traceability, which makes the tokens no longer actually anonymous.
This is the back door used to make the tokens double as ID tokens.
1) You give a teenager your full credentials. Teenager is careless, as teenagers often are, and posts something revealing who he is. Cops have option to search teenager's phone, see who you are, and at least revoke the credentials.
2) You install a relay app on your phone, for money. Now you've installed an untrustworthy app from a criminal, who might hack you, or might be arrested and reveal details of your device and where they're sending your money.
Neither scenario happens because the age verification is traceable.
3) Your credentials get stolen, and used in a foreign country to implement a relay scheme.
This one, I admit, my scheme can't do anything about. But this means our teenager has to pay a foreign entity. Teenagers can also pay foreign porn sites directly, if porn is our concern.
On top of that, the age verification systems we've seen so far have their own security holes that teenagers are exploiting without having to pay anything.
My personal view is that the whole thing is ridiculous and we shouldn't bother with any of this. My point is just that we can implement reasonably good age verification without eliminating anonymity on the internet.
Just offer the user some money if he installs some "trusted" app for age verification token sharing.
And then what? You think the police are going to make a case out of getting a token blacklisted or start an investigation into the person who the token came from? Also confiscate their devices as part of the investigation? I guarantee that the token source will be someone in another state or another country or just a stolen ID being used to sell their tokens.
I can’t believe we’re getting to the point where we’re talking about sending the police to deal with cases where a minor is suspected of, what, accessing social media? To confiscate their device and do forensic analysis of the tokens on it?
Do you realize how insane this is getting? How does anyone think this is feasible, let alone a good idea?
It's still my preference to have no verification at all. On the internet, nobody should know you're a dog.
The problem with your hypothetical was that you casually introduced the police as an enforcement mechanism for cases of a minor accessing an over-18 website. The implication is that the physical police are now involved in our access of websites, and you’re saying the tokens involved in us accessing websites will have some evidence that they can use in the investigation of that access.
This is why we keep saying that the anonymous token schemes don’t preserve privacy. It always turns into a slippery slope of adding escape hatches to the anonymity to enforce violations. The very implication that the police are going to be tasked with going out and confiscating devices to investigate suspected age token violations is an indicator of how far the window has shifted on Internet privacy.
Obviously it does. These $1 per-day apps are 24/7 online and so challenges can simply be proxied just the same as tokens.
> ... law enforcement has local access to the minor's hardware ...
This is a large part of what people, in practice, want to prevent using this scheme.
> Once you've been revoked, you have to go through the hassle of setting this all up again, which might be enough incentive to keep it reasonably secure ...
States want to know who to punish when this happens. Which also details how this is defeated: you can't revoke the token, because that makes getting a conviction near-impossible and it exposes the states to counterclaims.
The people who install such forwarding apps don't have money for the court to charge, and they can't take away their identification apps (which these will be, obviously) because that's the cheapest way for states to communicate with them.
Unless you build this into the base layer of the internet (which European networks like minitel did, by the way, with France telecom graciously checking it for free. Free for the state, of course. YOU paid per packet)
> ... to keep it reasonably secure ...
Oh and "reasonably secure" won't cut it. Someone committed suicide after a message was posted, and they're "reasonably secure" who it came from? You see the problem, I hope.
Regarding my scheme:
The only way law enforcement should have access is if they show up and get the phone in their possession, with a warrant. Which could happen any time some teenager posts something without realizing it identifies them.
If the teenager has your full credentials, that's when law enforcement sees who you are, and can take whatever action we deem appropriate. I would think just revocation if you might have been hacked, more severe if it's clear you shared on purpose. Revoking credentials doesn't interfere with the person using the app for other purposes, or with any prosecution, and criminal prosecution doesn't rely on the perp having money; quite the opposite in fact.
If you install a proxying app for the challenge-response, you're installing an untrustworthy app from a criminal to take payment for a criminal scheme, with risk of prosecution if that criminal gets caught.
Nothing in society is perfectly secure. There are all sorts of ways that we allow some crimes and tragedies to happen because we know that preventing them would be even worse. There are good reasons that courts have long protected privacy and anonymous speech, even though we could solve more crimes without those protections.
It’s beyond crazy that we’re actually talking about police showing up at someone’s house because they suspect a social media post came from an under-18.
This is one step away from your local government unmasking their Internet critics and sending police to their house by “suspecting” that they might actually be a minor.
> If the teenager has your full credentials, that's when law enforcement sees who you are, and can take whatever action we deem appropriate. I would think just revocation if you might have been hacked, more severe if it's clear you shared on purpose.
Why would you assume the person giving out the token is in the same jurisdiction? The tokens would almost certainly be coming from another country.
The police aren’t going to be tracking down teens, confiscating their phones, running forensic analyses, and then doing the work of getting tokens revoked through a possibly international process. They barely have enough time to show up and take a report when someone does minor physical proper damage.
All this does is open up the process for targeted abuse when governments or police need an excuse to go after someone posting on social media.
If you can identify physical hardware from a request or post, obviously it's not anonymous. In fact, if you can identify the owner of credentials from the credentials, they're not anonymous. Obviously in an actual anonymous system it is utterly impossible to do this, whoever you are.
So you've just proven your own argument wrong. Anonymous age verification online is impossible. You don't agree?
The way this works is, there's a function with both public and private inputs, and an output. You can send me public inputs, and I can pass those plus my private inputs into the function, and give you the function output, along with a proof that the output is correct given your inputs.
So in this case, the government has a public key, which it uses to sign your credentials, consisting of your birthdate and a unique identifier.
The website sends you a large random number.
The public inputs are the government public key, the random number, today's date, and maybe a revocation list of identifiers.
The private data is my unique identifier and birth date.
The function returns true if my calculated age > 18, the government's signature of my data is valid, my private identifier is not on the public revocation list, and (to avoid replays) that the hash of your random number is not zero.
I send you back the generated proof, which is just a 256-bit number. You can check that the proof is correct without looking anything up. The proof does not give you any way to reconstruct my private data. It is only associated with the random number you gave me, and the public data everyone knows.
To keep the revocation list from growing forever, we could also make credentials expire after some period of time. Add an issue date to the private data, and we can add an expiration check to the function. Client software can automatically get a new credential if the old one is valid, expiration is just to allow us to delete old identifiers from the revocation list.
A hole in the above scheme is that government could try redoing proofs for a given random number, using all the current identifiers. To prevent this, the user passes in another random number as private data, and the function checks that that doesn't hash to zero either. User can change that random number every time, its only function is to change the generated proof to something the government can't replicate.
With integrity protection, tokens can only be minted with a government app, driven by both biometrics and physical human hands touching the physical screen. There's no way to do it in the background. Without it, you can indeed have a single activist mint 10 billion tokens and give them out for free, defeating the entire scheme.
There's a CAP-style triangle here. You can have age assurance and anonymity but lose the ability to run your own software, have age assurance and device control but lose anonymity (via traditional ID checks, which don't require IP in theory), or have anonymity and device control but lose age assurance.
As it stands today, doing business on ebay/craigslist/etc isn't that much different than doing it in a back alley in the bad part of town. Generally a bad idea but YMMV if you keep your wits about you. Of course it's your right to do business that way, but no one in their right mind thinks it's acceptable to do global commerce that way.
Commerce relies on legally enforceable contracts (both paper and EULAs), which ultimately rely on identity to be enforced. It's a bug, not a feature, that someone on the internet can steal my identity to purchase a product in my name and have it shipped wherever they want. It's a feature, not a bug, that my bank asks me for photo ID before I empty my account in person.
I'm not allowed to access banking computers, except occasionally and from within in a sandbox with proper credentials (ATM card for example). If, in the future my bank needs to do their compute inside my house on my phone, then it seems fair that there should be walls that keep me outside of their trusted compute.
That said, I am 100% behind keeping open purpose general computing free and available. Rooted devices, self built PCs etc all of it. I love it, saying this as a person who grew up building their own PCs and programming from a young age. I think that we all should be able to access the non-commercial side of the internet in any way we want, a true public square, warts, gutters and all. Hobbyists can do whatever they like as long as it doesn't touch commercial systems.
As I see it, the problem for most of us is that the social/fun side of the internet has largely been captured by commercial interests. Anything with a EULA should be considered a commercial site, since you're legally bound by a contract using it. As it stands today all the fun things on the internet would require enforced identity.
Maybe having a separate walled off "commercial internet with identity enforcement" will finally open the public's eyes as to the ramifications of the digital world we've built. And also allow us to individually take a stand and push back against the commercial interests through our daily choices of what sites we visit. Basically voting with your ID chip instead of your pocketbook. You can still do business in the gutter if you want to, but for the normies it will be easier for them to spot when they're in a back alley. And it gives parents options for keeping kids off of the anonymous side as as well.
I do think a Reddit with identity would be a much less toxic place. As long as the brave adventurers among us can still access the digital gutters like 4chan and other message boards.
Do you remember the days of "Real name" requirements on YouTube and "Google+"? The experiment was tried, it didn't change things. (Also, see Facebook for an ongoing version of the same experiment).
This is certainly something that can be solved technically if we want.
All of these solutions seem very complicated, for little benefit. So a anonymous age verification scheme, fine with me. But making it more complicatdd, because dark entities could capture and resell tokens .. seems a step in the direction of madness.
But these days I see a lot more talk about the developmental effects of parasocial media on kids. There’s a whole segment of buy-in there that didn’t exist before.
Example: schools banned phones, so kids switched to talking over Google docs:
https://www.theatlantic.com/technology/archive/2019/03/hotte...
If we give parents better tools to limit and monitor internet access, kids will just buy a used phone which is unregulated. If their parents even bother to use the tools in the first place (it is my impression most parents do not). There is also a lot of loopholes parents do not even think of (like a web browser on a game console).
They don't work even then.
Suppose you completely eliminate privacy on the internet and require every domestic site to collect the name and social security number of everyone who visits. Then a child uses an adult's ID, regardless of whether it's with or without their knowledge. Is the child going to inform on themselves? No. Is the adult, when they don't even know about it? No. Is the adult, when they provided it on purpose? No.
That constitutes the entire set of people who would typically know that the person using the device isn't the person on the ID.
On top of that, we can punch an even bigger hole in it. Search engines, among other things, index other sites. Google is obviously the biggest but there are many others -- Bing, Marginalia, Brave, Swisscows, Yandex, Perplexity, Baidu, etc. They're run by adults and most of their users are adults, who reasonably expect to be able to turn off "safe search" if they want to. So some adult at each search engine would have to provide their ID to the crawler so it can index things inappropriate for children and show them to adult users. It would therefore be a fairly unremarkable and recurring thing to see the same ID make a zillion gigatons of requests.
But then you can't use "why is this person downloading 100 things from 100 computers at once" as an indication of anything nefarious happening, and anyone can still set up a service hosted on a foreign server that will serve adult content to anyone without an ID by serving it out of a cache. (And in the case where you're invading everyone's privacy, that service would also be very popular with adults.)
In the context of social media, if they want to actively participate they have to given that it's the entire point. It's true that even with a government ID scheme people could borrow someone's ID to get passive access with their consent. But a kid couldn't share an account with a parent without that parent knowing because you see their activity, and they also couldn't post.
Put the burden of responsibility on the sites themselves and the number of people that will be able to successfully bypass such restrictions is going to be negligible and largely depend upon ongoing inorganic behavior or being an outlier in terms of behavior/interests.
This sounds a lot like what governance is supposed to be, but there is a critical difference. It's one thing for our society to agree generally on categories that are inappropriate for children, to encode those into law, and to enforce those laws. The difference is, enforce to whom?
Children are victims, not perpetrators. Age verification restates a child's role as perpetrator. This is the premise that I find unacceptable.
Unfortunately, the said-government doesn't seem to worry about the fact that their own systems have been breached over the years
Then why are they forbidding VPNs?
This is clearly NOT a use case that is solely referring to minors.
The whole cake is a lie and so is your assumption that age sniffing is "to protect children".
> Keep dreaming of a technological solution
We don't "dream" - we know what is possible and what is not.
Mass surveillance of everyone is simply not an option.
> Let individual parents decide on the level of harm that they are willing to accep
Nobody has an issue IF it were about individual parents, but it clearly is not. Governments try to criminalize and restrict everyone - and that is the true agenda.
The problem is, this is wrong. What these governments want to do is get a grip on online behavior, through actions against individuals, who can't/won't defend themselves, rather than through actions against gigantic corporations that may choose litigation and take years to change their behavior, if they do at all.
Governments want to declare something illegal, say downloading a movie, putting racist comments online, ... then catch everyone who engages in that behavior online through mandatory identification, and actually have an effect.
To do this, breaking privacy is, of course, a core requirement. This can be introduced into these systems afterwards ("judge X wants to know who authenticated with token <token>, please provide the information"). Without this, government rules will remain totally ineffective online like they have been in the last 40 years.
I personally much prefer government rules remaining totally ineffective online.
I feel strongly that this conspiratorial mind-reading approach to this sort of issue is just counterproductive.
What all the governments (and non-governments, frankly, there are many supporters of these things) are asking for is excluding minors from certain websites and services.
The problem is that this translates to age verification, which translates to identify verification, which incidentally gives states and other actors a variety of other tools they can use for anti-civil-liberties purposes.
In the end their motives are just irrelevant unless there is a clear way to exclude minors from certain services without going down the chain towards identity verification. Such a way does not exist, so we have to fight it here, at the point where the basic ask emerges.
Buying alcohol for a minor implies knowledge and intent.
Getting the tokens out of a phone doesn't require the user to do any of that, the user just has to be frugal and keep the phone longer than it's supported by the manufacturer, until some local exploit is found again, and that token will be extracted and available online for everyone to use.
Parents buy those phones, phones could easily have a "user is a minor" setting (and a flag sent to all the sites that want one) with a password for parents to unlock stuff if needed. This would be set during the phones first set up, and it's done. But nope, the plan is for everyone to install a form if a digital ID on their phones, and once it's there, requiring full-name identification when registering is just one step away.
In most countries it's perfectly legal to provide alcohol to your kids.
Yes, parents are responsible to set this up. But parents are also responsible to lock their alcohol, drugs or guns, condoms, etc., and many other things.
Perhaps parental controls are not good enough? That's where the regulation could genuinely help - require child-certified devices to implement minimum set of parental controls, and make them easy to use.
Yes, government want to end anonymity and that's clear to some. But governments enjoy on a pretty broad support for this and many people supporting this believe it's a real problem. Suggesting to leave it unsolved or solve it in a way they can't trust or understand is only going to alienate them, making the government job easier.
I think suggesting a simple, cheap and effective solution to this problem that has no impact on privacy is a way better way to counter that. I think local parental controls fits the bill.
A lot of people also may or may not be smart but have limited knowledge of this area and limited time/effort to expend thinking about it.
I don't think you should rail against those things because they will always be true for every topic.
Instead, people who have understood the deeper implications of this, for instance the typical HN reader, need to connect with the average person, engage with rather than dismiss their child protection fears, while explaining the downsides.
Taking a high handed dismissive attitude will not help to shift public opinion.
I thought that stating this, I believe, fact as a contributing factor in the creeping authoritarian climate would be understood without having to attach a handful of caveats and papers?
(you're contradicting yourself)
It’s not 1980 any more.
If you deny for example Murdoch-owned media impact on the society, or the extent of the damage for example BBC did in the UK to the human rights or the discourse, I'd suggest reading more :)
[1] one TV programme I remember (I don't watch it): "Good Morning Britain is the UK's most talked about breakfast television show with a weekly audience reach of 4 million people." that's 10% of the age group 16-64 here, not too shabby-- and that's ONE tv.
No they do not. They do an enormous amount of PR trying to convince people that they have it, though.
In the real world when there is a ton of support behind a position, you see representatives of it all over the place and they are pushing the agenda and the coverage. In the world of online age verification, you just see a bunch of lame duck politicians using procedure to sneak policy changes in and keep objections from being heard, and a few government contractor-surrogates writing op-eds (that they haven't read.)
When puritans go on the march, they're actually pretty loud. Most of the anti-social media people are hippy-dippy upper-middle class liberals who curse "screens," completely believed Cambridge Analytica's PR and think that Trump rules through mind control - who will be bothered by the end of anonymity; and the remainder are angry online right-wingers who think that they were censored by and as a result of social media. They're not marching together, they're not marching to have people identified when they're using the internet, neither of them are even prioritizing social media right now and they aren't putting pressure on anyone.
The fact that it's so unpopular is why there are lame ducks doing it. They're just assuring their fortunes on the way out, and the person on the way in will pretend like they had nothing to do with it even though it will be will be passed and implemented on their watch.
Ok who is paying for that PR though? its not free.
its not like all the UK kids charities are for it.
> Most of the anti-social media people are hippy-dippy upper-middle class
My kids school is very much not in the posh area of london (although they are trying to make it posh) they hate what social media feeds their kids _indirectly_ As in clips and trends sent to their kids via chat or DMs.
It appears that what they want for their kids is basically a walled garden where the advert-content can't bombard their kids, along with the racist/violent stuff.
I'm really sorry, but that's giving politicians far to much credit for being able to plan ahead.
Look at both the UK and the USA. The UK's just yeeted its PM because he had the personality of a block of cheese. The USA is currently inches away from shooting people if they mention the word green and water in DC. None of that screams "I am a master at planning ahead and manipulating public opinion in to doing x"
The politicians have no idea about how this all works, they see that "social media" is causing harm (its not the only source, we might get to that) The public, especially in the UK really do not like americanised media being forced in their faces and want "something to be done"
Again for the UK specifically the OSA specifically didn't layout a government mechanism for age verification. they left it to the end company to avoid the suggestion of tracking. Despite it being ripe for uberfraud and blackmail.
it would be much more private if ofcom had published an opensource gateway to anonymously authenticate against. (assuming the thing was built properly and verified)
But to the point you are hinting at
Google, meta, apple and $OS makers already track you. This is not an issue of privacy persay, its about who can track you and why. I'd much rather a list of times I access a site that required age verification being stored by the government, than every single fucking page I looked at tracked by google/meta.
The latter is already here.
It is about what abuses can happen from that info. Google could sell your data. The government can imprison you. You don't think Trump wouldn't try to collect info on his opponents and weaponize the DOJ against them?
He already is, and if he really wants, can compel google et al to pony up the data. But thats an argument against big tech, rather than age gating.
In 1953, Eisenhower signed a pact with the Zeta Reticulans (grey aliens) at Holloman Air Force Base. This pact set in motion a century-long program of preparing humanity for the alien disclosure. Communication must be controlled at a global scale, to avoid mass panic and the collapse of society when the disclosure is announced.
And no, porn isn't more extreme these days either. I remember seeing bukkake, golden showers etc on borrowed tapes and hacked pay TV. BDSM existed back then too. And I had some pics of a girls face surrounded by male members and their output. Never once did I think this would be a normal thing to do with my girlfriend once I got one.
And these things are still gonna happen. Teens are going to go through their dad's phone when he's sleeping, find his stack of Blu-ray's or vids on this computer. Even with all this age verification stuff. I don't understand why we suddenly think that's the end of civilization.
Because they've been told to think it by the combined forces of Meta and the Heritage Project. They spelled it all out in Project 2025, a check list which has been followed nearly to the letter. They're also rampaging through libraries and trying to keep books of the shelves.
Conservatives don't like porn, because controlling sexuality is part of the cult playbook to control people. (Addendum: they don't like other people having it. They're hypocrites, of course.) They also want to, while instituting a backdoor ban on porn, define everything else they don't like as pornography. Project 2025 repeatedly uses the term "pornographic" as a synonym for for LGBT issues and other things.
The goal, after de-anonymizing the Internet, is specifically to control access to information and entrench their fascist Overton window shift.
They're really sore that many Millennials and Gen Z had the internet as an escape hatch from local, abusive churchy bubbles and want that locked down going forward.
And yes that usage of the law by linking LGBT content to porn is something I've seen in Europe like in Hungary too. But even in the Netherlands, one of my friends is always foaming at the mouth about schools mentioning lgbt in sex ed class. When it's the most important time to prevent people needlessly struggling with their orientation.
Luckily where I live this isn't a thing and it's still very pro lgbt. The city always makes a huge deal about pride month with posters and events everywhere.
I do worry about the control over the internet too. And I've seen it coming for a while. When I was younger there was this WAN movement where people connected their WiFi networks together with parabolic dishes and the government was always trying to prevent and discredit that saying it was used for illegal file sharing (which it was but so is/was the internet).
I'm not so worried for myself because I'm so technical, whatever restrictions they come up with I can work around them. But most people aren't that lucky.
Were they delivered to you in truckload volumes every day, including tapes recording executions, child molestation, foreign political propaganda, domestic political propaganda and misleading advertisements?
Every day, any day, unlimited quantities? Including giving your phone number to any strangers anywhere in the world so they can talk to you without limits, supervision or even parental knowledge?
No?
Then let's perhaps stop pretending that millenial internet free childhood is a thing that exists and let's talk about actual modern issues.
This is really a matter of parents not giving their kids devices to access the internet until they are ready for what is there.
And I've never seen executions or child molestations in my life. It's not like this is so easy to come across.
Also I'm not a millennial.
Having seen some parents I kind of believe it but not to the point of wanting to implement ID tracking on everything.
That said while Apple does a good job at parental controls, Microsoft is altered. Trying to have controls on Minecraft across a windows laptop and a switch involved a multi hour odyssey, creating tons of accounts for parent and child.
The local school district has been issuing iPads to kids for about a decade, and they still haven't figured out how to block exactly what they want blocked. The system they give parents for monitoring the iPads is a joke (Apparently my kid spent 75% of his iPad time the last week of school on sites categorized as "web").
I am a member of FIRE, I am extremely opposed to the mandatory ID laws, but the state of parental controls is phenomenally bad and saying you have to be "on the margin of society" to not be able to set it up is so far from my experience that I couldn't help but to respond to this comment.
I'm not sure what the solution is; a lot of people have suggested requiring sites to send categories (e.g. if every social media site was self-tagged, then blocking social media could be just a single check box in parental controls), but that probably isn't constitutional in the US (Compelled speech is usually banned under 1A grounds), and is subject to too much interpretation (seems unlikely that all 50 states would agree on a definition of "social media" much less "pornography").
Having devices send the age out to sites seems strictly better than ID checks to me, but is still a "one size fits all" approach to parental controls, I worry that if that became the norm the already mediocre controls that exist would atrophy, and it certainly would make it easier for malicious actors to setup a website to target minors.
Notes:
0 - For an example of using 2 pronouns in one sentence: "I am he".
https://www.biblegateway.com/passage/?search=John%2018%3A6-8...
As you are he
As you are me
And we are all together
Ok, but parents buy internet access and then let their kids use it, because the kids need it for school. So? The parents job is to keep their kids out of trouble. Learning how to keep track of what their kids access shouldn't be difficult, and maybe should be part of the obligation parents have, kind of like their obligated to teach their kids to drive before giving them the keys to a car. Its analogious to saying "kids shouldn't walk home from school or be let out of the house at all because they might wander into a nude beach or join a drug smuggling satanic cult". Most of us don't hold that view because we trust that kids can be taught to be vaguely responsible.
What's more: tools to shield the kids have been around for longer than most of the parents have been alive at this point. The problem is pretty much solved in multiple ways, and wouldn't even be a problem if parents only followed their basic responsiblities. Also it isn't a problem in the first place, I haven't seen any clear, undisputed evidence that shows that kids are degenerating into fiends because of looking at adult stuff on the internet.
Unfortunately it is, but we could fix that with only minimally invasive legislation. Right now you either whitelist which breaks half the internet on a recurring basis (things are constantly changing) or you blacklist which is swiss cheese. Either way you're relying on third parties.
I think it would be much better to legally mandate a certain minimum level of self classification for website operators along with a simple and extensible scheme for communicating such. It might also be useful to mandate that devices ship from the OEM with parental control software supporting that standard but honestly I doubt that's necessary - if their were a standardized and above all reliable signal available I think browsers and operating systems would rapidly adopt support for it.
I imagine it could be not trivial to enforce (esp. for offshore web) - but definitely easier than enforcing the same sites to implement much more complicated identity verification (while preferably also not leaking this data).
But that might not even be necessary. A small on-device AI can probably do a decent job classifying pretty much everything we don't want children to see - with and option for parents to override it when needed.
It's quite trivial, actually - the parental control software is designed so that if there are no content tags, then the site does not display. The mandate for websites to tag their content would only need to apply to websites over a certain size, to bootstrap the network effects.
Given that we're at the point where big tech is pushing its regulatory capture legislation aimed at demanding mandatory identification ("age verification" fundamentally boils down to identity verification), I don't think it would be unreasonable for a legislative mandate for every site over a certain size to have to publish tags, and every mobile device manufacturer over a certain marketshare to have to include a parental control solution in the device setup.
Although I'm also left wondering what the state of the art really does look like here, and whether a mandate for tags is even what is needed. The real problems would seem to be twofold - parental controls software isn't included with most devices, and most parents won't go out of their way to seek out a third party option. And second, very few websites aim to serve people under 18, 13, etc to begin with. Rather they like the fiction that their services are "18+" regardless of who is using them. (Mandating tags would serve that last one, but perhaps there is a more direct approach?)
Not quite. I'm suggesting that adoption could be forced if the major browsers refused to load sites that didn't include the tags regardless of whether or not parental controls were enabled. The end result would be that either your site included the tags or else it would not load without some sort of manual user intervention on every visit on windows, ios, etc.
> leaving the open web unaffected
But the entire point here is that there would be a legal mandate for all sites to carry such tags. The goal is to fix the problem that parental controls are spotty and unreliable at best.
> The real problems would seem to be twofold
It's as I previously explained. None of the current options are particularly good even if you are a parent that cares and is willing to invest time and effort.
> they like the fiction that their services are "18+" regardless of who is using them.
That's due to not wanting the liability of a mishmash of laws from different jurisdictions. Nearly all of them treat an 18 year old as an adult so problem solved.
That's entirely separate from these tags BTW. The idea isn't for the site to communicate some arbitrary age appropriateness signal that they as a third party to the family couldn't possibly know. Rather it's to communicate classes of content such as porn, gambling, violence, social media, user generated content, games, that sort of thing.
My point is that you don't even need to mandate it for all sites, and attempting to do is kind of specious based on the existence of foreign sites. Rather you can focus on mandating it for the large consumer-oriented sites, and this will create enough of a critical mass that a web browser with parental controls enabled will have decent functionality.
The difficulty with forcing some uniform mandate onto "all sites" is that the mandate has to be for tags that are faithfully stated, rather than a blanket 18+. And small personal website operators shouldn't be in the position of being forced to determine whether the random stuff on their personal website is specifically suitable for 13+, 18+, etc.
That's the goal of defining the semantics in terms of an open system rather than a closed system - it fails gracefully.
> None of the current options are particularly good even if you are a parent that cares and is willing to invest time and effort.
Pragmatically this is disappointing to hear, but matches everything I've been able to surmise.
> The idea isn't for the site to communicate some arbitrary age appropriateness signal that they as a third party to the family couldn't possibly know. Rather it's to communicate classes of content such as porn, gambling, violence, social media, user generated content, games, that sort of thing.
I think it should be both. There should be a class of tags that assert a site is legally fine for a 13 year old to view in the US, an 8 year old to view in the US, etc, possibly multiplied with jurisdiction. (note the direction there - it's not a statement that there is content unsuitable for a 13 year old, rather it's a warranty that the contents are suitable for a 13 year old). There should also be tags of the content/aim of the site like you've listed.
The settings in the parental control software can then make a good first pass based on age, then content categories, then parents could even allow/disallow specific sites. The point is to provide good defaults, but ultimately keep control of parents rather than giving it away to corporate attorneys as any age verification (ie identity verification) based solution inherently does.
I challenge that anyone believes this, and for my evidence, I would submit all the age based laws that protect children regardless of what parents do.
We have already, long ago, decided that it is the government's job to protect children, at least in cases where parents fail to do an adequate job. That's why I don't see this ending any other way. The march to total domination by the side of the government might be slow, but they already won the war around a century ago (exact timeline for laws protecting children in place of parents is a very long topic and does differ country to country, I recall hearing some places still even let kids buy alcohol if they say it is for their parents to consume).
For most of human history there were few, if any, laws governing how children were raised yet civilization didn't collapse because of that, and, indeed, there were no discernable effects. In many places parental-infanticide was even legal. Yet always parents did their best to keep their children safe in general, because that's what parents naturally do. Somehow its different now to you I guess but I fail to see why. Obviously some parents will do a poor job, that's true about every human thing. If people can't drive we take away their license. If people can't parent, however, we apperently have to bend everything in society to cater to their failure and create a massive surveillance state.
For those parents life is easier if nobody is allowed on these things.
Get over it, and stop caring how other people parent their kids. Or, better yet, learn from them.
No they're not - all those things are illegal for children nearly everywhere.
I've also always been curious how a truely anonymous identity verification could possibly work. At best for age verification, I could be given some kind of token that would still have to verify my age and be verifiable with a central authority to ensure my token is valid. The central authority could always keeper records of my token, revoke it whenever they please, and every entity that can verify the age associated with, or embedded into, the token knows at least some of my PII.
You go to a store. You show the clerk your id and give him a quarter. The clerk pulls a scratch-off ticket from the front of a ticket tape. The ticket contains a token identifier.
It's anonymous. The clerk or his POS system knows your name and age, but doesn't know your number. The vendor providing the tape doesn't know your number or your name. The system accepting the token knows your number, but doesn't know your name. The token is only valid for a day after use, so loss and transfer isn't much of an issue.
It's the exact same process by which you buy lottery tickets in a world where they don't need to verify your identity when you redeem them. The lottery has no idea who bought a particular ticket, only that a ticket was bought. The clerk knows you bought a ticket, but doesn't know which ticket.
Obviously, Eavesdropping Eve looking over your shoulder knows both your name and your ticket number, but that's not a practical attack.
Where does this 3rd party identity token provider come from?
For government-issued identity tokens, there are not separate parties. It's just the government, and they can choose to link whatever they want in their internal system if they decide it's in the interests of national security.
You're also forgetting that lottery tickets are tracked. This is how they can announce which store sold the winning ticket before anyone steps forward with it. It would be trivial to match a buyer to the ticket if they wanted to inspect the records. In the case of a government identity token service, there isn't even a separation of parties providing the records. They do it all and can have all the data.
Some oracle whose job it is to print tokens and hand out rolls to the stores (and to the websystems). They would know which store got which roll, and which website authenticated it, but not who each ticket from that roll went to.
With a big enough roll, this is essentially anonymous.
Yes, lotteries know which store got the winning ticket, but they have no idea which of the patrons in the store got it. Not unless they ask Eve to get her telescopic lens and notepad out.
You're saying the real solution is that we bring in a private, 3rd-party company to start checking our IDs to access websites now?
I am not actually advocating for it. I'm just saying how it's possible to solve it given those constraints.
I’ve sold lottery tickets, and you have to be legal age to both buy and redeem them, so I’m not sure that this analogy or hypothetical solution is comparable to lottery tickets, nor is it likely to be the panacea you think it is.
I don’t think that the nascent online age verification schemes are good for society in general, either, but that’s not really the point you were making in your comment, so I don’t assume that you believe they’re good or bad, but simply advocating for a more privacy-preserving implementation. Which is kind of the whole point of the argument against bad implementations, but those who mandate and implement the systems likely view uniquely identifying people as a boon, whereas you and I probably don’t, which is why I am not hopeful that your ticket system will be used, because it will be higher friction for more people than uploading scans of their IDs and/or their face.
The ticket system, if implemented, would be used by so few people that the folks who do could likely be re-identified by Bluetooth tracking beacons and facial recognition in the same stores which they bought the ID tickets you suggest, and so I think the number of people who would escape tracking by any such means to be so few as to be a rounding error.
Those folks who do pursue this privacy hobby/fetish are statistically likely to ultimately mess up on their opsec eventually on a long enough timeline, so it’s hard to even imagine a scenario in which it matters either way what individual privacy activists do or don’t do from the point of view of the panopticon designers or implementers. Those not identified to a desired confidence interval by the mass surveillance system will just be retargeted for more sophisticated surveillance measures.
Despite how we rage, we’re still just rats in a cage.
More and more, the privacy debate feels like a quixotic struggle against giants, when everyone already knows that those giants are actually windmills; the majority of society now lives on reclaimed lands which rely on those windmills’ continued existence, and so no one cares about privacy in the way that you or I might care, because they are incapable of perceiving windmills as giants, nor do they have the intellectual or philosophical or political beliefs which would allow them to even entertain such perceptions even for the purposes of discussion. The privacy debate is beyond their ken.
What prevents a commercial "AI" security camera analysis firm from doing a decent job of linking footage of a store's customers to a likely subset of tokens, based on the knowledge of which tokens are sent to which store and how many tokens have been pulled off of the roll so far? Remember that you can design the token roll packaging so the easiest thing for a clerk to do is to pull off the rolls in the order in which they were shipped. Or -hell- you can design the token dispenser so that it phones home to the oracle that sent the roll to the store with the range of tokens in the roll when the roll is loaded into the dispenser (for "security purposes").
> It's the exact same process by which you buy lottery tickets in a world where they don't need to verify your identity when you redeem them.
I've seen many people buy lotto tickets. I've never seen anyone asked for ID. Perhaps the merchant is supposed to check for ID, but they don't. Relatedly:
> The clerk pulls a scratch-off ticket from the front of a ticket tape. The ticket contains a token identifier.
What prevents rolls of those tickets from falling off of a truck and either being handed out for free or at a substantial markup, no questions asked? [0]
In the real world, the system you propose absolutely will not function to the standards required by the people agitating for these systems. You can't "protect the children" if "children" can easily get their hands on anonymous access-granting tokens.
[0] The fact that this doesn't happen with lotto tickets often enough to be newsworthy is not a compelling counterexample. Stores make a decent amount of money selling those, and wouldn't want to get cut off from that revenue source by regularly "losing" shipments of tickets. What you propose doesn't make stores any money, so either you have to spend a bunch of money to induce them to carry the tokens [1], or you have to have harsh penalties for "losing" shipments of tokens. If you risk harsh penalties for choosing to sell the tokens, why even bother? Stores put up with the risk of selling booze because it's quite profitable... selling 5c or 0c tokens absolutely is not.
[1] Where does that money come from? From you and me, of course!
Lottery tickets don’t “fall off of trucks” or get “lost in the mail” because they aren’t valid for redemption until they’re activated at the POS terminal of a licensed store, and the lottery company knows which store receives each ticket roll, because they are shipped to known locations with tracking numbers and delivery verification and/or delivered in person by lottery employees. Even the rolls of blank lottery ticket receipt paper have different serial numbers every few inches, and it’s forbidden by policy to swap receipt paper between stores. All of these things are audited both regularly and randomly by state lottery officials.
Oh yeah, true. A few minutes after I posted the comment, it occurred to me that lotto tickets always get scanned at the register, which is the obvious way to track their distribution and make it annoying to use a whole bunch of winning ones that fell off of a truck. Thanks for the first-hand industry info.
If it's effective, all that tracking and auditing can't be cheap. The lotto gets to pay for it with ticket sales... I don't expect folks would tolerate paying for that [0] for this "I'm an adult" token-distribution system.
[0] ...whether that payment is paid by the token purchaser or by the taxpayers, generally...
Now that you mention the auditing etc, a lottery system would probably be an easy way to get people to literally buy into an online ID scheme, not because it would necessarily be privacy-preserving, which would depend on implementation details, but because a not insignificant number of folks seem to like the chance to win money. Considering many states already have lottery systems, the ID code tickets could probably be provided alongside lottery tickets for free or nearly free, and employees already have the training to check/scan IDs. If there was an incentive such as the possibility to get discounts, win prizes, or tie-in purchases of some kind, I think it could work.
Many stores that sell lottery tickets also sell gift cards, so that technology could also be used instead or in addition to ID tokens at the point of sale. There are a lot of sponsorship opportunities available for cross-promotion.
“Please drink a verification can” was probably more prescient than was at first apparent. Mike Judge saw this whole thing coming from a mile away.
> In the real world, the system you propose absolutely will not function to the standards required by the people agitating for these systems. You can't "protect the children" if "children" can easily get their hands on anonymous access-granting tokens.
What stops children from paying someone to buy beer and cigs for them? What's the difference between age-controlled liquor and an age-controlled token falling off the back of a truck?
You can introduce as many soft-verification systems as you want to tweak this. The roll of numbers doesn't become active unless installed in a dispenser that phones home when it is installed, for example. The empty bobbins containing the roll have to be returned to the oracle, and need to register installation in a dispenser. The dispenser can even count each dispensed ticket. The only requirement is that the sale and the process of paying for the sale isn't linked to the ticket. If you maintain that, the system is anonymous. If you break it, it's not.
I preempted this line of questioning. I'll quote the section for you:
What you propose doesn't make stores any money, so either you have to spend a bunch of money to induce them to carry the tokens [1], or you have to have harsh penalties for "losing" shipments of tokens. If you risk harsh penalties for choosing to sell the tokens, why even bother? Stores put up with the risk of selling booze because it's *quite* profitable... selling 5c or 0c tokens absolutely is not.
[1] Where does that money come from? From you and me, of course!
> The only requirement is that the sale and the process of paying for the sale isn't linked to the ticket.
Unless you make it turbo-illegal to link those pieces of information (even weakly), then those two pieces of information will be linked lickety-split. As aspenmaver mentions, lotto tickets are activated at time of sale by phoning home to -I assume- the issuer of the ticket, providing a ready-made mechanism to correlate which tickets are sold to which person. When the people who are crying to protect the under-eighteen from the "evils" of computing notice that under-eighteens are -shock! outrage!- still exposed to that "evil" despite this token-distribution scheme, they will demand any such laws be weakened or eliminated.
[0] ...or fail to strictly follow all of the regs when giving one to a "Token Commission" officer doing an undercover buy, as absolutely happens with alcohol sales...
A simple law against linking those two pieces of information would be sufficient. Sure, someone like the NSA wouldn't give two shits about what's legal, but they also wouldn't have the means to clandestinely get the necessary hardware installed in every one of the million stores that exist in the country.
Eventually this becomes common knowledge and "something must be done". Facebook (the corpo sponsoring these age verification laws to absolve their own liability) and their ilk decide that the token system no longer meaningfully proves age. They switch to demanding full government ID in cleartext, as there is still no comprehensive privacy law that would prevent such a thing.
Every single approach that puts the onus on the company to verify age falls apart this way, possibly including a de facto mandate for remote attestation (ie say good bye to libre operating systems and browsers that aren't MSIE, Safari, or Chrome). The only workable systems are ones in which the onus remains on parents giving their kids networked computing devices to enable parental controls and/or otherwise monitor their kids' usage, with those parental controls based on information flowing strictly from the website to the user agent (eg a content tag that asserts "this page is suitable for kids").
(and I say this as a parent who is staring down having to deal with this problem in a short year or two)
If it's unlinkable, what's preventing someone from setting up a site that hands out anonymous tokens for anyone to use?
Other approaches are possible. I'm particularly keen on ones that treat attestations as anonymous digital currency and use cryptographic penalties like slashing to discourage copying post-hoc instead of relying on EU-style implementation certification.
There's a huge literature on the subject I don't want to reproduce here. The point is that yes, we do have the technology to do attestation without sacrificing privacy, which makes all the calls for non-privacy-preserving attestation awfully curious.
I'm surprised anyone considers this viable.
It would limit access to those sites to a limited set of acceptable devices and operating systems.
I couldn't use my laptop, desktop, or a jailbroken phone.
Or make it so that tokens cannot be tested except by spending/burning them, which would significantly reduce (but not eliminate) a black market because it would be hard for any buyers to trust any sellers.
The best outcome here is going to rest on getting people to agree that "good enough" is the best outcome. We want a system that gets the broad social results (e.g. less brain-rot in the kids) without being so impossibly strict and overbuilt that it leads to an even-worse problem (e.g. authoritarian hellhole tools.)
I'm not talking about minimizing effort or deferring decisions.
What I mean is that there are conflicting and competing goals, where you need to accept that one of them must not be prioritized over all the others, because the overall outcome will be worse.
If so, this stuff is already broken, and imagine it would be pretty simple to apply the same principles here.
I'm probably wrong on this though I'm out of my depth
Yes, that can eventually be worked around, but not really that different than doing the verification today on someone else's device.
So I'm constantly grabbing new tokens from the government every time I go from work WiFi to my cellular internet to the train WiFi and then home?
Sounds like a fantastic point for capturing more tracking data.
> /geolocation.
Which means I have to send my geolocation data to apps to confirm I can use my token?
Don't want that either.
> It would also throttle the number of identifications,
And if I move around too much in one day or change networks too often, I'm unable to log into anything until tomorrow?
No, you don't need to send it there.
Every time you set up an account, would generally be the idea. So relatively infrequently.
"Use this exact tor/vpn server"
>It would also throttle the number of identifications
So I can only wank off 5 times a day, or grant access to porn sites for 5 kids?
The anonymous crypto token scheme does not have any trace-back mechanism like this at all. If there's no way to track those tokens back to you, why not sell them for $1 each on the internet to make some extra money?
And you want to satisfy voters who are worried about children online or have heard scary things about anonymous criminals. You want to be seen to do something about those.
A distant third is that you want the system to be cheap and built up fast and relatively easy so voters don't complain about it.
All together this leads you to something like "any time a site needs to verify your age (based on this broad list of requirements) put in your government ID number / picture". The infrastructure already exists for that, banks need it, social media needs it, and the current president has agitated for it a few times now. If you're really aiming high you set up some digital ID attached to it that's easier for the users.
When you say it like that it sounds less scary than "deanoymization so the government can track down people saying things it doesn't like." Let's not forget the UK has more people in jail for things they said on the internet than Russia and China put together.
Depends on your state and laws and you can look around at how that's going - maybe you'll have brought a first aid kit to the wrong event or helped print some zines and they want to check up on you now.
https://pa.media/blogs/fact-check/fact-check-international-d...
Don’t think that the claim stands up to scrutiny, since its comparing unlike things.
Checkpoint Charlie directly ahead, not that far down the road.
If you venture into No Man's Land you could be shot on sight.
Either they validate so little information that a single homeless person can authenticate the entire country or they validate so much information as to not have a significant privacy guarantee.
There is no in-between for ZKP validating someone's age.
the truth is that the two extremes you listed can be titrated.
if you use nullifiers you can trade some privacy for some security. basically you convert your true identity into a private token which you can use to authenticate aspects of yourself, the price being that the token can be tracked with some effort across services. better than just using your identity at least. if a token/nullifier is abused it can be revoked and then you have to jump through a bunch of hoops to get another.
there are some other trade offs that can be made.
What combination of details can you validate on that is meaningfully privacy-preserving and couldn't result in wide-spread re-use of tokens?
Additionally - what would prevent some kids from getting a homeless man in the city to hand them his ID, get a facial scan, and everything else you can think of to generate a token and then pass that token around?
ZKP are a cryptography-nerd's joy but are are categorically unsuitable for the purpose of age verification. I stand by this without the slightest reservation.
You can do this: when you want to log into a service, the service provider gives you a fresh challenge C, bound to that service/session. You sign the challenge, and then generate a zkp of the fact that:
1. you have the signed challenge C with a certain public key P 2. you have a state-signed credential/certificate that binds P with a person with birth date BD 3. current date - BD > 18 years 4. optionally, you derived a per-service nullifier, e.g. from the card/credential secret, the service origin and a time bucket, so the service can rate-limit abuse without getting a global cross-site identifier
You send the proof to the service provider, that verifies it, and learns nothing about you (except for the fact that you're of age).
An adult can of course give away the card/PIN, but you need to have it physically to sign fresh challenges, so it cannot be passed around as easily as a bearer token. Moreover he loses access to his actual ID, which is required for other services.
tying multiple accounts and services together isn't ideal but its inarguably better than tying your real world identity to every single service.
To clarify - it's not cryptographically necessary to present the same token for each and every transaction and serves to categorically defeat the entire privacy guarantee of ZKP.
It also makes it trivial to associate your ZKP token with your real identity.
> use of a persistent identifier
> tied to a person
contrast this with the situation as it currently is (under ideal assumptions) where a central authority verifies your real identity and issues temporary rate limited tokens which are then saved by each service and can at any time be linked to you whenever the central authority can get the service to disclose the database entry. the nullifier will force the central authority to do an investigation about who the nullifier actually belongs to which may actually fail.
realistically I expect VPNs and Tor to just become more popular in response to such nonsense. I wouldn't be using government issued tokens for anything that isn't trivial to tie to your identity already: such as a personal bank access.
Where to even begin here....
To generate the token, it needs to be based on specific data. How do you prevent people from generating tokens based on fake data and submitting that to the "terminus" that you mention? We already have cases of people bypassing facial scan liveliness checks for banks using AI-generated footage.
What about validating tokens during the token enrollment process based on your government ID? Though that makes sure that poor or undereducated people who don't have such an ID are locked out of large swaths of Internet services.
Though there's also the matter of it being trivial to generate fake IDs using AI.
If you have no gatekeeping for the token enrollment process, anyone can submit an arbitrary number of new tokens.
And if you do have gatekeeping, you're right back to square one of needing to validate against more than just your age.
After all - the cryptography algorithms will be publicly known. If the only thing ZKP is validating against is age, it won't take long to figure out how to generate identifiers based on fabricated information.
> whether or not the terminus can tie a token to a real world identity will depend on how careless the user was and how much collusion there is between the terminus and the services. at the very least it will impose an investigation cost.
No it won't. A user submits a token to a server. The user also logs in with their e-mail address or phone number. Their email and/or phone number is hashed and it, along with the ZKP token and any additional information the website has on you, will be sent to data brokers.
This is the same as any other bit of information out there that data brokers collect on the internet. They just associate your new info with other info you are required to provide in order to use various services.
This will be automated and will cost next to nothing for data brokers to take advantage of.
> contrast this with the situation as it currently is (under ideal assumptions) where a central authority verifies your real identity and issues temporary rate limited tokens which are then saved by each service and can at any time be linked to you whenever the central authority can get the service to disclose the database entry. the nullifier will force the central authority to do an investigation about who the nullifier actually belongs to which may actually fail.
....what? What investigation by central authorities? You are talking of a system that would constantly mediate permissions for billions upon billions upon billions of devices across dozens of services and accounts per device.
You couldn't hire an army of people large enough to handle this and AI is infamously awful at detecting when a given image has been generated with AI.
> realistically I expect VPNs and Tor to just become more popular in response to such nonsense. I wouldn't be using government issued tokens for anything that isn't trivial to tie to your identity already: such as a personal bank access.
Their popularity would only rise in order to VPN into jurisdictions that don't enforce this. Assuming major websites don't just mandate age/identity verification for all new users regardless of jurisdiction just because it's easier and cheaper to apply one system to everyone.
Look - I know you mean well, but it is clear from this discussion you aren't familiar with cryptography, system security guarantees, Internet infrastructure scaling, or what would be needed to introduce new descriptive information about a person on the Internet and not have it become a new privacy risk.
This is an issue that has no tech-only solution. The specifics aren't just something to just figure out at a later date - the specifics are everything. And it's something that is enormously difficult to get right and extremely easy to get very, very wrong.
> Look - I know you mean well, but it is clear from this discussion you aren't familiar with cryptography, system security guarantees, Internet infrastructure scaling, or what would be needed to introduce new descriptive information about a person on the Internet and not have it become a new privacy risk.
you also don't appear to know what a nullifier is, in a ZKP system you submit identifying information and a hash of a secret string. the CA adds the hash to a public database and in the future you prove you one of the members of the database with a nullifier - the anonymity-set is everyone in the database who entered it prior to your submission. this can also be done with a blind signature to the same effect.
there is no further point to this discussion.
You've promoted mutually exclusive concepts with regards to cryptography which is why I said you don't seem to understand it. And again - and again and again and again and again and again - what is the additional information you are authenticating based off of beyond age? Remote attestation provides absolutely zero privacy utility here whatsoever on its own! So you've remotely attested this ZKP key represents a person who is an adult. Creating another key based on that information alone is trivial to spoof - for it not to be trivial, it would require validating additional information!
What is your root of trust? What is the basis by which age is verified in a way that can't readily be spoofed?
> you also don't appear to know what a nullifier is, in a ZKP system you submit identifying information and a hash of a secret string. the CA adds the hash to a public database and in the future you prove you one of the members of the database with a nullifier - the anonymity-set is everyone in the database who entered it prior to your submission. this can also be done with a blind signature to the same effect.
That's nice and all for trivia on ZKP but how does that touch upon the problem being discussed?
The mechanics of ZKP are not relevant to the problem of ZKP being categorically worthless for the problem at hand. I don't say ZKP is worthless out of ignorance - more discussions about it won't change that.
The specifics of ZKP do not change the fact that you are validating either too little information to be useful for preventing fraud or too much to have privacy-preserving value.
> there is no further point to this discussion.
Evidently not.
We can't solve private age verification with blockchain tech. I'm happy you're so passionate about it, but it isn't a silver bullet.
https://ageverification.dev/Technical%20Specification/archit...
Identity verification is busy being rolled out across the entire developed world right now, and I have yet to see or hear about even one single mention of anonymous credentials in the discussion of any of the laws.
Technological solutions for what problem?
I think the main takeaway is that the concept of such verifications is fundamentally incompatible with privacy. Today we have a simple "are you an adult" check but who is to say we wouldn't want further levels of segmentation (legal age to drive, age to allow health insurance etc)?
And this just one signal. Nobody likes the EU cookie/consent prompts but what they've shown us is that most websites are perfectly happy to fingerprint you the moment you step on their pages, and then share/broker your activity with hundreds and thousands of "legitimate interest" partners of theirs.
So the real-world equivalent of this situation is that you walk on the street and whenever you need to wait for a traffic light, board a bus or the tube, go into a shop, etc... you have a security person who needs to faceID(or fingerprint) you and make you wait until they find a match of your profile... and then they ask you to present your ID (which you have to carry at all times) but hey, it's private because you need to enter your PIN for them to read the chip.
Anonymous credentials don’t allow the state to retaliate in the dark of night against protected expression that they don’t like. Anonymous credentials do not allow for that, so they are irrelevant.
I find 'a' amusing as we'll often see in the same conversation that users appeal to parents to take responsibility and lock down their kids' access to things, as if that's trivial for non-tech folk and foolproof. It's also silly because the user interface to such a system doesn't need to show all that complexity.
And 'b' is often supported by some out of context quote that at first glance looks incriminating but doesn't actually mean much.
The saddest thing is that the article you link addresses most of the objections people have brought up in the thread, but few have read it.
Majority of people understand their SIN or SSN number or whatever, they understand they have a drivers license number. This could be built in such a way that it's basically just be another government issued "thing" that they have to know about and be able to produce when requested
Edit: I agree with you 100%, but the fact that governments want to track people online has no bearing on how technically possible it is to build a system where they can't
An anonymous internet auth system (probably) won't get built, but it is possible to build
During COVID, there were protests about "vaccine passports" and masks. My state legislature tried introducing bills that would outlaw such things. In 2024, in several states (including mine), legislators introduced bills that would outlaw mRNA (and every vaccine made from it) [0]. REAL ID took almost 2 decades to get every state to implement it until the feds threatened to close all (commercial) airports in states refusing to implement it.
Notes:
0 - every year one of my legislators introduces a bill to outlaw chemtrails. This year, he added the plot of Termination Shock to his bill.
Bill to make "pureblood" a thing:
https://web.archive.org/web/20250118232059/https://apps.legi...
Bill to outlaw chemtrails & Termination Shock: