If there's a simple piece of software that can be installed, it's not meaningfully increasing the barrier. Also, there are negative consequences to introducing "rules that you're expected to break" like this. It makes the law unserious.
And if it's a phone app, it's not going to be on app stores and you already know the person giving you the app is a criminal.
So you're installing an untrustworthy app to risk criminal charges, and the customers of this scheme are kids who mostly don't have a lot of money.
So the schemes inherently add some traceability, which makes the tokens no longer actually anonymous.
This is the back door used to make the tokens double as ID tokens.
1) You give a teenager your full credentials. Teenager is careless, as teenagers often are, and posts something revealing who he is. Cops have option to search teenager's phone, see who you are, and at least revoke the credentials.
2) You install a relay app on your phone, for money. Now you've installed an untrustworthy app from a criminal, who might hack you, or might be arrested and reveal details of your device and where they're sending your money.
Neither scenario happens because the age verification is traceable.
3) Your credentials get stolen, and used in a foreign country to implement a relay scheme.
This one, I admit, my scheme can't do anything about. But this means our teenager has to pay a foreign entity. Teenagers can also pay foreign porn sites directly, if porn is our concern.
On top of that, the age verification systems we've seen so far have their own security holes that teenagers are exploiting without having to pay anything.
My personal view is that the whole thing is ridiculous and we shouldn't bother with any of this. My point is just that we can implement reasonably good age verification without eliminating anonymity on the internet.
Just offer the user some money if he installs some "trusted" app for age verification token sharing.
And then what? You think the police are going to make a case out of getting a token blacklisted or start an investigation into the person who the token came from? Also confiscate their devices as part of the investigation? I guarantee that the token source will be someone in another state or another country or just a stolen ID being used to sell their tokens.
I can’t believe we’re getting to the point where we’re talking about sending the police to deal with cases where a minor is suspected of, what, accessing social media? To confiscate their device and do forensic analysis of the tokens on it?
Do you realize how insane this is getting? How does anyone think this is feasible, let alone a good idea?
It's still my preference to have no verification at all. On the internet, nobody should know you're a dog.
The problem with your hypothetical was that you casually introduced the police as an enforcement mechanism for cases of a minor accessing an over-18 website. The implication is that the physical police are now involved in our access of websites, and you’re saying the tokens involved in us accessing websites will have some evidence that they can use in the investigation of that access.
This is why we keep saying that the anonymous token schemes don’t preserve privacy. It always turns into a slippery slope of adding escape hatches to the anonymity to enforce violations. The very implication that the police are going to be tasked with going out and confiscating devices to investigate suspected age token violations is an indicator of how far the window has shifted on Internet privacy.
Obviously it does. These $1 per-day apps are 24/7 online and so challenges can simply be proxied just the same as tokens.
> ... law enforcement has local access to the minor's hardware ...
This is a large part of what people, in practice, want to prevent using this scheme.
> Once you've been revoked, you have to go through the hassle of setting this all up again, which might be enough incentive to keep it reasonably secure ...
States want to know who to punish when this happens. Which also details how this is defeated: you can't revoke the token, because that makes getting a conviction near-impossible and it exposes the states to counterclaims.
The people who install such forwarding apps don't have money for the court to charge, and they can't take away their identification apps (which these will be, obviously) because that's the cheapest way for states to communicate with them.
Unless you build this into the base layer of the internet (which European networks like minitel did, by the way, with France telecom graciously checking it for free. Free for the state, of course. YOU paid per packet)
> ... to keep it reasonably secure ...
Oh and "reasonably secure" won't cut it. Someone committed suicide after a message was posted, and they're "reasonably secure" who it came from? You see the problem, I hope.
Regarding my scheme:
The only way law enforcement should have access is if they show up and get the phone in their possession, with a warrant. Which could happen any time some teenager posts something without realizing it identifies them.
If the teenager has your full credentials, that's when law enforcement sees who you are, and can take whatever action we deem appropriate. I would think just revocation if you might have been hacked, more severe if it's clear you shared on purpose. Revoking credentials doesn't interfere with the person using the app for other purposes, or with any prosecution, and criminal prosecution doesn't rely on the perp having money; quite the opposite in fact.
If you install a proxying app for the challenge-response, you're installing an untrustworthy app from a criminal to take payment for a criminal scheme, with risk of prosecution if that criminal gets caught.
Nothing in society is perfectly secure. There are all sorts of ways that we allow some crimes and tragedies to happen because we know that preventing them would be even worse. There are good reasons that courts have long protected privacy and anonymous speech, even though we could solve more crimes without those protections.
It’s beyond crazy that we’re actually talking about police showing up at someone’s house because they suspect a social media post came from an under-18.
This is one step away from your local government unmasking their Internet critics and sending police to their house by “suspecting” that they might actually be a minor.
> If the teenager has your full credentials, that's when law enforcement sees who you are, and can take whatever action we deem appropriate. I would think just revocation if you might have been hacked, more severe if it's clear you shared on purpose.
Why would you assume the person giving out the token is in the same jurisdiction? The tokens would almost certainly be coming from another country.
The police aren’t going to be tracking down teens, confiscating their phones, running forensic analyses, and then doing the work of getting tokens revoked through a possibly international process. They barely have enough time to show up and take a report when someone does minor physical proper damage.
All this does is open up the process for targeted abuse when governments or police need an excuse to go after someone posting on social media.
If you can identify physical hardware from a request or post, obviously it's not anonymous. In fact, if you can identify the owner of credentials from the credentials, they're not anonymous. Obviously in an actual anonymous system it is utterly impossible to do this, whoever you are.
So you've just proven your own argument wrong. Anonymous age verification online is impossible. You don't agree?
The way this works is, there's a function with both public and private inputs, and an output. You can send me public inputs, and I can pass those plus my private inputs into the function, and give you the function output, along with a proof that the output is correct given your inputs.
So in this case, the government has a public key, which it uses to sign your credentials, consisting of your birthdate and a unique identifier.
The website sends you a large random number.
The public inputs are the government public key, the random number, today's date, and maybe a revocation list of identifiers.
The private data is my unique identifier and birth date.
The function returns true if my calculated age > 18, the government's signature of my data is valid, my private identifier is not on the public revocation list, and (to avoid replays) that the hash of your random number is not zero.
I send you back the generated proof, which is just a 256-bit number. You can check that the proof is correct without looking anything up. The proof does not give you any way to reconstruct my private data. It is only associated with the random number you gave me, and the public data everyone knows.
To keep the revocation list from growing forever, we could also make credentials expire after some period of time. Add an issue date to the private data, and we can add an expiration check to the function. Client software can automatically get a new credential if the old one is valid, expiration is just to allow us to delete old identifiers from the revocation list.
A hole in the above scheme is that government could try redoing proofs for a given random number, using all the current identifiers. To prevent this, the user passes in another random number as private data, and the function checks that that doesn't hash to zero either. User can change that random number every time, its only function is to change the generated proof to something the government can't replicate.