| ▲ | 9dev 3 days ago |
| > It also ties a uniform ID to an account, simplifying tracking and surveillance by corporations and governments. That is by no means the only solution. A lot of work is happening in the area of cryptographically verified assertions; for example, a government API could provide the simple assertion "at least 16 years of age" without the social media platform ever seeing your ID, and the government never able to tie you to the service requiring the assertion. |
|
| ▲ | heavyset_go 3 days ago | parent | next [-] |
| Companies and governments see age verification as an opportunity to hoard data for facial recognition and other ML/AI training sets. It will always be cheaper to go with a vendor that forces you to scan your face and ID, because they will either be packaging that data for targeted advertising, selling the data to brokers, or making bank off of using it as population-wide training datasets. Governments will want the data and cost savings, as well. Both corporations and governments will want to use the platforms to tie online activity to real human beings. Arguments like these end up like arguments for PGP in email: yes, in a perfect world we'd be using it, and platforms would make it easy, but the incentives aren't aligned for that perfect world to exist. |
| |
| ▲ | 9dev 2 days ago | parent [-] | | Don't project the contemporary US administration on other countries, please. Not everyone lives in a cynical regime. |
|
|
| ▲ | selcuka 3 days ago | parent | prev | next [-] |
| > a government API could provide the simple assertion Yes, it could, but we don't have that, do we? They launched the ban without implementing a zero-knowledge proof scheme as you described. In a very short amount of time the providers will have associated millions of people's accounts to their biometric information and/or their government issued IDs. |
|
| ▲ | hekkle 3 days ago | parent | prev | next [-] |
| While this is a good thought.... Do you really trust the Government to implement a cryptographically verified assertion correctly, and not track which website is making the request, for which individual at what time, and then cross reference that with newly created accounts? |
| |
| ▲ | 9dev 2 days ago | parent [-] | | I trust the EU for one, yes, because it doesn't really have the capability or agencies to create massive databases on citizens. Aside from that, there's really a lot of research going on around zero knowledge proofs and verified credentials and such; involved researchers have very obviously already thought about most of the knee-jerk concerns voiced in this thread. | | |
| ▲ | exoverito 2 days ago | parent [-] | | Seems foolish to trust them. The EU is fundamentally undemocratic with the unelected Commission proposing laws and decision making hidden within councils. It has been steadily centralizing and concentrating power, creating a dense web of regulations that have been strangling member states' stagnant economies. Right to free speech is notoriously bad in Europe. The EU is trying to increase military power, and ultimately a centralized European army. |
|
|
|
| ▲ | lukan 3 days ago | parent | prev [-] |
| Does that work already? If so, how? If the API asks for a users minimum age at a certain time, how can the government not know which data set it has to check? |
| |
| ▲ | danpat 3 days ago | parent | next [-] | | It can be achieved with a zero-knowledge proof - there are many schemes, but in essence, they all allow you to prove something (e.g. your birthdate, validated by a government agency), without revealing who you are. You can prove to a third party "the government authenticated that I was born on 1970-01-01" without exposing who "I" is. Some worthwhile reading on the topic if you're interested: https://en.wikipedia.org/wiki/Zero-knowledge_proof#Zero-Know... https://en.wikipedia.org/wiki/Blind_signature It should even possible to construct a protocol where you can prove that you're over 18 without revealing your birthdate. Zero-Knowledge Range Proofs: https://eprint.iacr.org/2024/430 "Zero-knowledge range proofs (ZKRPs) allow a prover to convince a verifier that a secret value lies in a given interval." | | |
| ▲ | selcuka 3 days ago | parent | next [-] | | ZKP is better, but still not foolproof. Depending on the implementation, the government may now know that you have an account, or at least attempted to open an account on that service. You will have a hard time denying it in the future if the government asks to see your posts (as the US is currently doing at their borders). | | |
| ▲ | bawolff 3 days ago | parent [-] | | > ZKP is better, but still not private. The government now knows that you have an account, or at least attempted to open an account on that service Umm, no. That is not how a scheme like this would work. | | |
| ▲ | selcuka 3 days ago | parent [-] | | > That is not how a scheme like this would work. When implemented correctly, yes. I've edited my wording slightly to indicate that. I just don't have faith in most countries, including Australia, to implement it with protecting the privacy of their residents in mind. | | |
| ▲ | bawolff 2 days ago | parent [-] | | > When implemented correctly, yes. I disagree. I can't think of an implementation mistake that would allow just the government to see what services you sign up for. You could of course screw it up so everybody could see. If the government put a keylogger on your device then they could see. However broadly speaking this is not something that can be screwed up in such a way that just the government would be able to see. The protocol wouldn't even involve any communication with the government. |
|
|
| |
| ▲ | bawolff 3 days ago | parent | prev [-] | | > It should even possible to construct a protocol where you can prove that you're over 18 without revealing your birthdate. Not just theoretically posdible, people have done it: https://zkpassport.id/ | | |
| ▲ | lukan a day ago | parent [-] | | Sounds interesting, but: "This is experimental software. While it has undergone external review, it has not yet received a formal security audit. Please use with caution and at your own risk in production environments." |
|
| |
| ▲ | SiempreViernes 3 days ago | parent | prev [-] | | The anonymity is that the government doesn't know who is asking for the verification, not that the the government doesn't know whose majority it should attest. |
|
