There are actual implementations that do not compromise privacy and anonymity. For example the EU is currently doing large scale field tests in several countries of such a system.

It involves your government issuing you a signed digital copy of your ID documents which gets cryptographically bound to the security hardware in your smart phone (support for other hardware security devices is planned for later).

To verify your age to a site your phone and the site use a protocol based on zero-knowledge proofs to demonstrate to the site that your phone has a bound ID document signed by your government that says your age is above the site's threshold, without disclosing anything else from your ID document to the site.

This demonstration requires the use of a key that was generated in the security hardware when the ID was bound, which shows that the site is talking to your phone and that the security hardware is unlocked, which is sufficient evidence that you have authorized this verification to satisfy the law.

Note that your government is not involved beyond the initial installation of the bound ID document on the phone. They get no information on what sites you later age verify for or when you do any age verifications.

▲

hactually 5 hours ago | parent | next [-]

So govt approved hardware and sofware. No custom ROMs or firmware.

Wow, the EU is really going hard on innovation.

I suppose the nice thing is that the dystopia has already been explored by science fiction quite well.

▲

eli 5 hours ago | parent | prev | next [-]

That could certainly address one of my points, once it actually exists and if it’s implemented properly.

▲

protocolture 5 hours ago | parent | prev [-]

Ok, a field test. Vs Australias actual full scale implementation, and the subsequent implementations by social media companies.

You cant honestly expect people to ignore the actual real world implementation right? Its not disingenuous to discuss whats actually been inflicted upon a full populace in favour of a test?

Not to forget that the UK was making lists of those it was providing digital licenses to. And that the UK has a history of leaking data like a sieve. The government making a list of known digital ID users can be coloured the same way.

Not to mention that not everyone will end up with a supported cryptographic device will they? Are we expecting this to run on linux without TPM 2.0? Lots of recent Linux migrants are there to avoid TPM 2.0 requirement. You keep mentioning hardware security, so I suspect its not going to be as easy as loading a certificate. Or even if extra methods for edge cases will be supported at all.

But its all still hypothetical anyway. We have an actual implementation to dissect. One that the Australian government is actively trying to sell to other countries.

▲

tzs 4 hours ago | parent [-]

What I'd hope people would be doing is that when a country like Australia is working out some system of mandatory age verification is to point to the EU system or something similar and say that if you do go through with this, how about waiting a year until that is released and then require that instead of some system that doesn't preserve privacy and anonymity?

They could point out that the EU system has been in development for years, with numerous expert reviews, all in the open with reference implementations of the protocols and apps for iOS and Android all on Github under open source licenses.

They could also point out it has been tested extensively in a series of field trials involving a large variety of sites and a large number of users, with the last two field trials scheduled to finish this year.

By simply waiting and making that the system they use they get a much more secure and privacy preserving system than what they would get otherwise, with others having already done the hard cryptographic parts and figured out usability issues and developed the apps. That's way better than going with some system that nobody was thinking about until they started working on legislation.

They could also point out that the sites they want to require age verification on will almost certain be supporting the EU system when it comes out. That's because the EU is requiring that member states that implement age verification laws require that sites accept this system. The state can allow or require accepting other system, but this one will be the one that works everywhere.

Countries that wait for the EU system and use it will then have an easier time getting companies to implement age verification in their country since those companies can simply use the same software they will be using in the EU.

As far as having a suitable device goes, in the EU somewhere in the 95-98% range of non-elderly adults have a suitable smart phone. It's higher the younger people are and is going up. Same in the US. In Australia it is around 97% of adults.

The EU is planning on later adding support for stand-alone hardware security devices which should cover those without a smart phone.

As far as government leaking lists of who has a digital ID, that's likely to be a list of most adult phone users. The overall system is not just a privacy and anonymity preserving age verification system. It's a digital wallet for storing a digital version of your physical ID card.

People will likely use it in most places they use their physical ID cards. People tend to love being able to use their phones in place of physical cards (all cards, not just ID cards), and will be getting it even if they never intend to use any sites that require age verification.

A leak that says "tzs has a digital ID on his phone" (if my country were to adopt such a system) would be about as concerning as a leak that says "tzs has his auto insurance card on his phone" or "tzs has a credit card on his phone". (This is also way car companies that let you install a digital key fob on your phone often make that a feature only on higher end trims even though it requires the exact same hardware as the lower trims. Enough people like the idea of not having to carry around the key fob that they will go up a trim level to get it).

If people can't get their government to delay until such a system is available they should be trying to get the law to include a provision that when such a system is available the government will support it and sites will have to accept it. That way they eventually get a privacy preserving option. That's a more likely way to work to get eventual privacy than trying to pass separate legislation later to add it.

	▲	protocolture 2 hours ago \| parent [-]
		Asking them to not do it has roughly the same effect. Pointing out the flaws has roughly the same effect. Not doing it at all, is even better again.