Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
owisd 15 hours ago

If the end goal was user identification then the digital ID + zero knowledge proof age verification methods would be disallowed, which they aren't. https://blog.google/products-and-platforms/platforms/google-...

mindslight 15 hours ago | parent [-]

You got suckered by the marketing. Google's "zero knowledge" approach requires devices locked down with remote attestation, which prohibits end users from running their own code (when interacting with websites that prevent it, which as time goes on under this plan will be everywhere). The only actual difference here is that this is Google's desired approach to destroying anonymity and personal computing.

remcob 14 hours ago | parent [-]

Why is that required? The whole point of zero knowledge proofs is that it can run on untrusted devices.

Aurornis 14 hours ago | parent | next [-]

Because true “zero knowledge” proofs are actually useless for age gating purposes.

Conceptually, if a proof was truly zero knowledge and there were no restrictions on generating it, there would also be nothing stopping someone from launching a website where you clicked a button and were given a free token generated from their ID. If it was truly a zero knowledge proof it would be impossible to revoke the ID that generated it, so there is no disincentive to freely share IDs.

So every real world “zero knowledge” proof eventually restricts something. Some require you to request your tokens from a government entity. Others try to do hardware attention chains so theoretically you can’t generate them outside of the approved means.

But the hacker fantasy of truly zero knowledge proofs is impossible because 1 hour after launch there would be a dozen “Show HN” posts with vibe coded websites that dispense zero knowledge tokens.

moveaxebx 29 minutes ago | parent | next [-]

> But the hacker fantasy of truly zero knowledge proofs is impossible because 1 hour after launch there would be a dozen “Show HN” posts with vibe coded websites that dispense zero knowledge tokens.

If I recall correctly, there exist variant cryptographic protocols that let you impersonate a user who provides such a service: that is, the token confers, or can be used to construct something that confers greater privileges in other contexts.

AnthonyMouse 9 hours ago | parent | prev [-]

It's also unclear what they'd even be useful for to begin with.

You need some kind of proof system if you need a central authority to certify something, but why is that required? The parents know the age of their kids. They don't need the government to certify that to them. And then the parents can get the kids a device that allows them to set age restrictions.

Whether those restrictions are imposed by the device on content it displays (which is the correct way to do it) or by the device telling the service the approximate age of the user (which needlessly leaks information), you don't actually need a central authority to certify anything to begin with because either way it's just a configuration setting in the child's device.

gbear605 14 hours ago | parent | prev [-]

You’d have to ask Google