| ▲ | j2kun 2 hours ago |
| There are at least some technological solutions here, such as anonymous credentials. [1] Modern versions of this technique allow one to associate metadata (like a proof of age exceeding a threshold) in such a way that the verifier can't even correlate repeated requests across users. Governments that are serious about age verification and individual privacy (which, doubtful they truly are) should agree on a protocol and set up certificate issuers that are associated with a digital ID. Then age verification will not be an invasive procedure or risk data leaks or insider threats. [1]: https://blog.cryptographyengineering.com/2026/03/02/anonymou... |
|
| ▲ | andrewla 2 hours ago | parent | next [-] |
| The article talks about the possibilities of malicious cloning of these tokens by third parties, but fails to identify the much more common use case, and one that makes this scheme useless for age verification. It's one thing to be concerned about someone stealing my credential, but another to prevent the transfer of these credentials, especially if they are limited use credentials. The entire point of age verification systems is to prevent minors from accessing certain resources. I think we all know that this is basically impossible; but what these various governments and social media companies want to do is to make it high friction to do so. The highest friction version of this is that the credential ties to a real world identity somehow; maybe locked behind legal barriers, etc., but if a minor is caught using someone's credential, then the person whose credential they are using can be investigated, and, if necessary, charged with a crime roughly equivalent to providing alcohol to a minor. Without the possibility of real world enforcement, none of these identity solutions can possibly work. Keep dreaming of a technological solution -- there is none that does not lead to the world that FIRE is warning about, except to accept that we can only make a solution "good enough" and leave it at that, without expanding into full on identity verification. The solution here is likely to just try to provide better abilities for parents to monitor and limit their children's use of the internet. Let individual parents decide on the level of harm that they are willing to accept, and accept that there will be ways to work around this even if parents are vigilant, but just try to reduce it on the margins. |
| |
| ▲ | Aurornis an hour ago | parent | next [-] | | Yes, this is the part of the issue that is so frequently ignored: Anonymous age verification schemes are easily defeated through proxying because there wouldn't be any consequences for selling your tokens. "Install this app on your phone and we'll pay you $1 per day" and it will mint your anonymous identity tokens and send them off to kids who want to buy them. If there's no way to track the tokens, there is no possibility of negative consequences. So the schemes always start introducing features to reduce the anonymity of the tokens or make them more trackable in some way: > The highest friction version of this is that the credential ties to a real world identity somehow; maybe locked behind legal barriers, etc., but if a minor is caught using someone's credential, then the person whose credential they are using can be investigated, and, if necessary, charged with a crime Which requires that these identity tokens not be anonymous age-verification credentials. They become a traceable identity token tied to your government-issued ID. | | |
| ▲ | DennisP 23 minutes ago | parent [-] | | > They become a traceable identity token Not if you use a challenge-response protocol where the client returns a zero-knowledge proof of age, where the proof incorporates a random string sent by the website. The traceable stuff is private information that the website never sees. If a minor is caught with it, then law enforcement has local access to the minor's hardware and can probably view the private data. At that point, the private key can be put on a public revocation list. The zero-knowledge proof can include a proof that you're not on the revocation list. Once you've been revoked, you have to go through the hassle of setting this all up again, which might be enough incentive to keep it reasonably secure. |
| |
| ▲ | ajsnigrutin 6 minutes ago | parent | prev [-] | | > The highest friction version of this is that the credential ties to a real world identity somehow; maybe locked behind legal barriers, etc., but if a minor is caught using someone's credential, then the person whose credential they are using can be investigated, and, if necessary, charged with a crime roughly equivalent to providing alcohol to a minor. Without the possibility of real world enforcement, none of these identity solutions can possibly work. Buying alcohol for a minor implies knowledge and intent. Getting the tokens out of a phone doesn't require the user to do any of that, the user just has to be frugal and keep the phone longer than it's supported by the manufacturer, until some local exploit is found again, and that token will be extracted and available online for everyone to use. Parents buy those phones, phones could easily have a "user is a minor" setting (and a flag sent to all the sites that want one) with a password for parents to unlock stuff if needed. This would be set during the phones first set up, and it's done. But nope, the plan is for everyone to install a form if a digital ID on their phones, and once it's there, requiring full-name identification when registering is just one step away. |
|
|
| ▲ | johnc1 an hour ago | parent | prev | next [-] |
| There is a much easier solution that already exists - parental controls on children's devices. I honestly don't understand why is it not solving the problem? Yes, parents are responsible to set this up. But parents are also responsible to lock their alcohol, drugs or guns, condoms, etc., and many other things. Perhaps parental controls are not good enough? That's where the regulation could genuinely help - require child-certified devices to implement minimum set of parental controls, and make them easy to use. |
| |
| ▲ | kaashif an hour ago | parent | next [-] | | That's not the problem governments are solving. They're solving the problem of convincing the public it's a good idea to end the anonymity of internet use. | | |
| ▲ | johnc1 an hour ago | parent | next [-] | | I know! What puzzles me is responses every such article gets even on HN - let's build some cool tech that 95% of the general population and 100% of politicians won't even understand not to mention agree to. Yes, government want to end anonymity and that's clear to some. But governments enjoy on a pretty broad support for this and many people supporting this believe it's a real problem. Suggesting to leave it unsolved or solve it in a way they can't trust or understand is only going to alienate them, making the government job easier. I think suggesting a simple, cheap and effective solution to this problem that has no impact on privacy is a way better way to counter that. I think local parental controls fits the bill. | | |
| ▲ | subscribed 15 minutes ago | parent [-] | | People on average aren't very smart and will happily support programs objectively harmful to them and everyone else because the government and a nice lady from the breakfast TV says it's necessary to think of someone's else's children watching porn (this soundbite is gross. I don't understand how it's okay for the serious people to repeat it). |
| |
| ▲ | BoobertScoobert 29 minutes ago | parent | prev | next [-] | | That's why they are still appealing to sentiment rather than established research (which actively refutes the arguments they are making). | |
| ▲ | refurb an hour ago | parent | prev [-] | | Precisely. The people in power would love nothing more than to stop “disinformation” (facts that cause social unrest). |
| |
| ▲ | Morromist 39 minutes ago | parent | prev | next [-] | | I don't understand why the act of buying internet access isn't considered a parental control. I doubt very many kids are doing it or can. Ok, but parents buy internet access and then let their kids use it, because the kids need it for school. So? The parents job is to keep their kids out of trouble. Learning how to keep track of what their kids access shouldn't be difficult, and maybe should be part of the obligation parents have, kind of like their obligated to teach their kids to drive before giving them the keys to a car. Its analogious to saying "kids shouldn't walk home from school or be let out of the house at all because they might wander into a nude beach or join a drug smuggling satanic cult". Most of us don't hold that view because we trust that kids can be taught to be vaguely responsible. What's more: tools to shield the kids have been around for longer than most of the parents have been alive at this point. The problem is pretty much solved in multiple ways, and wouldn't even be a problem if parents only followed their basic responsiblities. Also it isn't a problem in the first place, I haven't seen any clear, undisputed evidence that shows that kids are degenerating into fiends because of looking at adult stuff on the internet. | | |
| ▲ | fc417fc802 3 minutes ago | parent | next [-] | | > The parents job is to keep their kids out of trouble. Learning how to keep track of what their kids access shouldn't be difficult Unfortunately it is, but we could fix that with only minimally invasive legislation. Right now you either whitelist which breaks half the internet on a recurring basis (things are constantly changing) or you blacklist which is swiss cheese. Either way you're relying on third parties. I think it would be much better to legally mandate a certain minimum level of self classification for website operators along with a simple and extensible scheme for communicating such. It might also be useful to mandate that devices ship from the OEM with parental control software supporting that standard but honestly I doubt that's necessary - if their were a standardized and above all reliable signal available I think browsers and operating systems would rapidly adopt support for it. | |
| ▲ | mikestorrent 33 minutes ago | parent | prev [-] | | The problem with this idea is that it assumes responsible parents, which are not a given. I agree with you completely - I don't want any kind of controls on the Internet - but we live in a world where we cannot actually rely on parents to fulfill what you would consider to be basic and reasonable expectations of parental duties. | | |
| ▲ | DennisP 21 minutes ago | parent [-] | | For kids with parents like that, the internet is probably the least of their problems. |
|
| |
| ▲ | an hour ago | parent | prev [-] | | [deleted] |
|
|
| ▲ | _heimdall 2 hours ago | parent | prev | next [-] |
| I wouldn't trust governments, today or in the future, to keep such a system private and I don't see a foolproof way of building some kind of audit mechanism into it to make sure the data is always truely private. I've also always been curious how a truely anonymous identity verification could possibly work. At best for age verification, I could be given some kind of token that would still have to verify my age and be verifiable with a central authority to ensure my token is valid. The central authority could always keeper records of my token, revoke it whenever they please, and every entity that can verify the age associated with, or embedded into, the token knows at least some of my PII. |
| |
| ▲ | vkou an hour ago | parent [-] | | > I've also always been curious how a truely anonymous identity verification could possibly work. You go to a store. You show the clerk your id and give him a quarter. The clerk pulls a scratch-off ticket from the front of a ticket tape. The ticket contains a token identifier. It's anonymous. The clerk or his POS system knows your name and age, but doesn't know your number. The vendor providing the tape doesn't know your number or your name. The system accepting the token knows your number, but doesn't know your name. The token is only valid for a day after use, so loss and transfer isn't much of an issue. It's the exact same process by which you buy lottery tickets in a world where they don't need to verify your identity when you redeem them. The lottery has no idea who bought a particular ticket, only that a ticket was bought. The clerk knows you bought a ticket, but doesn't know which ticket. Obviously, Eavesdropping Eve looking over your shoulder knows both your name and your ticket number, but that's not a practical attack. | | |
| ▲ | Aurornis an hour ago | parent | next [-] | | > It's anonymous. The clerk or his POS system knows your name and age, but doesn't know your number. The vendor providing the tape doesn't know your number or your name. Where does this 3rd party identity token provider come from? For government-issued identity tokens, there are not separate parties. It's just the government, and they can choose to link whatever they want in their internal system if they decide it's in the interests of national security. You're also forgetting that lottery tickets are tracked. This is how they can announce which store sold the winning ticket before anyone steps forward with it. It would be trivial to match a buyer to the ticket if they wanted to inspect the records. In the case of a government identity token service, there isn't even a separation of parties providing the records. They do it all and can have all the data. | | |
| ▲ | vkou an hour ago | parent [-] | | > Where does this 3rd party identity token provider come from? Some oracle whose job it is to print tokens and hand out rolls to the stores (and to the websystems). They would know which store got which roll, and which website authenticated it, but not who each ticket from that roll went to. With a big enough roll, this is essentially anonymous. Yes, lotteries know which store got the winning ticket, but they have no idea which of the patrons in the store got it. Not unless they ask Eve to get her telescopic lens and notepad out. | | |
| ▲ | Aurornis an hour ago | parent [-] | | I'm talking about identity token services. You're saying the real solution is that we bring in a private, 3rd-party company to start checking our IDs to access websites now? | | |
| ▲ | vkou an hour ago | parent [-] | | I was asked if this problem can be solved in an anonymous manner. I gave a solution that is pretty anonymous and fairly cheap. I am not actually advocating for it. I'm just saying how it's possible to solve it given those constraints. |
|
|
| |
| ▲ | simoncion an hour ago | parent | prev | next [-] | | > It's anonymous. The clerk or his POS system knows your name and age, but doesn't know your number. What prevents a commercial "AI" security camera analysis firm from doing a decent job of linking footage of a store's customers to a likely subset of tokens, based on the knowledge of which tokens are sent to which store and how many tokens have been pulled off of the roll so far? Remember that you can design the token roll packaging so the easiest thing for a clerk to do is to pull off the rolls in the order in which they were shipped. Or -hell- you can design the token dispenser so that it phones home to the oracle that sent the roll to the store with the range of tokens in the roll when the roll is loaded into the dispenser (for "security purposes"). > It's the exact same process by which you buy lottery tickets in a world where they don't need to verify your identity when you redeem them. I've seen many people buy lotto tickets. I've never seen anyone asked for ID. Perhaps the merchant is supposed to check for ID, but they don't. Relatedly: > The clerk pulls a scratch-off ticket from the front of a ticket tape. The ticket contains a token identifier. What prevents rolls of those tickets from falling off of a truck and either being handed out for free or at a substantial markup, no questions asked? [0] In the real world, the system you propose absolutely will not function to the standards required by the people agitating for these systems. You can't "protect the children" if "children" can easily get their hands on anonymous access-granting tokens. [0] The fact that this doesn't happen with lotto tickets often enough to be newsworthy is not a compelling counterexample. Stores make a decent amount of money selling those, and wouldn't want to get cut off from that revenue source by regularly "losing" shipments of tickets. What you propose doesn't make stores any money, so either you have to spend a bunch of money to induce them to carry the tokens [1], or you have to have harsh penalties for "losing" shipments of tokens. If you risk harsh penalties for choosing to sell the tokens, why even bother? Stores put up with the risk of selling booze because it's quite profitable... selling 5c or 0c tokens absolutely is not. [1] Where does that money come from? From you and me, of course! | | |
| ▲ | aspenmayer 29 minutes ago | parent [-] | | I’ve worked in the industry, so just adding some extra info, as I agree with you that the ticket system is not really less tracked than other systems, just differently tracked: Lottery tickets don’t “fall off of trucks” or get “lost in the mail” because they aren’t valid for redemption until they’re activated at the POS terminal of a licensed store, and the lottery company knows which store receives each ticket roll, because they are shipped to known locations with tracking numbers and delivery verification and/or delivered in person by lottery employees. Even the rolls of blank lottery ticket receipt paper have different serial numbers every few inches, and it’s forbidden by policy to swap receipt paper between stores. All of these things are audited both regularly and randomly by state lottery officials. |
| |
| ▲ | aspenmayer 44 minutes ago | parent | prev [-] | | > It's the exact same process by which you buy lottery tickets in a world where they don't need to verify your identity when you redeem them. I’ve sold lottery tickets, and you have to be legal age to both buy and redeem them, so I’m not sure that this analogy or hypothetical solution is comparable to lottery tickets, nor is it likely to be the panacea you think it is. I don’t think that the nascent online age verification schemes are good for society in general, either, but that’s not really the point you were making in your comment, so I don’t assume that you believe they’re good or bad, but simply advocating for a more privacy-preserving implementation. Which is kind of the whole point of the argument against bad implementations, but those who mandate and implement the systems likely view uniquely identifying people as a boon, whereas you and I probably don’t, which is why I am not hopeful that your ticket system will be used, because it will be higher friction for more people than uploading scans of their IDs and/or their face. The ticket system, if implemented, would be used by so few people that the folks who do could likely be re-identified by Bluetooth tracking beacons and facial recognition in the same stores which they bought the ID tickets you suggest, and so I think the number of people who would escape tracking by any such means to be so few as to be a rounding error. Those folks who do pursue this privacy hobby/fetish are statistically likely to ultimately mess up on their opsec eventually on a long enough timeline, so it’s hard to even imagine a scenario in which it matters either way what individual privacy activists do or don’t do from the point of view of the panopticon designers or implementers. Those not identified to a desired confidence interval by the mass surveillance system will just be retargeted for more sophisticated surveillance measures. Despite how we rage, we’re still just rats in a cage. More and more, the privacy debate feels like a quixotic struggle against giants, when everyone already knows that those giants are actually windmills; the majority of society now lives on reclaimed lands which rely on those windmills’ continued existence, and so no one cares about privacy in the way that you or I might care, because they are incapable of perceiving windmills as giants, nor do they have the intellectual or philosophical or political beliefs which would allow them to even entertain such perceptions even for the purposes of discussion. The privacy debate is beyond their ken. |
|
|
|
| ▲ | onetimeusename an hour ago | parent | prev | next [-] |
| I don't think they are serious about privacy and even if they were I don't even want to distinguish between "children" and "adults" on the internet. Things seem to have worked fine up to this point, there doesn't appear to be a public demand for age verification, rather some murky corporations/NGOs/agencies pushing for this. I think it's pretty clear there is some other intention besides protecting children that is the goal here. |
| |
| ▲ | skybrian 35 minutes ago | parent [-] | | We should only need to distinguish devices with parental controls turned on from other devices, and rely on parents to set up the devices accordingly. |
|
|
| ▲ | gruez 2 hours ago | parent | prev | next [-] |
| >Modern versions of this technique allow one to associate metadata (like a proof of age exceeding a threshold) in such a way that the verifier can't even correlate repeated requests across users. If it's unlinkable, what's preventing someone from setting up a site that hands out anonymous tokens for anyone to use? |
| |
| ▲ | discodachshund 2 hours ago | parent [-] | | Using cryptographic signatures from approved signers, like a government | | |
| ▲ | gruez 2 hours ago | parent [-] | | No, I'm meant me, using my 18+ ID to generate a bunch of tokens that can't be linked back to me, and then giving it to random < 18 year olds for the lulz. | | |
| ▲ | paulddraper 2 hours ago | parent | next [-] | | The verification service would tie the token to the IP address/geolocation. It would also throttle the number of identifications, or expire old ones. Yes, that can eventually be worked around, but not really that different than doing the verification today on someone else's device. | | |
| ▲ | Aurornis 2 hours ago | parent | next [-] | | > The verification service would tie the token to the IP address So I'm constantly grabbing new tokens from the government every time I go from work WiFi to my cellular internet to the train WiFi and then home? Sounds like a fantastic point for capturing more tracking data. > /geolocation. Which means I have to send my geolocation data to apps to confirm I can use my token? Don't want that either. > It would also throttle the number of identifications, And if I move around too much in one day or change networks too often, I'm unable to log into anything until tomorrow? | |
| ▲ | gruez 2 hours ago | parent | prev [-] | | >The verification service would tie the token to the IP address/geolocation "Use this exact tor/vpn server" >It would also throttle the number of identifications So I can only wank off 5 times a day, or grant access to porn sites for 5 kids? |
| |
| ▲ | quotemstr 2 hours ago | parent | prev | next [-] | | There are multiple approaches. One, which the Europeans use, hardware-locks the token. Each age attestation is unlinkable, but the cryptographic credentials you need to make the attestation aren't portable. Of course, this model requires a big statist apparatus that does implementation certification, but it does achieve the narrow goal of unlinkable, privacy-preserving age attestation that doesn't instantly decay to mass copying. Other approaches are possible. I'm particularly keen on ones that treat attestations as anonymous digital currency and use cryptographic penalties like slashing to discourage copying post-hoc instead of relying on EU-style implementation certification. There's a huge literature on the subject I don't want to reproduce here. The point is that yes, we do have the technology to do attestation without sacrificing privacy, which makes all the calls for non-privacy-preserving attestation awfully curious. | | |
| ▲ | Terr_ 2 hours ago | parent | next [-] | | > as anonymous digital currency and use cryptographic penalties like slashing Or make it so that tokens cannot be tested except by spending/burning them, which would significantly reduce (but not eliminate) a black market because it would be hard for buyers to trust the seller. The best outcome is going to involve a system that is "good enough" for broad social results (e.g. less brain-rot in the kids) without being so strict or overbuilt that it leads to an even-worse problem (e.g. authoritarian hellhole tools.) | |
| ▲ | jszymborski an hour ago | parent | prev | next [-] | | I'm not familiar with this, but what your describing sounds similar to the hardware DRM keys used for protecting 4K streams from being downloaded from Netflix. If so, this stuff is already broken, and imagine it would be pretty simple to apply the same principles here. I'm probably wrong on this though I'm out of my depth | |
| ▲ | Aurornis an hour ago | parent | prev [-] | | > One, which the Europeans use, hardware-locks the token. I'm surprised anyone considers this viable. It would limit access to those sites to a limited set of acceptable devices and operating systems. I couldn't use my laptop, desktop, or a jailbroken phone. |
| |
| ▲ | worble 2 hours ago | parent | prev [-] | | What's to stop you, using your 18+ ID from buying crates of alcohol and giving it to random < 18 year olds for the lulz? | | |
| ▲ | Aurornis an hour ago | parent | next [-] | | Because those <18 year olds will immediately flip and identify you to the cops to try to lighten their punishment. The anonymous crypto token scheme does not have any trace-back mechanism like this at all. If there's no way to track those tokens back to you, why not sell them for $1 each on the internet to make some extra money? | |
| ▲ | gruez 2 hours ago | parent | prev [-] | | For one, I have to do it in meatspace so it's easily traced back to me, whereas anonymous tokens can't be traced back to me by design. |
|
|
|
|
|
| ▲ | nemomarx 2 hours ago | parent | prev | next [-] |
| As you say, it's doubtful governments want it to be private. So we should expect them to not use these kind of elegant solutions, and the public is generally not sophisticated enough to distinguish between the options already. |
| |
| ▲ | andai 2 hours ago | parent [-] | | In what direction do the incentives point? | | |
| ▲ | nemomarx 2 hours ago | parent | next [-] | | There's two strong incentives - deanonymization for law enforcement is pretty useful so that's one. You want to make it easier to subpoena information about posters for various reasons, access to stores on different dates etc. Lots of reasons for that. And you want to satisfy voters who are worried about children online or have heard scary things about anonymous criminals. You want to be seen to do something about those. A distant third is that you want the system to be cheap and built up fast and relatively easy so voters don't complain about it. All together this leads you to something like "any time a site needs to verify your age (based on this broad list of requirements) put in your government ID number / picture". The infrastructure already exists for that, banks need it, social media needs it, and the current president has agitated for it a few times now. If you're really aiming high you set up some digital ID attached to it that's easier for the users. | |
| ▲ | Geezus_42 2 hours ago | parent | prev [-] | | For who? |
|
|
|
| ▲ | JohnFen 2 hours ago | parent | prev | next [-] |
| The problem is that you still have to trust something you don't control and can't verify that the technological solutions are correctly implemented and applied. |
|
| ▲ | rockskon 2 hours ago | parent | prev | next [-] |
| Zero Knowledge Proofs are worthless for this. Either they validate so little information that a single homeless person can authenticate the entire country or they validate so much information as to not have a significant privacy guarantee. There is no in-between for ZKP validating someone's age. |
| |
| ▲ | teravor 2 hours ago | parent [-] | | worthless is too strong. the truth is that the two extremes you listed can be titrated. if you use nullifiers you can trade some privacy for some security. basically you convert your true identity into a private token which you can use to authenticate aspects of yourself, the price being that the token can be tracked with some effort across services. better than just using your identity at least. if a token/nullifier is abused it can be revoked and then you have to jump through a bunch of hoops to get another. there are some other trade offs that can be made. | | |
| ▲ | rockskon 2 hours ago | parent [-] | | Okay - so you verify age and what else? What combination of details can you validate on that is meaningfully privacy-preserving and couldn't result in wide-spread re-use of tokens? Additionally - what would prevent some kids from getting a homeless man in the city to hand them his ID, get a facial scan, and everything else you can think of to generate a token and then pass that token around? ZKP are a cryptography-nerd's joy but are are categorically unsuitable for the purpose of age verification. I stand by this without the slightest reservation. | | |
| ▲ | teravor 2 hours ago | parent [-] | | the same thing that prevents them from doing reuse right now: platform detection mechanisms. the difference is that right now the identity of the subject is known whereas with ZKP (nullifier approach) only the dirty token is known and where that token was used. | | |
| ▲ | an hour ago | parent | next [-] | | [deleted] | |
| ▲ | rockskon 2 hours ago | parent | prev [-] | | So....what exactly would platform detection mechanisms be basing their decisions off of that wouldn't defeat the entire privacy-preserving premise of ZKP? | | |
| ▲ | an hour ago | parent | next [-] | | [deleted] | |
| ▲ | teravor an hour ago | parent | prev [-] | | multiple use of the same token on multiple accounts...? tying multiple accounts and services together isn't ideal but its inarguably better than tying your real world identity to every single service. | | |
| ▲ | rockskon an hour ago | parent [-] | | Wait - so you're advocating for use of a persistent identifier tied to a person? How is that any different than what advertising networks do right now beyond giving them additional guaranteed information of your age bracket? To clarify - it's not cryptographically necessary to present the same token for each and every transaction and serves to categorically defeat the entire privacy guarantee of ZKP. It also makes it trivial to associate your ZKP token with your real identity. | | |
| ▲ | teravor an hour ago | parent [-] | | > use of a persistent identifier
at the terminus, yes. there is no other way to avoid the homeless problem you listed. by terminus I am referring to where a central authority vouches for unforgability. this does not mean advertisers will have a token they can use (see remote attestation infrastructure). > tied to a person
whether or not the terminus can tie a token to a real world identity will depend on how careless the user was and how much collusion there is between the terminus and the services. at the very least it will impose an investigation cost.contrast this with the situation as it currently is (under ideal assumptions) where a central authority verifies your real identity and issues temporary rate limited tokens which are then saved by each service and can at any time be linked to you whenever the central authority can get the service to disclose the database entry. the nullifier will force the central authority to do an investigation about who the nullifier actually belongs to which may actually fail. realistically I expect VPNs and Tor to just become more popular in response to such nonsense. I wouldn't be using government issued tokens for anything that isn't trivial to tie to your identity already: such as a personal bank access. | | |
| ▲ | rockskon 24 minutes ago | parent [-] | | > at the terminus, yes. there is no other way to avoid the homeless problem you listed. by terminus I am referring to where a central authority vouches for unforgability. this does not mean advertisers will have a token they can use (see remote attestation infrastructure). Where to even begin here.... To generate the token, it needs to be based on specific data. How do you prevent people from generating tokens based on fake data and submitting that to the "terminus" that you mention? We already have cases of people bypassing facial scan liveliness checks for banks using AI-generated footage. What about validating tokens during the token enrollment process based on your government ID? Though that makes sure that poor or undereducated people who don't have such an ID are locked out of large swaths of Internet services. Though there's also the matter of it being trivial to generate fake IDs using AI. If you have no gatekeeping for the token enrollment process, anyone can submit an arbitrary number of new tokens. And if you do have gatekeeping, you're right back to square one of needing to validate against more than just your age. After all - the cryptography algorithms will be publicly known. If the only thing ZKP is validating against is age, it won't take long to figuee out how to generate identifiers based on fabricated information. > whether or not the terminus can tie a token to a real world identity will depend on how careless the user was and how much collusion there is between the terminus and the services. at the very least it will impose an investigation cost. No it won't. A user submits a token to a server. The user also logs in with their e-mail address or phone number. Their email and/or phone number is hashed and it, along with the ZKP token and any additional information the website has on you, will be sent to data brokers. This is the same as any other bit of information out there that data brokers collect on the internet. They just associate your new info with other info you are required to provide in order to use various services. This will be automated and will cost next to nothing for data brokers to take advantage of. > contrast this with the situation as it currently is (under ideal assumptions) where a central authority verifies your real identity and issues temporary rate limited tokens which are then saved by each service and can at any time be linked to you whenever the central authority can get the service to disclose the database entry. the nullifier will force the central authority to do an investigation about who the nullifier actually belongs to which may actually fail. ....what? What investigation by central authorities? You are talking of a system that would constantly mediate permissions for billions upon billions upon billions of devices across dozens of services and accounts per device. You couldn't hire an army of people large enough to handle this and AI is infamously awful at detecting when a given image has been generated with AI. > realistically I expect VPNs and Tor to just become more popular in response to such nonsense. I wouldn't be using government issued tokens for anything that isn't trivial to tie to your identity already: such as a personal bank access. Their popularity would only rise in order to VPN into jurisdictions that don't enforce this. Assuming major websites don't just mandate age/identity verification for all new users regardless of jurisdiction just because it's easier and cheaper to apply one system to everyone. Look - I know you mean well, but it is clear from this discussion you aren't familiar with cryptography, system security guarantees, Internet infrastructure scaling, or what would be needed to introduce new descriptive information about a person on the Internet and not have it become a new privacy risk. This is an issue that has no tech-only solution. The specifics aren't just something to just figure out at a later date - the specifics are everything. And it's something that is enormously difficult to get right and extremely easy to get very, very wrong. |
|
|
|
|
|
|
|
|
|
| ▲ | andy99 2 hours ago | parent | prev [-] |
| This seems to come up in every discussion, in practice it’s irrelevant both because it’s too complicated for normal people to understand, and because the point of all this nonsense really is identification so anything that defeats that will be a non starter. |
| |
| ▲ | bluefirebrand 2 hours ago | parent [-] | | It doesn't have to be too complicated for normal people to understand. Majority of people understand their SIN or SSN number or whatever, they understand they have a drivers license number. This could be built in such a way that it's basically just be another government issued "thing" that they have to know about and be able to produce when requested | | |
| ▲ | Geezus_42 an hour ago | parent [-] | | Every government has been working on ways to identify and target individuals online since as long as the internet has existed. Governments are incentivized to continuously increase control. Why would you assume this is not yet another escalation towards their goal of being able to track and silence anyone who pushes back? | | |
| ▲ | bluefirebrand 43 minutes ago | parent [-] | | I didn't comment at all on what the governments goals are Edit: I agree with you 100%, but the fact that governments want to track people online has no bearing on how technically possible it is to build a system where they can't An anonymous internet auth system (probably) won't get built, but it is possible to build |
|
|
|
