| ▲ | Aurornis 6 hours ago | |||||||||||||
> But if they reveal nothing, isn't it wide open for abuse? Couldn't one over-18-person's proof become everyone's proof, because they can't tell it's the same proof, and the issuer can't tell where or how often the proof is being used? Yep! This is why the concept of zero knowledge age gating is such a trap for technically minded people. They imagine receiving a private cryptographic object that can be used to anonymously confirm that the government says it was issued to someone over 18. That’s completely useless because a single leaked token could be used forever, so nobody actually considers this. All of the real proposals have various compromises baked in. Some people want to require device attestation, so you could only do this handshake from a government approved device running a government approved operating system. Forget using Linux or maybe even a general purpose computer at all. Other proposals involve online government handshakes in various ways, with a pinky promise that the government won’t keep logs or tap it for national security purposes. So we get back to anonymous by trust only. | ||||||||||||||
| ▲ | semi-extrinsic 2 hours ago | parent | next [-] | |||||||||||||
> Some people want to require device attestation, so you could only do this handshake from a government approved device running a government approved operating system. Forget using Linux or maybe even a general purpose computer at all. The reason this is a non-problem for the purpose being discussed (age verification on social media) is that you can simply allow anyone with a de-Googled phone or using Linux on a laptop (or even Mac or Windows) to bypass the age check. You don't need a 100.0% accuracy solution, anything above 90% is fine. Essentially all teenagers are using social media on Android or iOS with apps from the official app store. If you make social media unavailable only on those devices, they are not going to be switching en masse to SailfishOS or start to carry around backpacks with laptops. Maybe a few will. But then they're going to be very lonely on their social media and subsequently stop caring. | ||||||||||||||
| ||||||||||||||
| ▲ | whiplash451 5 hours ago | parent | prev | next [-] | |||||||||||||
We might be over complicating things here. The governments’ focus might be on protecting genuine users (adults or not), not fighting fraudsters. In other words if ZKP works for the vast majority of technically illiterate people with their EU ewallet, the job is done. | ||||||||||||||
| ||||||||||||||
| ▲ | countcol 6 hours ago | parent | prev | next [-] | |||||||||||||
You can use a Linux… if it’s a Android :( | ||||||||||||||
| ▲ | Nursie 2 hours ago | parent | prev | next [-] | |||||||||||||
There are a variety of schemes possible that do not have these flaws. There's an interesting post here which goes into some of this - https://blog.cryptographyengineering.com/2026/03/02/anonymou... So - > Yep! Actually nope. | ||||||||||||||
| ▲ | zeofig 4 hours ago | parent | prev [-] | |||||||||||||
I agree with your analysis, but doesn't that make this blogpost by google a bit overoptimistic, or even disingenuous? | ||||||||||||||