Age verification wouldn’t be a problem if there was a service I trusted that could verify my age, generate an anonymous one way hash or public/private key pair that could verify my age, and then dispose of all information that would could tie me to that info, I’d be ok with it. The problem is there isn’t a group that I’d trust (well that would be willing to do it) and everyone wants to hoard information and create a central repository that will be broken into. It’s not that there is a possibility it could be, but a certainty that it would be. This isn’t really an unsolvable technical problem, but an unsolvable trust problem.
Age verification if intent was to make it not tied to real ID would be a system where you could go into any store and buy a card you can scratch off for a code to put in.
But, governments want to track and get rid of anonymous accounts. They don’t actually care about age requirements. They want a 1984 type control of citizens to know what they are thinking or at the very least scare off people from expressing thoughts like politicians should be held accountable for fear of current or future consequences from a government that may decide it is treasonous.
The EU actually was working on a system described above based on some sort of zero knowledge proof (so verification via your gov’t id, but without the verifying party being able to assert anything other than age > 18 or whatever data you want to verify)
So being able to get a token without even the government knowing?
Because if it’s the alternative of the government itself issuing the token and it being only the receiving site not knowing, but the government being able to link it back to you I wouldn’t be happy with that either.
I’d prefer it to be as trackable as knowing which specific alcohol bottle you bought. So other than showing ID to a store to get a random token nobody in theory would know who the token belongs to including the government.
I think that’s the idea of zero-knowledge proofs. Nobody ever knows anything about the other party. Monero uses them (among other things) to be truly anonymous.
It’s just a new “Think of the children”, only worse than going after backdoors in cryptography.
Now it’s “OS-level” identity checks, which means TPM+secure boot hardware lockout.I am actually not fundamentally against the idea of age verification for some things online. We have many things with age restrictions in real life, for various reasons, it kind of makes sense to have it online as well for some things.
but…it has to be done with zero-knowledge proof so we limit the amount of private data exposed to the absolute bare minimum.
I also want zero knowledge personhood/Nationality verification for social media. Maybe with age too. I want to know where the accounts come from and whether they are a bot or not.
It can be optional, as long as I get a filter to remove all non-verified people.
Nym did some work on a zero knowledge verification system:
https://constructiveproof.com/posts/2020-03-24-nym-credentials-overview/
Whenever this comes up, this style of zero-knowledge proof/blind signature thing gets suggested. But the problem is that those only work if people care about keeping their private keys secret. It works to secure eg. “I own $1” but “I’m over 18” is less important to people and it won’t be hard for kids to get their hands on a valid anonymous signing key on the web. Because the verification is anonymous and not trackable, many kids can share the same one too, so it only takes one adult key to leak for everyone to use. It’s one of the reasons they push biometrics that at least appears to need a real human. Requiring ID has a lot of the same issues on top of being a privacy nightmare.
I’m starting to think that actual age verification is technically impossible.
that is less of a problem when the private key is not too easy to export, and when each private key has ratelimits for how often can they be used
Those things come with a big convenience and implementation trade-off that slows adoption.
If it’s hard to export for technical reasons (eg. Needs to be in a tpm) then that adds hardware requirements and complexity and makes it difficult to log in on other devices. If it’s a software thing, then it’s rippable. Either way “install our government app to watch porn” is not an enticing prospect for people.
Aggressive rate limiting is also frustrating if you want to log into multiple things and it keeps blocking you because you’re using your key too fast, but if it’s not aggressive then it likely won’t be effective unless all the kids sharing a key are trying to use it at once.
If it’s a temporary thing where you have to auth with the government to get a fresh signing key that expires, you have the issue of having to sign into the government when you want 18+ content which is super uncomfortable.
I can see it being a browser-based thing set up a bit like video DRM but that would still need to talk to a government server each time for a temp key (like how licence servers work) and you’d need to be logged into their systems. It might still be the best option but it does still leak “X person wants to access 18+ content right now” to the government.
I’m really interested in seeing a technical/cryptographic solution that actually works but so far I haven’t really and I’m starting to doubt that it’s possible.
Your point of view: We have so many fascists in reality, why couldn’t we tolerate some fascism on the internet?
Do you also think age restrictions in real life is fascism?
Some of them are.
Care to elaborate which you think are fascist?
Regarding age verification I think that things we generally don’t allow kids access to in real life could make sense to age restrict online as well. Something like gambling comes to mind, and I wouldn’t personally consider it a fascist action to limit access to that.
Edit: again, under the prerequisite of properly implemented zero-knowledge proof so the site only knows if you’re old enough but not actual age, name or anything.
The definition of fascism is trivial: only one ideology is permitted (no matter what that ideology is exactly), anything else is forbidden.
So any forced limitations without objectively obvious/proven reasons that are welcome by community is fascism. As simple as that.
Limitations of theft and killings are not fascism because most people are against those activities. Limitations on education access is fascism because most people welcome education.
Those who have different opinions can impose their own private limitations in the non-fascist community. Like age restrictions for this or that activity.
The definition of fascism is trivial
made up definition
There is already age verification. It’s called an internet service provider bill.
Best our corporate dictatorships can offer is requiring you to surgically implant a microchip into your brainstem. Everyone without the chip will be classified as woke, and cleansed by the AI killbots on judgement day.
All heil skkkynet.
Well your fundamentally wrong enjoy your safe little cage bird, perhaps your master will lift the sheet today.
Zero-knowledge proofs are a good concept. They’ve been possible for a long, long time, and allow age check without surveillance.
So why are they not being used? Because age check is just a cover. These people want to do surveillance, not protect kids.
So it’s a good counter. Want age check? Do it like this. Oh, you don’t want it that way? Why not, pray?
Whether it works (it has, previously) or not (as with the current bullshit from the US), it does bring to the public debate that this is unnecessary surveillance.
There’s also precedent you can point to. Germany has implemented a reasonable system of digital identification and (seperable) condition confirmation (age gate).
How old are you ? If i may ask.
Old enough
Deleted by author
Or — just make it easier for parents to install filters for their kids??
It’s already easy as fuck. Most parents just don’t bother. The mandates should be on ISPs and cell carriers to provide network-level filtering. I filter adult sites on my home network and there’s no getting around that without cracking the password on the service or factory resetting the gateway.
Maybe in alternate timeline where tech companies have historically acted ethically.
In this timeline where each new company and/or ceo is less ethical than the last, I know that any type of identification will be mismanaged at best or used maliciously at worst
All trust is gone between these companies.
Plenty of companies you already deal with already know who you are, thus how old you are. Cell carriers, ISPs, banks, stock brokerages, utility companies, and so on. It would be much more secure, done properly, for a service like this to provide a simple “yes/no” answer to the age question.
I have no issue with an online service knowing my age for as long as that’s all they know and will ever know about me.
As a Texan oil baroness I feel confident with myself being known to the algorithm and it tracking my habits of dropping snakes into police stations, as is our tradition as reminder to not be treaded upon.
Banking?
you open the acct with id. no need for the app to verify age.
“identity or age”
The issue is that any software is a blackbox when running.
There is no way for a user to know what code is running let alone verifying that a specific code is actually running on a device, combine that with a sector that keeps wanting more data.
Fidelity, Banks, Coinbase (before I got out of cryptocurrency entirely).
But, basically, only when government regulation does (or SHOULD) impose KYC requirements.
Age and ID verification might be good in a very few cases, but it should definitely be a deviation from the norm.
Age verification is one thing, but I routinely verify my id online. Banking, insurance, taxes, various other government things, car registrations, some of the kids school stuff and so on. We have pretty decent infrastructure in place here in Finland and the entities I identify myself online already has my info anyways. I can use either my banking app or mobile verification to securely prove I am who I claim to be and the systems have roughly the same user experience than MFA tokens.
Each of those are roughly zero-knowledge, the website I log in receives just “User with login token xxx is IsoKiero with SSN 123456789” and the tokens expire after a while. Also there’s restrictions in place that my insurance company can’t just sell my data to whomever unless I opt-in for their “marketing” program (not going to happen) and even then there’s some limitations on how they can use the data.
The same system could be adopted to age verification, but that’s a whole another can of worms.
The problem with “age” verification is that politicians are confusing it with identity verification.
I should not have to prove my name and other biometrics to prove age.
Age verification is the fascist way to get people to identify themselves and their online activity. Almost every state that has some sort of age verification law has zero method to actually verify age. No digital ID service, no way to share a credential for verification.
They want people to upload an ID.
This isn’t about keeping children safe and it never is. It’s about identifying critics of the government.
It is possible to build an age verification system, where you use your actual ID with a cryptographic process without any personal data. The technology has existed for decades now.
problems with that:
- how do you verify that it works the way they say it works
- how do you make yourself heard when it doesn’t
so far the only answer I am aware of for these questions is “you don’t”
how do you verify that it works the way they say it works
Open source -> you look at the code
how do you make yourself heard when it doesn’t
In proper domcratic counties that is what law is for.
What I want to say with this: it is technically possible to make it proper. There is a interest not to do it properly.
how do you verify that it works the way they say it works
Open source -> you look at the code
a source code repository on github does not have any guarantees that they are distributing the software built from exactly that source code.
but even worse, almost all such apps are closed source. and you have no chance to verify what runs on the server in either case.
how do you make yourself heard when it doesn’t
In proper domcratic counties that is what law is for.
is this “law” thing you mentioned able to make your thoughts appear telepathically in the minds of millions of others, without a channel like the internet?
are you going to post to facebook with your discovery and hope millions will see it and agree with you?
or are you going to grab a big board and a megaphone and go to the town square about the problem?
this is probably the more effective way, but you’ll be called obnoxious, especially by those who have no idea about the tech they use
The additional problem with that is straight up discrimination. We’re replacing a predatory system with another discriminatory system. It is essentially another path that leads to the same thing. Fighting fascism with fascism.
Public key cryptography and signatures are common technologies nowadays.
you won’t be able to use that to verify the integrity of the system when the worry is that its creators are dishonest. you may be able to verify that something has happened (e.g. a successful attestation), but you won’t be able to tell if the attestation was actually executed for your device and the app in question, or it was proxied to another device the devs run to fake attestations.
Force the building of a light “honour based” age verification system (just enter your birthday, we trust you not to lie to us), then as more comply add more requirements to it til all accounts are linked and they know when you shit
I hate to point out the obvious, but they didn’t accidentally confuse the two…
In the US it is becoming common for federal services to require ID.me verification. I’ve never really had a problem with social security requiring ID verification. I do have a problem with data portals requiring it.
Identifying yourself for official business on a government site is not the same as providing official ID to a random picture sharing site. Pretty much every service has had a leak which required heaps of people to change their trusted password. How would you fix this when they leaked your full official identity?
The theme of this post is “what things online would I be okay giving my government ID to.” The author did not mention government services in the article, so I brought those up and differentiated which government services I think are reasonable for ID verification. In the US, social security is basically a retirement fund and a huge target for scammers. I’m willing to verify there or for my taxes (although those should just be done for me; different argument). A data portal eg census data is not something I am willing to verify my ID for because it should be public. US trademarks, for example, now require ID verification for an account. An account gives expands some access on the website and allows the ability to file. If I file a trademark, I am fine with verifying my identity. If I make an account, I don’t need to verify my identity until I file.
I didn’t mention picture sharing websites because I agree with the author’s stance.
I even have a problem with ID.me, it’s a private company that the US government wants you to give your driver’s license and other information to. I don’t trust that.
Absolutely valid. In the context of identity verification, I trust ID.me more than random companies that do not have government contracts because government contracts come with security and compliance regulations that require regular audit and make the chances of breach less likely. In either case, it’s a private company and, as any security nut would have told you, when it gets sold all bets are off like 23andme. Even more importantly, in the US, any kind of ID verification is a terrible idea, government or private, because we have no data regulation or privacy constraints. I call out the US here because we have no GDPR equivalent (CCPA wouldn’t hold up to federal data). Even if ID verification were conducted by the government, it can still be used for gnarly shit like we saw with ICE and DOGE.
On a sliding scale of evil, ID.me is the evil I know will currently fight to continue remaining the only evil which is the only solace I have in the US.
ID.ME is awful and buggy.
You already have one. It’s called your payment provider.
My bank once sent me a letter to my address, to tell me that they did not know what my address was. So I’m not completely sure they are exactly on the ball.
This is just more child abuse disguised as “parental rights”. It becomes clear how harmful this is when you realise that not all parents have their childrens best interests at heart (even if they think they do and sincerely mean well) and allowing parents to censor the information children have available to them allows them to censor information that the children learn only too late to prevent harm.
Are we really “protecting” the children? Or is there a huge amount of powerful and wealthy individuals searching for an easy way to get to the children. With the global Trump Epstein Files scandal currently happening, how do we know they are not just stalking more kids? Not a conspiracy theory, just a different point of view. So many horrid groups in the world claim to be protecting children, but they always have a hidden nefarious agenda.
You’re still thinking too small. They want to be able to see what everyone is doing and saying, no anonymity.
Yes, almost exactly
I thought the had Roblox for that
As someone without kids, I don’t know what the problem is with that specific game. I haven’t played it. Can you elaborate?
This is just the latest one. There’s also the fact that their profit generation format is essentially child labour exploitation. And also the latest one is just an extension of the platform’s longstanding issue with child predators.
Selection of videos below on Roblox and it’s history of being probably the last place you want to let your kid hang out…
I’ll check these out be sure to educate my sister with unsolicited parenting advice for her kids. Thank you.
No worries 👍
It’s one of those things I feel like anyone with a young person in their life should be aware of.
Same for me my man. I hate the fact that anonymity on the internet will eventually fall before the end of this decade. The west is not that far away from the authoritarian regimes it claims to be fighting against
YouTube’s can be broken and that’s the only one I cared about. I guess steam would be an issue if they tried it.
Pretty sure anything else I can easily just bail on.
youtube? how?
Steam’s age verification is entering your credit card details.
