[jazzyjackson]

Zero knowledge proofs can perform expressions that check values within a JSON tree without exposing any of those values to the requesting party, for instance "year of birth < 2005" can return true or false without returning the person's numeric birth year. Essentially the requesting party has the holder of the credential perform a computation, the result is guaranteed to be the result of each and every instruction over a target data structure (only knowing the hash and signature chain of the credential, so for instance your government issued id can be signed by your secretary of states public key)

Estonia has a really interesting government issued public key infrastructure where users can validate their identity with their physical ID card and a USB reader (maybe it's NFC by now?) but I don't think I've heard of the above scheme used in practice, just sat through a presentation at the internet identity workshop.

[Eddy_Viscosity2]

But the verifying party can still track you because they can (and absolutely will) log who the requester was and when it was requested. The site might not know who you are, but the government will now have a record of all your 'adult web activity'.

[tzs]

In the ZKP system Europe will be using and I believe in the one Google has developed when you verify your age to a site the communication is only between your device and the site.

The only information the site gets that they don't get when you login now without any kind of age verification (other than something like clicking "I am 18+") is that you have a government issued ID that says you are 18+.

If their logs without age verification are insufficient to reveal who you are if they get turned over to the government then the logs with age verification will also be insufficient.

[Eddy_Viscosity2]

But this information to the site would be still be a unique identifier wouldn't it? Is so, it will be logged and logs sold to data miners and at some point will be correlated with enough activity to be de-anonymized.

[tzs]

The only extra information the age check adds over the normal information the site gets when you use them is that your age is not under their age limit.

[voxic11]

If that's the case what stops me from making a free public service that allows anyone to verify using my ID? Don't they have to log something to ensure that isn't happening?

[tzs]

The ID is cryptographically bound to a hardware security device you provide. In the EU system that will initially be an iOS or Android smart phone with a secure enclave, with support for other security devices like YubiKeys or smart cards coming later.

Briefly, your government gives you a digital ID that is signed with a key that is stored in the hardware security device. To demonstrate some fact to a site, such as "My ID says I'm 18+" your phone and the site use a ZKP to show to the site that (1) you have an ID that confirms that fact, (2) the you have the hardware security device that the ID was issued for, and (3) the hardware security device is unlocked.

You can use your ID to verify for someone else, but because the verification has to use your phone and it has to be unlocked this will be mostly limited to people helping a friend in person get around an age limit.

[rockskon]

Zero knowledge proofs based on too little information are trivial to abuse.

To combat this, you need to have it based off of more and more personal info....which is at odds with the privacy-preservation goal.

Sadly when it comes to age assurance, Zero knowledge proofs are little better than marketing.

[ekr____]

In this case the ZKPs are tied to a private key stored in a secure element in the phone, so effectively they are tied to control of the device where the original credential was enrolled.

[rockskon]

That's nice and all for the cryptography but now think about what's needed to associate it with the physical attribute (such as the age) of the user of the device which may or may not change hands over time.

[ekr____]

I'm not quite sure what you're getting at here.

The Google system is tied to a mobile driver's license, and there is an identity check at enrollment that is intended to tie the credential to the device. It's true that if you give someone access to your phone without erasing it, then they can potentially use this mechanism to circumvent age assurance. This is true for a number of other age assurance mechanisms (e.g., credit card-based validation).

In any case, I'm not really interested in getting into an argument with you about the level of assurance provided by this system and whether it's "trivial to abuse" or not. I was merely describing the way the system worked in case people were interested.

[rockskon]

The suitability of the remedy (ZKP) for the purpose of age assurance is the entire problem. The non-cryptographic aspects cannot be handwaved away as something not worth discussing when they're the primary area of concern here.

[ekr____]

You're arguing with something I'm not saying. I didn't handwave anything away or say it wasn't worth discussing. I simply described how the system was designed.

[voxic11]

But they must allow some kind of proxy signing so that you can sign in from other devices besides the phone. So how do you protect against misuse of that feature without logging any identifiers?

[TiredOfLife]

That's just a regular EU ID card.

It has the same capability as showing passport and face to somebody.