[arrrg]

Age verification is possible without revealing personally identifiable information (beyond old enough yes/no, which is not in any way personally identifiable info) and from my perspective should be a strict requirement with any such laws.

In fact, if these laws make the requisite infrastructure (ID cards that offer that functionality) a hard requirement then creating an anonymous web that nevertheless has age checks easier, not harder.

What you basically want is an ID card where you as the owner can decide what you want to share with the private business. And for age verification that’s basically just requirement fulfilled yes/no.

So if the law is well written then this could be an advantage, not a disadvantage. Preemptive cynicism isn’t helpful here.

[u_sama]

Given the track record of both the country and other EU attempts (despite the existence of a zero trust verification framework) I am quite sure this will be used to de-anonymize users online, see UK.

[arrrg]

There it rears its ugly head again, the preemptive cynicism that prevents anything good from ever getting done.

It’s simple really: zero trust age verification should be a strict requirement of any such law and anything else illegal for age verification.

That to me is what has to happen and it’s important to me. That’s my perspective on this – not that‘s never going to happen anyway, so no point in trying to.

[u_sama]

Its not preemptive, more like reactive, track record is bad and current PM is enshrouded in corruption, so do the maths.

[toomuchtodo]

Social media is toxic to kids (and adults, but that’s a different matter), extraordinary measures are called for, even with risks. It’s hyper optimized to be the equivalent of a drug, and should be regulated as such.

[gus_massa]

Mass surveillance is toxic too. Choose your poison.

[toomuchtodo]

Impairment of social media systems, for sure.

[m000]

Please, enlighten us on the track record of Spain.

Because I really can't recall anything outrageous, and surely nothing on the level of surveilance existing in the UK.

[u_sama]

Hacienda is the most extractive Tax Agency in the world. They have lobbied for ever more intrusion into private lifes of citizens in order to extract more money. Thus they have included a "lifestyle auditing" that has access to many cross-databases, utilities, insurance, etc....

If you set up a system of ID identification linked to your real ID and IP, Hacienda (and the police, and eventually private companies) will be able to backtrack.

The current PM's rother, wife and half of his cabinet are involved in corruption scandals linked to COVID funds given to companies that bribed people. This is the government that will implement such efforts. Would you be able to trust them ?

[mercacona]

> half of his cabinet.

That’s bold and inaccurate. What you shouldn’t trust is El Corte Inglés, who would code another shitty platform for the Spanish institutions.

[freehorse]

It is definitely technically possible, and it has been for some time in many places. But I doubt anybody (sm companies, state) cares to implement it like that, instead of taking it as a chance to increase surveillance.

[budududuroiu]

It is not preemptive cynicism. My issue isn't with private corporations having access to my data, it's with my government having access to my social media profile.

[arrrg]

How does that follow? I don’t see the connection.

Zero trust age verification means both sides don’t have to learn anything about each other beyond old enough yes/no. Should mean that.

I’m fine with age verification if it fulfills at least the same criteria that offline age verification does. When you show your ID card in a supermarket to buy alcohol or cigarettes or whatever then the government doesn’t learn anything about what you did and if the cashier doesn’t memorize and write down anything on the card the supermarket doesn’t learn anything about your identity. Here the digital solution can and should do better and close that theoretical deanonymization vector.

But yeah, that‘s the ideal to aspire to.

[Hizonner]

> Zero trust age verification means both sides don’t have to learn anything about each other beyond old enough yes/no. Should mean that.

Well, it doesn't. Absolutely none of the systems people are putting into place, or suggesting putting into place, are actually zero trust. The ones that claim to be are "somewhat lower trust if you don't think hard about how to exploit them". Yes, we know in theory how to do zero trust. The reality of these mandates is that people can easily get de-anonymized to all kinds of actors who should't be able to identify them.

It's also a "solution" to a massively exaggerated problem, one that's not in any way specific to any given age group. But that's unrelated to the fact that nobody is, in practice, doing or planning to do anything privacy-preserving.

[mzajc]

Will age verification require the use of software I can't view the source of and/or can't patch (due to remote attestation), and presumably only runs on user-hostile systems (Android with Google Services and iOS)?

It's hardly zero-trust in that case.

[littlecranky67]

It is not preemptive cynicism, it is also unprobable becaues the EUDI [0], tech specs and example source code are open source and available on GitHub for everyone to review [1]. The age verification is implemented in a pricacy-friendly way, you can't even obtain the exact age during the verification step. The are brackets (such as 13+, 18+) and all the verifier gets is a "yes" or "no". Not your name, not your age.

Please stop spreading FUD when the actual implementations behind the government initiative are actually open source and have been designed to allow anonymous verification.

[0]: https://ageverification.dev/ [1]: https://github.com/eu-digital-identity-wallet