[john_strinlai]

>We are missing accessible cryptographic infrastructure for human identity verification.

like most proposed solutions, this just seems overcomplicated. we don't need "accessible cryptographic infrastructure for human identity". society has had age-restricted products forever. just piggy-back on that infrastructure.

1) government makes a database of valid "over 18" unique identifiers (UUIDs)

2) government provides tokens with a unique identifier on it to various stores that already sell age-restricted products (e.g. gas stations, liquor stores)

3) people buy a token from the store, only having to show their ID to the store clerk that they already show their ID to for smokes (no peter thiel required)

4) website accepts the token and queries the government database and sees "yep, over 18"

easy. all the laws are in place already. all the infrastructure is in place. no need for fancy zero-knowledge proofs or on-device whatevers.

[mothballed]

The government will want some way to uncover who bought the token. They'll probably require the store to record the ID and pretend like since it's a private entity doing it, that it isn't a 4A violation. Then as soon as the token is used for something illegal they'll follow the chain of custody of the token and find out who bought it.

No matter what the actual mechanism is, I guarantee they will insist on something like that.

[john_strinlai]

if the goal is to "protect children", or just generally make parts of the internet age-gated, my proposal is 100% fine.

if the goal is "surveil everyone using the internet", yes, very obviously my proposal would not be selected, and you will have to upload your id to various 3rd-party id verifiers.

[mothballed]

I think something like your proposal actually sounds the most logical. I just think they will bolt on chain of custody tracking to it, while promising it will only be used for finding "terrorists" or something.

[procflora]

Yes, while I was reading the article I couldn't help but think about notaries public. Seems like something like that would be government's go-to for this if they weren't quite so overfed on tech industry contributions that lead them down the path of AI solutions.

I'm not sure that's the right answer here, but I think it ticks a lot boxes for the state.

[Seattle3503]

The nice thing about something bolted on like that is that it is not an essential feature of the core design and has no bearing on the original goal. It can be removed or reformed. The same isn't true of the approaches we are heading towards now.

[IanCal]

What you’re describing is infrastructure that doesn’t necessarily exist right now for use online, and has all the privacy problems described. Why should I have to share more than required?

[john_strinlai]

it has none of the privacy problems described, and 95% of the infrastructure exists right now (have you ever purchased smokes or alcohol?)

to go on tiktok, you enter a UUID once onto your account, and thats it. the only person that sees your id card is the store clerk that glances at the birth date and says "yep, over 18" when you are buying the "age token" or whatever you want to call it. no copies of your id are made, it cant be hacked, theres no electronics involved at all. its just like buying smokes. theres no tie between your id and the "age token" UUID you received.

theres no fanciness to it, either. itd be dead simple, low-tech, cheap to implement, quick to roll out. all of the enforcement laws already exist.

>Why should I have to share more than required?

you shouldnt. having to prove age to use the internet is super dumb. but thats the way the winds are blowing apparently. if im gonna have to prove my age to use the internet, id much rather show my id to the same guy i buy smokes from (and already show my id to) than upload my id to a bunch of random services.

[simoncion]

The problem with this scheme is that it's exactly as protective as requiring someone to tick a "I'm of legal age" tickbox in the software they wish to access. Anyone who is of legal age can buy UUIDs and pass them around to folks who are not.

Having said that, I think having an "I'm of legal age" tickbox goes quite far enough.

For the ultra-controlling, setting up a "kid's account" using the tools already provided in mainstream OS's [0][1] is a fine option.

[0] <https://www.microsoft.com/en-us/microsoft-365/family-safety>

[1] <https://support.apple.com/guide/mac-help/set-up-content-and-...>

[john_strinlai]

>The problem with this scheme is that it's exactly as protective as requiring someone to tick a "I'm of legal age" tickbox in the software they wish to access.

no, it is exactly as protective as the protections for purchasing alcohol or buying smokes or other controlled substances/products.

buying smokes/alcohol when underage is obviously harder than "click this box". (did you ever try to buy smokes/alcohol when underage? you cant just go up to the clerk at the store when you are 14 and say "trust me bro, im 18/19/21".)

>Anyone who is of legal age can buy UUIDs and pass them around to folks who are not.

same for smoking and alcohol. i could go to the store right now and buy smokes, then hand them to my 10 year old.

we have laws already in place to punish selling smokes/alcohol to underagers, and laws for consuming smokes/alcohol when underage. we can apply those laws to your internet-age-token.

most people seem fine with the current trade-off for smokes/alcohol. i see no reason why tiktok needs to be treated as more dangerous than either.

>Having said that, I think having an "I'm of legal age" tickbox goes quite far enough.

i agree with this and everything you said afterwards. id rather not have any of it.

[simoncion]

> no, it is exactly as protective as the protections for purchasing alcohol or buying smokes...

Right. That's exactly as protective as that tickbox. [0] As I mentioned, any of-age person can distribute those UUIDs to people who are not of-age. Unlike with the proposed ID-collection-and-retention schemes (that are authoritarian's wet dreams) the vendor of the UUID is not responsible for ensuring that that UUID is not later used by someone who is not of-age.

If you were to -say- make alcohol vendors liable for the actions of of-age people who pass on alcohol to not-of-age people, then you'd see serious attempts to control distribution.

[0] Don't forget the existence of preexisting parental controls in every major OS. IME, this is a hurdle that's at least as difficult to surmount as the ID check done in non-chain convenience stores.

[john_strinlai]

>Right. That's exactly as protective as that tickbox. [0]

no, it isn't, for reasons already mentioned but i will say it again for clarity:

- a 14 year old can click "im of age" on a checkbox.

- a 14 year old cannot go into a gas station and buy smokes. they will be declined.

>As I mentioned, any of-age person can distribute those UUIDs to people who are not of-age.

again... same with smokes and alcohol! but we are okay with how smokes and alcohol are regulated right now.

tiktok is not worse than a bottle of vodka. we are okay with how vodka is regulated. tiktok does not need even more strict age-verification than vodka.

it is not perfect, but it is absolutely more stringent than a checkbox. if you still doubt me, please send one of your 12-14 year old family members to buy a pack of smokes or a bottle of vodka at the nearest store. i will wait for your report.

[IanCal]

Sorry I'd misunderstood I thought you were describing infrastructure that already exists and making a comparison to just using your ID.