To date I haven't seen an implementation that preserves privacy and doesn't allow for easy bypass because person A generated infinite tokens and hands them out via a rest request.
I have seen implementations that preserve privacy. But fundamentally it means that an adult could give a token to a kid, as you say. But how bad is that? We don't need a perfect system, we just need it to be good enough that it prevents most kids from accessing stuff they shouldn't access. Some kids will always find a way anyway.
A simple solution to "generate infinite token and hands them out via a rest request" could be one of:
* Rate-limit the token generation. Nobody needs thousands per day, right?
* Make it illegal to distribute tokens. The server sees if you request an abnormal amount of tokens, and... it knows who you are. Not too hard to investigate.
* Make "honeypots" that scare the children when they try to access/buy the token.
I don't think it makes the concept completely useless.
But you can't preserve privacy while rate-limiting token generation unless you have a way of identifying someone, which could be as simple as requiring an account.
And even if it's illegal to hand them out, it's not hard to set up a tor site to do it. I would be first in line to counter the state with such an implementation of this is the path we tread.
I think you misunderstand what "privacy-preserving" means here. The whole point is that they CAN identify you (to verify your age), but in... well a privacy-preserving manner :-).
That is, one side knows who you are, but not what you do; the other side knows what you do, not who you are.
> And even if it's illegal to hand them out, it's not hard to set up a tor site to do it.
If a kid can use Tor to get a token, they most certainly can download with torrent or use a VPN to bypass the verification. But again, it doesn't have to be perfect, it just has to be effective for enough kids.
> I would be first in line to counter the state with such an implementation of this is the path we tread.
In a functioning democracy, people should vote instead of vandalising stuff. In a non-functional democracy, I guess don't complain if someone burns your car "to counter the state" some day if you think like this.
My point is that we should fight for privacy-preserving solutions. And the first step is to get informed about whether or not it is possible to verify the age in a privacy-preserving manner. Not to prepare for vandalism.
Thanks. I appreciate the link. One thing I wasn't able to fully understand from the Kagi article: how does this solve the problem of "token handoff"? For example, if User A generates a token (from an unlimited search acct) and hands it to User B, whom has no association with Kagi, how does Kagi block User B's access? Or do they just assume it's fine because the token count is capped at a low enough value as to make it unprofitable for me, as a user, to purchase an unlimited search plan and then resell my plan at a lower price (making a profit on volume) by handing out my precomputed tokens to my resold subscribers to use?
A simple solution to "generate infinite token and hands them out via a rest request" could be one of:
* Rate-limit the token generation. Nobody needs thousands per day, right?
* Make it illegal to distribute tokens. The server sees if you request an abnormal amount of tokens, and... it knows who you are. Not too hard to investigate.
* Make "honeypots" that scare the children when they try to access/buy the token.
I don't think it makes the concept completely useless.