[palata]

> but those are nothing compared to the tradeoffs

And my whole point is that it's possible to do age verification in a privacy-preserving manner, and before complaining about the tradeoffs, you should get informed about what they are.

[JoshTriplett]

I'm well aware of those possibilities. The two biggest problems with them are that 1) they still apply to everyone, rather than only to those who opt into them and 2) governments and companies are in practice going to push for the versions that identify people and provide more information.

If you make it possible for governments to decide what content is "limited to adults", they can and will abuse that capability. "Porn" is the battle cry, to make it uncomfortable to argue against; often, other information the government wants to restrict becomes a target. The only way to prevent that is to deny the capability in the first place.

[palata]

Yep, I think this would be a totally valid debate. But my frustration is that it's not there at all. We're at "people make it sound like it's technologically impossible, like the ChatControl for E2EE".

It feels like trying to debate about whether 5G is good or not, and the debate is stuck at people claiming that 5G boils your blood. There are valid reasons to oppose 5G, but if people choose to be so wrong that it sounds like bad faith, they surely won't convince me of anything.

[fc417fc802]

I have yet to see a scheme that would robustly preserve privacy and freedom floated by any of the major efforts. I think the onus is on you to present a workable scheme, but even then I'm not going to support the major efforts which at present are malicious.

[palata]

I keep mentioning it. Read about Privacy Pass, there is a goddamn RFC for it.

[account42]

Having Privacy in the name doesn't mean it's actually privacy preserving. You can't just ignore attack vectors like collusion between signing entities and websites.

[palata]

Did you read about how it works? Can you precisely describe an attack that defeats it, or are you just throwing names you've heard without actually knowing how Privacy Pass works? Sounds like the latter to me (yes, I read the RFC).

[fc417fc802]

Your tone isn't appropriate. You don't get to assign reading. If you want to convince people of something then clearly state your case. In this instance that would mean outlining the technical argument.

That said, you've got blinders on. You're all over this comment section condescending to people about a particularly clever scheme without considering the various real world objections being raised. Not the least of which is that the vast majority of the tidalwave of legislation on the topic has zero to do with ZKPs.

[palata]

> Not the least of which is that the vast majority of the tidalwave of legislation on the topic has zero to do with ZKPs.

That's not what I see. I mostly see people complaining about the fact that "if they verify my age, it fundamentally means that I have to give them my ID, and I don't want that". And whenever I mention that technically, there are ways to do age verification in a privacy-preserving manner, I get something like "you are so naive, nobody wants age verification, it's THEM (the all corrupt politicians who all have the exact same opinion) against US THE PEOPLE who need to fight for our freedom!

That is very frustrating to me, because

1. I believe that it is counter-productive to be technically wrong by saying "it is fundamentally not possible". Because if politicians genuinely listen to that, then ask a few cryptographers and get the answer "no actually it exists", then it seems only fair that those politicians will just dismiss the whole opposition by saying "oh right, they are just libertarians who don't want regulations and hide behind incorrect technical claims".

2. I believe that many, many people actually are in favour of age verification to protect their kids. And again, yelling at them saying "you understand nothing, this is not technically possible, and the politicians are all corrupt authoritarians anyway" is not constructive. Moreover, "normal" people don't give a shit about the privacy issues, so if they want age verification, they will just accept any technical solution. I would hope for technically savvy people to try to raise the privacy concerns and explain that if there MUST be age verification, AT LEAST it should be done in a privacy-preserving manner.

But yeah, let's keep yelling that it is fundamentally impossible, such that nobody even hears about the privacy-preserving solutions, until we have to either give our ID to random websites or stop using the Internet. Because what seems clear to me is that we are going towards age verification anyway, and there is zero constructive discussion about how to do that right.