Having Privacy in the name doesn't mean it's actually privacy preserving. You can't just ignore attack vectors like collusion between signing entities and websites.
Did you read about how it works? Can you precisely describe an attack that defeats it, or are you just throwing names you've heard without actually knowing how Privacy Pass works? Sounds like the latter to me (yes, I read the RFC).
Your tone isn't appropriate. You don't get to assign reading. If you want to convince people of something then clearly state your case. In this instance that would mean outlining the technical argument.
That said, you've got blinders on. You're all over this comment section condescending to people about a particularly clever scheme without considering the various real world objections being raised. Not the least of which is that the vast majority of the tidalwave of legislation on the topic has zero to do with ZKPs.
> Not the least of which is that the vast majority of the tidalwave of legislation on the topic has zero to do with ZKPs.
That's not what I see. I mostly see people complaining about the fact that "if they verify my age, it fundamentally means that I have to give them my ID, and I don't want that". And whenever I mention that technically, there are ways to do age verification in a privacy-preserving manner, I get something like "you are so naive, nobody wants age verification, it's THEM (the all corrupt politicians who all have the exact same opinion) against US THE PEOPLE who need to fight for our freedom!
That is very frustrating to me, because
1. I believe that it is counter-productive to be technically wrong by saying "it is fundamentally not possible". Because if politicians genuinely listen to that, then ask a few cryptographers and get the answer "no actually it exists", then it seems only fair that those politicians will just dismiss the whole opposition by saying "oh right, they are just libertarians who don't want regulations and hide behind incorrect technical claims".
2. I believe that many, many people actually are in favour of age verification to protect their kids. And again, yelling at them saying "you understand nothing, this is not technically possible, and the politicians are all corrupt authoritarians anyway" is not constructive. Moreover, "normal" people don't give a shit about the privacy issues, so if they want age verification, they will just accept any technical solution. I would hope for technically savvy people to try to raise the privacy concerns and explain that if there MUST be age verification, AT LEAST it should be done in a privacy-preserving manner.
But yeah, let's keep yelling that it is fundamentally impossible, such that nobody even hears about the privacy-preserving solutions, until we have to either give our ID to random websites or stop using the Internet. Because what seems clear to me is that we are going towards age verification anyway, and there is zero constructive discussion about how to do that right.
> Because what seems clear to me is that we are going towards age verification anyway
This is one of the reasons you're getting a lot of arguments here. Every bit of energy spent saying "actually, check out this use of cryptography that lets you do this in a privacy-preserving way" is energy not spend saying "no, not under any circumstances" and fighting against it.
Which is ironic, because my whole point is "if you want to fight it, try to be credible". Every bit of energy spent saying "it's fundamentally not possible to do that, you would have to be stupid to consider it" is, IMHO, wasted.
Because what I read is "ok, this person is either not competent to talk about it, or arguing in bad faith, so I won't listen to them".
And to be very honest, I can't remember a good argument against "privacy-preserving age verification". It's mostly "hmm I don't like it, that should be the responsibility of the parents anyway".
The EFF has a valid point which is "such technology will leave people out who won't be able to access important services". I don't have a definitive stance on it, but that would be worth debating. I can't remember another argument from the EFF. Pretty sure they don't say "it's technically impossible to do".
Actually Soatok [1] starts by acknowledging it's possible, before going straight to their opinion: "we should not do it". Again, I think it's a debate worth having.
But I won't debate with people who either don't have a clue or downright lie about it, saying "it's not possible, period".