[j2kun]

There are at least some technological solutions here, such as anonymous credentials. [1] Modern versions of this technique allow one to associate metadata (like a proof of age exceeding a threshold) in such a way that the verifier can't even correlate repeated requests across users.

Governments that are serious about age verification and individual privacy (which, doubtful they truly are) should agree on a protocol and set up certificate issuers that are associated with a digital ID. Then age verification will not be an invasive procedure or risk data leaks or insider threats.

[1]: https://blog.cryptographyengineering.com/2026/03/02/anonymou...

[andrewla]

The article talks about the possibilities of malicious cloning of these tokens by third parties, but fails to identify the much more common use case, and one that makes this scheme useless for age verification.

It's one thing to be concerned about someone stealing my credential, but another to prevent the transfer of these credentials, especially if they are limited use credentials.

The entire point of age verification systems is to prevent minors from accessing certain resources. I think we all know that this is basically impossible; but what these various governments and social media companies want to do is to make it high friction to do so.

The highest friction version of this is that the credential ties to a real world identity somehow; maybe locked behind legal barriers, etc., but if a minor is caught using someone's credential, then the person whose credential they are using can be investigated, and, if necessary, charged with a crime roughly equivalent to providing alcohol to a minor. Without the possibility of real world enforcement, none of these identity solutions can possibly work.

Keep dreaming of a technological solution -- there is none that does not lead to the world that FIRE is warning about, except to accept that we can only make a solution "good enough" and leave it at that, without expanding into full on identity verification. The solution here is likely to just try to provide better abilities for parents to monitor and limit their children's use of the internet. Let individual parents decide on the level of harm that they are willing to accept, and accept that there will be ways to work around this even if parents are vigilant, but just try to reduce it on the margins.

[Aurornis]

Yes, this is the part of the issue that is so frequently ignored: Anonymous age verification schemes are easily defeated through proxying because there wouldn't be any consequences for selling your tokens. "Install this app on your phone and we'll pay you $1 per day" and it will mint your anonymous identity tokens and send them off to kids who want to buy them. If there's no way to track the tokens, there is no possibility of negative consequences.

So the schemes always start introducing features to reduce the anonymity of the tokens or make them more trackable in some way:

> The highest friction version of this is that the credential ties to a real world identity somehow; maybe locked behind legal barriers, etc., but if a minor is caught using someone's credential, then the person whose credential they are using can be investigated, and, if necessary, charged with a crime

Which requires that these identity tokens not be anonymous age-verification credentials. They become a traceable identity token tied to your government-issued ID.

[DennisP]

> They become a traceable identity token

Not if you use a challenge-response protocol where the client returns a zero-knowledge proof of age, where the proof incorporates a random string sent by the website.

The traceable stuff is private information that the website never sees. If a minor is caught with it, then law enforcement has local access to the minor's hardware and can probably view the private data.

At that point, the private key can be put on a public revocation list. The zero-knowledge proof can include a proof that you're not on the revocation list. Once you've been revoked, you have to go through the hassle of setting this all up again, which might be enough incentive to keep it reasonably secure.

[pastel8739]

This doesn’t stop the scheme the parent proposes, where adults install some proxy on their device and challenges are responded to on the parent device. Then the private key never leaves the parent device and all the child device has is the proxy software, which could be set up to not log any identifier of the key that it used

[7e]

Trusted computing fixes this.

[pastel8739]

How so?

[7e]

Trusted computing fixes this up to the analog hole. Which is as much as you can expect.

[hacker_homie]

I thought a solution to this would be to use a physical smartcard to store the certificate(perhaps on your government ID). if the protocol is a challenge/response and the private key never leaves the card it would make proxying without the physical card more difficult.

[wolvoleo]

Yeah great idea, having to get out your government ID every time you want to use a website.

[pastel8739]

If the smart cards required some human input to perform a signature maybe this could work. Otherwise there is nothing stopping someone from selling use of their card via some proxy software

[7e]

Trusted computing solves this problem handily.

[AnthonyMouse]

> but if a minor is caught using someone's credential, then the person whose credential they are using can be investigated, and, if necessary, charged with a crime roughly equivalent to providing alcohol to a minor. Without the possibility of real world enforcement, none of these identity solutions can possibly work.

They don't work even then.

Suppose you completely eliminate privacy on the internet and require every domestic site to collect the name and social security number of everyone who visits. Then a child uses an adult's ID, regardless of whether it's with or without their knowledge. Is the child going to inform on themselves? No. Is the adult, when they don't even know about it? No. Is the adult, when they provided it on purpose? No.

That constitutes the entire set of people who would typically know that the person using the device isn't the person on the ID.

On top of that, we can punch an even bigger hole in it. Search engines, among other things, index other sites. Google is obviously the biggest but there are many others -- Bing, Marginalia, Brave, Swisscows, Yandex, Perplexity, Baidu, etc. They're run by adults and most of their users are adults, who reasonably expect to be able to turn off "safe search" if they want to. So some adult at each search engine would have to provide their ID to the crawler so it can index things inappropriate for children and show them to adult users. It would therefore be a fairly unremarkable and recurring thing to see the same ID make a zillion gigatons of requests.

But then you can't use "why is this person downloading 100 things from 100 computers at once" as an indication of anything nefarious happening, and anyone can still set up a service hosted on a foreign server that will serve adult content to anyone without an ID by serving it out of a cache. (And in the case where you're invading everyone's privacy, that service would also be very popular with adults.)

[ajsnigrutin]

> The highest friction version of this is that the credential ties to a real world identity somehow; maybe locked behind legal barriers, etc., but if a minor is caught using someone's credential, then the person whose credential they are using can be investigated, and, if necessary, charged with a crime roughly equivalent to providing alcohol to a minor. Without the possibility of real world enforcement, none of these identity solutions can possibly work.

Buying alcohol for a minor implies knowledge and intent.

Getting the tokens out of a phone doesn't require the user to do any of that, the user just has to be frugal and keep the phone longer than it's supported by the manufacturer, until some local exploit is found again, and that token will be extracted and available online for everyone to use.

Parents buy those phones, phones could easily have a "user is a minor" setting (and a flag sent to all the sites that want one) with a password for parents to unlock stuff if needed. This would be set during the phones first set up, and it's done. But nope, the plan is for everyone to install a form if a digital ID on their phones, and once it's there, requiring full-name identification when registering is just one step away.

[what]

Why can’t you just sell single use codes at gas stations/liquor stores/etc and they just check your ID before sale? Of course shady places can still sell them without ID check, but we have this problem already for liquor and tobacco.

[johnc1]

There is a much easier solution that already exists - parental controls on children's devices. I honestly don't understand why is it not solving the problem?

Yes, parents are responsible to set this up. But parents are also responsible to lock their alcohol, drugs or guns, condoms, etc., and many other things.

Perhaps parental controls are not good enough? That's where the regulation could genuinely help - require child-certified devices to implement minimum set of parental controls, and make them easy to use.

[kaashif]

That's not the problem governments are solving. They're solving the problem of convincing the public it's a good idea to end the anonymity of internet use.

[johnc1]

I know! What puzzles me is responses every such article gets even on HN - let's build some cool tech that 95% of the general population and 100% of politicians won't even understand not to mention agree to.

Yes, government want to end anonymity and that's clear to some. But governments enjoy on a pretty broad support for this and many people supporting this believe it's a real problem. Suggesting to leave it unsolved or solve it in a way they can't trust or understand is only going to alienate them, making the government job easier.

I think suggesting a simple, cheap and effective solution to this problem that has no impact on privacy is a way better way to counter that. I think local parental controls fits the bill.

[subscribed]

People on average aren't very smart and will happily support programs objectively harmful to them and everyone else because the government and a nice lady from the breakfast TV says it's necessary to think of someone's else's children watching porn (this soundbite is gross. I don't understand how it's okay for the serious people to repeat it).

[pessimizer]

> But governments enjoy on a pretty broad support for this

No they do not. They do an enormous amount of PR trying to convince people that they have it, though.

In the real world when there is a ton of support behind a position, you see representatives of it all over the place and they are pushing the agenda and the coverage. In the world of online age verification, you just see a bunch of lame duck politicians using procedure to sneak policy changes in and keep objections from being heard, and a few government contractor-surrogates writing op-eds (that they haven't read.)

When puritans go on the march, they're actually pretty loud. Most of the anti-social media people are hippy-dippy upper-middle class liberals who curse "screens," completely believed Cambridge Analytica's PR and think that Trump rules through mind control - who will be bothered by the end of anonymity; and the remainder are angry online right-wingers who think that they were censored by and as a result of social media. They're not marching together, they're not marching to have people identified when they're using the internet, neither of them are even prioritizing social media right now and they aren't putting pressure on anyone.

The fact that it's so unpopular is why there are lame ducks doing it. They're just assuring their fortunes on the way out, and the person on the way in will pretend like they had nothing to do with it even though it will be will be passed and implemented on their watch.

[BoobertScoobert]

That's why they are still appealing to sentiment rather than established research (which actively refutes the arguments they are making).

[refurb]

Precisely. The people in power would love nothing more than to stop “disinformation” (facts that cause social unrest).

[wolvoleo]

Yeah. Didn't you find your dad's dirty VHS tapes when you were young? I'm sure most of us did. And we turned out fine.

And no, porn isn't more extreme these days either. I remember seeing bukkake, golden showers etc on borrowed tapes and hacked pay TV. BDSM existed back then too. And I had some pics of a girls face surrounded by male members and their output. Never once did I think this would be a normal thing to do with my girlfriend once I got one.

And these things are still gonna happen. Teens are going to go through their dad's phone when he's sleeping, find his stack of Blu-ray's or vids on this computer. Even with all this age verification stuff. I don't understand why we suddenly think that's the end of civilization.

[Morromist]

I don't understand why the act of buying internet access isn't considered a parental control. I doubt very many kids are doing it or can.

Ok, but parents buy internet access and then let their kids use it, because the kids need it for school. So? The parents job is to keep their kids out of trouble. Learning how to keep track of what their kids access shouldn't be difficult, and maybe should be part of the obligation parents have, kind of like their obligated to teach their kids to drive before giving them the keys to a car. Its analogious to saying "kids shouldn't walk home from school or be let out of the house at all because they might wander into a nude beach or join a drug smuggling satanic cult". Most of us don't hold that view because we trust that kids can be taught to be vaguely responsible.

What's more: tools to shield the kids have been around for longer than most of the parents have been alive at this point. The problem is pretty much solved in multiple ways, and wouldn't even be a problem if parents only followed their basic responsiblities. Also it isn't a problem in the first place, I haven't seen any clear, undisputed evidence that shows that kids are degenerating into fiends because of looking at adult stuff on the internet.

[fc417fc802]

> The parents job is to keep their kids out of trouble. Learning how to keep track of what their kids access shouldn't be difficult

Unfortunately it is, but we could fix that with only minimally invasive legislation. Right now you either whitelist which breaks half the internet on a recurring basis (things are constantly changing) or you blacklist which is swiss cheese. Either way you're relying on third parties.

I think it would be much better to legally mandate a certain minimum level of self classification for website operators along with a simple and extensible scheme for communicating such. It might also be useful to mandate that devices ship from the OEM with parental control software supporting that standard but honestly I doubt that's necessary - if their were a standardized and above all reliable signal available I think browsers and operating systems would rapidly adopt support for it.

[johnc1]

Exactly! We already have content tags on TV/Movies, just extend it to the web and make mandatory.

I imagine it could be not trivial to enforce (esp. for offshore web) - but definitely easier than enforcing the same sites to implement much more complicated identity verification (while preferably also not leaking this data).

But that might not even be necessary. A small on-device AI can probably do a decent job classifying pretty much everything we don't want children to see - with and option for parents to override it when needed.

[mikestorrent]

The problem with this idea is that it assumes responsible parents, which are not a given. I agree with you completely - I don't want any kind of controls on the Internet - but we live in a world where we cannot actually rely on parents to fulfill what you would consider to be basic and reasonable expectations of parental duties.

[DennisP]

For kids with parents like that, the internet is probably the least of their problems.

[fc417fc802]

They certainly have other problems however the internet is unique in that it drops the entire world directly in your living room. Even with irresponsible parents zoning laws keep most children away from things like casinos and strip clubs (at least until they can drive) and everyone benefits from community efforts to keep the neighborhood safe.

[ufocia]

Children can buy their own devices. School issued devices are not under parent control. Parental controls and school controls are laughable. There is no incentive for OS vendors/retailers to provide robust solutions to this problem. PII industry is essentially pushing regulatory capture.

[_heimdall]

I wouldn't trust governments, today or in the future, to keep such a system private and I don't see a foolproof way of building some kind of audit mechanism into it to make sure the data is always truely private.

I've also always been curious how a truely anonymous identity verification could possibly work. At best for age verification, I could be given some kind of token that would still have to verify my age and be verifiable with a central authority to ensure my token is valid. The central authority could always keeper records of my token, revoke it whenever they please, and every entity that can verify the age associated with, or embedded into, the token knows at least some of my PII.

[vkou]

> I've also always been curious how a truely anonymous identity verification could possibly work.

You go to a store. You show the clerk your id and give him a quarter. The clerk pulls a scratch-off ticket from the front of a ticket tape. The ticket contains a token identifier.

It's anonymous. The clerk or his POS system knows your name and age, but doesn't know your number. The vendor providing the tape doesn't know your number or your name. The system accepting the token knows your number, but doesn't know your name. The token is only valid for a day after use, so loss and transfer isn't much of an issue.

It's the exact same process by which you buy lottery tickets in a world where they don't need to verify your identity when you redeem them. The lottery has no idea who bought a particular ticket, only that a ticket was bought. The clerk knows you bought a ticket, but doesn't know which ticket.

Obviously, Eavesdropping Eve looking over your shoulder knows both your name and your ticket number, but that's not a practical attack.

[Aurornis]

> It's anonymous. The clerk or his POS system knows your name and age, but doesn't know your number. The vendor providing the tape doesn't know your number or your name.

Where does this 3rd party identity token provider come from?

For government-issued identity tokens, there are not separate parties. It's just the government, and they can choose to link whatever they want in their internal system if they decide it's in the interests of national security.

You're also forgetting that lottery tickets are tracked. This is how they can announce which store sold the winning ticket before anyone steps forward with it. It would be trivial to match a buyer to the ticket if they wanted to inspect the records. In the case of a government identity token service, there isn't even a separation of parties providing the records. They do it all and can have all the data.

[vkou]

> Where does this 3rd party identity token provider come from?

Some oracle whose job it is to print tokens and hand out rolls to the stores (and to the websystems). They would know which store got which roll, and which website authenticated it, but not who each ticket from that roll went to.

With a big enough roll, this is essentially anonymous.

Yes, lotteries know which store got the winning ticket, but they have no idea which of the patrons in the store got it. Not unless they ask Eve to get her telescopic lens and notepad out.

[Aurornis]

I'm talking about identity token services.

You're saying the real solution is that we bring in a private, 3rd-party company to start checking our IDs to access websites now?

[what]

It’s millions of third party companies checking ids. Anywhere that sells alcohol or tobacco could do it.

[vkou]

I was asked if this problem can be solved in an anonymous manner. I gave a solution that is pretty anonymous and fairly cheap.

I am not actually advocating for it. I'm just saying how it's possible to solve it given those constraints.

[simoncion]

> It's anonymous. The clerk or his POS system knows your name and age, but doesn't know your number.

What prevents a commercial "AI" security camera analysis firm from doing a decent job of linking footage of a store's customers to a likely subset of tokens, based on the knowledge of which tokens are sent to which store and how many tokens have been pulled off of the roll so far? Remember that you can design the token roll packaging so the easiest thing for a clerk to do is to pull off the rolls in the order in which they were shipped. Or -hell- you can design the token dispenser so that it phones home to the oracle that sent the roll to the store with the range of tokens in the roll when the roll is loaded into the dispenser (for "security purposes").

> It's the exact same process by which you buy lottery tickets in a world where they don't need to verify your identity when you redeem them.

I've seen many people buy lotto tickets. I've never seen anyone asked for ID. Perhaps the merchant is supposed to check for ID, but they don't. Relatedly:

> The clerk pulls a scratch-off ticket from the front of a ticket tape. The ticket contains a token identifier.

What prevents rolls of those tickets from falling off of a truck and either being handed out for free or at a substantial markup, no questions asked? [0]

In the real world, the system you propose absolutely will not function to the standards required by the people agitating for these systems. You can't "protect the children" if "children" can easily get their hands on anonymous access-granting tokens.

[0] The fact that this doesn't happen with lotto tickets often enough to be newsworthy is not a compelling counterexample. Stores make a decent amount of money selling those, and wouldn't want to get cut off from that revenue source by regularly "losing" shipments of tickets. What you propose doesn't make stores any money, so either you have to spend a bunch of money to induce them to carry the tokens [1], or you have to have harsh penalties for "losing" shipments of tokens. If you risk harsh penalties for choosing to sell the tokens, why even bother? Stores put up with the risk of selling booze because it's quite profitable... selling 5c or 0c tokens absolutely is not.

[1] Where does that money come from? From you and me, of course!

[aspenmayer]

I’ve worked in the industry, so just adding some extra info, as I agree with you that the ticket system is not really less tracked than other systems, just differently tracked:

Lottery tickets don’t “fall off of trucks” or get “lost in the mail” because they aren’t valid for redemption until they’re activated at the POS terminal of a licensed store, and the lottery company knows which store receives each ticket roll, because they are shipped to known locations with tracking numbers and delivery verification and/or delivered in person by lottery employees. Even the rolls of blank lottery ticket receipt paper have different serial numbers every few inches, and it’s forbidden by policy to swap receipt paper between stores. All of these things are audited both regularly and randomly by state lottery officials.

[vkou]

You can also just follow people around and look in their windows. Nothing prevents that other than laws and rules and social norms.

> In the real world, the system you propose absolutely will not function to the standards required by the people agitating for these systems. You can't "protect the children" if "children" can easily get their hands on anonymous access-granting tokens.

What stops children from paying someone to buy beer and cigs for them? What's the difference between age-controlled liquor and an age-controlled token falling off the back of a truck?

You can introduce as many soft-verification systems as you want to tweak this. The roll of numbers doesn't become active unless installed in a dispenser that phones home when it is installed, for example. The empty bobbins containing the roll have to be returned to the oracle, and need to register installation in a dispenser. The dispenser can even count each dispensed ticket. The only requirement is that the sale and the process of paying for the sale isn't linked to the ticket. If you maintain that, the system is anonymous. If you break it, it's not.

[aspenmayer]

> It's the exact same process by which you buy lottery tickets in a world where they don't need to verify your identity when you redeem them.

I’ve sold lottery tickets, and you have to be legal age to both buy and redeem them, so I’m not sure that this analogy or hypothetical solution is comparable to lottery tickets, nor is it likely to be the panacea you think it is.

I don’t think that the nascent online age verification schemes are good for society in general, either, but that’s not really the point you were making in your comment, so I don’t assume that you believe they’re good or bad, but simply advocating for a more privacy-preserving implementation. Which is kind of the whole point of the argument against bad implementations, but those who mandate and implement the systems likely view uniquely identifying people as a boon, whereas you and I probably don’t, which is why I am not hopeful that your ticket system will be used, because it will be higher friction for more people than uploading scans of their IDs and/or their face.

The ticket system, if implemented, would be used by so few people that the folks who do could likely be re-identified by Bluetooth tracking beacons and facial recognition in the same stores which they bought the ID tickets you suggest, and so I think the number of people who would escape tracking by any such means to be so few as to be a rounding error.

Those folks who do pursue this privacy hobby/fetish are statistically likely to ultimately mess up on their opsec eventually on a long enough timeline, so it’s hard to even imagine a scenario in which it matters either way what individual privacy activists do or don’t do from the point of view of the panopticon designers or implementers. Those not identified to a desired confidence interval by the mass surveillance system will just be retargeted for more sophisticated surveillance measures.

Despite how we rage, we’re still just rats in a cage.

More and more, the privacy debate feels like a quixotic struggle against giants, when everyone already knows that those giants are actually windmills; the majority of society now lives on reclaimed lands which rely on those windmills’ continued existence, and so no one cares about privacy in the way that you or I might care, because they are incapable of perceiving windmills as giants, nor do they have the intellectual or philosophical or political beliefs which would allow them to even entertain such perceptions even for the purposes of discussion. The privacy debate is beyond their ken.

[gruez]

>Modern versions of this technique allow one to associate metadata (like a proof of age exceeding a threshold) in such a way that the verifier can't even correlate repeated requests across users.

If it's unlinkable, what's preventing someone from setting up a site that hands out anonymous tokens for anyone to use?

[discodachshund]

Using cryptographic signatures from approved signers, like a government

[gruez]

No, I'm meant me, using my 18+ ID to generate a bunch of tokens that can't be linked back to me, and then giving it to random < 18 year olds for the lulz.

[quotemstr]

There are multiple approaches. One, which the Europeans use, hardware-locks the token. Each age attestation is unlinkable, but the cryptographic credentials you need to make the attestation aren't portable. Of course, this model requires a big statist apparatus that does implementation certification, but it does achieve the narrow goal of unlinkable, privacy-preserving age attestation that doesn't instantly decay to mass copying.

Other approaches are possible. I'm particularly keen on ones that treat attestations as anonymous digital currency and use cryptographic penalties like slashing to discourage copying post-hoc instead of relying on EU-style implementation certification.

There's a huge literature on the subject I don't want to reproduce here. The point is that yes, we do have the technology to do attestation without sacrificing privacy, which makes all the calls for non-privacy-preserving attestation awfully curious.

[Aurornis]

> One, which the Europeans use, hardware-locks the token.

I'm surprised anyone considers this viable.

It would limit access to those sites to a limited set of acceptable devices and operating systems.

I couldn't use my laptop, desktop, or a jailbroken phone.

[Magnusmaster]

Exactly. And the funny thing is that the EU Age Verification App seems to be vulnerable to relay attacks anyway.

[Terr_]

> as anonymous digital currency and use cryptographic penalties like slashing

Or make it so that tokens cannot be tested except by spending/burning them, which would significantly reduce (but not eliminate) a black market because it would be hard for any buyers to trust any sellers.

The best outcome here is going to rest on getting people to agree that "good enough" is the best outcome. We want a system that gets the broad social results (e.g. less brain-rot in the kids) without being so impossibly strict and overbuilt that it leads to an even-worse problem (e.g. authoritarian hellhole tools.)

[jszymborski]

I'm not familiar with this, but what your describing sounds similar to the hardware DRM keys used for protecting 4K streams from being downloaded from Netflix.

If so, this stuff is already broken, and imagine it would be pretty simple to apply the same principles here.

I'm probably wrong on this though I'm out of my depth

[paulddraper]

The verification service would tie the token to the IP address/geolocation. It would also throttle the number of identifications, or expire old ones.

Yes, that can eventually be worked around, but not really that different than doing the verification today on someone else's device.

[Aurornis]

> The verification service would tie the token to the IP address

So I'm constantly grabbing new tokens from the government every time I go from work WiFi to my cellular internet to the train WiFi and then home?

Sounds like a fantastic point for capturing more tracking data.

> /geolocation.

Which means I have to send my geolocation data to apps to confirm I can use my token?

Don't want that either.

> It would also throttle the number of identifications,

And if I move around too much in one day or change networks too often, I'm unable to log into anything until tomorrow?

[Nursie]

> So I'm constantly grabbing new tokens from the government every time ...

Every time you set up an account, would generally be the idea. So relatively infrequently.

[gruez]

>The verification service would tie the token to the IP address/geolocation

"Use this exact tor/vpn server"

>It would also throttle the number of identifications

So I can only wank off 5 times a day, or grant access to porn sites for 5 kids?

[worble]

What's to stop you, using your 18+ ID from buying crates of alcohol and giving it to random < 18 year olds for the lulz?

[Aurornis]

Because those <18 year olds will immediately flip and identify you to the cops to try to lighten their punishment.

The anonymous crypto token scheme does not have any trace-back mechanism like this at all. If there's no way to track those tokens back to you, why not sell them for $1 each on the internet to make some extra money?

[gruez]

For one, I have to do it in meatspace so it's easily traced back to me, whereas anonymous tokens can't be traced back to me by design.

[laughing_man]

The minute this scheme went into place, there would be sites based in one of the "stans" selling tokens for a couple bucks to whomever wanted to buy.

[Retr0id]

Yes, this breaks the whole scheme. Anyone promoting it as a solution is delusional. There's a triangle of "robust", "private", and "practical" and you can only pick two. This one omits robust. The various mitigations people might suggest in response will have to sacrifice one of the other dimensions.

[nemomarx]

As you say, it's doubtful governments want it to be private. So we should expect them to not use these kind of elegant solutions, and the public is generally not sophisticated enough to distinguish between the options already.

[andai]

In what direction do the incentives point?

[nemomarx]

There's two strong incentives - deanonymization for law enforcement is pretty useful so that's one. You want to make it easier to subpoena information about posters for various reasons, access to stores on different dates etc. Lots of reasons for that.

And you want to satisfy voters who are worried about children online or have heard scary things about anonymous criminals. You want to be seen to do something about those.

A distant third is that you want the system to be cheap and built up fast and relatively easy so voters don't complain about it.

All together this leads you to something like "any time a site needs to verify your age (based on this broad list of requirements) put in your government ID number / picture". The infrastructure already exists for that, banks need it, social media needs it, and the current president has agitated for it a few times now. If you're really aiming high you set up some digital ID attached to it that's easier for the users.

[laughing_man]

>There's two strong incentives - deanonymization for law enforcement is pretty useful so that's one.

When you say it like that it sounds less scary than "deanoymization so the government can track down people saying things it doesn't like." Let's not forget the UK has more people in jail for things they said on the internet than Russia and China put together.

[nemomarx]

Yeah the wording is a little broad, but the UK would call that law enforcement too.

Depends on your state and laws and you can look around at how that's going - maybe you'll have brought a first aid kit to the wrong event or helped print some zines and they want to check up on you now.

[Geezus_42]

For who?

[onetimeusename]

I don't think they are serious about privacy and even if they were I don't even want to distinguish between "children" and "adults" on the internet. Things seem to have worked fine up to this point, there doesn't appear to be a public demand for age verification, rather some murky corporations/NGOs/agencies pushing for this. I think it's pretty clear there is some other intention besides protecting children that is the goal here.

[skybrian]

We should only need to distinguish devices with parental controls turned on from other devices, and rely on parents to set up the devices accordingly.

[rockskon]

Zero Knowledge Proofs are worthless for this.

Either they validate so little information that a single homeless person can authenticate the entire country or they validate so much information as to not have a significant privacy guarantee.

There is no in-between for ZKP validating someone's age.

[teravor]

worthless is too strong.

the truth is that the two extremes you listed can be titrated.

if you use nullifiers you can trade some privacy for some security. basically you convert your true identity into a private token which you can use to authenticate aspects of yourself, the price being that the token can be tracked with some effort across services. better than just using your identity at least. if a token/nullifier is abused it can be revoked and then you have to jump through a bunch of hoops to get another.

there are some other trade offs that can be made.

[rockskon]

Okay - so you verify age and what else?

What combination of details can you validate on that is meaningfully privacy-preserving and couldn't result in wide-spread re-use of tokens?

Additionally - what would prevent some kids from getting a homeless man in the city to hand them his ID, get a facial scan, and everything else you can think of to generate a token and then pass that token around?

ZKP are a cryptography-nerd's joy but are are categorically unsuitable for the purpose of age verification. I stand by this without the slightest reservation.

[teravor]

the same thing that prevents them from doing reuse right now: platform detection mechanisms. the difference is that right now the identity of the subject is known whereas with ZKP (nullifier approach) only the dirty token is known and where that token was used.

[rockskon]

So....what exactly would platform detection mechanisms be basing their decisions off of that wouldn't defeat the entire privacy-preserving premise of ZKP?

[teravor]

multiple use of the same token on multiple accounts...?

tying multiple accounts and services together isn't ideal but its inarguably better than tying your real world identity to every single service.

[kaurimu]

By some stroke of luck, the NZ government recently put into place a robust privacy-preserving framework for digital identity [1].

They just launched the GOVT.NZ [2] app, and it contains a wallet that can store digital credentials. It's built by a local company called MATTR [3], who specialise in trust technology and exotic cryptography like zero-knowledge proofs. The first credential available this year will be a mobile drivers license, and we'll then be able to prove things about ourselves like whether or not we're over 18 (according to an accredited institution), completely privately over the internet and without sharing any other information.

I'm cautiously optimistic about the direction our digital ecosystem is heading in NZ :')

[1] https://www.publicservice.govt.nz/about-the-commission/gover...

[2] https://www.digital.govt.nz/digital-government/key-areas-of-...

[3] https://mattr.global/

[CGMthrowaway]

> There are at least some technological solutions here, such as anonymous credentials.

Identity verification is busy being rolled out across the entire developed world right now, and I have yet to see or hear about even one single mention of anonymous credentials in the discussion of any of the laws.

[JohnFen]

The problem is that you still have to trust something you don't control and can't verify that the technological solutions are correctly implemented and applied.

[coldtea]

>There are at least some technological solutions here, such as anonymous credentials.

Technological solutions for what problem?

[Nursie]

Yep, there are a variety of ways this can work well, but the overwhelming 'vibe' here at HN is a) that the tech is too complex and b) that governments actually want to end privacy anyway for their own nefarious reasons.

I find 'a' amusing as we'll often see in the same conversation that users appeal to parents to take responsibility and lock down their kids' access to things, as if that's trivial for non-tech folk and foolproof. It's also silly because the user interface to such a system doesn't need to show all that complexity.

And 'b' is often supported by some out of context quote that at first glance looks incriminating but doesn't actually mean much.

The saddest thing is that the article you link addresses most of the objections people have brought up in the thread, but few have read it.

[sneak]

No. The point of these initiatives IS TO GET ID, not to protect children.

Anonymous credentials don’t allow the state to retaliate in the dark of night against protected expression that they don’t like. Anonymous credentials do not allow for that, so they are irrelevant.

[andy99]

This seems to come up in every discussion, in practice it’s irrelevant both because it’s too complicated for normal people to understand, and because the point of all this nonsense really is identification so anything that defeats that will be a non starter.

[bluefirebrand]

It doesn't have to be too complicated for normal people to understand.

Majority of people understand their SIN or SSN number or whatever, they understand they have a drivers license number. This could be built in such a way that it's basically just be another government issued "thing" that they have to know about and be able to produce when requested

[Geezus_42]

Every government has been working on ways to identify and target individuals online since as long as the internet has existed. Governments are incentivized to continuously increase control. Why would you assume this is not yet another escalation towards their goal of being able to track and silence anyone who pushes back?

[bluefirebrand]

I didn't comment at all on what the governments goals are

Edit: I agree with you 100%, but the fact that governments want to track people online has no bearing on how technically possible it is to build a system where they can't

An anonymous internet auth system (probably) won't get built, but it is possible to build

[Geezus_42]

How is it possible to have something that both proves something about your identity but also does not allow ANYONE to deanonymize you?