The offline version proposed doesn’t even work. If the government issues untraceable “I’m an adult” cards there’s nothing stopping someone from acquiring one and immediately selling it to a minor. There’s also realistically nothing stopping someone from acquiring multiple and selling them to minors. “Oops, I lost my adult card again. I need a new one.” The solution is of course to make them revocable which means traceable.
The same applies online/digitally except that you can very likely distribute the same ID to many minors without getting a new one allocated.
I’m in the “we should protect kids online” camp, but I am not sure there’s a real way to do it without compromising privacy for everyone.
Untraceable is your invention and obviously absurd and unworkable.
No scheme is going to issue cards/tokens that can be traded between people, that's obviously unworkable.
Untraceable is for the consumers of the cards obviously, but in order to have trust they need to be traceable for somebody to verify them. The government can already determine who you are and already requires you to prove that at certain points, this is not a new invention of government it is required for governments to function.
It’s not my invention. It’s in the article. The physical card proposed contains nothing traceable. “They issue a card that says only one thing: "over 18". The card carries official seals, signatures, and anti-forgery features.”
If you put an id on the card, then it’s a layer of indirection, but you’ve still handed them a unique personal identifier.
Traceable credentials are fundamentally not privacy preserving, because that’s what traceable means.
You're now arguing about something which isn't even in the proposal from the EU, it's a hypothetical from the article which attempts to draw a parallel with existing physical id (I guess to demonstrate to people that this already happens regularly with passports, ID cards, driving licenses etc).
That existing physical ID is government issued, has an issue no, usually has a photo on it, often other biometrics nowadays, and is definitely traceable!
Absolutely such a proposal cannot be fully privacy preserving, because at the very least it gives away your age, but also probably other identifiers.Just like your browser that you're using right now gives away a lot of information which advertisers use to fingerprint you like fonts etc. This sort of solution requires a central issuer/authority to know about the tokens, there's no way round that as there is no way round governments issuing passports if you want border control.
The goal is that it'll preserve much better privacy than uploading passports etc to random websites, which I think it will.
> A next version of the Technical Specifications for Age Verification Solutions will include as an experimental feature the Zero-Knowledge Proof (ZKP) solution
> You're now arguing about something which isn't even in the proposal from the EU
Yeah. The HN link here is not to the EU proposal. It’s to this dude’s article, which is very clearly what I was responding to.
> I guess to demonstrate to people that this already happens regularly with passports, ID cards, driving licenses etc
No. That’s not what he was doing at all. He very explicitly was not talking about a passport or ID card.
He was describing a physical analog to the digital proposal.
> This sort of solution requires a central issuer/authority to know about the tokens, there's no way round that as there is no way round governments issuing passports if you want border control.
You seem to have completely lost the plot. We aren’t discussing passports. No one is talking about anonymous international travel here.
If the kid knows how to buy a certificate from a shady website, then probably he his old enough to watch porn and other disturbing content. That does not mesn the system should be thrown away as a whole.
I did not say it should be thrown away. I said that it can’t be done while preserving privacy the way advocates claim. It’s totally plausible that the trade-off is reasonable, but I also don’t think we should pretend that the trade-off isn’t there.
Protecting kids is well within the scope of the government.
This “it’s the parents job” is also reductionist. It is, but somehow we still have made it illegal for minors to buy hard liquor and pornography from physical stores in the United States and few argue that restriction is wrong.
And they still find ways to drink themselves to alcohol induced comas. There's no real substitute for education and parental nurturing only best effort band-aid solutions. Children with problems at home are more likely to be targeted by bullies or child predators.
I'm not saying the government shouldn't do anything, they should and it should probably involve legislature around social media that positively affects adults as well. But raising a child, teaching it what's dangerous and what's safe and developing a relationship of trust so you're aware when there's danger lurking, that's a parent's job. No amount of legislation will help neglected children. They're tiny, curious, ingenious humans who will find ways to get what they want.
Children drinking themselves into alcohol induced comas is fairly rare. Teenagers consuming large amounts of explicit pornography is not at all rare.
I agree nothing will replace parenting. The children who do drink themselves into comas are largely enabled by adults (who are also generally committing a crime). But there is harm reduction the government can and probably should do.
I have to say, as much as I think the article author here is naive, I also have to wonder if the net positives outweigh the net negatives. Uploading an id and face scan to a pornography site seems like the worst of all possible scenarios. Getting a government issue credential is better than that at least.
No one is saying it’s one or the other. It’s both. There are certain children who need protection from bad parenting and certain parents that need protection for their neurodivergent children.
This is my take, but I am a bit frustrated by OS manufacturers. The obvious move is have a screen after factory reset the puts the device in kid mode permanently. It then will send a "I'm underage" flag to sites, and sites return no content (or safe content) when they see that header. This is a system that makes it easier for parents to do their parenting job. All the pieces of this system already exist, but the UX for managing a device during setup to be a "kids device" isn't there.
This system is good for a bunch of reasons:
* It gives parents control such that they can tailor the experience to their kids. This is a problem with current proposals.
* It doesn't bring identity into the mix at all, completely defusing the risk of mass surveillance.
* It's easy to verify if adult sites are complying: hit them with a curl request containing the header, check the response. This is much easier that verifying that Discord is checking user ages properly using their face-scanning technology.
Protecting kids and other vulnerable people matters to everyone, so why not the government? What would think of a country where, let say your mother cannot go out without fearing getting robbed or raped? Same for kids. Maybe you do not have kids and you do not care. Anyway being a parent does not mean being behind your kids at every single moment. I hope you have not spent your childhood under constant supervision of your parents. So at some point everyone is concerned about protecting kid, and not only there own ones
> When children are very young, parents can set strict boundaries. But as kids move into their teens, parents also have an obligation to loosen them. Teenagers need spaces where they can act independently
Parent have an obligation to loosen the restrictions, and, what, the government has obligations to tighten them and deprive them of the spaces where they can act independently?
I don't care to talk about the premise itself. This reasoning is absurd.
Offline and online are not equivalent spaces. They're not symmetric, they don't fail in the same way, and they don't have the same hazards or risks. I say this because I don't think the argument that we should do it online because we do it offline is coherent.
I actually don't have to show my ID when I buy alcohol because I'm old. There's a material difference between an electronic record being submitted, passed through and stored on several different servers, and somebody seeing you and seeing a grey beard and saying, yeah, you can buy that beer. The worst case scenario in real life is that the bouncer at the bar looks at your ID, seems real enough, checks the date, matches the picture, and that's it. There is no record being stored, there is no log. It's not equivalent to the vast majority of online age verification mechanisms in use today.
Today I can walk into a shop and buy alcohol without showing my ID.
I can also walk into my local library and read any book I wish to, some with adult themes. I could do this as a teenage too. I also did this in my own school library.
Demanding to see ID to access online content is a terrible idea and it is the parent's responsibility to look after children. It should be an understanding between the parent and child on what they should be accessing online. If that breaks down then the parent should do their job of being a parent. Take the device away and punish the child.
Can you buy a gun, a car, heroin? Why have restrictions on anything for anyone? Certainly everyone is a rational actor who chooses the best thing for society and would never take advantage of ignorant youth. Especially in a place like a library where they have unrestricted access to the ideals developing in a child’s mind. /sarc
Not for the past 20 years. I also don't participate in Patronscan and other similar surveillance operations.
That is beside the point. I'm talking about the incoherent argument about a parent's supposed obligation to stop parenting and the government taking over. There are three premises here asserted by the author: 1) the child's need for independence, 2) a parent's duty to stop parenting, and 3) the government stepping in. Number 1 is contrary to 3, and I don't agree with either 2 or 3. What do you think?
Depending on where you live this may be untrue. In Washington state I hand them my id and they scan the code on the back. There is every possibility that they store it and notify the state that I bought a bottle of rum.
And none of them are in my living room, nor do they belong there.
The government does not get to put child locks on my liquor cabinet, or even keep me from leaving booze out on the counter. They get to restrict businesses from selling to people without identification. Note that this has already always been the case on the internet, too.
The article claims this is what the ZKP scheme reveals:
> Here is cryptographic proof that I hold a valid credential proving I am over 18. You can verify the proof, but you learn nothing about who I am.
Is this true though? I am genuinely interested as I haven't looked into the details, but must the user not at least also disclose who the issuer of the credential is so the verifier can verify it against a public key? This also reveals at least the nationality of the user and could be misused to block access to foreigners using VPN.
Free access to information is non negotiable. You can dress it up in whatever argument you like; safety, intellectual property rights, moral imperatives. Take your pick. Information will not be held back, it wasn't held back by any tyrannical regime of the past with much more asymmetrical access to control, not the banning of the printing press, the efforts of the Stasi to ban western music in East Germany, nor China's more recently attempted "Great Firewall", have worked. This also will not work.
I am not worried for myself and for others who are technically inclined, we will just silently find and implement solutions for ourselves and any others who have the energy and inclination to use them. This is worst, as usual, for the most vulnerable among us. Those most in need of the information which they will not be able to access.
Every freedom comes with risks and responsibilities, freedom of information maybe more than any, but the harms of limiting information are much more unacceptable than any caused by its unhindered natural flow.
You can propagandize and scheme to your hearts content. You can lobby your governments to implement your halfbaked schemes. But in the end it won't work... Because people like me and millions of other will just not comply. We will build our own networks if need be, but we will do just about anything rather than accept your terms.
There is information and images that are developmentally harmful to children. As the author says, this is no different from drugs, alcohol, tobacco, or gambling.
If you can’t understand that, you either don’t have children, have a screw loose, or are a child predator.
Alcohol is a great comparison to access to the internet.
Firstly lets be honest to ourselves, who gives kids access to alcohol? It is the parents ultimately. You cannot freely access alcohol in public without a venue offering it, but at home a parent can choose if and how much alcohol their kids have access to. Typically kids who have alcohol in public had taken it from home. There are societal morals that rightfully we consider reckless depending on how much access you give your kids to alcohol.
Now replace the word alcohol with 'the internet' in the last paragraph. The internet is already moderated for kids, they cannot buy access to it, and it is the parents responsibility to manage that. Since when did this change to being the governments job to dictate this moral and its implementation.
Parents just need the right tools to properly moderate their kids access, some of us had this from our parents decades ago with software managing content and time on the internet, I doubt these tools disappeared. The government should be facilitating programs like this. The cost would be substantially less and entirely opt-in, as it should be.
I as a parent should be able to put my kids device into a parental mode that allows me to manage what they have access to and for how long, the same way the Nintendo Switch works. I should be able to control the content my kids sees, not the government. The government can help me enable this across industry without forcing the world into an authoritarian regime using the vile of keeping kids safe.
Tell me you don’t have children without telling me you don’t have children.
What happens when your child’s school or library doesn’t restrict the devices they give your child when outside of your home? What happens when predators infest children’s games and platforms you expected to be safe? What happens when your idea of safety doesn’t align with the platform holder?
If you ever talked to a parents with children in elementary schools, you will quickly learn that nearly every one of them had been given an online porn, gambling, gaming, social media device by their school. This is not hypothetical.
Except, of course, implementing age gates means that suddenly _everyone_ has to authenticate, not just kids. And maybe things like gambling shouldn’t be allowed altogether.
I didn’t say anything about an age gate. I’m just pointing out the absurdity of saying all that all information should be absolutely accessible to all people. No one believes that in the absolute. If you do, please share your social security number, bank account information, PIN numbers, and mother’s maiden name.
By having a discussion about privacy we’re already saying some information _must_ be kept confidential.
Let's point out the absurdity that saying "all information must be accessible" is synonymous with "all information must be disclosed". These are not congruent statements.
You can sling any names you like. I addressed the "safety" aspect. It's not only disingenuous it wouldn't matter if it's sincere. This position is non negotiable, and I say this as a parent myself.
Your children's development is your responsibility, it is not your right to deprive others of their freedom due to your fear.
I was lucky enough to have a library of real books as a child in my home, many if them "inappropriate" for children whatever that means. The 1990s unfiltered internet came next.
I was most definitely more enriched than harmed.
I'm frankly tired of this argument and I just won't accept it being repeated as truth, especially when its irrelevant to the core premise.
One of my children reads, no joke, 150-200 books a year (not including graphic novels). Does that mean every book ever written is developmentally appropriate (or even ethically appropriate) for him? Of course not.
We’ve seen this play out dozens of times. School boards will say no book should be banned and then a parent tries to read a book from their child’s school library during open comment and their mic is shut off while the board shrieks in horror.
That’s OK! Children are not adults. They haven’t developed the executive function or mental guards to deal with all content. As adults we protect them from things. Information is no different.
A friend and I were the first to have modems at age 12. And we had access to all kind of stuff on BBS and later in newsgroups.
That wasn't meant for our age group and yet there wasn't any harm done.
Others in our classes didn't roam there. (They were more into drinking, smoking and stealing in real life instead)
Guess who is heavily using social media today and unreflectively repeats fake news.
But now kids grow up with social media and fake news. I too grew up seeing stuff I shouldn't have online and I turned out fine but I see the online landscape today as much scarier place and as a recent father I'm scared of what it can do to my child and will need to police it.
> When children are very young, parents can set strict boundaries. But as kids move into their teens, parents also have an obligation to loosen them. Teenagers need spaces where they can act independently, make decisions, and talk to others — where they can learn to navigate the world without a parent looking over their shoulder.
You are still responsible. If you allow your child more freedoms, you are still responsible if something bad happens. Your choice to loosen your parenting shouldn't become everybody else's problem. Some parents for example allow children to try a small quantity of alcohol - if your child is suddenly found drunk, they shouldn't ban alcohol for sale everywhere.
I would go the other way, if it's found as a parent that your child is drinking, smoking, etc, then this carries punishments for the parents. I think it should also be punished if they are found accessing online services targeted at adults.
> The digital version is the same idea, with cryptography. An authorized issuer verifies your age once and issues a signed credential:
Sounds great, but there is a clear agenda for digital IDs that 'they' are trying to shoehorn in with this "protect the kids" thing. They tried rolling it out digital IDs in the UK in 2006 [1].
As I said the other day, what really makes me suspicious is that most Western countries suddenly have the same idea at the same time. This isn't just some random politician wanting to protect children, this is an international concerted joint effort to roll out a form of mass censorship.
> So instead of fighting a system that is built to preserve privacy, we should be fighting to put the right checks in place — the ones that guarantee the implementation actually honors it.
The objective is the system itself. Once there is a control in place to stop you accessing these services/systems, changing the exact unlocking procedure is trivial and can be done gradually. We'll all just be frogs in slowly boiling pots.
Overall "more verification" goes in the direction of "more surveillance".
The author described a narrow path that provides "kid safety in the internet" without sacrificing the general population privacy.
Is it technically possible to implement the way he suggests? Yes. Will it be implemented that way? No.
There are people who can affect the way this verification will be implemented who are genuinely interested in more surveillance, heck, remember chat control that is an ongoing fight in a very similar vein, there is a global desire in politicians to get more control over the communications.
To me the author seems either naive or straight up malicious.
> Is it technically possible to implement the way he suggests? Yes.
I actually don’t think it is. Fundamentally this kind of certificate is going to be revocable. It’s untenable politically to hand out irrevocable attestations that can be handed off to minors. If you allow that, the system has failed to prevent minors from accessing adult materials, and if you don’t then the system has failed to preserve privacy.
> To me the author seems either naive or straight up malicious.
If the EU actually mandates each member country implements a ZKP for this then I am all for it.
Can they also provide other ZKPs? Specifically to attest that someone is a unique human being? Humanity verification is incredibly important to fight against propaganda online[1]
>AVI [Age Verification App Instances] SHOULD support the generation of Zero-Knowledge Proofs
Maybe I'm not seeing the full picture but as long there is a 'should', the whole thing is worthless. Keep in mind, national states need no implement their own solutions and AFAIK during the pilot phase ZKP was just skipped. Could be for other reasons (was not finished yet) but in the end a 'should' is a 'should' and no 'must'.
The problem I see here is that many of the things in the "Things that would break the promise" section are pretty much guaranteed to occur - we don't have effective mechanisms to prevent them. Tracking and de-anonymization are big business and age verification mechanisms WILL be exploited for those purposes.
Can I prove that some cryptographic token A) doesn't contain any more information other than what the article outlines and B) that the token itself can't be used as an ID tied to my identity in a government database?
No and no. So, I do not support schemes like this.
But by what mechanism would one prove, when using such selective disclosures and zero-knowledge proofs to access an online service, that they are, in fact, the owner of said attestation?
As a parent, I strongly disagree with the priorities of the people setting the policies for the age gates.
For instance, roblox is full of pedophiles. Minecraft displays pro-surveillance propaganda to my kid every time they run a game that does not let M$ read their messages.
Even “educational” sites like blooket do not bother to check their content for kid safety or accuracy.
I’d rather police this stuff myself, so I do.
Every implementation of age verification I have seen is counterproductive, and designed to take control away from parents in order to help companies monetize access to children.
The people creating these systems aren’t dumb. They work as designed, which means they are actively harmful to kids and society at large.
Except that within days of this service going live there's going to be a freeageverification.com that instantly generates an attestation proof for anyone for free. I fail to see how this is not untenable. You can compare it to geoblocks that can be circumvented using VPNs, but at least VPNs are costly to run and are usually paid services. With the implementation of verification (ZKP) described in the article, there is no cost to generate attestation proofs nor any limit on the number of proofs nor any way to stop a known-but-anonymous abuser from generating new proofs.
Maybe the EU knows it's untenable and is still moving forward because they will be able to demonstrate to the public that privacy enables abuse, creating pretext to make the system not private anymore after it's already been implemented.
No kid under 20 will use a PC or Laptop for anything except for school work. All kids under 20 are on Cell Phones and nothing else. PC usually mean work to them, Cell Phones mean fun.
Cells will have age verification if they do not already have it yet the will. Also I think Cells have lots of other personal information (PI).
To me, Age Verification on PCs is a first step to moving these devices into a Cell Phone type of walled garden. World Govs. want to know what you are doing on all your devices. Luckily with Linux (most distros) and the BSDs, you can easily avoid being "watched".
> We already accept age restrictions elsewhere. Children can't drive, drink, gamble, or enter certain venues before a certain age. It is not absurd to think parts of the internet should be age-restricted too.
It isn't, but it is absurd that the first things we're talking about is banning kids from social media. "Children do not have a right to free speech" is not a defensible position. In fact it's the sort of thing that should get Nigel Uno and the Kids Next Door on your ass.
The problem is that the argument against child access to social media is a proxy for a different, larger problem: social media is not a public forum anymore. They make heavy use of automated editorialization over the content you're allowed to see, specifically to keep you engaged and addicted. This is absolutely harmful, but it's not uniquely harmful to kids and kids alone. When we regulate these harms for children only, what we're also saying is "Adults can fend for themselves, only children deserve protection".
And, to be clear, social media is more harmful to adults than it is to kids, if only because the stakes are higher. Targeted advertising is absolutely amazing for criminal scammers who want to find specific kinds of marks. This is only possible because we allow social media to accumulate massive amounts of data on people - basically, a privately-run Stasi.
I agree that zero-knowledge proofs would be the least harmful form of age surveillance.
A human glancing at an ID is not creating a log or transmitting every unique identity to the government.
If you handed over your id, and the person checking it made a photocopy and handed it to a police officer who put it in a file in a briefcase they carried, you might feel differently.
aren't a lot of bars in the US scanning the id card with some purpose-made id scanner? Seem to remember reading about that, and it being the US I would guess that data gets very much stored/shared/molested.
Yes, they are. The systems aren't even expensive, and they have some features like they track people who have been trespassed, etc.
However, you can buy fake IDs online, and the IDs are reportedly beating those machines. So if you trust the machine for age-verification, you might let in underage people.
I remember last time I was in the club (decade or so ago), the bouncers were taking IDs and photocopying them and of course there was CCTV as well and police were visible outside of the club.
This only happens in the UK in clubs that have a history of violence or drug use (often leading to harms and death) and is a condition of a license. This is nowhere near the universal experience here for showing IDs for entry.
The offline version proposed doesn’t even work. If the government issues untraceable “I’m an adult” cards there’s nothing stopping someone from acquiring one and immediately selling it to a minor. There’s also realistically nothing stopping someone from acquiring multiple and selling them to minors. “Oops, I lost my adult card again. I need a new one.” The solution is of course to make them revocable which means traceable.
The same applies online/digitally except that you can very likely distribute the same ID to many minors without getting a new one allocated.
I’m in the “we should protect kids online” camp, but I am not sure there’s a real way to do it without compromising privacy for everyone.
Untraceable is your invention and obviously absurd and unworkable.
No scheme is going to issue cards/tokens that can be traded between people, that's obviously unworkable.
Untraceable is for the consumers of the cards obviously, but in order to have trust they need to be traceable for somebody to verify them. The government can already determine who you are and already requires you to prove that at certain points, this is not a new invention of government it is required for governments to function.
It’s not my invention. It’s in the article. The physical card proposed contains nothing traceable. “They issue a card that says only one thing: "over 18". The card carries official seals, signatures, and anti-forgery features.”
If you put an id on the card, then it’s a layer of indirection, but you’ve still handed them a unique personal identifier.
Traceable credentials are fundamentally not privacy preserving, because that’s what traceable means.
You're now arguing about something which isn't even in the proposal from the EU, it's a hypothetical from the article which attempts to draw a parallel with existing physical id (I guess to demonstrate to people that this already happens regularly with passports, ID cards, driving licenses etc).
That existing physical ID is government issued, has an issue no, usually has a photo on it, often other biometrics nowadays, and is definitely traceable!
Absolutely such a proposal cannot be fully privacy preserving, because at the very least it gives away your age, but also probably other identifiers.Just like your browser that you're using right now gives away a lot of information which advertisers use to fingerprint you like fonts etc. This sort of solution requires a central issuer/authority to know about the tokens, there's no way round that as there is no way round governments issuing passports if you want border control.
The goal is that it'll preserve much better privacy than uploading passports etc to random websites, which I think it will.
> A next version of the Technical Specifications for Age Verification Solutions will include as an experimental feature the Zero-Knowledge Proof (ZKP) solution
From: https://ageverification.dev/av-doc-technical-specification/d...
The EU reference implementation is adding ZKP.
> You're now arguing about something which isn't even in the proposal from the EU
Yeah. The HN link here is not to the EU proposal. It’s to this dude’s article, which is very clearly what I was responding to.
> I guess to demonstrate to people that this already happens regularly with passports, ID cards, driving licenses etc
No. That’s not what he was doing at all. He very explicitly was not talking about a passport or ID card.
He was describing a physical analog to the digital proposal.
> This sort of solution requires a central issuer/authority to know about the tokens, there's no way round that as there is no way round governments issuing passports if you want border control.
You seem to have completely lost the plot. We aren’t discussing passports. No one is talking about anonymous international travel here.
If the kid knows how to buy a certificate from a shady website, then probably he his old enough to watch porn and other disturbing content. That does not mesn the system should be thrown away as a whole.
I did not say it should be thrown away. I said that it can’t be done while preserving privacy the way advocates claim. It’s totally plausible that the trade-off is reasonable, but I also don’t think we should pretend that the trade-off isn’t there.
Protecting kids online requires attention from their parents, not from the government.
Protecting kids is well within the scope of the government.
This “it’s the parents job” is also reductionist. It is, but somehow we still have made it illegal for minors to buy hard liquor and pornography from physical stores in the United States and few argue that restriction is wrong.
And they still find ways to drink themselves to alcohol induced comas. There's no real substitute for education and parental nurturing only best effort band-aid solutions. Children with problems at home are more likely to be targeted by bullies or child predators.
I'm not saying the government shouldn't do anything, they should and it should probably involve legislature around social media that positively affects adults as well. But raising a child, teaching it what's dangerous and what's safe and developing a relationship of trust so you're aware when there's danger lurking, that's a parent's job. No amount of legislation will help neglected children. They're tiny, curious, ingenious humans who will find ways to get what they want.
Children drinking themselves into alcohol induced comas is fairly rare. Teenagers consuming large amounts of explicit pornography is not at all rare.
I agree nothing will replace parenting. The children who do drink themselves into comas are largely enabled by adults (who are also generally committing a crime). But there is harm reduction the government can and probably should do.
I have to say, as much as I think the article author here is naive, I also have to wonder if the net positives outweigh the net negatives. Uploading an id and face scan to a pornography site seems like the worst of all possible scenarios. Getting a government issue credential is better than that at least.
No one is saying it’s one or the other. It’s both. There are certain children who need protection from bad parenting and certain parents that need protection for their neurodivergent children.
This is my take, but I am a bit frustrated by OS manufacturers. The obvious move is have a screen after factory reset the puts the device in kid mode permanently. It then will send a "I'm underage" flag to sites, and sites return no content (or safe content) when they see that header. This is a system that makes it easier for parents to do their parenting job. All the pieces of this system already exist, but the UX for managing a device during setup to be a "kids device" isn't there.
This system is good for a bunch of reasons:
* It gives parents control such that they can tailor the experience to their kids. This is a problem with current proposals.
* It doesn't bring identity into the mix at all, completely defusing the risk of mass surveillance.
* It's easy to verify if adult sites are complying: hit them with a curl request containing the header, check the response. This is much easier that verifying that Discord is checking user ages properly using their face-scanning technology.
Protecting kids and other vulnerable people matters to everyone, so why not the government? What would think of a country where, let say your mother cannot go out without fearing getting robbed or raped? Same for kids. Maybe you do not have kids and you do not care. Anyway being a parent does not mean being behind your kids at every single moment. I hope you have not spent your childhood under constant supervision of your parents. So at some point everyone is concerned about protecting kid, and not only there own ones
This approach has clearly failed and something different should therefore be attempted.
> When children are very young, parents can set strict boundaries. But as kids move into their teens, parents also have an obligation to loosen them. Teenagers need spaces where they can act independently
Parent have an obligation to loosen the restrictions, and, what, the government has obligations to tighten them and deprive them of the spaces where they can act independently?
I don't care to talk about the premise itself. This reasoning is absurd.
Do you show your ID when you buy alcohol?
We have many place in real life where we already have to prove our age or identity but somehow the internet should be excluded
Offline and online are not equivalent spaces. They're not symmetric, they don't fail in the same way, and they don't have the same hazards or risks. I say this because I don't think the argument that we should do it online because we do it offline is coherent.
I actually don't have to show my ID when I buy alcohol because I'm old. There's a material difference between an electronic record being submitted, passed through and stored on several different servers, and somebody seeing you and seeing a grey beard and saying, yeah, you can buy that beer. The worst case scenario in real life is that the bouncer at the bar looks at your ID, seems real enough, checks the date, matches the picture, and that's it. There is no record being stored, there is no log. It's not equivalent to the vast majority of online age verification mechanisms in use today.
No I don't. Your reasoning is absurd.
Today I can walk into a shop and buy alcohol without showing my ID.
I can also walk into my local library and read any book I wish to, some with adult themes. I could do this as a teenage too. I also did this in my own school library.
Demanding to see ID to access online content is a terrible idea and it is the parent's responsibility to look after children. It should be an understanding between the parent and child on what they should be accessing online. If that breaks down then the parent should do their job of being a parent. Take the device away and punish the child.
Can you buy a gun, a car, heroin? Why have restrictions on anything for anyone? Certainly everyone is a rational actor who chooses the best thing for society and would never take advantage of ignorant youth. Especially in a place like a library where they have unrestricted access to the ideals developing in a child’s mind. /sarc
buying alcohol without showing an ID might be possible in many places, but it's not a universal right.
Not for the past 20 years. I also don't participate in Patronscan and other similar surveillance operations.
That is beside the point. I'm talking about the incoherent argument about a parent's supposed obligation to stop parenting and the government taking over. There are three premises here asserted by the author: 1) the child's need for independence, 2) a parent's duty to stop parenting, and 3) the government stepping in. Number 1 is contrary to 3, and I don't agree with either 2 or 3. What do you think?
Use that logic to sell phones. Don't limit civil liberties to compensate for failures of parental supervision.
Those places don’t track you and keep a registry and copy of your information
Depending on where you live this may be untrue. In Washington state I hand them my id and they scan the code on the back. There is every possibility that they store it and notify the state that I bought a bottle of rum.
And none of them are in my living room, nor do they belong there.
The government does not get to put child locks on my liquor cabinet, or even keep me from leaving booze out on the counter. They get to restrict businesses from selling to people without identification. Note that this has already always been the case on the internet, too.
[dead]
The article claims this is what the ZKP scheme reveals:
> Here is cryptographic proof that I hold a valid credential proving I am over 18. You can verify the proof, but you learn nothing about who I am.
Is this true though? I am genuinely interested as I haven't looked into the details, but must the user not at least also disclose who the issuer of the credential is so the verifier can verify it against a public key? This also reveals at least the nationality of the user and could be misused to block access to foreigners using VPN.
Free access to information is non negotiable. You can dress it up in whatever argument you like; safety, intellectual property rights, moral imperatives. Take your pick. Information will not be held back, it wasn't held back by any tyrannical regime of the past with much more asymmetrical access to control, not the banning of the printing press, the efforts of the Stasi to ban western music in East Germany, nor China's more recently attempted "Great Firewall", have worked. This also will not work.
I am not worried for myself and for others who are technically inclined, we will just silently find and implement solutions for ourselves and any others who have the energy and inclination to use them. This is worst, as usual, for the most vulnerable among us. Those most in need of the information which they will not be able to access. Every freedom comes with risks and responsibilities, freedom of information maybe more than any, but the harms of limiting information are much more unacceptable than any caused by its unhindered natural flow. You can propagandize and scheme to your hearts content. You can lobby your governments to implement your halfbaked schemes. But in the end it won't work... Because people like me and millions of other will just not comply. We will build our own networks if need be, but we will do just about anything rather than accept your terms.
> Free access to information is non negotiable.
For adults.
There is information and images that are developmentally harmful to children. As the author says, this is no different from drugs, alcohol, tobacco, or gambling.
If you can’t understand that, you either don’t have children, have a screw loose, or are a child predator.
Alcohol is a great comparison to access to the internet.
Firstly lets be honest to ourselves, who gives kids access to alcohol? It is the parents ultimately. You cannot freely access alcohol in public without a venue offering it, but at home a parent can choose if and how much alcohol their kids have access to. Typically kids who have alcohol in public had taken it from home. There are societal morals that rightfully we consider reckless depending on how much access you give your kids to alcohol.
Now replace the word alcohol with 'the internet' in the last paragraph. The internet is already moderated for kids, they cannot buy access to it, and it is the parents responsibility to manage that. Since when did this change to being the governments job to dictate this moral and its implementation.
Parents just need the right tools to properly moderate their kids access, some of us had this from our parents decades ago with software managing content and time on the internet, I doubt these tools disappeared. The government should be facilitating programs like this. The cost would be substantially less and entirely opt-in, as it should be.
I as a parent should be able to put my kids device into a parental mode that allows me to manage what they have access to and for how long, the same way the Nintendo Switch works. I should be able to control the content my kids sees, not the government. The government can help me enable this across industry without forcing the world into an authoritarian regime using the vile of keeping kids safe.
Tell me you don’t have children without telling me you don’t have children.
What happens when your child’s school or library doesn’t restrict the devices they give your child when outside of your home? What happens when predators infest children’s games and platforms you expected to be safe? What happens when your idea of safety doesn’t align with the platform holder?
> If you can’t understand that, you either don’t have children, *have a screw loose, or are a child predator.*
Ad Hominem
> There is information and images that are developmentally harmful to children.
Yeah it's called "advertising."
> If you can’t understand that, you either don’t have children, have a screw loose, or are a child predator.
“Anyone who disagrees with me is either ignorant, insane, or evil.”
In this case probably ignorant.
If you ever talked to a parents with children in elementary schools, you will quickly learn that nearly every one of them had been given an online porn, gambling, gaming, social media device by their school. This is not hypothetical.
> If you can’t understand that, you either don’t have children, have a screw loose, or are a child predator.
This is not helpful, don't do it. GP likely has to suppress the urge to call you a stalinist.
GP comment made it clear that they are a free-internet absolutist. You can make no conclusions beyond that.
Absolutism is daft; attack that, if you must.
The idea that free access to all information should be available to all people is absolutism. I agree that’s daft.
At least I gave some options.
Except, of course, implementing age gates means that suddenly _everyone_ has to authenticate, not just kids. And maybe things like gambling shouldn’t be allowed altogether.
I didn’t say anything about an age gate. I’m just pointing out the absurdity of saying all that all information should be absolutely accessible to all people. No one believes that in the absolute. If you do, please share your social security number, bank account information, PIN numbers, and mother’s maiden name.
By having a discussion about privacy we’re already saying some information _must_ be kept confidential.
Let's point out the absurdity that saying "all information must be accessible" is synonymous with "all information must be disclosed". These are not congruent statements.
I’m in violent agreement that not all information should be disclosed to all people.
You can sling any names you like. I addressed the "safety" aspect. It's not only disingenuous it wouldn't matter if it's sincere. This position is non negotiable, and I say this as a parent myself. Your children's development is your responsibility, it is not your right to deprive others of their freedom due to your fear. I was lucky enough to have a library of real books as a child in my home, many if them "inappropriate" for children whatever that means. The 1990s unfiltered internet came next. I was most definitely more enriched than harmed. I'm frankly tired of this argument and I just won't accept it being repeated as truth, especially when its irrelevant to the core premise.
One of my children reads, no joke, 150-200 books a year (not including graphic novels). Does that mean every book ever written is developmentally appropriate (or even ethically appropriate) for him? Of course not.
We’ve seen this play out dozens of times. School boards will say no book should be banned and then a parent tries to read a book from their child’s school library during open comment and their mic is shut off while the board shrieks in horror.
That’s OK! Children are not adults. They haven’t developed the executive function or mental guards to deal with all content. As adults we protect them from things. Information is no different.
A friend and I were the first to have modems at age 12. And we had access to all kind of stuff on BBS and later in newsgroups. That wasn't meant for our age group and yet there wasn't any harm done. Others in our classes didn't roam there. (They were more into drinking, smoking and stealing in real life instead)
Guess who is heavily using social media today and unreflectively repeats fake news.
But now kids grow up with social media and fake news. I too grew up seeing stuff I shouldn't have online and I turned out fine but I see the online landscape today as much scarier place and as a recent father I'm scared of what it can do to my child and will need to police it.
> Isn't it the family's job to set the limits?
> When children are very young, parents can set strict boundaries. But as kids move into their teens, parents also have an obligation to loosen them. Teenagers need spaces where they can act independently, make decisions, and talk to others — where they can learn to navigate the world without a parent looking over their shoulder.
You are still responsible. If you allow your child more freedoms, you are still responsible if something bad happens. Your choice to loosen your parenting shouldn't become everybody else's problem. Some parents for example allow children to try a small quantity of alcohol - if your child is suddenly found drunk, they shouldn't ban alcohol for sale everywhere.
I would go the other way, if it's found as a parent that your child is drinking, smoking, etc, then this carries punishments for the parents. I think it should also be punished if they are found accessing online services targeted at adults.
> The digital version is the same idea, with cryptography. An authorized issuer verifies your age once and issues a signed credential:
Sounds great, but there is a clear agenda for digital IDs that 'they' are trying to shoehorn in with this "protect the kids" thing. They tried rolling it out digital IDs in the UK in 2006 [1].
As I said the other day, what really makes me suspicious is that most Western countries suddenly have the same idea at the same time. This isn't just some random politician wanting to protect children, this is an international concerted joint effort to roll out a form of mass censorship.
> So instead of fighting a system that is built to preserve privacy, we should be fighting to put the right checks in place — the ones that guarantee the implementation actually honors it.
The objective is the system itself. Once there is a control in place to stop you accessing these services/systems, changing the exact unlocking procedure is trivial and can be done gradually. We'll all just be frogs in slowly boiling pots.
[1] https://en.wikipedia.org/wiki/UK_Digital_ID
Overall "more verification" goes in the direction of "more surveillance".
The author described a narrow path that provides "kid safety in the internet" without sacrificing the general population privacy.
Is it technically possible to implement the way he suggests? Yes. Will it be implemented that way? No.
There are people who can affect the way this verification will be implemented who are genuinely interested in more surveillance, heck, remember chat control that is an ongoing fight in a very similar vein, there is a global desire in politicians to get more control over the communications.
To me the author seems either naive or straight up malicious.
> Is it technically possible to implement the way he suggests? Yes.
I actually don’t think it is. Fundamentally this kind of certificate is going to be revocable. It’s untenable politically to hand out irrevocable attestations that can be handed off to minors. If you allow that, the system has failed to prevent minors from accessing adult materials, and if you don’t then the system has failed to preserve privacy.
> To me the author seems either naive or straight up malicious.
I think just naive.
If the EU actually mandates each member country implements a ZKP for this then I am all for it.
Can they also provide other ZKPs? Specifically to attest that someone is a unique human being? Humanity verification is incredibly important to fight against propaganda online[1]
1 - https://blog.picheta.me/post/the-future-of-social-media-is-h...
From the Age Verification Blueprint:
>AVI [Age Verification App Instances] SHOULD support the generation of Zero-Knowledge Proofs
Maybe I'm not seeing the full picture but as long there is a 'should', the whole thing is worthless. Keep in mind, national states need no implement their own solutions and AFAIK during the pilot phase ZKP was just skipped. Could be for other reasons (was not finished yet) but in the end a 'should' is a 'should' and no 'must'.
Source: https://ageverification.dev/av-doc-technical-specification/d...
People flagging posts they disagree with is genuinely childish.
Agree or disagree, this is an earnest post about a relevant topic.
The problem I see here is that many of the things in the "Things that would break the promise" section are pretty much guaranteed to occur - we don't have effective mechanisms to prevent them. Tracking and de-anonymization are big business and age verification mechanisms WILL be exploited for those purposes.
Can I prove that some cryptographic token A) doesn't contain any more information other than what the article outlines and B) that the token itself can't be used as an ID tied to my identity in a government database?
No and no. So, I do not support schemes like this.
But by what mechanism would one prove, when using such selective disclosures and zero-knowledge proofs to access an online service, that they are, in fact, the owner of said attestation?
This is probably the wedge and the rest will follow once people are accustomed and desensitised to age checks.
I agree with the broad point. But it ignores another key requirement: it can’t be easy to “loan” your proof of age to someone else.
As a parent, I strongly disagree with the priorities of the people setting the policies for the age gates.
For instance, roblox is full of pedophiles. Minecraft displays pro-surveillance propaganda to my kid every time they run a game that does not let M$ read their messages.
Even “educational” sites like blooket do not bother to check their content for kid safety or accuracy.
I’d rather police this stuff myself, so I do.
Every implementation of age verification I have seen is counterproductive, and designed to take control away from parents in order to help companies monetize access to children.
The people creating these systems aren’t dumb. They work as designed, which means they are actively harmful to kids and society at large.
Except that within days of this service going live there's going to be a freeageverification.com that instantly generates an attestation proof for anyone for free. I fail to see how this is not untenable. You can compare it to geoblocks that can be circumvented using VPNs, but at least VPNs are costly to run and are usually paid services. With the implementation of verification (ZKP) described in the article, there is no cost to generate attestation proofs nor any limit on the number of proofs nor any way to stop a known-but-anonymous abuser from generating new proofs.
Maybe the EU knows it's untenable and is still moving forward because they will be able to demonstrate to the public that privacy enables abuse, creating pretext to make the system not private anymore after it's already been implemented.
I could be wrong, but I really doubt it.
No kid under 20 will use a PC or Laptop for anything except for school work. All kids under 20 are on Cell Phones and nothing else. PC usually mean work to them, Cell Phones mean fun.
Cells will have age verification if they do not already have it yet the will. Also I think Cells have lots of other personal information (PI).
To me, Age Verification on PCs is a first step to moving these devices into a Cell Phone type of walled garden. World Govs. want to know what you are doing on all your devices. Luckily with Linux (most distros) and the BSDs, you can easily avoid being "watched".
> We already accept age restrictions elsewhere. Children can't drive, drink, gamble, or enter certain venues before a certain age. It is not absurd to think parts of the internet should be age-restricted too.
It isn't, but it is absurd that the first things we're talking about is banning kids from social media. "Children do not have a right to free speech" is not a defensible position. In fact it's the sort of thing that should get Nigel Uno and the Kids Next Door on your ass.
The problem is that the argument against child access to social media is a proxy for a different, larger problem: social media is not a public forum anymore. They make heavy use of automated editorialization over the content you're allowed to see, specifically to keep you engaged and addicted. This is absolutely harmful, but it's not uniquely harmful to kids and kids alone. When we regulate these harms for children only, what we're also saying is "Adults can fend for themselves, only children deserve protection".
And, to be clear, social media is more harmful to adults than it is to kids, if only because the stakes are higher. Targeted advertising is absolutely amazing for criminal scammers who want to find specific kinds of marks. This is only possible because we allow social media to accumulate massive amounts of data on people - basically, a privately-run Stasi.
I agree that zero-knowledge proofs would be the least harmful form of age surveillance.
We have people checking IDs at the doors of bars and strip clubs.
And just like in those cases, what is to prevent someone who is of age giving their ID to someone underage?
A human glancing at an ID is not creating a log or transmitting every unique identity to the government.
If you handed over your id, and the person checking it made a photocopy and handed it to a police officer who put it in a file in a briefcase they carried, you might feel differently.
aren't a lot of bars in the US scanning the id card with some purpose-made id scanner? Seem to remember reading about that, and it being the US I would guess that data gets very much stored/shared/molested.
Yes, they are. The systems aren't even expensive, and they have some features like they track people who have been trespassed, etc.
However, you can buy fake IDs online, and the IDs are reportedly beating those machines. So if you trust the machine for age-verification, you might let in underage people.
The scanner manufacturers proudly advertise that their systems dump the scanned IDs to a back-end database for storage and later use.
The future is now: <https://sf.gazetteer.co/why-do-these-castro-gay-bars-have-ts...>
I remember last time I was in the club (decade or so ago), the bouncers were taking IDs and photocopying them and of course there was CCTV as well and police were visible outside of the club.
This only happens in the UK in clubs that have a history of violence or drug use (often leading to harms and death) and is a condition of a license. This is nowhere near the universal experience here for showing IDs for entry.
What country is that? Sounds insane to me
[dead]