Posted by bilsbie 20 hours ago
Governments that are serious about age verification and individual privacy (which, doubtful they truly are) should agree on a protocol and set up certificate issuers that are associated with a digital ID. Then age verification will not be an invasive procedure or risk data leaks or insider threats.
[1]: https://blog.cryptographyengineering.com/2026/03/02/anonymou...
It's one thing to be concerned about someone stealing my credential, but another to prevent the transfer of these credentials, especially if they are limited use credentials.
The entire point of age verification systems is to prevent minors from accessing certain resources. I think we all know that this is basically impossible; but what these various governments and social media companies want to do is to make it high friction to do so.
The highest friction version of this is that the credential ties to a real world identity somehow; maybe locked behind legal barriers, etc., but if a minor is caught using someone's credential, then the person whose credential they are using can be investigated, and, if necessary, charged with a crime roughly equivalent to providing alcohol to a minor. Without the possibility of real world enforcement, none of these identity solutions can possibly work.
Keep dreaming of a technological solution -- there is none that does not lead to the world that FIRE is warning about, except to accept that we can only make a solution "good enough" and leave it at that, without expanding into full on identity verification. The solution here is likely to just try to provide better abilities for parents to monitor and limit their children's use of the internet. Let individual parents decide on the level of harm that they are willing to accept, and accept that there will be ways to work around this even if parents are vigilant, but just try to reduce it on the margins.
So the schemes always start introducing features to reduce the anonymity of the tokens or make them more trackable in some way:
> The highest friction version of this is that the credential ties to a real world identity somehow; maybe locked behind legal barriers, etc., but if a minor is caught using someone's credential, then the person whose credential they are using can be investigated, and, if necessary, charged with a crime
Which requires that these identity tokens not be anonymous age-verification credentials. They become a traceable identity token tied to your government-issued ID.
Not if you use a challenge-response protocol where the client returns a zero-knowledge proof of age, where the proof incorporates a random string sent by the website.
The traceable stuff is private information that the website never sees. If a minor is caught with it, then law enforcement has local access to the minor's hardware and can probably view the private data.
At that point, the private key can be put on a public revocation list. The zero-knowledge proof can include a proof that you're not on the revocation list. Once you've been revoked, you have to go through the hassle of setting this all up again, which might be enough incentive to keep it reasonably secure.
If there's a simple piece of software that can be installed, it's not meaningfully increasing the barrier. Also, there are negative consequences to introducing "rules that you're expected to break" like this. It makes the law unserious.
And if it's a phone app, it's not going to be on app stores and you already know the person giving you the app is a criminal.
So you're installing an untrustworthy app to risk criminal charges, and the customers of this scheme are kids who mostly don't have a lot of money.
So the schemes inherently add some traceability, which makes the tokens no longer actually anonymous.
This is the back door used to make the tokens double as ID tokens.
Just offer the user some money if he installs some "trusted" app for age verification token sharing.
And then what? You think the police are going to make a case out of getting a token blacklisted or start an investigation into the person who the token came from? Also confiscate their devices as part of the investigation? I guarantee that the token source will be someone in another state or another country or just a stolen ID being used to sell their tokens.
I can’t believe we’re getting to the point where we’re talking about sending the police to deal with cases where a minor is suspected of, what, accessing social media? To confiscate their device and do forensic analysis of the tokens on it?
Do you realize how insane this is getting? How does anyone think this is feasible, let alone a good idea?
It's still my preference to have no verification at all. On the internet, nobody should know you're a dog.
The problem with your hypothetical was that you casually introduced the police as an enforcement mechanism for cases of a minor accessing an over-18 website. The implication is that the physical police are now involved in our access of websites, and you’re saying the tokens involved in us accessing websites will have some evidence that they can use in the investigation of that access.
This is why we keep saying that the anonymous token schemes don’t preserve privacy. It always turns into a slippery slope of adding escape hatches to the anonymity to enforce violations. The very implication that the police are going to be tasked with going out and confiscating devices to investigate suspected age token violations is an indicator of how far the window has shifted on Internet privacy.
Obviously it does. These $1 per-day apps are 24/7 online and so challenges can simply be proxied just the same as tokens.
> ... law enforcement has local access to the minor's hardware ...
This is a large part of what people, in practice, want to prevent using this scheme.
> Once you've been revoked, you have to go through the hassle of setting this all up again, which might be enough incentive to keep it reasonably secure ...
States want to know who to punish when this happens. Which also details how this is defeated: you can't revoke the token, because that makes getting a conviction near-impossible and it exposes the states to counterclaims.
The people who install such forwarding apps don't have money for the court to charge, and they can't take away their identification apps (which these will be, obviously) because that's the cheapest way for states to communicate with them.
Unless you build this into the base layer of the internet (which European networks like minitel did, by the way, with France telecom graciously checking it for free. Free for the state, of course. YOU paid per packet)
> ... to keep it reasonably secure ...
Oh and "reasonably secure" won't cut it. Someone committed suicide after a message was posted, and they're "reasonably secure" who it came from? You see the problem, I hope.
Regarding my scheme:
The only way law enforcement should have access is if they show up and get the phone in their possession, with a warrant. Which could happen any time some teenager posts something without realizing it identifies them.
If the teenager has your full credentials, that's when law enforcement sees who you are, and can take whatever action we deem appropriate. I would think just revocation if you might have been hacked, more severe if it's clear you shared on purpose. Revoking credentials doesn't interfere with the person using the app for other purposes, or with any prosecution, and criminal prosecution doesn't rely on the perp having money; quite the opposite in fact.
If you install a proxying app for the challenge-response, you're installing an untrustworthy app from a criminal to take payment for a criminal scheme, with risk of prosecution if that criminal gets caught.
Nothing in society is perfectly secure. There are all sorts of ways that we allow some crimes and tragedies to happen because we know that preventing them would be even worse. There are good reasons that courts have long protected privacy and anonymous speech, even though we could solve more crimes without those protections.
It’s beyond crazy that we’re actually talking about police showing up at someone’s house because they suspect a social media post came from an under-18.
This is one step away from your local government unmasking their Internet critics and sending police to their house by “suspecting” that they might actually be a minor.
> If the teenager has your full credentials, that's when law enforcement sees who you are, and can take whatever action we deem appropriate. I would think just revocation if you might have been hacked, more severe if it's clear you shared on purpose.
Why would you assume the person giving out the token is in the same jurisdiction? The tokens would almost certainly be coming from another country.
The police aren’t going to be tracking down teens, confiscating their phones, running forensic analyses, and then doing the work of getting tokens revoked through a possibly international process. They barely have enough time to show up and take a report when someone does minor physical proper damage.
All this does is open up the process for targeted abuse when governments or police need an excuse to go after someone posting on social media.
If you can identify physical hardware from a request or post, obviously it's not anonymous. In fact, if you can identify the owner of credentials from the credentials, they're not anonymous. Obviously in an actual anonymous system it is utterly impossible to do this, whoever you are.
So you've just proven your own argument wrong. Anonymous age verification online is impossible. You don't agree?
With integrity protection, tokens can only be minted with a government app, driven by both biometrics and physical human hands touching the physical screen. There's no way to do it in the background. Without it, you can indeed have a single activist mint 10 billion tokens and give them out for free, defeating the entire scheme.
There's a CAP-style triangle here. You can have age assurance and anonymity but lose the ability to run your own software, have age assurance and device control but lose anonymity (via traditional ID checks, which don't require IP in theory), or have anonymity and device control but lose age assurance.
As it stands today, doing business on ebay/craigslist/etc isn't that much different than doing it in a back alley in the bad part of town. Generally a bad idea but YMMV if you keep your wits about you. Of course it's your right to do business that way, but no one in their right mind thinks it's acceptable to do global commerce that way.
Commerce relies on legally enforceable contracts (both paper and EULAs), which ultimately rely on identity to be enforced. It's a bug, not a feature, that someone on the internet can steal my identity to purchase a product in my name and have it shipped wherever they want. It's a feature, not a bug, that my bank asks me for photo ID before I empty my account in person.
I'm not allowed to access banking computers, except occasionally and from within in a sandbox with proper credentials (ATM card for example). If, in the future my bank needs to do their compute inside my house on my phone, then it seems fair that there should be walls that keep me outside of their trusted compute.
That said, I am 100% behind keeping open purpose general computing free and available. Rooted devices, self built PCs etc all of it. I love it, saying this as a person who grew up building their own PCs and programming from a young age. I think that we all should be able to access the non-commercial side of the internet in any way we want, a true public square, warts, gutters and all. Hobbyists can do whatever they like as long as it doesn't touch commercial systems.
As I see it, the problem for most of us is that the social/fun side of the internet has largely been captured by commercial interests. Anything with a EULA should be considered a commercial site, since you're legally bound by a contract using it. As it stands today all the fun things on the internet would require enforced identity.
Maybe having a separate walled off "commercial internet with identity enforcement" will finally open the public's eyes as to the ramifications of the digital world we've built. And also allow us to individually take a stand and push back against the commercial interests through our daily choices of what sites we visit. Basically voting with your ID chip instead of your pocketbook. You can still do business in the gutter if you want to, but for the normies it will be easier for them to spot when they're in a back alley. And it gives parents options for keeping kids off of the anonymous side as as well.
I do think a Reddit with identity would be a much less toxic place. As long as the brave adventurers among us can still access the digital gutters like 4chan and other message boards.
Do you remember the days of "Real name" requirements on YouTube and "Google+"? The experiment was tried, it didn't change things. (Also, see Facebook for an ongoing version of the same experiment).
This is certainly something that can be solved technically if we want.
All of these solutions seem very complicated, for little benefit. So a anonymous age verification scheme, fine with me. But making it more complicatdd, because dark entities could capture and resell tokens .. seems a step in the direction of madness.
But these days I see a lot more talk about the developmental effects of parasocial media on kids. There’s a whole segment of buy-in there that didn’t exist before.
They don't work even then.
Suppose you completely eliminate privacy on the internet and require every domestic site to collect the name and social security number of everyone who visits. Then a child uses an adult's ID, regardless of whether it's with or without their knowledge. Is the child going to inform on themselves? No. Is the adult, when they don't even know about it? No. Is the adult, when they provided it on purpose? No.
That constitutes the entire set of people who would typically know that the person using the device isn't the person on the ID.
On top of that, we can punch an even bigger hole in it. Search engines, among other things, index other sites. Google is obviously the biggest but there are many others -- Bing, Marginalia, Brave, Swisscows, Yandex, Perplexity, Baidu, etc. They're run by adults and most of their users are adults, who reasonably expect to be able to turn off "safe search" if they want to. So some adult at each search engine would have to provide their ID to the crawler so it can index things inappropriate for children and show them to adult users. It would therefore be a fairly unremarkable and recurring thing to see the same ID make a zillion gigatons of requests.
But then you can't use "why is this person downloading 100 things from 100 computers at once" as an indication of anything nefarious happening, and anyone can still set up a service hosted on a foreign server that will serve adult content to anyone without an ID by serving it out of a cache. (And in the case where you're invading everyone's privacy, that service would also be very popular with adults.)
In the context of social media, if they want to actively participate they have to given that it's the entire point. It's true that even with a government ID scheme people could borrow someone's ID to get passive access with their consent. But a kid couldn't share an account with a parent without that parent knowing because you see their activity, and they also couldn't post.
Example: schools banned phones, so kids switched to talking over Google docs:
https://www.theatlantic.com/technology/archive/2019/03/hotte...
If we give parents better tools to limit and monitor internet access, kids will just buy a used phone which is unregulated. If their parents even bother to use the tools in the first place (it is my impression most parents do not). There is also a lot of loopholes parents do not even think of (like a web browser on a game console).
Put the burden of responsibility on the sites themselves and the number of people that will be able to successfully bypass such restrictions is going to be negligible and largely depend upon ongoing inorganic behavior or being an outlier in terms of behavior/interests.
Unfortunately, the said-government doesn't seem to worry about the fact that their own systems have been breached over the years
Then why are they forbidding VPNs?
This is clearly NOT a use case that is solely referring to minors.
The whole cake is a lie and so is your assumption that age sniffing is "to protect children".
> Keep dreaming of a technological solution
We don't "dream" - we know what is possible and what is not.
Mass surveillance of everyone is simply not an option.
> Let individual parents decide on the level of harm that they are willing to accep
Nobody has an issue IF it were about individual parents, but it clearly is not. Governments try to criminalize and restrict everyone - and that is the true agenda.
The problem is, this is wrong. What these governments want to do is get a grip on online behavior, through actions against individuals, who can't/won't defend themselves, rather than through actions against gigantic corporations that may choose litigation and take years to change their behavior, if they do at all.
Governments want to declare something illegal, say downloading a movie, putting racist comments online, ... then catch everyone who engages in that behavior online through mandatory identification, and actually have an effect.
To do this, breaking privacy is, of course, a core requirement. This can be introduced into these systems afterwards ("judge X wants to know who authenticated with token <token>, please provide the information"). Without this, government rules will remain totally ineffective online like they have been in the last 40 years.
I personally much prefer government rules remaining totally ineffective online.
I feel strongly that this conspiratorial mind-reading approach to this sort of issue is just counterproductive.
What all the governments (and non-governments, frankly, there are many supporters of these things) are asking for is excluding minors from certain websites and services.
The problem is that this translates to age verification, which translates to identify verification, which incidentally gives states and other actors a variety of other tools they can use for anti-civil-liberties purposes.
In the end their motives are just irrelevant unless there is a clear way to exclude minors from certain services without going down the chain towards identity verification. Such a way does not exist, so we have to fight it here, at the point where the basic ask emerges.
Buying alcohol for a minor implies knowledge and intent.
Getting the tokens out of a phone doesn't require the user to do any of that, the user just has to be frugal and keep the phone longer than it's supported by the manufacturer, until some local exploit is found again, and that token will be extracted and available online for everyone to use.
Parents buy those phones, phones could easily have a "user is a minor" setting (and a flag sent to all the sites that want one) with a password for parents to unlock stuff if needed. This would be set during the phones first set up, and it's done. But nope, the plan is for everyone to install a form if a digital ID on their phones, and once it's there, requiring full-name identification when registering is just one step away.
In most countries it's perfectly legal to provide alcohol to your kids.
Yes, parents are responsible to set this up. But parents are also responsible to lock their alcohol, drugs or guns, condoms, etc., and many other things.
Perhaps parental controls are not good enough? That's where the regulation could genuinely help - require child-certified devices to implement minimum set of parental controls, and make them easy to use.
Yes, government want to end anonymity and that's clear to some. But governments enjoy on a pretty broad support for this and many people supporting this believe it's a real problem. Suggesting to leave it unsolved or solve it in a way they can't trust or understand is only going to alienate them, making the government job easier.
I think suggesting a simple, cheap and effective solution to this problem that has no impact on privacy is a way better way to counter that. I think local parental controls fits the bill.
A lot of people also may or may not be smart but have limited knowledge of this area and limited time/effort to expend thinking about it.
I don't think you should rail against those things because they will always be true for every topic.
Instead, people who have understood the deeper implications of this, for instance the typical HN reader, need to connect with the average person, engage with rather than dismiss their child protection fears, while explaining the downsides.
Taking a high handed dismissive attitude will not help to shift public opinion.
I thought that stating this, I believe, fact as a contributing factor in the creeping authoritarian climate would be understood without having to attach a handful of caveats and papers?
(you're contradicting yourself)
It’s not 1980 any more.
If you deny for example Murdoch-owned media impact on the society, or the extent of the damage for example BBC did in the UK to the human rights or the discourse, I'd suggest reading more :)
[1] one TV programme I remember (I don't watch it): "Good Morning Britain is the UK's most talked about breakfast television show with a weekly audience reach of 4 million people." that's 10% of the age group 16-64 here, not too shabby-- and that's ONE tv.
No they do not. They do an enormous amount of PR trying to convince people that they have it, though.
In the real world when there is a ton of support behind a position, you see representatives of it all over the place and they are pushing the agenda and the coverage. In the world of online age verification, you just see a bunch of lame duck politicians using procedure to sneak policy changes in and keep objections from being heard, and a few government contractor-surrogates writing op-eds (that they haven't read.)
When puritans go on the march, they're actually pretty loud. Most of the anti-social media people are hippy-dippy upper-middle class liberals who curse "screens," completely believed Cambridge Analytica's PR and think that Trump rules through mind control - who will be bothered by the end of anonymity; and the remainder are angry online right-wingers who think that they were censored by and as a result of social media. They're not marching together, they're not marching to have people identified when they're using the internet, neither of them are even prioritizing social media right now and they aren't putting pressure on anyone.
The fact that it's so unpopular is why there are lame ducks doing it. They're just assuring their fortunes on the way out, and the person on the way in will pretend like they had nothing to do with it even though it will be will be passed and implemented on their watch.
Ok who is paying for that PR though? its not free.
its not like all the UK kids charities are for it.
> Most of the anti-social media people are hippy-dippy upper-middle class
My kids school is very much not in the posh area of london (although they are trying to make it posh) they hate what social media feeds their kids _indirectly_ As in clips and trends sent to their kids via chat or DMs.
It appears that what they want for their kids is basically a walled garden where the advert-content can't bombard their kids, along with the racist/violent stuff.
I'm really sorry, but that's giving politicians far to much credit for being able to plan ahead.
Look at both the UK and the USA. The UK's just yeeted its PM because he had the personality of a block of cheese. The USA is currently inches away from shooting people if they mention the word green and water in DC. None of that screams "I am a master at planning ahead and manipulating public opinion in to doing x"
The politicians have no idea about how this all works, they see that "social media" is causing harm (its not the only source, we might get to that) The public, especially in the UK really do not like americanised media being forced in their faces and want "something to be done"
Again for the UK specifically the OSA specifically didn't layout a government mechanism for age verification. they left it to the end company to avoid the suggestion of tracking. Despite it being ripe for uberfraud and blackmail.
it would be much more private if ofcom had published an opensource gateway to anonymously authenticate against. (assuming the thing was built properly and verified)
But to the point you are hinting at
Google, meta, apple and $OS makers already track you. This is not an issue of privacy persay, its about who can track you and why. I'd much rather a list of times I access a site that required age verification being stored by the government, than every single fucking page I looked at tracked by google/meta.
The latter is already here.
It is about what abuses can happen from that info. Google could sell your data. The government can imprison you. You don't think Trump wouldn't try to collect info on his opponents and weaponize the DOJ against them?
In 1953, Eisenhower signed a pact with the Zeta Reticulans (grey aliens) at Holloman Air Force Base. This pact set in motion a century-long program of preparing humanity for the alien disclosure. Communication must be controlled at a global scale, to avoid mass panic and the collapse of society when the disclosure is announced.
And no, porn isn't more extreme these days either. I remember seeing bukkake, golden showers etc on borrowed tapes and hacked pay TV. BDSM existed back then too. And I had some pics of a girls face surrounded by male members and their output. Never once did I think this would be a normal thing to do with my girlfriend once I got one.
And these things are still gonna happen. Teens are going to go through their dad's phone when he's sleeping, find his stack of Blu-ray's or vids on this computer. Even with all this age verification stuff. I don't understand why we suddenly think that's the end of civilization.
Were they delivered to you in truckload volumes every day, including tapes recording executions, child molestation, foreign political propaganda, domestic political propaganda and misleading advertisements?
Every day, any day, unlimited quantities? Including giving your phone number to any strangers anywhere in the world so they can talk to you without limits, supervision or even parental knowledge?
No?
Then let's perhaps stop pretending that millenial internet free childhood is a thing that exists and let's talk about actual modern issues.
Because they've been told to think it by the combined forces of Meta and the Heritage Project. They spelled it all out in Project 2025, a check list which has been followed nearly to the letter. They're also rampaging through libraries and trying to keep books of the shelves.
Conservatives don't like porn, because controlling sexuality is part of the cult playbook to control people. (Addendum: they don't like other people having it. They're hypocrites, of course.) They also want to, while instituting a backdoor ban on porn, define everything else they don't like as pornography. Project 2025 repeatedly uses the term "pornographic" as a synonym for for LGBT issues and other things.
The goal, after de-anonymizing the Internet, is specifically to control access to information and entrench their fascist Overton window shift.
They're really sore that many Millennials and Gen Z had the internet as an escape hatch from local, abusive churchy bubbles and want that locked down going forward.
And yes that usage of the law by linking LGBT content to porn is something I've seen in Europe like in Hungary too. But even in the Netherlands, one of my friends is always foaming at the mouth about schools mentioning lgbt in sex ed class. When it's the most important time to prevent people needlessly struggling with their orientation.
Luckily where I live this isn't a thing and it's still very pro lgbt. The city always makes a huge deal about pride month with posters and events everywhere.
I do worry about the control over the internet too. And I've seen it coming for a while. When I was younger there was this WAN movement where people connected their WiFi networks together with parabolic dishes and the government was always trying to prevent and discredit that saying it was used for illegal file sharing (which it was but so is/was the internet).
I'm not so worried for myself because I'm so technical, whatever restrictions they come up with I can work around them. But most people aren't that lucky.
Having seen some parents I kind of believe it but not to the point of wanting to implement ID tracking on everything.
That said while Apple does a good job at parental controls, Microsoft is altered. Trying to have controls on Minecraft across a windows laptop and a switch involved a multi hour odyssey, creating tons of accounts for parent and child.
The local school district has been issuing iPads to kids for about a decade, and they still haven't figured out how to block exactly what they want blocked. The system they give parents for monitoring the iPads is a joke (Apparently my kid spent 75% of his iPad time the last week of school on sites categorized as "web").
I am a member of FIRE, I am extremely opposed to the mandatory ID laws, but the state of parental controls is phenomenally bad and saying you have to be "on the margin of society" to not be able to set it up is so far from my experience that I couldn't help but to respond to this comment.
I'm not sure what the solution is; a lot of people have suggested requiring sites to send categories (e.g. if every social media site was self-tagged, then blocking social media could be just a single check box in parental controls), but that probably isn't constitutional in the US (Compelled speech is usually banned under 1A grounds), and is subject to too much interpretation (seems unlikely that all 50 states would agree on a definition of "social media" much less "pornography").
Having devices send the age out to sites seems strictly better than ID checks to me, but is still a "one size fits all" approach to parental controls, I worry that if that became the norm the already mediocre controls that exist would atrophy, and it certainly would make it easier for malicious actors to setup a website to target minors.
Ok, but parents buy internet access and then let their kids use it, because the kids need it for school. So? The parents job is to keep their kids out of trouble. Learning how to keep track of what their kids access shouldn't be difficult, and maybe should be part of the obligation parents have, kind of like their obligated to teach their kids to drive before giving them the keys to a car. Its analogious to saying "kids shouldn't walk home from school or be let out of the house at all because they might wander into a nude beach or join a drug smuggling satanic cult". Most of us don't hold that view because we trust that kids can be taught to be vaguely responsible.
What's more: tools to shield the kids have been around for longer than most of the parents have been alive at this point. The problem is pretty much solved in multiple ways, and wouldn't even be a problem if parents only followed their basic responsiblities. Also it isn't a problem in the first place, I haven't seen any clear, undisputed evidence that shows that kids are degenerating into fiends because of looking at adult stuff on the internet.
Unfortunately it is, but we could fix that with only minimally invasive legislation. Right now you either whitelist which breaks half the internet on a recurring basis (things are constantly changing) or you blacklist which is swiss cheese. Either way you're relying on third parties.
I think it would be much better to legally mandate a certain minimum level of self classification for website operators along with a simple and extensible scheme for communicating such. It might also be useful to mandate that devices ship from the OEM with parental control software supporting that standard but honestly I doubt that's necessary - if their were a standardized and above all reliable signal available I think browsers and operating systems would rapidly adopt support for it.
I imagine it could be not trivial to enforce (esp. for offshore web) - but definitely easier than enforcing the same sites to implement much more complicated identity verification (while preferably also not leaking this data).
But that might not even be necessary. A small on-device AI can probably do a decent job classifying pretty much everything we don't want children to see - with and option for parents to override it when needed.
It's quite trivial, actually - the parental control software is designed so that if there are no content tags, then the site does not display. The mandate for websites to tag their content would only need to apply to websites over a certain size, to bootstrap the network effects.
Given that we're at the point where big tech is pushing its regulatory capture legislation aimed at demanding mandatory identification ("age verification" fundamentally boils down to identity verification), I don't think it would be unreasonable for a legislative mandate for every site over a certain size to have to publish tags, and every mobile device manufacturer over a certain marketshare to have to include a parental control solution in the device setup.
Although I'm also left wondering what the state of the art really does look like here, and whether a mandate for tags is even what is needed. The real problems would seem to be twofold - parental controls software isn't included with most devices, and most parents won't go out of their way to seek out a third party option. And second, very few websites aim to serve people under 18, 13, etc to begin with. Rather they like the fiction that their services are "18+" regardless of who is using them. (Mandating tags would serve that last one, but perhaps there is a more direct approach?)
Not quite. I'm suggesting that adoption could be forced if the major browsers refused to load sites that didn't include the tags regardless of whether or not parental controls were enabled. The end result would be that either your site included the tags or else it would not load without some sort of manual user intervention on every visit on windows, ios, etc.
> leaving the open web unaffected
But the entire point here is that there would be a legal mandate for all sites to carry such tags. The goal is to fix the problem that parental controls are spotty and unreliable at best.
> The real problems would seem to be twofold
It's as I previously explained. None of the current options are particularly good even if you are a parent that cares and is willing to invest time and effort.
> they like the fiction that their services are "18+" regardless of who is using them.
That's due to not wanting the liability of a mishmash of laws from different jurisdictions. Nearly all of them treat an 18 year old as an adult so problem solved.
That's entirely separate from these tags BTW. The idea isn't for the site to communicate some arbitrary age appropriateness signal that they as a third party to the family couldn't possibly know. Rather it's to communicate classes of content such as porn, gambling, violence, social media, user generated content, games, that sort of thing.
My point is that you don't even need to mandate it for all sites, and attempting to do is kind of specious based on the existence of foreign sites. Rather you can focus on mandating it for the large consumer-oriented sites, and this will create enough of a critical mass that a web browser with parental controls enabled will have decent functionality.
The difficulty with forcing some uniform mandate onto "all sites" is that the mandate has to be for tags that are faithfully stated, rather than a blanket 18+. And small personal website operators shouldn't be in the position of being forced to determine whether the random stuff on their personal website is specifically suitable for 13+, 18+, etc.
That's the goal of defining the semantics in terms of an open system rather than a closed system - it fails gracefully.
> None of the current options are particularly good even if you are a parent that cares and is willing to invest time and effort.
Pragmatically this is disappointing to hear, but matches everything I've been able to surmise.
> The idea isn't for the site to communicate some arbitrary age appropriateness signal that they as a third party to the family couldn't possibly know. Rather it's to communicate classes of content such as porn, gambling, violence, social media, user generated content, games, that sort of thing.
I think it should be both. There should be a class of tags that assert a site is legally fine for a 13 year old to view in the US, an 8 year old to view in the US, etc, possibly multiplied with jurisdiction. (note the direction there - it's not a statement that there is content unsuitable for a 13 year old, rather it's a warranty that the contents are suitable for a 13 year old). There should also be tags of the content/aim of the site like you've listed.
The settings in the parental control software can then make a good first pass based on age, then content categories, then parents could even allow/disallow specific sites. The point is to provide good defaults, but ultimately keep control of parents rather than giving it away to corporate attorneys as any age verification (ie identity verification) based solution inherently does.
I challenge that anyone believes this, and for my evidence, I would submit all the age based laws that protect children regardless of what parents do.
We have already, long ago, decided that it is the government's job to protect children, at least in cases where parents fail to do an adequate job. That's why I don't see this ending any other way. The march to total domination by the side of the government might be slow, but they already won the war around a century ago (exact timeline for laws protecting children in place of parents is a very long topic and does differ country to country, I recall hearing some places still even let kids buy alcohol if they say it is for their parents to consume).
For most of human history there were few, if any, laws governing how children were raised yet civilization didn't collapse because of that, and, indeed, there were no discernable effects. In many places parental-infanticide was even legal. Yet always parents did their best to keep their children safe in general, because that's what parents naturally do. Somehow its different now to you I guess but I fail to see why. Obviously some parents will do a poor job, that's true about every human thing. If people can't drive we take away their license. If people can't parent, however, we apperently have to bend everything in society to cater to their failure and create a massive surveillance state.
Notes:
0 - For an example of using 2 pronouns in one sentence: "I am he".
https://www.biblegateway.com/passage/?search=John%2018%3A6-8...
As you are he
As you are me
And we are all together
For those parents life is easier if nobody is allowed on these things.
Get over it, and stop caring how other people parent their kids. Or, better yet, learn from them.
No they're not - all those things are illegal for children nearly everywhere.
I've also always been curious how a truely anonymous identity verification could possibly work. At best for age verification, I could be given some kind of token that would still have to verify my age and be verifiable with a central authority to ensure my token is valid. The central authority could always keeper records of my token, revoke it whenever they please, and every entity that can verify the age associated with, or embedded into, the token knows at least some of my PII.
You go to a store. You show the clerk your id and give him a quarter. The clerk pulls a scratch-off ticket from the front of a ticket tape. The ticket contains a token identifier.
It's anonymous. The clerk or his POS system knows your name and age, but doesn't know your number. The vendor providing the tape doesn't know your number or your name. The system accepting the token knows your number, but doesn't know your name. The token is only valid for a day after use, so loss and transfer isn't much of an issue.
It's the exact same process by which you buy lottery tickets in a world where they don't need to verify your identity when you redeem them. The lottery has no idea who bought a particular ticket, only that a ticket was bought. The clerk knows you bought a ticket, but doesn't know which ticket.
Obviously, Eavesdropping Eve looking over your shoulder knows both your name and your ticket number, but that's not a practical attack.
Where does this 3rd party identity token provider come from?
For government-issued identity tokens, there are not separate parties. It's just the government, and they can choose to link whatever they want in their internal system if they decide it's in the interests of national security.
You're also forgetting that lottery tickets are tracked. This is how they can announce which store sold the winning ticket before anyone steps forward with it. It would be trivial to match a buyer to the ticket if they wanted to inspect the records. In the case of a government identity token service, there isn't even a separation of parties providing the records. They do it all and can have all the data.
Some oracle whose job it is to print tokens and hand out rolls to the stores (and to the websystems). They would know which store got which roll, and which website authenticated it, but not who each ticket from that roll went to.
With a big enough roll, this is essentially anonymous.
Yes, lotteries know which store got the winning ticket, but they have no idea which of the patrons in the store got it. Not unless they ask Eve to get her telescopic lens and notepad out.
You're saying the real solution is that we bring in a private, 3rd-party company to start checking our IDs to access websites now?
I am not actually advocating for it. I'm just saying how it's possible to solve it given those constraints.
I’ve sold lottery tickets, and you have to be legal age to both buy and redeem them, so I’m not sure that this analogy or hypothetical solution is comparable to lottery tickets, nor is it likely to be the panacea you think it is.
I don’t think that the nascent online age verification schemes are good for society in general, either, but that’s not really the point you were making in your comment, so I don’t assume that you believe they’re good or bad, but simply advocating for a more privacy-preserving implementation. Which is kind of the whole point of the argument against bad implementations, but those who mandate and implement the systems likely view uniquely identifying people as a boon, whereas you and I probably don’t, which is why I am not hopeful that your ticket system will be used, because it will be higher friction for more people than uploading scans of their IDs and/or their face.
The ticket system, if implemented, would be used by so few people that the folks who do could likely be re-identified by Bluetooth tracking beacons and facial recognition in the same stores which they bought the ID tickets you suggest, and so I think the number of people who would escape tracking by any such means to be so few as to be a rounding error.
Those folks who do pursue this privacy hobby/fetish are statistically likely to ultimately mess up on their opsec eventually on a long enough timeline, so it’s hard to even imagine a scenario in which it matters either way what individual privacy activists do or don’t do from the point of view of the panopticon designers or implementers. Those not identified to a desired confidence interval by the mass surveillance system will just be retargeted for more sophisticated surveillance measures.
Despite how we rage, we’re still just rats in a cage.
More and more, the privacy debate feels like a quixotic struggle against giants, when everyone already knows that those giants are actually windmills; the majority of society now lives on reclaimed lands which rely on those windmills’ continued existence, and so no one cares about privacy in the way that you or I might care, because they are incapable of perceiving windmills as giants, nor do they have the intellectual or philosophical or political beliefs which would allow them to even entertain such perceptions even for the purposes of discussion. The privacy debate is beyond their ken.
What prevents a commercial "AI" security camera analysis firm from doing a decent job of linking footage of a store's customers to a likely subset of tokens, based on the knowledge of which tokens are sent to which store and how many tokens have been pulled off of the roll so far? Remember that you can design the token roll packaging so the easiest thing for a clerk to do is to pull off the rolls in the order in which they were shipped. Or -hell- you can design the token dispenser so that it phones home to the oracle that sent the roll to the store with the range of tokens in the roll when the roll is loaded into the dispenser (for "security purposes").
> It's the exact same process by which you buy lottery tickets in a world where they don't need to verify your identity when you redeem them.
I've seen many people buy lotto tickets. I've never seen anyone asked for ID. Perhaps the merchant is supposed to check for ID, but they don't. Relatedly:
> The clerk pulls a scratch-off ticket from the front of a ticket tape. The ticket contains a token identifier.
What prevents rolls of those tickets from falling off of a truck and either being handed out for free or at a substantial markup, no questions asked? [0]
In the real world, the system you propose absolutely will not function to the standards required by the people agitating for these systems. You can't "protect the children" if "children" can easily get their hands on anonymous access-granting tokens.
[0] The fact that this doesn't happen with lotto tickets often enough to be newsworthy is not a compelling counterexample. Stores make a decent amount of money selling those, and wouldn't want to get cut off from that revenue source by regularly "losing" shipments of tickets. What you propose doesn't make stores any money, so either you have to spend a bunch of money to induce them to carry the tokens [1], or you have to have harsh penalties for "losing" shipments of tokens. If you risk harsh penalties for choosing to sell the tokens, why even bother? Stores put up with the risk of selling booze because it's quite profitable... selling 5c or 0c tokens absolutely is not.
[1] Where does that money come from? From you and me, of course!
Lottery tickets don’t “fall off of trucks” or get “lost in the mail” because they aren’t valid for redemption until they’re activated at the POS terminal of a licensed store, and the lottery company knows which store receives each ticket roll, because they are shipped to known locations with tracking numbers and delivery verification and/or delivered in person by lottery employees. Even the rolls of blank lottery ticket receipt paper have different serial numbers every few inches, and it’s forbidden by policy to swap receipt paper between stores. All of these things are audited both regularly and randomly by state lottery officials.
Oh yeah, true. A few minutes after I posted the comment, it occurred to me that lotto tickets always get scanned at the register, which is the obvious way to track their distribution and make it annoying to use a whole bunch of winning ones that fell off of a truck. Thanks for the first-hand industry info.
If it's effective, all that tracking and auditing can't be cheap. The lotto gets to pay for it with ticket sales... I don't expect folks would tolerate paying for that [0] for this "I'm an adult" token-distribution system.
[0] ...whether that payment is paid by the token purchaser or by the taxpayers, generally...
Now that you mention the auditing etc, a lottery system would probably be an easy way to get people to literally buy into an online ID scheme, not because it would necessarily be privacy-preserving, which would depend on implementation details, but because a not insignificant number of folks seem to like the chance to win money. Considering many states already have lottery systems, the ID code tickets could probably be provided alongside lottery tickets for free or nearly free, and employees already have the training to check/scan IDs. If there was an incentive such as the possibility to get discounts, win prizes, or tie-in purchases of some kind, I think it could work.
Many stores that sell lottery tickets also sell gift cards, so that technology could also be used instead or in addition to ID tokens at the point of sale. There are a lot of sponsorship opportunities available for cross-promotion.
“Please drink a verification can” was probably more prescient than was at first apparent. Mike Judge saw this whole thing coming from a mile away.
> In the real world, the system you propose absolutely will not function to the standards required by the people agitating for these systems. You can't "protect the children" if "children" can easily get their hands on anonymous access-granting tokens.
What stops children from paying someone to buy beer and cigs for them? What's the difference between age-controlled liquor and an age-controlled token falling off the back of a truck?
You can introduce as many soft-verification systems as you want to tweak this. The roll of numbers doesn't become active unless installed in a dispenser that phones home when it is installed, for example. The empty bobbins containing the roll have to be returned to the oracle, and need to register installation in a dispenser. The dispenser can even count each dispensed ticket. The only requirement is that the sale and the process of paying for the sale isn't linked to the ticket. If you maintain that, the system is anonymous. If you break it, it's not.
I preempted this line of questioning. I'll quote the section for you:
What you propose doesn't make stores any money, so either you have to spend a bunch of money to induce them to carry the tokens [1], or you have to have harsh penalties for "losing" shipments of tokens. If you risk harsh penalties for choosing to sell the tokens, why even bother? Stores put up with the risk of selling booze because it's *quite* profitable... selling 5c or 0c tokens absolutely is not.
[1] Where does that money come from? From you and me, of course!
> The only requirement is that the sale and the process of paying for the sale isn't linked to the ticket.
Unless you make it turbo-illegal to link those pieces of information (even weakly), then those two pieces of information will be linked lickety-split. As aspenmaver mentions, lotto tickets are activated at time of sale by phoning home to -I assume- the issuer of the ticket, providing a ready-made mechanism to correlate which tickets are sold to which person. When the people who are crying to protect the under-eighteen from the "evils" of computing notice that under-eighteens are -shock! outrage!- still exposed to that "evil" despite this token-distribution scheme, they will demand any such laws be weakened or eliminated.
[0] ...or fail to strictly follow all of the regs when giving one to a "Token Commission" officer doing an undercover buy, as absolutely happens with alcohol sales...
A simple law against linking those two pieces of information would be sufficient. Sure, someone like the NSA wouldn't give two shits about what's legal, but they also wouldn't have the means to clandestinely get the necessary hardware installed in every one of the million stores that exist in the country.
Eventually this becomes common knowledge and "something must be done". Facebook (the corpo sponsoring these age verification laws to absolve their own liability) and their ilk decide that the token system no longer meaningfully proves age. They switch to demanding full government ID in cleartext, as there is still no comprehensive privacy law that would prevent such a thing.
Every single approach that puts the onus on the company to verify age falls apart this way, possibly including a de facto mandate for remote attestation (ie say good bye to libre operating systems and browsers that aren't MSIE, Safari, or Chrome). The only workable systems are ones in which the onus remains on parents giving their kids networked computing devices to enable parental controls and/or otherwise monitor their kids' usage, with those parental controls based on information flowing strictly from the website to the user agent (eg a content tag that asserts "this page is suitable for kids").
(and I say this as a parent who is staring down having to deal with this problem in a short year or two)
If it's unlinkable, what's preventing someone from setting up a site that hands out anonymous tokens for anyone to use?
Other approaches are possible. I'm particularly keen on ones that treat attestations as anonymous digital currency and use cryptographic penalties like slashing to discourage copying post-hoc instead of relying on EU-style implementation certification.
There's a huge literature on the subject I don't want to reproduce here. The point is that yes, we do have the technology to do attestation without sacrificing privacy, which makes all the calls for non-privacy-preserving attestation awfully curious.
I'm surprised anyone considers this viable.
It would limit access to those sites to a limited set of acceptable devices and operating systems.
I couldn't use my laptop, desktop, or a jailbroken phone.
Or make it so that tokens cannot be tested except by spending/burning them, which would significantly reduce (but not eliminate) a black market because it would be hard for any buyers to trust any sellers.
The best outcome here is going to rest on getting people to agree that "good enough" is the best outcome. We want a system that gets the broad social results (e.g. less brain-rot in the kids) without being so impossibly strict and overbuilt that it leads to an even-worse problem (e.g. authoritarian hellhole tools.)
If so, this stuff is already broken, and imagine it would be pretty simple to apply the same principles here.
I'm probably wrong on this though I'm out of my depth
Yes, that can eventually be worked around, but not really that different than doing the verification today on someone else's device.
So I'm constantly grabbing new tokens from the government every time I go from work WiFi to my cellular internet to the train WiFi and then home?
Sounds like a fantastic point for capturing more tracking data.
> /geolocation.
Which means I have to send my geolocation data to apps to confirm I can use my token?
Don't want that either.
> It would also throttle the number of identifications,
And if I move around too much in one day or change networks too often, I'm unable to log into anything until tomorrow?
No, you don't need to send it there.
Every time you set up an account, would generally be the idea. So relatively infrequently.
"Use this exact tor/vpn server"
>It would also throttle the number of identifications
So I can only wank off 5 times a day, or grant access to porn sites for 5 kids?
The anonymous crypto token scheme does not have any trace-back mechanism like this at all. If there's no way to track those tokens back to you, why not sell them for $1 each on the internet to make some extra money?
And you want to satisfy voters who are worried about children online or have heard scary things about anonymous criminals. You want to be seen to do something about those.
A distant third is that you want the system to be cheap and built up fast and relatively easy so voters don't complain about it.
All together this leads you to something like "any time a site needs to verify your age (based on this broad list of requirements) put in your government ID number / picture". The infrastructure already exists for that, banks need it, social media needs it, and the current president has agitated for it a few times now. If you're really aiming high you set up some digital ID attached to it that's easier for the users.
When you say it like that it sounds less scary than "deanoymization so the government can track down people saying things it doesn't like." Let's not forget the UK has more people in jail for things they said on the internet than Russia and China put together.
Depends on your state and laws and you can look around at how that's going - maybe you'll have brought a first aid kit to the wrong event or helped print some zines and they want to check up on you now.
https://pa.media/blogs/fact-check/fact-check-international-d...
Don’t think that the claim stands up to scrutiny, since its comparing unlike things.
Checkpoint Charlie directly ahead, not that far down the road.
If you venture into No Man's Land you could be shot on sight.
https://ageverification.dev/Technical%20Specification/archit...
Either they validate so little information that a single homeless person can authenticate the entire country or they validate so much information as to not have a significant privacy guarantee.
There is no in-between for ZKP validating someone's age.
the truth is that the two extremes you listed can be titrated.
if you use nullifiers you can trade some privacy for some security. basically you convert your true identity into a private token which you can use to authenticate aspects of yourself, the price being that the token can be tracked with some effort across services. better than just using your identity at least. if a token/nullifier is abused it can be revoked and then you have to jump through a bunch of hoops to get another.
there are some other trade offs that can be made.
What combination of details can you validate on that is meaningfully privacy-preserving and couldn't result in wide-spread re-use of tokens?
Additionally - what would prevent some kids from getting a homeless man in the city to hand them his ID, get a facial scan, and everything else you can think of to generate a token and then pass that token around?
ZKP are a cryptography-nerd's joy but are are categorically unsuitable for the purpose of age verification. I stand by this without the slightest reservation.
You can do this: when you want to log into a service, the service provider gives you a fresh challenge C, bound to that service/session. You sign the challenge, and then generate a zkp of the fact that:
1. you have the signed challenge C with a certain public key P 2. you have a state-signed credential/certificate that binds P with a person with birth date BD 3. current date - BD > 18 years 4. optionally, you derived a per-service nullifier, e.g. from the card/credential secret, the service origin and a time bucket, so the service can rate-limit abuse without getting a global cross-site identifier
You send the proof to the service provider, that verifies it, and learns nothing about you (except for the fact that you're of age).
An adult can of course give away the card/PIN, but you need to have it physically to sign fresh challenges, so it cannot be passed around as easily as a bearer token. Moreover he loses access to his actual ID, which is required for other services.
tying multiple accounts and services together isn't ideal but its inarguably better than tying your real world identity to every single service.
To clarify - it's not cryptographically necessary to present the same token for each and every transaction and serves to categorically defeat the entire privacy guarantee of ZKP.
It also makes it trivial to associate your ZKP token with your real identity.
> use of a persistent identifier
> tied to a person
contrast this with the situation as it currently is (under ideal assumptions) where a central authority verifies your real identity and issues temporary rate limited tokens which are then saved by each service and can at any time be linked to you whenever the central authority can get the service to disclose the database entry. the nullifier will force the central authority to do an investigation about who the nullifier actually belongs to which may actually fail.
realistically I expect VPNs and Tor to just become more popular in response to such nonsense. I wouldn't be using government issued tokens for anything that isn't trivial to tie to your identity already: such as a personal bank access.
Where to even begin here....
To generate the token, it needs to be based on specific data. How do you prevent people from generating tokens based on fake data and submitting that to the "terminus" that you mention? We already have cases of people bypassing facial scan liveliness checks for banks using AI-generated footage.
What about validating tokens during the token enrollment process based on your government ID? Though that makes sure that poor or undereducated people who don't have such an ID are locked out of large swaths of Internet services.
Though there's also the matter of it being trivial to generate fake IDs using AI.
If you have no gatekeeping for the token enrollment process, anyone can submit an arbitrary number of new tokens.
And if you do have gatekeeping, you're right back to square one of needing to validate against more than just your age.
After all - the cryptography algorithms will be publicly known. If the only thing ZKP is validating against is age, it won't take long to figure out how to generate identifiers based on fabricated information.
> whether or not the terminus can tie a token to a real world identity will depend on how careless the user was and how much collusion there is between the terminus and the services. at the very least it will impose an investigation cost.
No it won't. A user submits a token to a server. The user also logs in with their e-mail address or phone number. Their email and/or phone number is hashed and it, along with the ZKP token and any additional information the website has on you, will be sent to data brokers.
This is the same as any other bit of information out there that data brokers collect on the internet. They just associate your new info with other info you are required to provide in order to use various services.
This will be automated and will cost next to nothing for data brokers to take advantage of.
> contrast this with the situation as it currently is (under ideal assumptions) where a central authority verifies your real identity and issues temporary rate limited tokens which are then saved by each service and can at any time be linked to you whenever the central authority can get the service to disclose the database entry. the nullifier will force the central authority to do an investigation about who the nullifier actually belongs to which may actually fail.
....what? What investigation by central authorities? You are talking of a system that would constantly mediate permissions for billions upon billions upon billions of devices across dozens of services and accounts per device.
You couldn't hire an army of people large enough to handle this and AI is infamously awful at detecting when a given image has been generated with AI.
> realistically I expect VPNs and Tor to just become more popular in response to such nonsense. I wouldn't be using government issued tokens for anything that isn't trivial to tie to your identity already: such as a personal bank access.
Their popularity would only rise in order to VPN into jurisdictions that don't enforce this. Assuming major websites don't just mandate age/identity verification for all new users regardless of jurisdiction just because it's easier and cheaper to apply one system to everyone.
Look - I know you mean well, but it is clear from this discussion you aren't familiar with cryptography, system security guarantees, Internet infrastructure scaling, or what would be needed to introduce new descriptive information about a person on the Internet and not have it become a new privacy risk.
This is an issue that has no tech-only solution. The specifics aren't just something to just figure out at a later date - the specifics are everything. And it's something that is enormously difficult to get right and extremely easy to get very, very wrong.
> Look - I know you mean well, but it is clear from this discussion you aren't familiar with cryptography, system security guarantees, Internet infrastructure scaling, or what would be needed to introduce new descriptive information about a person on the Internet and not have it become a new privacy risk.
you also don't appear to know what a nullifier is, in a ZKP system you submit identifying information and a hash of a secret string. the CA adds the hash to a public database and in the future you prove you one of the members of the database with a nullifier - the anonymity-set is everyone in the database who entered it prior to your submission. this can also be done with a blind signature to the same effect.
there is no further point to this discussion.
You've promoted mutually exclusive concepts with regards to cryptography which is why I said you don't seem to understand it. And again - and again and again and again and again and again - what is the additional information you are authenticating based off of beyond age? Remote attestation provides absolutely zero privacy utility here whatsoever on its own! So you've remotely attested this ZKP key represents a person who is an adult. Creating another key based on that information alone is trivial to spoof - for it not to be trivial, it would require validating additional information!
What is your root of trust? What is the basis by which age is verified in a way that can't readily be spoofed?
> you also don't appear to know what a nullifier is, in a ZKP system you submit identifying information and a hash of a secret string. the CA adds the hash to a public database and in the future you prove you one of the members of the database with a nullifier - the anonymity-set is everyone in the database who entered it prior to your submission. this can also be done with a blind signature to the same effect.
That's nice and all for trivia on ZKP but how does that touch upon the problem being discussed?
The mechanics of ZKP are not relevant to the problem of ZKP being categorically worthless for the problem at hand. I don't say ZKP is worthless out of ignorance - more discussions about it won't change that.
The specifics of ZKP do not change the fact that you are validating either too little information to be useful for preventing fraud or too much to have privacy-preserving value.
> there is no further point to this discussion.
Evidently not.
We can't solve private age verification with blockchain tech. I'm happy you're so passionate about it, but it isn't a silver bullet.
Identity verification is busy being rolled out across the entire developed world right now, and I have yet to see or hear about even one single mention of anonymous credentials in the discussion of any of the laws.
Technological solutions for what problem?
I think the main takeaway is that the concept of such verifications is fundamentally incompatible with privacy. Today we have a simple "are you an adult" check but who is to say we wouldn't want further levels of segmentation (legal age to drive, age to allow health insurance etc)?
And this just one signal. Nobody likes the EU cookie/consent prompts but what they've shown us is that most websites are perfectly happy to fingerprint you the moment you step on their pages, and then share/broker your activity with hundreds and thousands of "legitimate interest" partners of theirs.
So the real-world equivalent of this situation is that you walk on the street and whenever you need to wait for a traffic light, board a bus or the tube, go into a shop, etc... you have a security person who needs to faceID(or fingerprint) you and make you wait until they find a match of your profile... and then they ask you to present your ID (which you have to carry at all times) but hey, it's private because you need to enter your PIN for them to read the chip.
Anonymous credentials don’t allow the state to retaliate in the dark of night against protected expression that they don’t like. Anonymous credentials do not allow for that, so they are irrelevant.
I find 'a' amusing as we'll often see in the same conversation that users appeal to parents to take responsibility and lock down their kids' access to things, as if that's trivial for non-tech folk and foolproof. It's also silly because the user interface to such a system doesn't need to show all that complexity.
And 'b' is often supported by some out of context quote that at first glance looks incriminating but doesn't actually mean much.
The saddest thing is that the article you link addresses most of the objections people have brought up in the thread, but few have read it.
Majority of people understand their SIN or SSN number or whatever, they understand they have a drivers license number. This could be built in such a way that it's basically just be another government issued "thing" that they have to know about and be able to produce when requested
Edit: I agree with you 100%, but the fact that governments want to track people online has no bearing on how technically possible it is to build a system where they can't
An anonymous internet auth system (probably) won't get built, but it is possible to build
During COVID, there were protests about "vaccine passports" and masks. My state legislature tried introducing bills that would outlaw such things. In 2024, in several states (including mine), legislators introduced bills that would outlaw mRNA (and every vaccine made from it) [0]. REAL ID took almost 2 decades to get every state to implement it until the feds threatened to close all (commercial) airports in states refusing to implement it.
Notes:
0 - every year one of my legislators introduces a bill to outlaw chemtrails. This year, he added the plot of Termination Shock to his bill.
Bill to make "pureblood" a thing:
https://web.archive.org/web/20250118232059/https://apps.legi...
Bill to outlaw chemtrails & Termination Shock:
I think for this argument to carry weight with voters, privacy advocates need to be much more specific about what "coming back to haunt you" looks like. They do a little bit of it later on[1], but I think most people do a rough cost benefit in their head and decide that the small benefit outweighs the small risk (to them).
[1] "And that creates a lot of risks for data breaches, overly broad data collection and retention, censorial legal demands for collected data, corporate and governmental malfeasance, pressure to self-censor, and perhaps blatant First Amendment violations. Every new layer and every new mandate brings more potential for risk. As we’ve unfortunately seen many times over the years, people including high-level government officials will maliciously seek to root out the identities of their critics, so the more layers of anonymity we can preserve in online speech, the better."
> Australia does order that personal information collected for age verification “must be destroyed once all purposes have been met.”
I've found that many people are actually in favor of these when they believe that it will only be enforced against people they disagree with. I'm hoping that people will be more likely to listen when they realize that their enemies may in future be able to get into power and change the definition of what is 'offensive', 'misinformation' or 'disinformation' to their own personal opinions.
Your defense against censorship and retaliation is not faux anonymity, but a functioning liberal democracy.
I'm starting to think we need to lean on conspiracy theories in order to get broader population on train with this - and I'm saying this in utmost regret. That's a borrowing game from a right wing/extremist playbook.
Start with this: requiring IDs online is a first step in micro-chipping the population.
...or how about this: marxists/atifa/nazis/zionists/islamist/whoever-group-people-think-is-in-power want to erode your privacy online so it can be used against you. Some nefarious group what to know your every move!
...or how about this: remember Epstein files!? Well the pedos now want to id your children online!
I simply saying truth/evidence/rational based approach to this will not get people attention. People just don't care.
That's not even an exaggeration, once they enforce OS-level age verification via remote attestation they don't even have to pass a law to do this, they can send a secret order to Big Tech to do this.
I think both political extremes have their own angles: liberals might be concerned that conservative censors will censor kids from learning about LGBT people and minorities, conservatives will be concerned that liberals will force too much LGBT and minority content onto kids. Or whatever issue, they want to control what your kids read!
This will almost certainly be used to censor adults too, the only reason we aren’t doing that is because it hasn’t been possible to consistently identify people before. Considering who is pushing for this, they’re absolutely going to tie this into advertising, and if they know who you are so do all of the spooky upper echelons who could implement a true censorship regime.
“The only way they can do this is by controlling what you read, shouldn’t that be the parent’s choice?”
Considering demographic trends, soon such arguments will sound very hollow.
In contrast, imagine a 2-person conspiracy where both have lifelong reasons to keep it secret. Yeah, I could have a theory about that conspiracy existing, but it wouldn't be, y'know, a conspiracy theory in the usual sense.
Ok but what conspiracy theories are even filtered out by this? Whistleblowers almost always do it at great personal cost.
How about "if you want to buy a dildo on aliexpress, you have to do a full scan of your face and send it to israelis"?
I mean.. au10tix does age verification for aliexpress, it is an israeli firm, and you can't even buy a scalpel (the DIY crafts one) without having to scan your face there due to EU regulation.
> All those policies are created with one single goal in mind - to catalogue and enumerate ALL human beings on the planet, not just kids.
1. Your government already has you catalogued, you have a birth certificate, you pay taxes don't you?
2. All these platforms are doing exactly that, do you think you are fooling anyone with that nickname? (come on lets face it you have at least one account with your real name).
This is not the problem. Even if, like millions, you are not talking about these things online, these systems still place you in danger. Even if you are a perfect, clean, compliant citizen these privacy-destroying systems place you in danger.
Fundamentally these systems expose you to coercion, extortion, blackmail, ID theft, etc. by criminals and immoral people who want money or power over you. There are countless examples of bad actors inside and outside these systems obtaining access to innocent people's private data and misusing it to their detriment.
This is the strongest argument against these bad ideas. Arguments that paint innocent, privacy-seeking people as suspicious or immoral in any way, should not be used.
It is rational and moral to seek privacy for your own safety and the safety of those you care for. Don't let them argue otherwise.
I wish this resulted in techies spending more time to look at the substance of the harms playing out, however I see denial of the situation altogether more than anything else.
I used to think the "think of the children" voting bloc was cowardly for hoping the government will do their job for them in setting strict ground rules so they don't have to be the uncool parent.
The closer I get to having children of my own, the more I understand why it seems like the only option. Fundamentally this is delaying indoctrination in digital consumerism, which is not parents versus themselves anymore. More like parents versus the entire economy.
Government might be the only champion for that kind of fight, but what a mess it will make of everything for them to get involved.
I'd prefer to have safety from that regardless of privacy.
I think privacy is a stopgap semi-solution to those problems that might lessen the pressure to actually solve them in a reasonable manner.
The SAVE ACT [0], which passed the House of Representatives last year (and is stalled in the Senate) only allows 4 types of identity documents to be allowed to register to vote in federal elections:
1. A US Passport, 2. A US Military ID with proof of US citizenship. 3. A US REAL ID with proof of US citizenship [1]. 4. A US REAL ID without proof of US citizenship, plus a US birth certificate and the names must match [2].
Notes:
0 - https://www.congress.gov/bill/119th-congress/house-bill/22/t...
1 - This is called Enhanced Driving License. It exists in only 5 states (Michigan, Minnesota, New York, Vermont, and Washington) and is an additional $35-40 above the cost of a regular driving license.
https://www.tsa.gov/realid/realid-faqs
2 - In the US, it is common for a wife to take her husband's surname. This means that 74,000,000 US women will lose the right to vote in federal elections if they don't spend $150 (for a new passport) or hundreds-to-thousands of dollars changing their name legally.
1. Age gating + VPN ban under the guise of protecting children from social media
2. Few years pass, Identity Passport gets ushered in under guise of convenience of not having to repeat those pesky age verification checks.
3. Utilities start to require ID Passport. Including signing up with an ISP.
4. Renting starts to require ID Passport.
5. Work requires ID Passport.
6. Well done, you built the torment nexus!
It's not as if there are no downsides. There are, and some of them are so severe that they are impacting the whole of society.
People can impersonate to be 500 or 5000 or 500000 people from another country and all echo some detrimental or even treasonous sentiment, critically influencing and steering voters, which changes politics and election outcomes and thereby the trajectories of whole countries. I cannot understate how serious that is.
If we can make sure that every real person can only have 1 social media account per platform, and if we can check that someone is an adult, and if (and only if) we can do that in a privacy preserving manner... then honestly, I don't see why I would be against that. I'm ok with being held accountable for what I do online. I want to pay that price to prevent the severe outside interference we've seen in elections and in our politics.
You and many others might not be, but it seems like you've lost the argument.
If some sites like Facebook want to be real-name only, that's fine. People can use Facebook for that if they choose. But don't ban alternatives for people who want alternatives.
Because I believe there are none.
Even if you are not American, HN is very tied to American culture, so I assume you dislike either Trump or Biden (or both). Which one should be able to arrest people more easily for their online posts? https://www.bbc.com/news/articles/cg7pyjxjxrvo
Are you a big fan of Peter Thiel? If not, why give him more power and money? https://www.openrightsgroup.org/press-releases/roblox-reddit...
Cementing Trump and friends' power may be considered some form of stabilization, but it's not one that I'm a fan of.
In my opinion this is just blind compliance and misunderstood trust in a system which is changing rapidly.
People that came before us have fought hard for these rights and if I'm not mistaken the us was founded on these rights.
I'm not saying that we should allow criminals to take over and I know crime is rampage but if we give up our liberties, what are we then fighting for.
I think the ideas the leaders are proposing have been shown not to work in history. Like east Germany and Similar...
In real life you are largely anonymous if you go to any place that is not in your social circle. If I go to any physical store under the sun and pay in cash I remain completely anonymous. The only exception is staff checking your ID for alcohol etc. if you look underage, but that datum is only stored in one persons brain for as long as they bother to remember. Many people would take issue if the clerk noted every persons name when getting carded.
> what's so great about having complete online anonymity anyway?
Because liberal governments can always become repressive governments. Unless you have absolute faith that your government will never do something you have a moral objection to, you can never be sure that anything you are, believe or do will not be censored or land you in jail in the future. Infrastructure that has a minor benefit under a "good" government, but would serve as a major tool of repression under a tyrannical regime should not be built out of principle.
As a thought experiment, ignoring issues with technical feasibility, would you approve if every person is only allowed to leave the house, under a stiff prison sentence for violation, if they wear a shock collar that can be activated remotely by a law enforcement official? That way, if police want to arrest you, they don't need to use violence and they don't have to chase you if you tried to run. It would make the police's job a lot easier, would it not?
> If we can make sure that every real person can only have 1 social media account per platform, and if we can check that someone is an adult, and if (and only if) we can do that in a privacy preserving manner... then honestly, I don't see why I would be against that. I'm ok with being held accountable for what I do online
To the extent that political discourse is shaped by astroturfing, realistically it'll just give a monopoly of influence to whoever controls/bribes the company or entity doing the verification. There certainly would be technical/cryptographic solutions where there isn't some central entity with a master key, but I doubt that it'll work like that anywhere, especially if it requires a citizen safeguarding his own keys.
> I want to pay that price to prevent the severe outside interference we've seen in elections and in our politics.
Outside interference in the form of legal bribes (lobbying) and sometimes less legal forms of corruption has orders of magnitude more sway over politics than whatever the public may effect in elections.
> You and many others might not be, but it seems like you've lost the argument.
It's ridiculous to imply that there was any serious public debate on this.
Any solution that can convince the Germans, the most privacy obsessed sticklers on the whole planet, has my support by proxy. If they think it's safe enough, it most likely is. Almost no other country has seen the dark side of what you're saying here as much as Germany, first with the Nazis and then in East Germany.
> To the extent that political discourse is shaped by astroturfing
Both Brexit and the Trump election have been significantly impacted by this, and it's not even controversial to observe that.
> Outside interference in the form of legal bribes (lobbying) and sometimes less legal forms of corruption has orders of magnitude more sway over politics than whatever the public may effect in elections.
Perhaps, but that doesn't mean that we should not address the elephant in the room - the seriously degrading impact that social media has on our society.
> It's ridiculous to imply that there was any serious public debate on this.
There was no debate because almost no one in (for example) tech circles is even acknowledging the problem, let alone coming up with a solution. Give me a better solution and I would argue for that instead. The status quo is unacceptable.
https://digital-strategy.ec.europa.eu/en/policies/eu-age-ver...
I would argue that those crafting our policies are destabilizing society far more than social media, and that they, rather than social media, should be “regulated” (perhaps into a small cell).
Opposing this requires:
* Linking to specific harms, which the public can emotionally resonate with. For example, scanning billions of photos for suspicions of child abuse will result in false positives that cause innocent people's kids to be taken away.
* Not seeming like an overheated conspiracy theorist. Feeling angry about this is legitimate, but it's not necessary to communicate in the same emotional register that you are feeling, even if it feels inauthentic not to. The public are saturated with people being publicly angry, much of which is purely performance. Deep concern may work better.
* Have plausible reasons for why this is happening. Yes, a few individuals like Thiel want to create a digital Stasi, but this would still be happening without them. Mostly this is driven by companies that want to make money, and officials who have a bias towards centralised processes, and are tunnel-visioned with respect to some issue. And people who are genuinely concerned about kids and haven't been given another convincing solution.
* Get facts straight. (Eg, rent/job IDs aren't a future threat. They are here)
You can each make a difference in your own way and report back in a year who changed the world more. No need to alienate allies.
As for not alienating allies: if it's this easy to piss off people to agree with you, maybe it's also worth thinking about how to talk to those you want to win over.
And if you're so eager to shake off allies who don't agree with all your ideas, maybe it's worth everyone thinking about how to talk to those we want to win over.
Besides, there are many ways to still keep your kids connected to their friends without feeding the beast.
And I say this as a parent.
I actually am curious about your experience on this. Basically, I'm worried that I'll try to make restrictions in the future, and it'll just be a war of attrition that I lose, since internet platforms touch so many parts of social life, especially for the young. Maybe things will be different in a decade.
The children are fine. Many countries no longer allow smartphones at school, which lowers the peer-pressure factor to be online.
Parents are doing their best to steer kids. But these pesky adults, goshdarnit, they access whatever content they want without approval from The State, potentially reading dissident materials, borrowing 1984 from libraries… politicians don’t like that.
https://www.abc.net.au/news/2026-06-25/australia-will-streng...
We draw the line somewhere because these things that "are the parents' decision" have consequences on broader society. They have consequences that impact you and me. And we also have a say.
You can make the argument that it's just the parents' decision. But you have to say why.
Not on the first 2 because they're illegal for minors. Yes on the last 2. A parent can e.g. forbid their minor from being employed if it's hindering their studies. They also have a say on their romantic partner and how they interact. If rules are not followed, they can e.g. be grounded.
Generally, the reasons are:
1) The parents know their child best (as opposed to a lawmaker, a voter, etc.); so, they can e.g. make the best decision whether their child is responsible enough to engage in a given activity, like social media and the internet as a whole. This is just a matter of fact from living together throughout the minor's life, as well as knowing themselves and what traits the child may have inherited.
2) Generally, nobody is going to care more about the child's welfare than the parents. They're the people you can most count on defending their child's best interest. Other people may just have other agendas. In the case of what we're going through with social media, the parents may determine that the internet access they provide is overall beneficial to their child, while attempts to forbid it may lie entirely in furthering a surveillance state of the adult population which their child will eventually be a part of. Children don't stay children. One must also think of their adult lives when advocating for them.
3) Families differ a lot in values. They each have their own perspective on the proper way to raise their child. There's no consensus on a lot of things both big and small. The views of an individual family are generally going to be more stable and consistent than whatever's going on in the general political arena and changing culture. They also depend a lot on the family's individual circumstances, which the child will also exist in and may need to navigate as their parents have done. The child may also inherit traits from their parents and may need their particular guidance based on that. Again, in the case of social media, the child will likely benefit from guidance on e.g. how to not use it compulsively, how to protect their privacy (including being watchful of how much of themselves they share, to not depend on their own obscurity, etc.), how to respond to other people, not take things personally, not need others' validation, why are parts of the internet the way they are, etc.
4) Once the minors are adults, the parents will ultimately have no say and no obligation. One needs the opportunity of the time they're minors to be able to gain that guidance. If the parents are disempowered to make such decisions, it's ultimately harmful to the child. They will have to parent themselves.
The fact that you asked this makes me think that either you're an adult that feels badly towards your parents (maybe justified or maybe not), or you're a minor that doesn't understand why parents have authority. In case of the latter, you might think that another authority would be better. You might have idealisms (e.g. on the ability of something as broad-brush as law to substitute parenting), and simply lack the experience/perspective to see why such idealisms fail.
> When disagreeing, please reply to the argument instead of calling names. "That is idiotic; 1 + 1 is 2, not 3" can be shortened to "1 + 1 is 2, not 3."
I agree. Browsing the internet is not remotely comparable to smoking.
It really isn't, though. Don't mistake the internet for reality. The majority of people in the US and Europe support laws like these, and most of the rest don't care.
Even on Hacker News the consensus is mostly in favor of anything from age restriction to making all social media illegal.
okay then, show us a poll where the majority answers "yes" to an unambiguous question like "are you in favor of having to provide your ID or scan your face to access the Internet?"
"The majority of people in the US and Europe" support laws against drugs, for example, but would likely object to having their cavities searched three times a day.
That doesn't sound right. Put up a poll. I'd put money on 90%+ choosing some flavor privacy/anonymity on the internet.
We're not seeing anything of the sort, and couldn't possibly for some time yet.
What we are seeing, as evinced by the article, is how ineffective these laws are at actually keeping kids off social media, and how effective the mass collection of identity data is at creating an environment for scammers, hackers, data brokers and the means for widespread political oppression.
You frame it as "we've come up with a composite score (social credit) that lets us more efficiently enforce [stuff HN likes but the population likes way less]" and it's mostly all cheering and the one guy with principals is downvoted and flagged.
I can only say what I've observed from numerous threads - people's advocacy for privacy on the internet here does not extend so social media.
But OK this could be fun let's put my keyboard where my mouth is: https://news.ycombinator.com/item?id=48680434
Social media is full of astroturfing.
REMOTE PRIVACY NEVER EXISTED BEFORE A FEW DECADES AGO!
And what happened in these decades are enough for the societies to wonder whether this new possibility in human connections (i.e. remote privacy) is globally a good thing. Just stomping your feet because the new toy may be declared illegal is not helping anyone. Governments are expressing serious doubts: this discussion needs serious interventions, not temper tantrums.
The people in power in a democracy do not not persecute their dissidents because they are better people or because they got to power by being elected by the people, but because good democratic systems hold the people in power accountable to the general population. A surveillance state does the opposite. It holds the people accountable to the government.
Democracies stay democratic because the people hold power over the state and have means to get informed about the state. That requires for example journalism and protection for journalists and their sources. When the state can trivially find the sources of journalists and surveil the investigations of journalists before they can even publish anything that protection is no longer given.
When the state can know exactly all the people that participated in a protest that gives the state power over the people and takes power away from the people.
When the state can know exactly where in important organizations of all kinds there are dissidents so it can replace them before they can organize...
And now, general public is pissed about consequences of what large companies caused so much, that it is willing to put a lot of power into the hand of evil government, because they see it as less evil.
We are living in a panopticon that never existed before.
Remote privacy means that you don't have to move from home.
> or sent a letter
Which anybody could just intercept and read.
> Famous authors published for a whole lifetime under pseudonyms.
But someone had to know who they were and where they lived, and they could be convinced to share such information.
But to your point on anonymity. That has been protected in letter writing e.g. and also privacy has been considered a human right. Until now...
But maybe you have a point in saying that no temper tantrums are needed.
The difference is that one is very granular and done in reaction to a crime. The other is a wide scale collection of data which is necessary recorded.
The problem is mass data collection without suspicion, probable cause, or warrants whatsoever. That's a brand new thing, other than the places in the world unfortunate enough to have roving gangs of police going door to door and searching homes without warrants. This facilitates it on a scale that's never really been seen before in human history.
Everybody who talks about cryptography is arguing about that! With the digital technology we have, the options are very simple: either every man in the middle can read (even the villain), or nobody can (not even the justice departments). There's no middle ground.
That is plain wrong.
You could absolutely send a letter anonymously without showing your ID. You could use a phone booth without showing your ID. Increasingly more countries demand ID verification for such things like getting a SIM card that used to be remote privacy.
But much more importantly you are making a false differentiation between 'remote' and local privacy. Before the internet that made some amount of sense. What you do in the locality of your home is private and what you do in public is not, such as buying a book in a store.
However two things have fundamentally changed since then:
1. This difference largely does not exist anymore. Things that used to be in your home and private and are now in some way or another in internet connected computers that act as surveillance devices. Your movie and book library used to sit on a bookshelf in the privacy of your home and only you would know when you watch a movie. Today it sits on Amazon's or Netflix servers and they know exactly what and when you watch and read. In fact turning the digital library you "bought" into something you own by converting them into a format you can store locally and use without restrictions and surveillance (local privacy) is illegal and punishable with jail time under the DMCA.
Notes written in a note book used to be local privacy, now they are written on a computer that automatically, without consent uploads them to "the cloud", a server controlled by a large corporation that acts as a panopticon for the state.
I could go on forever. Our lives are increasingly digital. That in itself would not necessitate being "remote", but in reality that is what follows, because people do not control their devices. Instead these devices are surveillance appliances controlled by corporations and increasingly the state.
2. Technology did not just enable the means for more anonymity, but also for a completely new, fundamentally different level of automated, all encompassing surveillance.
Before the internet you went into a store and bought a book with cash. You were not anonymous in the strict sense, the cashier could see you and might even recognize you, but you did not have to show your ID for everything you buy. The cashier did not create a log with your legal name and all the items you bought. Sure, the cashier might know you bought that book, but no one else did. There was no central surveillance log of every purchase accessible to corporations and the state.
Today credit cards are exactly that. Many countries have begun attacking cash as part of the war on privacy. We are heading towards a world where you effectively have to show your ID for absolutely everything you buy and every purchase will be logged.
CCTV is old, but the footage used to sit on tapes in the possession of individual stores and tracking someone's movements with this was a massive amount of work that would only make sense for specific investigations like murder cases.
Now CCTV is everywhere and systems like Palantir collect them all in a central system that logs everyone's movements all the time. The government can just search for "people who met with X in the last month" and get a log of all these people, their complete movement profiles, the people they met with etc.
Letters weren't exactly well protected, but no one would read your letters because it was infeasible. Now we have the infrastructure to automatically read all messages sent by anyone and the government can just get notified of anyone who voices in private communications that they do not like strawberries or the ruling political party.
Western democracies are building the wet dream of the Stasi, something that just a few years ago was supposedly an authoritarian dystopia and our great enemy. We were supposedly so much better than the bad guys of the Stasi. Now we are building a future where we are still different from the Stasi, because we are making it outdated.
The problem is we have switched from a world where it was easy to let the government read selected communications (single phones, letters), to one where it's hard not to give them access to everything or nothing.
Personally, if there was some 'magic wand' way I could let the government keep it's previous levels of control in the internet age (they could individually pick users and put work into monitoring their communications, with a clear low limit on the number they can previously watch), I personally would.
But that's hard to do -- it's not obvious it's possible at all, so we need to define a 'new normal', but let's not pretend we aren't taking a huge amount of existing power away from governments with large scale encryption.
The idea that being anonymous online will save a society from a dictator/repression is wishful thinking.
Only good faith engagement with an existing democractic system will ensure the success of democracy, but that is too hard for most poeple.
99.9% on anonymous engagement online is bad faith.
Strawman.
> Only good faith engagement with an existing democractic system will ensure the success of democracy
This isn’t true. Voters are occasionally very willing to vote in demagogues, authoritarians, and fascists.
The founding fathers knew that democracy came with it the chance of mob rule.
The solution isn’t to guarantee that nobody has any anonymity online. It’s to make society more resilient by increasing media literacy. Countries which border Russia (notably Finland and Ukraine) are doing an amazing job at resisting the industrial volume of manufactured propaganda. Countries with gullible people just become victims to it.
It’s simply not on the cards, and I live a frugal enough life in a high paying industry that I can retire in a few years. If I was willing to bank on inheritance then I could retire now.
I feel for the people that are forced to engage though. But too many of them simply don’t care about privacy, which is why we’re here.