No, we most certainly should not! Zero knowledge proofs are not some magic privacy faerie dust that can be sprinkled around to provide any desired security property.
For this use ZKPs are trivially proxyable, and thus this type of system also requires additional security properties from treacherous computing [0] - specifically remote attestation which prevents your ability to run code of your choosing on your own device.
And Google (et al) are quite eager to supply this type of environment ("Safety" Net, WEI, etc). This is exactly why the new UK system requires the use of a locked down corpo-controlled phone, and why corpos are pushing this idea that there is a "secure" way this can be done.
Essentially they are advertising the cool privacy-preserving half of the system, without mentioning the necessary other half that destroys privacy and freedom.
[0] "trusted" computing in corpo speak. In other words, a crippled model of computing that the corpos can trust us to have.
Yes, you could use someone elses ID to access the porn.
That someone else could also sit next to you and press the button.
There is no solution that isn't 'proxyable' with the aid of the approved party. No solutions being considered are even particularly resistant to borrowing someone's ID or credit card, etc..
ZKP are no worse in this respect.
Adding treacherous computing doesn't improve any of them other than "approved software says its okay" is just a cheap (and fairly insecure!) way of implementing looksalike functionality to an actual cryptographic technique.
The problem with ZKPs, especially for age verification in the US, is that it you obviously still need some digital identity to perform the proof against. That not only doesn't exist in the US, but introduces a sensitive identity that like any other can be leaked.
The same is true for cryptocurrency of course but that risk is implicit in holding a private key to spend in the first place.
If there is no provable link between the service and the identity, however, there isn't that much harm in the leak itself. It just becomes a list of names and ages which are a dime a dozen on the internet. Hell, if the identity service was the government itself then it would be entirely useless outside of getting a list of people who have a driver's license (is this public info already?)
I'd prefer zkp if we're doing this at all, but I think you could go simpler still. Google is skipping it for accounts with an associated credit card, that would work in lots of sites really
mindslight|6 months ago
For this use ZKPs are trivially proxyable, and thus this type of system also requires additional security properties from treacherous computing [0] - specifically remote attestation which prevents your ability to run code of your choosing on your own device.
And Google (et al) are quite eager to supply this type of environment ("Safety" Net, WEI, etc). This is exactly why the new UK system requires the use of a locked down corpo-controlled phone, and why corpos are pushing this idea that there is a "secure" way this can be done.
Essentially they are advertising the cool privacy-preserving half of the system, without mentioning the necessary other half that destroys privacy and freedom.
[0] "trusted" computing in corpo speak. In other words, a crippled model of computing that the corpos can trust us to have.
nullc|6 months ago
Yes, you could use someone elses ID to access the porn.
That someone else could also sit next to you and press the button.
There is no solution that isn't 'proxyable' with the aid of the approved party. No solutions being considered are even particularly resistant to borrowing someone's ID or credit card, etc..
ZKP are no worse in this respect.
Adding treacherous computing doesn't improve any of them other than "approved software says its okay" is just a cheap (and fairly insecure!) way of implementing looksalike functionality to an actual cryptographic technique.
easterncalculus|6 months ago
The same is true for cryptocurrency of course but that risk is implicit in holding a private key to spend in the first place.
cmdli|6 months ago
pr337h4m|6 months ago
nemomarx|6 months ago