top | item 47064641

(no title)

gigel82 | 11 days ago

It's clear these "age verification" bills will just keep coming and it's a losing battle to try and oppose each individually.

Instead (or rather in addition to) activism we should go at it from the other end and request the introduction of a verifiably independent authority and zero knowledge protocol that will deliver a cryptographically secure boolean bit (isOver18) with no way to correlate from either end the ID or which website the bit is used for.

The alternative is IDs get collected by all these horrendous privacy fiends and sold / leaked / monetized across the board, which sounds like a dystopian nightmare.

discuss

spicyjpeg|11 days ago

Solutions based on zero-knowledge-proofs would solve the privacy aspect at the massive cost of killing general purpose computing as we know it today, by mandating the use of remote device attestation (as that is the only way to guarantee an otherwise fully anonymous token is not being sniffed and passed onto someone else). That would be in my opinion significantly more dystopian than every service having a copy of my ID, as it would lay the groundwork for corporations and governments to be able to dictate what you can and cannot do exactly with any internet-connected device.

It's not hard for instance to imagine that once every computing device available to the general public is locked down and cannot be jailbroken without also losing the ability to log into any online service, a law would be introduced requiring client-side scanning of all files to check for CSAM, evidence of political dissent or even just plain old movie piracy. The technology to implement this exists (see what Apple tried to do a few years ago) and the exact same legislation is currently being pushed in the 3D printing space, so these fears are not unfounded.

tzs|11 days ago

In the farthest along systems, such as the one the EU has been working on for a few years and is now field testing, you only need to have one secure device to store your digital ID, which in the first version will be a smart phone. If you want to use a site that requires proof of age from some other device like a desktop computer or a public computer in a library you can do the age verification on your phone.

gigel82|11 days ago

I'm not an expert in this area, but I thought blockchain and things like zk-SNARKs solved this.

I agree that if remote device attestation comes bundled in, it's worse overall.

But are we just SOL then? How long before Cloudflare integrates, and then ISPs? What is left of the internet? Are we all going to run pirate LoRa nodes and other such things to get some free (as in freedom) internet?

chneu|11 days ago

Your 2nd paragraph is a foreign language to US representatives. A bunch of senators, like Graham and Turtle Man, brag about not using email.

iamnothere|11 days ago

I would propose a variant of RFC 3514, where adult-related packets have a specified bit in the IP header. Simpler and you can filter it at the firewall.