"Free Speech" in the American legal sense (1st Amendment to the Constitution) applies to government prohibition on speech, with a particular emphasis on political speech.

It doesn't prevent one person from prohibiting speech... I can tell a pastor to stop preaching on my lawn. But, the government cannot tell a pastor not to preach in the publicly-owned town square (generally, there are exceptions).

There are arguments that certain online forums are effectively "town squares in the internet age" (Twitter in particular, at least pre-Musk). But, I always found that analogy to fall apart - twitter (or whatever online forum) is more like an op-ed section in a newspaper, IMO. And newspapers don't have to publish every op-ed that gets submitted.

Also, the 1st Amendment does not protect you from the consequences of your speech. I can call my boss an asshole to his face legally - and he can fire me (generally, there are labor protections and exceptions).

> Why they don't use zero knowledge proof?

Some proposed implementation do this. Without the requirement there is no chance of your ID or age being leaked, with zero knowledge proof, there is a chance they leak but can be made small, potentially arbitrarily so. Other implementations come with larger risks.

> "is this considered a violation of free speech?"

There were major Supreme Court rulings on the topic recently, see

https://news.ycombinator.com/item?id=44397799 ("US Supreme Court Upholds Texas Porn ID Law (wired.com)"—5 months ago, 212 comments)

https://en.wikipedia.org/wiki/Free_Speech_Coalition_v._Paxto...

Zero knowledge proof is either trivially defeated by re-using the same credentials or doesn't have useful privacy guarantees. There really isn't an in-between here for something like age verification.

- If I can do a zero knowledge proof once per day against someone who is under age, I can eventually determine their birthday.

- If I can do a zero knowledge proof with an arbitrary age, I can eventually determine anyone's birthday.

- If the only time people need to verify their age is to visit some site that they'd rather not anyone know they visit and that requires showing identity - even if it's 100% secure, a good share of people will balk simply because they do not believe it is secure or creating a chilling effect on speech.

- If the site that verifies identity is only required for porn, then it has a list of every single person who views porn. If the site that verifies identity is contacted every time age has to be re-registered, then it knows how often people view porn.

- If the site that verifies identity is a simple website and the population has been trained that uploading identity documents is totally normal, then you open yourself up to phishing attacks.

- If the site that verifies identity is not secure or keeps records, then anyone can have the list (via subpoena or hacking).

- If the protocol ever exchanges any unique identifier from the site that verifies your identity and the site that verifies identity keeps records, then one may piece together, via subpoena (or government espionage, hacking) every site you visit.

Frankly, the fact that everyone promoting these systems hasn't admitted there are any potential security risks should be like an air raid siren going off in people's heads.

And at the end of all of this, none of it will prevent access to a child. Between VPNs, sharing accounts, getting older siblings/friends to do age verification for them, sites in jurisdictions that simply don't care, the darkweb, copying the token/cert/whatever from someone else, proxying age verification requests to an older sibling/rando, etc. there are way, way too many ways around it.

So one must ask, why does taking all this risk for so little reward make any sense?

> is this considered a violation of free speech?

Not in principle

See the limits on curse words on TV. Or MPAA ratings for movies.

Because safeguarding user privacy is not a goal. Scoring political points with "think of the children" agendas, while getting kickbacks from companies salivating at the opportunity to gather even more personal data, is.

Onlyfans is legal prostitution so we need to protect that. Better to regulate the entire internet with taking your rights than question why it's allowed.