The offline version proposed doesn’t even work. If the government issues untraceable “I’m an adult” cards there’s nothing stopping someone from acquiring one and immediately selling it to a minor. There’s also realistically nothing stopping someone from acquiring multiple and selling them to minors. “Oops, I lost my adult card again. I need a new one.” The solution is of course to make them revocable which means traceable.
The same applies online/digitally except that you can very likely distribute the same ID to many minors without getting a new one allocated.
I’m in the “we should protect kids online” camp, but I am not sure there’s a real way to do it without compromising privacy for everyone.
> When children are very young, parents can set strict boundaries. But as kids move into their teens, parents also have an obligation to loosen them. Teenagers need spaces where they can act independently
Parent have an obligation to loosen the restrictions, and, what, the government has obligations to tighten them and deprive them of the spaces where they can act independently?
I don't care to talk about the premise itself. This reasoning is absurd.
The article claims this is what the ZKP scheme reveals:
> Here is cryptographic proof that I hold a valid credential proving I am over 18. You can verify the proof, but you learn nothing about who I am.
Is this true though? I am genuinely interested as I haven't looked into the details, but must the user not at least also disclose who the issuer of the credential is so the verifier can verify it against a public key? This also reveals at least the nationality of the user and could be misused to block access to foreigners using VPN.
A friend and I were the first to have modems at age 12. And we had access to all kind of stuff on BBS and later in newsgroups. That wasn't meant for our age group and yet there wasn't any harm done. Others in our classes didn't roam there. (They were more into drinking, smoking and stealing in real life instead)
Guess who is heavily using social media today and unreflectively repeats fake news.
If the EU actually mandates each member country implements a ZKP for this then I am all for it.
Can they also provide other ZKPs? Specifically to attest that someone is a unique human being? Humanity verification is incredibly important to fight against propaganda online[1]
1 - https://blog.picheta.me/post/the-future-of-social-media-is-h...
Overall "more verification" goes in the direction of "more surveillance".
The author described a narrow path that provides "kid safety in the internet" without sacrificing the general population privacy.
Is it technically possible to implement the way he suggests? Yes. Will it be implemented that way? No.
There are people who can affect the way this verification will be implemented who are genuinely interested in more surveillance, heck, remember chat control that is an ongoing fight in a very similar vein, there is a global desire in politicians to get more control over the communications.
To me the author seems either naive or straight up malicious.
I agree with the broad point. But it ignores another key requirement: it can’t be easy to “loan” your proof of age to someone else.
But by what mechanism would one prove, when using such selective disclosures and zero-knowledge proofs to access an online service, that they are, in fact, the owner of said attestation?
Except that within days of this service going live there's going to be a freeageverification.com that instantly generates an attestation proof for anyone for free. I fail to see how this is not untenable. You can compare it to geoblocks that can be circumvented using VPNs, but at least VPNs are costly to run and are usually paid services. With the implementation of verification (ZKP) described in the article, there is no cost to generate attestation proofs nor any limit on the number of proofs nor any way to stop a known-but-anonymous abuser from generating new proofs.
Maybe the EU knows it's untenable and is still moving forward because they will be able to demonstrate to the public that privacy enables abuse, creating pretext to make the system not private anymore after it's already been implemented.
We have people checking IDs at the doors of bars and strip clubs.
And just like in those cases, what is to prevent someone who is of age giving their ID to someone underage?
Free access to information is non negotiable. You can dress it up in whatever argument you like; safety, intellectual property rights, moral imperatives. Take your pick. Information will not be held back, it wasn't held back by any tyrannical regime of the past with much more asymmetrical access to control, not the banning of the printing press, the efforts of the Stasi to ban western music in East Germany, nor China's more recently attempted "Great Firewall", have worked. This also will not work.
I am not worried for myself and for others who are technically inclined, we will just silently find and implement solutions for ourselves and any others who have the energy and inclination to use them. This is worst, as usual, for the most vulnerable among us. Those most in need of the information which they will not be able to access. Every freedom comes with risks and responsibilities, freedom of information maybe more than any, but the harms of limiting information are much more unacceptable than any caused by its unhindered natural flow. You can propagandize and scheme to your hearts content. You can lobby your governments to implement your halfbaked schemes. But in the end it won't work... Because people like me and millions of other will just not comply. We will build our own networks if need be, but we will do just about anything rather than accept your terms.