Skip to content
0
  • Home
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
  • Home
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (Sketchy)
  • No Skin
Collapse

Wandering Adventure Party

  1. Home
  2. Uncategorized
  3. Age Verification isn't a technical problem to solve.

Age Verification isn't a technical problem to solve.

Scheduled Pinned Locked Moved Uncategorized
masssurveillancageverificationprivacydemocracyhumanrights
111 Posts 38 Posters 1 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • Em :official_verified:E Em :official_verified:

    Age Verification isn't a technical problem to solve. If you think that, you're missing the point.

    It's a social problem used by authoritarian governments as an excuse for population control and censorship.

    It's a fundamental attack on free speech and democracy.

    It must not be accommodated.
    It must be stopped.

    #MassSurveillance #AgeVerification #Privacy #Democracy #HumanRights

    Luna LacteaJ This user is from outside of this forum
    Luna LacteaJ This user is from outside of this forum
    Luna Lactea
    wrote last edited by
    #72

    @Em0nM4stodon What happened to "never tell anyone your age on the Internet"?

    1 Reply Last reply
    0
    • divVerentD divVerent
      @edwiebe@mstdn.ca @dalias@hachyderm.io @Em0nM4stodon@infosec.exchange From what I understand, active verification does necessarily invade privacy.

      But active verification is not necessary.

      A mere social media ban under age X, if necessary, could simply be passed as a law, making the parents responsible for ensuring their children follow it. There already are existing laws of this kind for other areas of life. And as parents are responsible for supervising their children, they definitively can also be responsible here.

      The opposite is true as well - while the child is supervised by their parents, such restrictions should not apply.

      To support the ban, I still think it'd be useful to have an (optional at parents' discretion) software solution. Sure one could go all allowlist using e.g. Google Family Link, but I'd prefer if sites specified their purpose (and also some other properties, e.g. the severity of various kinds of NSFW content, potentially even at multiple levels of which the client can then pick one and specify in a header) for such software to use. That's trivial to do, it's just one file to be placed in the web server's root and it'll work. Could store it in DNS instead, whatever, don't care.

      Furthermore, while at it, we could combine this with a technical solution for COPPA and other regulations that ban tracking and surveilling children online. Namely, revive Do-Not-Track, and have aforementioned software automatically set the header for minors.

      But, I hear Big Tech say, then what if adults set the header too?

      Then you don't effing track them either.

      But... what if everyone sets it?

      Then the people have spoken.
      Ed WiebeE This user is from outside of this forum
      Ed WiebeE This user is from outside of this forum
      Ed Wiebe
      wrote last edited by
      #73

      @divVerent

      Age verification doesn't take away anyone's Rights.

      Maybe we don't need it. Maybe we do. That's a different discussion.

      @Em0nM4stodon @dalias

      Dani T 🌻R divVerentD 2 Replies Last reply
      0
      • Ed WiebeE Ed Wiebe

        @dalias @divVerent @Em0nM4stodon Knowing how old someone is does not limit their speech nor their ability to vote (we verify age for that already, and for many other reasons). Age verification isn’t state censorship. I suppose it could be a way to limit anonymous speech. That isn’t a Right where I am from (nor is ‘free’ speech). I doubt anonymous speech is a Right anywhere.

        I have no doubt it’s absolutely technically feasible in a way that infringes on no one’s privacy. Ultimately though, yes, it could be abused by bad actors. Like everything else in civilisation we need some balance of enforcement to deal with those people.

        CassandrichD This user is from outside of this forum
        CassandrichD This user is from outside of this forum
        Cassandrich
        wrote last edited by
        #74

        @edwiebe @divVerent @Em0nM4stodon There is no way to know how old someone is without attestation by some authority who knows their identity. This precludes participation by anyone not known to such an authority (undocumented, outside of jurisdiction, etc.) or for whom it is not safe to let that authority know they are participating. And this is only the tip of the iceberg.

        You are dangerously wrong, and you should stop advocating about things you're dangerously wrong about.

        Ed WiebeE Talya (she/her) 🏳️‍⚧️✡️Y divVerentD 3 Replies Last reply
        0
        • Ed WiebeE Ed Wiebe

          @divVerent

          Age verification doesn't take away anyone's Rights.

          Maybe we don't need it. Maybe we do. That's a different discussion.

          @Em0nM4stodon @dalias

          Dani T 🌻R This user is from outside of this forum
          Dani T 🌻R This user is from outside of this forum
          Dani T 🌻
          wrote last edited by
          #75

          @edwiebe @divVerent @Em0nM4stodon @dalias It takes away all kinds of rights that you don't even realize you depend on

          Like the right to live an unmonitored life

          Maybe you *think* you don't have anything to hide.

          Maybe you *think* you don't have anything that somebody with power over you wants

          If you value anything in your life, you absolutely are relying on a right to privacy to protect it

          The DoctorD Ed WiebeE E A_MinionA 4 Replies Last reply
          0
          • Ed WiebeE Ed Wiebe

            @divVerent

            Age verification doesn't take away anyone's Rights.

            Maybe we don't need it. Maybe we do. That's a different discussion.

            @Em0nM4stodon @dalias

            divVerentD This user is from outside of this forum
            divVerentD This user is from outside of this forum
            divVerent
            wrote last edited by
            #76
            @edwiebe@mstdn.ca @Em0nM4stodon@infosec.exchange @dalias@hachyderm.io So who do you trust enough to present your ID to online?
            Ed WiebeE 1 Reply Last reply
            0
            • CassandrichD Cassandrich

              @edwiebe @divVerent @Em0nM4stodon There is no way to know how old someone is without attestation by some authority who knows their identity. This precludes participation by anyone not known to such an authority (undocumented, outside of jurisdiction, etc.) or for whom it is not safe to let that authority know they are participating. And this is only the tip of the iceberg.

              You are dangerously wrong, and you should stop advocating about things you're dangerously wrong about.

              Ed WiebeE This user is from outside of this forum
              Ed WiebeE This user is from outside of this forum
              Ed Wiebe
              wrote last edited by
              #77

              @dalias @divVerent @Em0nM4stodon

              If you're suggesting every jurisdiction should allow unrestricted access to everything because some jurisdictions are authoritarian then I disagree.

              Em :official_verified:E divVerentD 2 Replies Last reply
              0
              • CassandrichD Cassandrich

                @edwiebe @divVerent @Em0nM4stodon There is no way to know how old someone is without attestation by some authority who knows their identity. This precludes participation by anyone not known to such an authority (undocumented, outside of jurisdiction, etc.) or for whom it is not safe to let that authority know they are participating. And this is only the tip of the iceberg.

                You are dangerously wrong, and you should stop advocating about things you're dangerously wrong about.

                Talya (she/her) 🏳️‍⚧️✡️Y This user is from outside of this forum
                Talya (she/her) 🏳️‍⚧️✡️Y This user is from outside of this forum
                Talya (she/her) 🏳️‍⚧️✡️
                wrote last edited by
                #78

                @dalias @edwiebe @divVerent @Em0nM4stodon
                while that's true, it is possible to make such an attestation without destroying privacy (see https://soatok.blog/2025/07/31/age-verification-doesnt-need-to-be-a-privacy-footgun/).
                however, even if you do that, it'll still be morally wrong in most cases.

                and also, corporations are deliberately not going for the private solution, and governments are shifting the blame to users. the Czech government recently admitted social media is already illegal for teens (due to privacy laws), but they want new laws anyway.

                CassandrichD 1 Reply Last reply
                0
                • CassandrichD Cassandrich

                  @edwiebe @divVerent @Em0nM4stodon There is no way to know how old someone is without attestation by some authority who knows their identity. This precludes participation by anyone not known to such an authority (undocumented, outside of jurisdiction, etc.) or for whom it is not safe to let that authority know they are participating. And this is only the tip of the iceberg.

                  You are dangerously wrong, and you should stop advocating about things you're dangerously wrong about.

                  divVerentD This user is from outside of this forum
                  divVerentD This user is from outside of this forum
                  divVerent
                  wrote last edited by
                  #79
                  @dalias@hachyderm.io @edwiebe@mstdn.ca @Em0nM4stodon@infosec.exchange In theory one could do this with a "trusted" third party and blind signatures.

                  Let every country on the world run a CA for age verification. CA generates a certificate for your age that reveals nothing about your identity.

                  Present these certificates. Extra cryptography to be used so the certificate cannot be used as an user ID (i.e. each time you present it, the data sent has to be different). E.g. a "zero knowledge protocol". Not even the government that ran the CA should be able to find out which person is presenting their certificate.

                  All this is solvable, but:

                  - Nothing stops you from copying someone else's certificate. Even if this were TPM-backed and it were actually secure, nothing stops you from using someone else's computer.

                  - Websites need to trust _every single country's_ CA. Even if this were feasible, it'd quickly run into issues like "which CA to use for people in Taiwan", and e.g. recognizing one could get you into trouble with the other.

                  - If only one country hands out certificates for people who haven't reached the proper age yet, the entire system breaks down. And some country sure will do that - at least for people paying enough.

                  - None of the major companies would ever implement a privacy protecting scheme anyway, if they can instead do mass surveillance.

                  At that point, it basically gains nothing vs my approach of the ban simply implemented client-side and voluntarily. Parents either block social media for their children, or they don't (and supervision necessarily ends once children can afford their own phone and internet connection). I have ideas to simplify that, but solutions for that already exist right now.
                  1 Reply Last reply
                  0
                  • Dani T 🌻R Dani T 🌻

                    @edwiebe @divVerent @Em0nM4stodon @dalias It takes away all kinds of rights that you don't even realize you depend on

                    Like the right to live an unmonitored life

                    Maybe you *think* you don't have anything to hide.

                    Maybe you *think* you don't have anything that somebody with power over you wants

                    If you value anything in your life, you absolutely are relying on a right to privacy to protect it

                    The DoctorD This user is from outside of this forum
                    The DoctorD This user is from outside of this forum
                    The Doctor
                    wrote last edited by
                    #80

                    @RandomDamage @edwiebe @divVerent @Em0nM4stodon @dalias People think they have nothing to hide, until suddenly they do.

                    1 Reply Last reply
                    0
                    • Ed WiebeE Ed Wiebe

                      @dalias @divVerent @Em0nM4stodon

                      If you're suggesting every jurisdiction should allow unrestricted access to everything because some jurisdictions are authoritarian then I disagree.

                      Em :official_verified:E This user is from outside of this forum
                      Em :official_verified:E This user is from outside of this forum
                      Em :official_verified:
                      wrote last edited by
                      #81

                      @edwiebe @dalias @divVerent I recommend watching this short video to understand better how the data we collect now can have a great impact on a government that turns authoritarian later: https://infosec.exchange/@Em0nM4stodon/116031435192287968

                      1 Reply Last reply
                      0
                      • Ed WiebeE Ed Wiebe

                        @dalias @divVerent @Em0nM4stodon

                        If you're suggesting every jurisdiction should allow unrestricted access to everything because some jurisdictions are authoritarian then I disagree.

                        divVerentD This user is from outside of this forum
                        divVerentD This user is from outside of this forum
                        divVerent
                        wrote last edited by
                        #82
                        @edwiebe@mstdn.ca @dalias@hachyderm.io @Em0nM4stodon@infosec.exchange You don't need rights until you do.
                        1 Reply Last reply
                        0
                        • Dani T 🌻R Dani T 🌻

                          @edwiebe @divVerent @Em0nM4stodon @dalias It takes away all kinds of rights that you don't even realize you depend on

                          Like the right to live an unmonitored life

                          Maybe you *think* you don't have anything to hide.

                          Maybe you *think* you don't have anything that somebody with power over you wants

                          If you value anything in your life, you absolutely are relying on a right to privacy to protect it

                          Ed WiebeE This user is from outside of this forum
                          Ed WiebeE This user is from outside of this forum
                          Ed Wiebe
                          wrote last edited by
                          #83

                          @RandomDamage

                          Age verification doesn't take away anyone's Rights. That's nonsense. No one on Earth has a Right to Use the Internet Anonymously.

                          @divVerent @Em0nM4stodon @dalias

                          CassandrichD Dani T 🌻R 2 Replies Last reply
                          0
                          • divVerentD divVerent
                            @edwiebe@mstdn.ca @Em0nM4stodon@infosec.exchange @dalias@hachyderm.io So who do you trust enough to present your ID to online?
                            Ed WiebeE This user is from outside of this forum
                            Ed WiebeE This user is from outside of this forum
                            Ed Wiebe
                            wrote last edited by
                            #84

                            @divVerent
                            My Government(s).

                            @Em0nM4stodon @dalias

                            1 Reply Last reply
                            0
                            • Talya (she/her) 🏳️‍⚧️✡️Y Talya (she/her) 🏳️‍⚧️✡️

                              @dalias @edwiebe @divVerent @Em0nM4stodon
                              while that's true, it is possible to make such an attestation without destroying privacy (see https://soatok.blog/2025/07/31/age-verification-doesnt-need-to-be-a-privacy-footgun/).
                              however, even if you do that, it'll still be morally wrong in most cases.

                              and also, corporations are deliberately not going for the private solution, and governments are shifting the blame to users. the Czech government recently admitted social media is already illegal for teens (due to privacy laws), but they want new laws anyway.

                              CassandrichD This user is from outside of this forum
                              CassandrichD This user is from outside of this forum
                              Cassandrich
                              wrote last edited by
                              #85

                              @Yuvalne @edwiebe @divVerent @Em0nM4stodon No, it is not possible. The ZPK bs is privacy-washing designed to bamboozle policy makers and privacy activists who don't understand math. Either it doesn't actually verify age (I can setup a proxy to hand out age proof verification tokens to anyone who wants them using my identity; I would absolutely do that if it were cryptographically safe) or something exposes to the token providing authority that I'm doing this and allows detection that someone else used my identity (thereby violating my privacy).

                              divVerentD ⊥ᵒᵚ Cᵸᵎᶺᵋᶫ∸ᵒᵘ ☑️F 2 Replies Last reply
                              0
                              • Ed WiebeE Ed Wiebe

                                @RandomDamage

                                Age verification doesn't take away anyone's Rights. That's nonsense. No one on Earth has a Right to Use the Internet Anonymously.

                                @divVerent @Em0nM4stodon @dalias

                                CassandrichD This user is from outside of this forum
                                CassandrichD This user is from outside of this forum
                                Cassandrich
                                wrote last edited by
                                #86

                                @edwiebe @RandomDamage @divVerent @Em0nM4stodon Um, yes we do. 🖕

                                Ed WiebeE CassandrichD 2 Replies Last reply
                                0
                                • CassandrichD Cassandrich

                                  @edwiebe @RandomDamage @divVerent @Em0nM4stodon Um, yes we do. 🖕

                                  Ed WiebeE This user is from outside of this forum
                                  Ed WiebeE This user is from outside of this forum
                                  Ed Wiebe
                                  wrote last edited by
                                  #87

                                  @dalias @RandomDamage @divVerent @Em0nM4stodon

                                  You don't understand what a "Right" is.

                                  divVerentD 1 Reply Last reply
                                  0
                                  • CassandrichD Cassandrich

                                    @edwiebe @RandomDamage @divVerent @Em0nM4stodon Um, yes we do. 🖕

                                    CassandrichD This user is from outside of this forum
                                    CassandrichD This user is from outside of this forum
                                    Cassandrich
                                    wrote last edited by
                                    #88

                                    @edwiebe @RandomDamage @divVerent @Em0nM4stodon "No one on Earth has a Right to Use the Internet Anonymously" is a manipulative, pro-fascist way of saying "no one who can't safely identity themselves has the right to use the internet".

                                    Ed WiebeE 1 Reply Last reply
                                    0
                                    • CassandrichD Cassandrich

                                      @edwiebe @RandomDamage @divVerent @Em0nM4stodon "No one on Earth has a Right to Use the Internet Anonymously" is a manipulative, pro-fascist way of saying "no one who can't safely identity themselves has the right to use the internet".

                                      Ed WiebeE This user is from outside of this forum
                                      Ed WiebeE This user is from outside of this forum
                                      Ed Wiebe
                                      wrote last edited by
                                      #89

                                      @dalias @RandomDamage @divVerent @Em0nM4stodon

                                      There's no reasonable way to respond to that.

                                      CassandrichD 1 Reply Last reply
                                      0
                                      • CassandrichD Cassandrich

                                        @Yuvalne @edwiebe @divVerent @Em0nM4stodon No, it is not possible. The ZPK bs is privacy-washing designed to bamboozle policy makers and privacy activists who don't understand math. Either it doesn't actually verify age (I can setup a proxy to hand out age proof verification tokens to anyone who wants them using my identity; I would absolutely do that if it were cryptographically safe) or something exposes to the token providing authority that I'm doing this and allows detection that someone else used my identity (thereby violating my privacy).

                                        divVerentD This user is from outside of this forum
                                        divVerentD This user is from outside of this forum
                                        divVerent
                                        wrote last edited by
                                        #90
                                        @dalias@hachyderm.io @Yuvalne@433.world @edwiebe@mstdn.ca @Em0nM4stodon@infosec.exchange Precisely - also as I described.

                                        The one way around that would be storing the secret for the ZKP in a TPM.

                                        Yeah, right, with that you can still run your own proxy and provide the ZKP for someone else.

                                        But it is possible to then also use some forms of remote attestation so this doesn't work. Like, yeah, you can forward the ZKP, but then only you can decrypt the connection and not your "customer", as the decryption key is in your TPM and can't get out.

                                        Despite all that, in worst case you can run a web browser in a VNC session for others to use, with your age claim. Nothing can prevent that - other than the ZKP not being actually ZK.

                                        And that, indeed, is why ZKP aren't gonna happen for this. Even if they're cryptographically ZK, they'll end up signing more than just the age - at which point it's a privacy violation again and also no stronger than merely claiming your age in the first place.
                                        Talya (she/her) 🏳️‍⚧️✡️Y 1 Reply Last reply
                                        0
                                        • Ed WiebeE Ed Wiebe

                                          @dalias @RandomDamage @divVerent @Em0nM4stodon

                                          There's no reasonable way to respond to that.

                                          CassandrichD This user is from outside of this forum
                                          CassandrichD This user is from outside of this forum
                                          Cassandrich
                                          wrote last edited by
                                          #91

                                          @edwiebe @RandomDamage @divVerent @Em0nM4stodon Sure there is. By apologizing and admitting you've been posed on the wrong side of this by people who don't have yours, my, or any vulnerable people's best wishes at heart.

                                          Ed WiebeE 1 Reply Last reply
                                          0

                                          Reply
                                          • Reply as topic
                                          Log in to reply
                                          • Oldest to Newest
                                          • Newest to Oldest
                                          • Most Votes


                                          • Login

                                          • Login or register to search.
                                          Powered by NodeBB Contributors
                                          • First post
                                            Last post