A key part of ID verification laws is that you're confirming the ID presented also belongs to the user.
They can't just check for "This person currently has an adult ID in their possession" and nothing more, otherwise one kid at school would borrow their older brothers' ID and then use it to register all of their friends' accounts one day.
You tie it cryptographically to their phone with keys in the phone's hardware security module. This doesn't stop sharing of ID but it makes it much more inconvenient.
Why would you invite a technology that by definition makes websites accessible only via phones? These social media age verification laws are inevitably going to hit sites you use, too.
1. Make it illegal and punish people.
2. Have a certain limit (like 5) on virtual ids one person can register. Allow to withdraw consent and close virtual ids.
Which you will prove how? With no record of which ID was used and with the person who used it being under 18 by necessity, this means there would be no evidence to even punish anyone old enough to be punished.
> 2. Have a certain limit (like 5) on virtual ids one person can register. Allow to withdraw consent and close virtual ids.
If the ID is only checked in a zero-knowledge way to register accounts, you don’t even need multiple IDs. You just need access to one, which can be used a million times.
All of the schemes to check if it’s being used multiple times start exposing more info or requiring a central party to manage. We start sliding down the slope of having the government manage ID checking centrally, which conveniently gives them a way to check which people are accessing which services.
That's not how ID checking works, though.
A key part of ID verification laws is that you're confirming the ID presented also belongs to the user.
They can't just check for "This person currently has an adult ID in their possession" and nothing more, otherwise one kid at school would borrow their older brothers' ID and then use it to register all of their friends' accounts one day.
You tie it cryptographically to their phone with keys in the phone's hardware security module. This doesn't stop sharing of ID but it makes it much more inconvenient.
And I access the website from my computer how?
Why would you invite a technology that by definition makes websites accessible only via phones? These social media age verification laws are inevitably going to hit sites you use, too.
1 reply →
1. Make it illegal and punish people. 2. Have a certain limit (like 5) on virtual ids one person can register. Allow to withdraw consent and close virtual ids.
> 1. Make it illegal and punish people.
Which you will prove how? With no record of which ID was used and with the person who used it being under 18 by necessity, this means there would be no evidence to even punish anyone old enough to be punished.
> 2. Have a certain limit (like 5) on virtual ids one person can register. Allow to withdraw consent and close virtual ids.
If the ID is only checked in a zero-knowledge way to register accounts, you don’t even need multiple IDs. You just need access to one, which can be used a million times.
All of the schemes to check if it’s being used multiple times start exposing more info or requiring a central party to manage. We start sliding down the slope of having the government manage ID checking centrally, which conveniently gives them a way to check which people are accessing which services.
How would a zero knowledge proof of my age work?
Here is one way: https://eprint.iacr.org/2024/2010
Our (Google) implementation: https://github.com/google/longfellow-zk
An independent implementation by the Internet Security Research Group: https://github.com/abetterinternet/zk-cred-longfellow Still being developed but already interoperable with ours.
European age verification app: https://ageverification.dev/av-doc-technical-specification/d...