Comment by john_strinlai
3 days ago
>We are missing accessible cryptographic infrastructure for human identity verification.
like most proposed solutions, this just seems overcomplicated. we don't need "accessible cryptographic infrastructure for human identity". society has had age-restricted products forever. just piggy-back on that infrastructure.
1) government makes a database of valid "over 18" unique identifiers (UUIDs)
2) government provides tokens with a unique identifier on it to various stores that already sell age-restricted products (e.g. gas stations, liquor stores)
3) people buy a token from the store, only having to show their ID to the store clerk that they already show their ID to for smokes (no peter thiel required)
4) website accepts the token and queries the government database and sees "yep, over 18"
easy. all the laws are in place already. all the infrastructure is in place. no need for fancy zero-knowledge proofs or on-device whatevers.
The government will want some way to uncover who bought the token. They'll probably require the store to record the ID and pretend like since it's a private entity doing it, that it isn't a 4A violation. Then as soon as the token is used for something illegal they'll follow the chain of custody of the token and find out who bought it.
No matter what the actual mechanism is, I guarantee they will insist on something like that.
if the goal is to "protect children", or just generally make parts of the internet age-gated, my proposal is 100% fine.
if the goal is "surveil everyone using the internet", yes, very obviously my proposal would not be selected, and you will have to upload your id to various 3rd-party id verifiers.
I think something like your proposal actually sounds the most logical. I just think they will bolt on chain of custody tracking to it, while promising it will only be used for finding "terrorists" or something.
2 replies →
What you’re describing is infrastructure that doesn’t necessarily exist right now for use online, and has all the privacy problems described. Why should I have to share more than required?
it has none of the privacy problems described, and 95% of the infrastructure exists right now (have you ever purchased smokes or alcohol?)
to go on tiktok, you enter a UUID once onto your account, and thats it. the only person that sees your id card is the store clerk that glances at the birth date and says "yep, over 18" when you are buying the "age token" or whatever you want to call it. no copies of your id are made, it cant be hacked, theres no electronics involved at all. its just like buying smokes. theres no tie between your id and the "age token" UUID you received.
theres no fanciness to it, either. itd be dead simple, low-tech, cheap to implement, quick to roll out. all of the enforcement laws already exist.
>Why should I have to share more than required?
you shouldnt. having to prove age to use the internet is super dumb. but thats the way the winds are blowing apparently. if im gonna have to prove my age to use the internet, id much rather show my id to the same guy i buy smokes from (and already show my id to) than upload my id to a bunch of random services.
The problem with this scheme is that it's exactly as protective as requiring someone to tick a "I'm of legal age" tickbox in the software they wish to access. Anyone who is of legal age can buy UUIDs and pass them around to folks who are not.
Having said that, I think having an "I'm of legal age" tickbox goes quite far enough.
For the ultra-controlling, setting up a "kid's account" using the tools already provided in mainstream OS's [0][1] is a fine option.
[0] <https://www.microsoft.com/en-us/microsoft-365/family-safety>
[1] <https://support.apple.com/guide/mac-help/set-up-content-and-...>
19 replies →
Sorry I'd misunderstood I thought you were describing infrastructure that already exists and making a comparison to just using your ID.