Comment by antitoxic
3 days ago
I work at a European identity wallet system that uses a zero knowledge proof age identification system. It derives an age attribute such as "over 18" from a passport or ID, without disclosing any other information such as the date of birth. As long as you trust the government that gave out the ID, you can trust the attribute, and anonymously verify somebodies age.
I think there are many pros and cons to be said about age verification, but I think this method solves most problems this article supposes, if it is combined with other common practices in the EU such as deleting inactive accounts and such. These limitations are real, but tractable. IDs can be issued to younger teenagers, wallet infrastructure matures over time, and countries without strong identity systems primarily undermine their own age bans. Jurisdictions that accept facial estimation as sufficient verification are not taking enforcement seriously in the first place. The trap described in this article is a product of the current paradigm, not an inevitability.
According to the EU Identity Wallet's documentation, the EU's planned system requires highly invasive age verification to obtain 30 single use, easily trackable tokens that expire after 3 months. It also bans jailbreaking/rooting your device, and requires GooglePlay Services/IOS equivalent be installed to "prevent tampering". You have to blindly trust that the tokens will not be tracked, which is a total no-go for privacy.
These massive privacy issues have all been raised on their Github, and the team behind the wallet have been ignoring them.
Regulatory capture at its finest. Such a ruling gives Apple and Google a duopoly over the market.
Maybe worse, it encourages the push of personal computers to be more mobile like (the fact that we treat phones as different from computers is already a silly concept).
So when are we going to build a new internet? Anyone playing around with things like Reticulum? LoRA? Mesh networks?
"Anyone playing around with things like Reticulum? LoRA? Mesh networks?"
I'm curious about the 'day after' scenario: what's the move if the state decides to regulate these into "illegality" because they bypass official channels? We have to remember that the devices aren't the problem... the real hurdle is the bureaucratic gatekeeping of communication. The problem are people, not devices.
21 replies →
> So when are we going to build a new internet?
Finally, the year of IPFS. Government messing too much with the internet will end up pushing people to use more "dangerous" internets that are completely unregulated and that is surely the opposite of the the stated purpose to protect young people.
2 replies →
https://www.youtube.com/watch?v=XTnYVh7K6xQ
There are (to make up a number) ten desirable properties of the modern internet, and so far it's "Pick two", but novel combinations of the things you mentioned offer "Pick three" or possibly "Pick four" if adoption picks up.
For text, phone, and even image communication in urban and suburban areas, it sounds like there's real promise here. But we're not going to achieve parity with a global fiber + datacenter network by any means.
You don't need all ten to, say, organize a revolt.
1 reply →
A new internet to do what? What is the proposed goal of a new network?
7 replies →
>regulatory capture
It's not other operating systems fault that they failed to invest into security. They should try and catch up instead of blaming people for not trusting their security on "regulatory capture".
10 replies →
> EU's planned system requires highly invasive age verification
EUDI wallets are connected to your government issued ID. There is no "highly invasive age verification".
We are literally sending a request to our government's server to sign, with their private key, message "this john smith born on 1970-01-01 is aged over 18" + jwt iat. There are 3 claims in there. They are hashed with different salts. This all is signed by the government.
You get it with the salts. When you want to prove you are 18+ you include salt for the "is aged over 18" claim, and the signed document with all the salts and the other side can validate if the document is signed and if your claim matches the document.
No face scanning, no driver license uploading to god-knows-where, no anything.
> to obtain 30 single use, easily trackable tokens that expire after 3 months
This is the fallback mechanism. You are supposed to use bbs+ signatures that are zero knowledge, are computed on the device and so on. It is supposed to provide the "unlinkability". I don't feel competent enough to explain how those work.
> jailbreaking / "prevent tampering"
This is true. The eidas directive requires that secret material lives in a dedicated hardware / secure element. It's really not much different than what a banking app would require.
> You have to blindly trust that the tokens will not be tracked
This is not true, the law requires core apps to be opensource. Polish EUDI wallet has been even decompiled by a youtuber to compare it with sources and check if the rumors about spying are true. So you can check yourself if the app tracks you.
Also we can't have a meaningful discussion without expanding on definition of "tracking".
Can the site owner track you when you verify if you are 18+? Not really, each token is unique, there should be no correlation here.
Can the government track you? No, not alone.
Can the site owner and the government collude to track you? Yes they can! Government can track all salts for your tokens, site can collect all salts, they can compare notes. There are so called policy mitigations currently: audits and requirements for governments to remove salts from memory the moment stuff is issued.
Can they lie? Sure.
Can the site owner and the government collude to track you if you are using bbs+? No. Math says no.
Can they lie if you are using bbs+? Math says no.
> Can the site owner and the government collude to track you? Yes they can! Government can track all salts for your tokens, site can collect all salts, they can compare notes. There are so called policy mitigations currently: audits and requirements for governments to remove salts from memory the moment stuff is issued.
It's not zero knowledge for me then. Also - if there is ANY possibility to track anyone. And/or centrally mark someone "nonverified" then it makes more problems than solves.
Even if I trust my govt (no way), even if it'd be fully ZK with no way to track anyone… still govt would have a way to just block some individual "because".
And the best part… Age verification will not solve "children problem". I think it's parents problem to take care of their children, AV will be pretty easy to bypass - kid will just borrow ID for a moment and… voila! Govts (or some people) are creating problem and solution that do not exists.
I do not like way internet went, I do not like more way it's headed now.
4 replies →
> This is not true, the law requires core apps to be opensource. Polish EUDI wallet has been even decompiled by a youtuber to compare it with sources and check if the rumors about spying are true. So you can check yourself if the app tracks you.
The "open source" apps connect to proprietary backends run by a third party that you have to blindly trust. If EUDI wallets were truly open source and free from blindly trusting any authority, then you could simply remove that requirement and issue your own tokens without the use of potentially malicious third party.
5 replies →
> It's really not much different than what a banking app would require.
I can use my banking services through the web. Codifying the Google/Apple monopoly in law is gross.
4 replies →
> Government can track all salts for your tokens, site can collect all salts, they can compare notes.
That is not zero knowledge. Given that actual zero-knowledge systems are well understood, the only reason to deploy a system that allows that would be if you planned to abuse it.
5 replies →
Great comment all around but
> jailbreaking / "prevent tampering"
> This is true. The eidas directive requires that secret material lives in a dedicated hardware / secure element. It's really not much different than what a banking app would require.
This is unacceptable. So much talk about independence from the US, you simply cannot make it a hard requirement to use the duopoly to be a citizen (as if it wasn't a quasi-hard requirement already)!
6 replies →
> This is the fallback mechanism. You are supposed to use bbs+ signatures that are zero knowledge, are computed on the device and so on.
You're mistaken. SD-JWT with linkable ECDSA signature is the main mechanism. An unlinkable signature scheme is being discussed on the fringes of the EUDI-project (whether it be BBS+ or Longfellow) and very bare-bones support for Longfellow has been added to the reference wallet a month ago. However the Implementing Acts have no support for such a mechanism yet, and most member states will only implement ECDSA based mechanisms (SD-JWT and ISO 18013) for the foreseeable future.
It's therefore very likely the EUDI wallet and/or a age verification solutions will launch with issuer linkable ("easily trackable") signatures.
See also this thread: https://news.ycombinator.com/item?id=45363275
> This is true. The eidas directive requires that secret material lives in a dedicated hardware / secure element. It's really not much different than what a banking app would require.
Most banking apps run on GrapheneOS, will this? Nearly all EU banking websites run on Firefox on Linux, will this?
Why did you not quote the App Store/Google Play Services part, which is much worse?
> There are so called policy mitigations currently: audits and requirements for governments to remove salts from memory the moment stuff is issued.
I'm sure this will be as diligently carried out as GDPR enforcement. [0].
[0] https://noyb.eu/en/project/dpa/dpc-ireland
> jailbreaking / "prevent tampering"
Now your EU government requires you to have an unmodified Google or Apple device to use any age restricted services. Cementing the US mobile OS duopoly and locking out any free systems and desktop etc. forever.
Any governmental service taking part in this is a violation of civil rights and even if you don't care about those, maybe you care about digital sovereignty.
This is so lightly handwaved away, almost as if attention needs to be drawn away. By the looks of this I'd say the end of general computing might be the actual goal, and all the age verification is just yet another "think of the children" pretense?
3 replies →
> This is true. The eidas directive requires that secret material lives in a dedicated hardware / secure element. It's really not much different than what a banking app would require.
Except the state is not a bank, of which there are many. The state is not optional, and trusting an American company with, of all things, the digital precondition for social existence, is suicidal.
1 reply →
> We are literally sending a request to our government's server to sign, with their private key, message "this john smith born on 1970-01-01 is aged over 18" + jwt iat. There are 3 claims in there. They are hashed with different salts. This all is signed by the government.
If the "18+ claim" can't be linked to your identity and doesn't have any rate limits, someone can set up a token-as-a-service to sell tokens on the black market.
> Government can track all salts for your tokens, site can collect all salts, they can compare notes. There are so called policy mitigations currently: audits and requirements for governments to remove salts from memory the moment stuff is issued.
> Can the site owner and the government collude to track you if you are using bbs+? No. Math says no.
How does the math say no? Big tech companies already log absolutely everything. What's going to stop the government from keeping all the salts they're issuing and then mandating that site operators add the salts to their existing logs?
> Can they lie? Sure.
Well, they've lied to us over and over when it comes to surveillance, so I think at this point it's reasonable to assume they're lying unless it's technically impossible. Where's the in-person key verification that used to be in Whatsapp? How do the authorities get notified when someone makes a poorly thought out joke using Snapchat private messages before getting on a plane? Why is there a war on end-to-end encryption?
We're going to pay a fortune for these supposed zero knowledge systems and that's what it's about. Select companies are going to get paid to issue tokens and the scale is going to create a few new billionaires.
The people in charge are going to gain a ton of power when they betray everyone and disenfranchise us.
4 replies →
> We are literally sending a request to our government's server to sign
You've already lost. You're at the government's mercy. They can simply refuse to sign.
"Mr. John Smith, we noticed you've published some poorly-worded comments online. Why are you locked out of your account, you say? Oh, that's just an unfortunate technical issue with our signing system, happens all the time. Anyway, this is a friendly reminder for you to improve your online etiquette. Have a nice day."
12 replies →
Thanks for posting this.
The inherent problem with all zero knowledge identity solutions is that they also prevent any of the safeguards that governments want for ID checking.
A true zero knowledge ID check with blind signatures wouldn't work because it would only take a single leaked ID for everyone to authenticate their accounts with the same leaked ID. So the providers start putting in restrictions and logging and other features that defeat the zero knowledge part that everyone thought they were getting.
> A true zero knowledge ID check with blind signatures
That is not true and "true zero knowledge ID check" + "age verification" with blind signatures is what's being implemented by the EU ID project.
So someone's id leaks. It happens. In EUDI there are things called "cryptographic accumulators of non-revocation proofs". If your ID leaks it goes into the accumulator. Similar to the certificate revocation lists. During check, you include claims "im over 18" and "my id is not in the accumulator".
This is included in the standard.
This is also (I can only assume) one of the reasons why EUDI wallets require play integrity / attestation / secure element on the device. So your private key won't be easily leaked and no one can steal your ID.
6 replies →
I mean that's kind of a problem with ANY solution. There will be workarounds and ways to break it. There is no perfect solution outside someone standing over you while on the internet. We need to look at this more like age checks on porn sites and gaming platforms where you just put in a birthdate. Obviously someone can lie, but that point isn't to be a perfect wall but a hurdle to clear to make sure users are aware of the content and that any sort of nanny software to block if set up.
3 replies →
This specific problem is solved by requiring that any anonymous ZK ID once used for an account be marked on an immutable ledger preventing multiple uses of the same ID. Sharing it would be pointless as multiple attempts to use it get burned. Yet none of those sites know who you are, only that you have a unique valid ID pass. They just have to check any login attempts against that ledger - easy enough.
2 replies →
> It also bans jailbreaking/rooting your device, and requires GooglePlay Services/IOS equivalent be installed to "prevent tampering".
The EUDI spec is tech neutral.
What the EUDI mandates is a high level of assurance under the eIDAS 2.0 regulation and the use of a secure element or a trusted execution environment to store the key.
my users .ssh folder is secure enough. Take it or leave it.
> It also bans jailbreaking/rooting your device, and requires GooglePlay Services/IOS equivalent be installed to "prevent tampering".
IIRC that was only for a prototype or reference implementation.
I'm sorry to say it but the fact it bans jailbreaking/rooting your device really makes me believe "think of the children" isn't their real goal.
There's some clever kids out there but come on.
Link?
https://github.com/eu-digital-identity-wallet/av-doc-technic...
https://www.forbes.com/sites/federicoguerrini/2025/08/10/who...
> It derives an age attribute such as "over 18" from a passport or ID, without disclosing any other information such as the date of birth.
How? If it’s analyzes my ID 100% client side I can fake any info I want. If my ID goes to a server, it’s compromised IMO.
I think the zero proof systems being touted are like ephemeral messaging in Snapchat. That is, we’re being sold something that’s impossible and it only “works” because most people don’t understand enough to know it’s an embellishment of capabilities. The bad actors will abuse it.
Zero proof only works with some kind of attestation, maybe from the government, and there needs to be some amount of tracking or statistics or rate limiting to make sure everyone in a city isn’t sharing the same ID.
Some tracking turns into tracking everything, probably with an opaque system, and the justification that the “bad guys” can’t know how it works. We’ve seen it over and over with big tech. Accounts get banned or something breaks and you can’t get any info because you might be a bad guy.
Does your system work without sending my ID to a server and without relying on another party for attestation?
There's no dynamic analysis done, necessarily. In the Swiss design, fex, SD-JWTs are used for selective disclosure. For those, any information that you can disclose is pre-hashed and included in the signed credential. So `over_18: true` is provided as one of those hashes and I just show this to the verifier.
The verifier gets no other information than the strictly necessary (issuer, expiry, that kind of thing) and the over 18 bit, but can trust that it's from a real credential.
That's not strictly a zero knowledge proof based system, though, but it is prvacy-preserving.
The issuer knows everything and can help track if the wish to. The issue here is lack of trust in any corporate or government entity.
1 reply →
> If it’s analyzes my ID 100% client side I can fake any info I want. If my ID goes to a server,
amplifying your point, there is effectively no way for the layperson to make this distinction. And because the app needs to send data over an encrypted channel, it would be difficult at best for a sophisticated person to determine whether their info is being sent over the wire.
This is a fairly weak argument though: the layperson also cannot verify the software updates we push to their phone/computer or any number of other critical devices in the chain.
All of this is reputation management: if technical experts broadly agree the system does what it says, then all of us have to accept that in aggregate that's probably good enough and significantly better then many other areas.
> And because the app needs to send data over an encrypted channel, it would be difficult at best for a sophisticated person to determine whether their info is being sent over the wire.
Devices are built from the ground up to prevent even sophisticated users from tapping them to verify we aren't being lied to. The average person thinks that "hackers" will mobilize if things get too bad and they're completely wrong.
Tamper proof, encrypted chains of trust start from the second a device gets power and it's infecting everything from appliances to phones to computers. Get ready for a future where your rented toaster has parts serialization that can't be bypassed.
1 reply →
Attestation from government sounds like the ideal solution. This could actually provide _more_ privacy because we can begin using attestation for things we currently use IDs for such as “Has the privilege of driving a car” or “Can purchase alcohol”
Amazing how fast these systems go from "zero knowledge" to "route the request through the government system every time you use your ID"
10 replies →
Yes it does actually. You load your ID into your phone with the MRZ and NFC. The cryptographic proof inside your ID is used to verify that it was issued by an official government. So your ID is not being sent to a central server.
The reusing another ID is an issue. In some countries they will have a in person check to verify only you can load your ID into your phone. But then you still have the problem of sending a verification QR code to someone else and have them verify it. This might be solved by rolling time-gated QR codes and by making it illegal to verify someone else's verifications. But this is a valid concern and a problem that still needs solving.
> If my ID goes to a server, it’s compromised IMO
Might be breaking news, but the state already has your passport ID in a server.
I feel like you're glossing over a lot of uncomfortable but important implementation details here. None of this works without effectively banning personal computing and tying the whole system to secure attestation (which in practice means non-jailbroken apple & android devices). No thanks.
Can we go back to defaulting to parenting instead of nanny-states? Maybe make "age sensitive" websites include this fact into a header (or whatever) so that parents can decide who in their household can access which content. Instead of having some overreaching corpo-government implementing draconian "verification" systems.
If I want to live under the thumb of a strongly verified "benevolent" dictatorship, I'll move to China. No need to create a second China at home.
In your system, can companies verify age offline, or do they need to send a token to the Government's authority to verify it (letting the Government identify and track users)?
Switzerland is working on a system that does the former, but if Government really wants to identify users, they can still ask the company to provide the age verification tokens they collected, since the Government hosts a centralized database that associates people with their issued tokens.
Aren't the companies also expected to do revocation checking, essentially creating a record of who identified where, with a fig leaf of "pseudonymity" (that is one database join away from being worthless)?
The revocation checking is implemented in a way where the government doesn't know who you checked and you can even cache the information (if that's good enough for you) so they won't notice at all.
1 reply →
That assumes the companies store the individual tokens, as does the government. Neither of which are part of the design, but could be done if both sides desired it.
The Swiss design actually doesn't store the issued tokens centrally. It only stores a trust root centrally and then a verifier only checks the signature comes from that trust root (slightly simplified).
If companies are required to verify age, then it's in their best interest to store all tokens, just in case they are ever accused of not verifying it.
The Swiss E-ID system stores people identifiers and token status lists in their so-called "Base Registry". From https://swiyu-admin-ch.github.io/technology-stack/#credentia...
> Decentralized Identifiers (DID) developed by the W3C represent an identifier standard that provides a subject-controlled method for identifying individuals, organizations, or objects online. In the swiyu Trust Infrastructure, DIDs are utilized as a standard identifier for issuers and verifiers. They are centrally hosted on the swiyu Base Registry.
> In this protocol, the trusted authority issues certifications (“trust statements”) concerning the identity (i.e., who is the real-world identity controlling a DID) and legitimacy (i.e., who is allowed to issue or verify credentials of a specific VC schema) about an entity as SD-JWT VC and publishes these trust statements in the trust registry.
> Token Status Lists are signed, maintained and published by the credential issuers but hosted on the Base Registry.
3 replies →
this is slightly better but not the hero we want or need. zeero knowledge proofs are improvement over uploading raw documents, trust is still an issue here. why should users have to authenticate with a government-backed identity wallet to access platforms to play games or access a website in the first place. we didnt have any of these guards in the 90s and early 2000s and everybody turned out just fine . in fact the average gen z is in a lot worse place than we used to be despite that we had complete raw algorithm supervision free access to the internet with far more disturbing content (remember ogrish and KaZaA)
The average person does not understand the math behind zero-knowledge proofs. They only see that state infrastructure is gatekeeping their web access. Furthermore, if the wallet relies on a centralized server for live revocation checks, the identity provider might still be able to log those authentication requests, effectively breaking anonymity at the state level.
On a practical level, this method verifies the presence of an authorized device rather than the actual human looking at the screen. Unless the wallet demands a live biometric scan for every single age check, they will simply bypass the system using a shared family computer or a parent's unlocked phone. We used to find our way around any sort of nanny software (remember net nanny)
what you are describing still remains a bubble and I really hope Americans aren't looking at EU for any sort of public policy directions here.
> we didnt have any of these guards in the 90s and early 2000s and everybody turned out just fine
One of the most highly valued tech companies of today makes a software that sometimes talks its user's into killing themselves. Some guy put "uwu notices bulge" on a bullet casing and shot Charlie Kirk: things turned out fine indeed.
People killed both themselves and others way before the internet even existed.
Requiring everyone to show their id on every website will not change that. It will limit free speech though.
If the age verification is going to mandate government issued ID, the government issuer can be the Trust Anchor issuing a Digitally Signed Credential for the zero knowledge proof - using any available open source zero-knowledge process:
1) zkcreds-rs (zk-creds) [1]
2) zkLogin (Sui Foundation) [2]
3) TLSNotary [3]
4) DECO (Chainlink/Cornell) [4]
5) Anon-Aadhaar [5]
[1] https://github.com/rozbb/zkcreds-rs
[2] https://github.com/mystenlabs/sui/tree/main/sdk/zklogin
[3] https://github.com/tlsnotary/tlsn
[4] https://chain.link/education/zero-knowledge-proof-zkp#preser...
[5] https://github.com/anon-aadhaar/anon-aadhaar
Apologies that I'm latching onto your post for visibility, but for the sake of discussion - the European Identity Digital Wallet project specification and standardisation process is in the open and lives on github (yeah, the irony isn't lost on me :) ):
https://github.com/eu-digital-identity-wallet
https://eudi.dev/latest/
Everything's very much WIP, but it aims to provide a detailed Archictecture and Reference Framework/Technical Specifications and a reference implementation as a guideline for national implementations:
https://github.com/eu-digital-identity-wallet/eudi-doc-archi...
https://github.com/eu-digital-identity-wallet/eudi-wallet-re...
https://github.com/eu-digital-identity-wallet/eudi-doc-stand...
You'll find several (still evolving) Technical Specifications regarding ZKPs (including a discussion area) in the latter.
> Jurisdictions that accept facial estimation as sufficient verification are not taking enforcement seriously in the first place.
Or they want to spy on people.
> work at a European identity wallet system that uses a zero knowledge proof age identification system
> derives an age attribute such as "over 18" from a passport or ID, without disclosing any other information
Well, as soon someone points their chinaphone camera on a passport, it is already over.
This whole setup is a nightmare fuel.
You want to check over 18? Fine, let adults set their kids devices in a "child" mode. Problem solved.
No need to create a stasi dreamland.
That's really awesome. I hope that soon we will also have humanity verification without sacrificing our anonymity.
With LLMs and paid actors wreaking havoc on social media I do think that social media needs pivot towards allowing only human users on it. I wrote about this here: https://blog.picheta.me/post/the-future-of-social-media-is-h...
You mean that system that requires either to use an original unmodified Android phone, or a iOS phone and it does not work in absolutely anything else?
No it is open-source and portable to any platform you want. We currently support iOS and Android through Play store and F-droid, but that is just because most of the market is there at the moment.
What about the "App and device verification based on Google Play Integrity API and Apple App Attestation" that was in the readme?
Was this discarded? Is it not necessary anymore? Can someone without writing their own implementation use the app without using any of those two?
1 reply →
What about devices without a hardware-based trusted computing module? Am I now limited to what hardware I can run before I even get to my custom software?
This is true, but I think it's more that those jurisdictions don't actually care about something solving this securely so much as they want face scans for other purposes?
> As long as you trust the government that gave out the ID
I'm a citizen of a European Union member, I trust my government to issue me an ID and use said ID in my interactions with the state, I do not trust my state with anything more than that.
That is exactly the trust I mean. You need to trust that country X gives out valid IDs. If you have sketchy company Y giving out IDs to everyone, you probably would not trust any attributes derived from that ID. If you trust that a country gives out valid IDs, you can trust the information derived from that ID. You do not really need to trust your government any more than that for this system to work.
Ok, I will do my homework on the proposal of the EU Identity Wallet but from my skimming on topics about it, it the tokens derived from my ID would be able to de-anonymise me online.
What if the government also stores connection info of everyone?
You have a much more trustworthy government than mine, sadly.
This part of trust was not about you trusting the government though so it is okay.
I would much prefer to see a ZK system that, by design, CANNOT reveal info neither to the website nor to the authority. e.g. in the new EU system, it is (afaik) conceivable that the ID authority could collude with social network providers, or with government or with police etc. That's not great IMO.
How about a system like Google Authenticator in which google knows nothing about which websites I'm logging into. Except, obviously, it'd have to be some kind of cryptographically signed response. e.g., website puts up a QR code (according to some standard) asking "is the user 18+", I scan with the phone, and the ID app, without accessing internet (like google authenticator) responds.
I suppose that might need a secure computing environment, so no rooted phone etc. But, of course, there's a simple workaround. Any adult can give their phone to a child. As long as that vulnerability is there, there's no such thing as a guarantee on the responses no matter what way you build it.
I was working on a similar concept as a hobby project with PKI. The idea being that governments would have a digital registry with citizen information and issue a certificate to be stored in a Secure Enclave on a device.
When a client attempts to access an age-restricted URL, the server redirects to a custom URI scheme which begins a negotiation for requesting verification. The server signs a message and provides it to the client. The client verifies there’s not additional info or metadata before encrypting. It then forwards to the government server. The government server decrypts the message and signs a response. This goes back to the client which forwards to the server.
I haven’t fully ironed out all the details but got so far as nearly completing the server-client negotiation. The tricky part is ensuring each stage prevents MitM tampering while allowing the client to see what is in a request so that there’s no metadata which would allow a site to track the user, nor a government to track sites a user accesses.
If the website and state want to collude to track the user they don't need to send any in-band metadata.
As soon as age-gated access depends on a government-issued credential, you're implicitly tying participation to state identity infrastructure
Where can we learn more about your architecture?
Someone brought up the need for device attestation for trust purposes (to avoid token smuggling for example). That would surely defeat the purpose (and make things much much worse for freedom overall). If you have a solution that doesn't require device attestation, how does that solve the smuggling issue (are tokens time-gated, is there a limit to token generation, other things)?
We do not require an attestation and things like token smuggling is still a problem we need to solve. We have a system that prioritizes unlinkability. So an issuer cannot track the attribute they give you. And a verifier cannot link multiple disclosures with the same attribute. This privacy really helps things like token smuggling however. Time-gated tokens may increase the difficulty, but will probably not make it impossible. Making it illegal to verify someone else's qr codes could also help of course.
It's this I believe: https://www.w3.org/TR/vc-data-model-2.0/
A Verifiable Credential fundamentally doesn't solve the problem of "sharing", "smuggling". All it takes is one verified adult to "leak" their VC somewhere, and millions of underage people would be able to use it to "prove" they are over 18.
This would only work with something like MS TPM 2 / Apple Secure Enclave (device attestation), which is anti-freedom by design. I was curious if they found a way around that (maybe with time/rate limits, or some actual useful use of blockchain tech).
4 replies →
I think there's a tradeoff triangle here, not dissimilar to Zooko's triangle or the CAP theorem, where the three aspects are age verification, privacy, and the freedom to run custom software on devices of your choosing.
You can have no system at all, which gives you freedom and privacy, but not age verification. You can have ID uploads, which give you age verification and freedom, but not privacy. You can have a ZKP-based system, which gives you age verification and privacy, but not freedom. This is because you need a way to prevent one unscrupulous ID owner from issuing millions of valid assertions for any interested user.
In Amsterdam 1850 the municipality kept track of people's names, address, age, gender and religion (bevolkingsregister). It meant nothing at this time, but 90 years later the Nazi used these lists to murder jewish people going house by house. Thanks for the partisans setting this archive ablaze, life were saved.
I'm not saying it's right or wrong, you tell me, I just want to point at this random timeline.
I shudder when I think of how effective the Stasi would have been in the digital age. The only thing checking them was the labour demands of surveillance.
When Trump came into power a second time, and the ICE-nazification became apparent, I reached out to my government and asked them what they were doing to make it harder for "Trumpism" to happen here. No reply. Just crickets.
Hoovering up less data would be a really fucking good start. There's something about babies and bathwater, but by god this has proven to be very dangerous bathwater time and time again.
I have a few questions.
In that system does the age verification result come with some sort of ID linked to my government issued ID card? Say, if I delete my account on a platform after verifying and then create a new one, will the platform get the same ID in the second verification, allowing it to connect the two and track me? Or is this ID global, potentially allowing to track me through all platforms I verified my age on?
What a verification process looks like from the user perspective? Do I have to, as it happens now, pull out my phone, use it as a card reader (because I don't have a dedicated NFC device on my computer), enter the pin, and then I'll be verified on my computer so I can start browsing social media feed? Or, perhaps, you guys have come up with a simpler mechanism?
The wallet ecosystem is still really varied at the moment. Our implementation is unlinkable. So an issuer cannot track where you use the attribute. And a verifier cannot see that you've used the same attribute multiple times with their system. This is great for privacy and tracking protection, but not so great for other things. For example, people sending their QR codes to other people with the correct attribute (like maybe an underage person sending an 18+ check to an adult), is hard to solve for because they are unlinkable.
Most systems right now have you load data in your phone. Then when a check happens, you scan a QR code. You then get a screen on your phone saying X wants to know Y and Z about you, do you want to share this information? Then you just choose yes or no.
For your social media example. You would just get a QR code on your pc, then pull out your phone, scan and verify, then start browsing social media on your pc.
In the Swiss system, it depends on what they verified. If they required your full ID, that has a document number like a passport and they could track that.
If they did the right thing and only asked for the over 18 bit, then they wouldn't have a trackable identifier.
You are describing a situation where a pairwise pseudonymous identifier is generated. I don't think any real system does this with government IDs, but it might be possible.
Immigrants do not have an ID for up to a few years when they move to Germany. Just this week the Berlin immigration office stopped issuing plastic residence cards for budget reasons, so people get a sticker in their passport.
Passport recognition is also spotty. The ID verification providers used by banks do not recognise Indian passports.
Will we exclude a few million people because it’s too expensive to verify that they are over 18?
Add this to “falsehoods programmers believe about ID verification”.
> Will we exclude a few million people because it’s too expensive to verify that they are over 18?
Yes. We absolutely will. KYC services is something that no one wants and everyone hates, thus there is no motivation to make it better. And if any, "better" might mean more invasive, because that means more data to mine and sell.
So, sure, excluding millions of people from KYC because it's cheaper to reject them than it is to study their documents - is the right decision business wise.
I am speaking as a person in the very same position.
In Austria you don't need an Austrian passport/Personalausweis for a Digital ID registration. Your original passport (or equivalent) in combination with a certificate of residence, student permit or similar is fine.
No, we will exclude a few people because Germany doesn't have its shit together when it comes to digital stuff. Then hopefully people will complain and things will improve.
One question I have, that perhaps you might be able to answer (though I see you've gotten too many replies to this comment already): I'm aware of a number of such systems being developed, and "is over 18" is always the example given.
Are there, say, two other potential use cases that anyone has come up with yet?
Not only EU -- Digital ID on iPhone does this today, and is accepted by many USA airports for travel, etc., with rollout for DLs.
Huh?
First let me clearly state that I appreciate the amount of thought you guys are putting into creating better systems that have high privacy guarantees. I concede to you, that in some situations, your system leads to better privacy.
But I don't look at this on a purely technological level. These identity-based systems are instruments of control. Right now everything is still in flux with how these tools will be used and how accessible they are to the general population and the many minorities therein. I simply don't trust our politicians to do the right thing short-term and long-term. The establishment of the GDPR has been a major victory for better privacy legislation and now the Commission wants to hollow it out. The Commission also wants chat control to increase the amount of mass surveillance in Europe.
There is a potential future, where we all win. But I am highly skeptical, that in the current political climate, we will end up there.
Correct. A ZK Proof backed identity system is a significant bump up in both privacy and security to even what we have right now.
Everyone does realize we're being constantly tracked by telemetry, right?
A proper ZK economy would mitigate the vast majority of that tracking (by taking away any excuse for those in power to do so under the guise of "security") and create a market for truly-secure hardware devices, while still keeping the whole world at maximal security and about as close to theoretical optimum privacy as you're going to get. We could literally blanket the streets with cameras (as if they aren't already) and still have guarantees we're not being tracked or stored on any unless we violate explicit rules we pre-agree to and are enforceable by our lawyers. ZK makes explicit data custody rules the norm, rather than it all just flowing up to whatever behemoth silently owns us all.
Explain how the plastering of streets with cameras can be done in a privacy-preserving way?
Well it could. Laws that simply ban any public-facing camera from doing anything except write to encrypted storage, which can only be opened with a court warrant.
I know laws are boring and tech is exciting, but sometimes there's no technological solution to a societal problem. Good old laws, police, fines, prison, is all you need.
This is really cool and I want it for inter-government identification. Eg country B can check a ZK proof that I'm a citizen of country A, allowed to drive, not a criminal, have a degree, etx
I just don't want to have to ID myself at every corner of the internet. Whether the site receives my details or not.
I've heard they even want to mandate periodic re-checks now which is insane. The internet should remain free.
Besides, if parents don't want to give access to social media they can just not give their kids a phone, or just use the many parental control features available on it. Every phone has this these days.
And even if the government wants to ban this stuff for all kids (which I would not agree with but ok I don't have kids so I don't really care and parents do seem to want this), they don't have to enforce it this way. They can just make the parents liable if the kids are found to have access.
To me this is just another attempt at internet censorship and control.
ZK proof can't solve the TOCTOU problem.
What is wrong with inactive accounts, why do they need to be deleted?
This is the way. It annoys me to no end when e.g. the German chancellor demands clearnames in social media. The real issue are bots and algorithmically enhanced reach. Proof of personhood in a privacy-preserving way is enough to fix this. But it should be mandatory for social media in the EU. You don't need to expose people to the doxxing mob to protect our democracy.
Tbh, when I read that "platforms face a choice between excluding lawful users and monitoring everyone." I don't have much understanding.
No gov. ID, no participation. It's not like you cannot go outside and talk to people anymore so let's not pretend that being on insta is some sort of universal human right and anybody barred from it is some sort of terrible tragedy.
No one would be foolish enough to trust their government nor the EU. You should be ashamed of working for such "people". Thanks for helping implementing a surveillance state.
You don't have to trust your government to employ them, the key is to bake in and maintain rigorous checks and balances, demand transparency, routinely audit and fire people for corruption, etc.
For me it is disqualified for usage because I need to buy into a Google or Apple ecosystem. At least the reference implementation does. This is just the next level of enshitification. And no, I don't need a digital blockwart at all.
And I have zero illusion privacy is compromised, it is trivial to identify devices these days, so it doesn't even work technically.
Next sentence we hear some empty bickering about digital sovereignty. This is all bullshit.
We support F-droid, so you could get a degoogled android version and use that to load the app on your phone. The app could also be ported to other platforms, but right now there is really no market for it.
That sill forces me into a Google ecosystem. F-Droid is better than the Play Store, but issues remain.
There is certainly a market for desktop OS as well. This creates a market for freedom.gov, shady as it is.
Good luck finding the single government in the world that actually wants that, rather than it being a pretext for control that is too sweet to pass up. If you manage to find them, post an article on HN about it as top places to move to.
The system you're describing is good for the masses, not for those with power.
> As long as you trust the government…
You should never trust the government
The requirement to use google or apple services is a deal breaker. If I can't verify my age using an EU wallet without having an account with a US tech company what is the point of any of this?
[dead]
Yeah, but how to convince investors that trusting the government-issued ID is good enough? /s