Comment by hiciu
1 day ago
> EU's planned system requires highly invasive age verification
EUDI wallets are connected to your government issued ID. There is no "highly invasive age verification".
We are literally sending a request to our government's server to sign, with their private key, message "this john smith born on 1970-01-01 is aged over 18" + jwt iat. There are 3 claims in there. They are hashed with different salts. This all is signed by the government.
You get it with the salts. When you want to prove you are 18+ you include salt for the "is aged over 18" claim, and the signed document with all the salts and the other side can validate if the document is signed and if your claim matches the document.
No face scanning, no driver license uploading to god-knows-where, no anything.
> to obtain 30 single use, easily trackable tokens that expire after 3 months
This is the fallback mechanism. You are supposed to use bbs+ signatures that are zero knowledge, are computed on the device and so on. It is supposed to provide the "unlinkability". I don't feel competent enough to explain how those work.
> jailbreaking / "prevent tampering"
This is true. The eidas directive requires that secret material lives in a dedicated hardware / secure element. It's really not much different than what a banking app would require.
> You have to blindly trust that the tokens will not be tracked
This is not true, the law requires core apps to be opensource. Polish EUDI wallet has been even decompiled by a youtuber to compare it with sources and check if the rumors about spying are true. So you can check yourself if the app tracks you.
Also we can't have a meaningful discussion without expanding on definition of "tracking".
Can the site owner track you when you verify if you are 18+? Not really, each token is unique, there should be no correlation here.
Can the government track you? No, not alone.
Can the site owner and the government collude to track you? Yes they can! Government can track all salts for your tokens, site can collect all salts, they can compare notes. There are so called policy mitigations currently: audits and requirements for governments to remove salts from memory the moment stuff is issued.
Can they lie? Sure.
Can the site owner and the government collude to track you if you are using bbs+? No. Math says no.
Can they lie if you are using bbs+? Math says no.
> Can the site owner and the government collude to track you? Yes they can! Government can track all salts for your tokens, site can collect all salts, they can compare notes. There are so called policy mitigations currently: audits and requirements for governments to remove salts from memory the moment stuff is issued.
It's not zero knowledge for me then. Also - if there is ANY possibility to track anyone. And/or centrally mark someone "nonverified" then it makes more problems than solves.
Even if I trust my govt (no way), even if it'd be fully ZK with no way to track anyone… still govt would have a way to just block some individual "because".
And the best part… Age verification will not solve "children problem". I think it's parents problem to take care of their children, AV will be pretty easy to bypass - kid will just borrow ID for a moment and… voila! Govts (or some people) are creating problem and solution that do not exists.
I do not like way internet went, I do not like more way it's headed now.
I'll bite.
> It's not zero knowledge for me then. Also - if there is ANY possibility to track anyone. And/or centrally mark someone "nonverified" then it makes more problems than solves.
> Even if I trust my govt (no way), even if it'd be fully ZK with no way to track anyone… still govt would have a way to just block some individual "because".
Is this even actually possible? If you want any sort of identity verification you HAVE to trust someone, whether age or full ID. Literally impossible.
Zero trust systems in society don't work. If you don't care "who" then yes, zero trust is just fine... but then what's the point of "age verification"?
The whole point is that mandating websites to require age verification is more authoritarian than people are pretending it is.
1 reply →
You have to trust someone to verify age.
You don't have to trust somebody not to track how the resulting credential is used. And that is what "zero knowledge" means. It means that after you finish the protocol, nobody has learned anything but what they were supposed to learn (in this case, "the person at the other end of this connection is over 18"). If it leaks anything else about the person, it's not zero knowledge. If somebody learns which of the issued credentials was used, it's not zero knowledge. If parties can collude to get information they're not supposed to get, it's not zero knowledge.
It's a technical term of art, not some politician's bullshit. And it isn't complicated to understand.
> This is not true, the law requires core apps to be opensource. Polish EUDI wallet has been even decompiled by a youtuber to compare it with sources and check if the rumors about spying are true. So you can check yourself if the app tracks you.
The "open source" apps connect to proprietary backends run by a third party that you have to blindly trust. If EUDI wallets were truly open source and free from blindly trusting any authority, then you could simply remove that requirement and issue your own tokens without the use of potentially malicious third party.
> issue your own tokens
I mean, you can. It's like with TLS certificates. The standard is there. The code is there. You can issue your own.
The question is, who will trust you?
It is not at all like TLS. With TLS you at least can get your own certificate signed by an official CA, and use that private key on whatever system you want.
3 replies →
> It's really not much different than what a banking app would require.
I can use my banking services through the web. Codifying the Google/Apple monopoly in law is gross.
> I can use my banking services through the web.
Not for much longer. Stealing your data on mobile device is way too lucrative for the banks to pass on. All while pretending it's done for security.
Sadly true, while scammers run rampant regardless. It’s depressing to watch everything get worse.
Many banks have gone the way of requiring 2FA on an unrooted phone, but giving you a way out by also offering you 2FA via smartcard (using a smartcard reader and a bank-issued card). I suspect a similar thing could be done here, with the smartcard providing the trusted hardware/secure element?
In the context of world politics and the hunt for sovereign hosting etc it also seems incredibly weird to put all of EUs identity handling in the hands of two American companies.
For clarity, the US could over night make all European digital wallets nonfunctional by requiring app stores to remove them and have them uninstalled remotely (iirc there is such a feature but it’s very rarely used). Likely? No, still a very strange thing to put into law though.
> Government can track all salts for your tokens, site can collect all salts, they can compare notes.
That is not zero knowledge. Given that actual zero-knowledge systems are well understood, the only reason to deploy a system that allows that would be if you planned to abuse it.
What is your definition of zero knowledge?
https://en.wikipedia.org/wiki/Zero-knowledge_proof
1 reply →
Zero knowledge in such a system requires a minimum of 3 independent parties. There are quite a few solutions out there, I think the most developed ones are online voting systems, because tracking and de duplication is essential.
The impossibly high bar they set "Perfect" at in order to make it the enemy of good, and fight against any progress being made to keep children out of adult spaces.
That being said, it's my personal opinion that I'd love to simply have my device store a token and send it to any site when requested. I'd then like those sites to give me toggles to remove all non-verified content - and therefore my internet experience could be sans-juvenile squeakers.
> This is true. The eidas directive requires that secret material lives in a dedicated hardware / secure element. It's really not much different than what a banking app would require.
Except the state is not a bank, of which there are many. The state is not optional, and trusting an American company with, of all things, the digital precondition for social existence, is suicidal.
> This is true. The eidas directive requires that secret material lives in a dedicated hardware / secure element. It's really not much different than what a banking app would require.
Most banking apps run on GrapheneOS, will this? Nearly all EU banking websites run on Firefox on Linux, will this?
Why did you not quote the App Store/Google Play Services part, which is much worse?
> There are so called policy mitigations currently: audits and requirements for governments to remove salts from memory the moment stuff is issued.
I'm sure this will be as diligently carried out as GDPR enforcement. [0].
[0] https://noyb.eu/en/project/dpa/dpc-ireland
> jailbreaking / "prevent tampering"
Now your EU government requires you to have an unmodified Google or Apple device to use any age restricted services. Cementing the US mobile OS duopoly and locking out any free systems and desktop etc. forever.
Any governmental service taking part in this is a violation of civil rights and even if you don't care about those, maybe you care about digital sovereignty.
This is so lightly handwaved away, almost as if attention needs to be drawn away. By the looks of this I'd say the end of general computing might be the actual goal, and all the age verification is just yet another "think of the children" pretense?
I totally agree that one of the biggest vulnerabilities in EU digital ID scheme are US corporations :).
At least that establishes that you don't care about civil rights :|
*corporations in general
Great comment all around but
> jailbreaking / "prevent tampering"
> This is true. The eidas directive requires that secret material lives in a dedicated hardware / secure element. It's really not much different than what a banking app would require.
This is unacceptable. So much talk about independence from the US, you simply cannot make it a hard requirement to use the duopoly to be a citizen (as if it wasn't a quasi-hard requirement already)!
Funny how they just handwave it like it's a totally normal thing, like the insane situation with banking apps. Most people don't care as they run with whatever's available without modification, but we still should fight for the right to run the code we want on devices we own.
Consider the car analogy: if you want to drive on public roads, you need to drive an attested, unmodified vehicle that complies with the relevant regulations. If you want to play around and modify the car, that's fine, but then you don't get to use it around other people. You're also not allowed to buy some random, unknown Chinese or Indian car and drive it on the road. People already accept this when framed as a safety issue. I suspect they care more about their cars than their phones, and won't care about the requirements on the phone anyway because they're not planning to modify it, and as long as WhatsApp and Instagram keep letting them exchange shopping list additions and pictures of vacation cocktails, then what's the problem?
To be clear, I'm not in favor of a participation-in-society ban for jailbreaking your phone, but there's already precedent for it.
4 replies →
> We are literally sending a request to our government's server to sign, with their private key, message "this john smith born on 1970-01-01 is aged over 18" + jwt iat. There are 3 claims in there. They are hashed with different salts. This all is signed by the government.
If the "18+ claim" can't be linked to your identity and doesn't have any rate limits, someone can set up a token-as-a-service to sell tokens on the black market.
> Government can track all salts for your tokens, site can collect all salts, they can compare notes. There are so called policy mitigations currently: audits and requirements for governments to remove salts from memory the moment stuff is issued.
> Can the site owner and the government collude to track you if you are using bbs+? No. Math says no.
How does the math say no? Big tech companies already log absolutely everything. What's going to stop the government from keeping all the salts they're issuing and then mandating that site operators add the salts to their existing logs?
> Can they lie? Sure.
Well, they've lied to us over and over when it comes to surveillance, so I think at this point it's reasonable to assume they're lying unless it's technically impossible. Where's the in-person key verification that used to be in Whatsapp? How do the authorities get notified when someone makes a poorly thought out joke using Snapchat private messages before getting on a plane? Why is there a war on end-to-end encryption?
We're going to pay a fortune for these supposed zero knowledge systems and that's what it's about. Select companies are going to get paid to issue tokens and the scale is going to create a few new billionaires.
The people in charge are going to gain a ton of power when they betray everyone and disenfranchise us.
> someone can set up a token-as-a-service to sell tokens on the black market
They can! Singing requires either PIN or finger on the fingerprint, and signed "proof" is valid for like 60 seconds. This whole end-to-end attestation with play integrity is supposed to make setting up token-as-a-service things impractical.
> What's going to stop the government from keeping all the salts they're issuing and then mandating that site operators add the salts to their existing logs?
> How does the math say no
BBS+ signatures. Hashes you receive from the government and hashes you send to the site operator are different and not correlated.
> Singing requires either PIN or finger on the fingerprint, and signed "proof" is valid for like 60 seconds. This whole end-to-end attestation with play integrity is supposed to make setting up token-as-a-service things impractical.
So how would I use this on Linux then? Because I'd be rather unhappy if a bunch of websites became unusable on Linux due to government-mandated security restrictions.
My (Canadian) government's health portal already refuses to load if you use Linux (despite it being 100% web-based), meaning that I'm completely unable to book vaccinations or view procedure results without workarounds. Luckily it only checks the user agent, so it's pretty easy to override this right now, but that wouldn't be possible if cryptography/attestation were involved.
1 reply →
> We are literally sending a request to our government's server to sign
You've already lost. You're at the government's mercy. They can simply refuse to sign.
"Mr. John Smith, we noticed you've published some poorly-worded comments online. Why are you locked out of your account, you say? Oh, that's just an unfortunate technical issue with our signing system, happens all the time. Anyway, this is a friendly reminder for you to improve your online etiquette. Have a nice day."
There's really two cases here.
You live in a democracy?
YES) the violation you describe is verifiable to a journalist. You publish story, and you keep the government accountable.
NO) Why are you even discussing if age verification is a good idea or not, you freak. It's not really up to you anyway. Go fix your country first.
You mean the journalists that are pro age-verification and pro banning everything that's slightly critical and constantly demonize everyone going against them?
Or you live in a democracy so you throw a fit until your government backs down. No amount of journalists is going to change the US or the UK at this point.
Do you trust today's democracy to be a democracy tomorrow?
Never. Cede. Ground. You'll never get it back, and one day the rights will be gone.
3 replies →
Plenty of democracies in Europe and elsewhere regularly and repeatedly fail to actually represent the desires and interests of the citizenry, but they keep getting reelected anyway. Why should this time be any different?
2 replies →