Comment by lachiflippi
6 hours ago
I've been really enjoying all these articles proposing solutions to anonymous age verification, mainly because most of them are written as if this has never been implemented in the real world. German IDs support age verification that just returns a yes/no response to the question "is this user above the age of 18," and not a single service in the entire country supports it.
Anonymous age verification isn't a technical problem to be solved, as it's already been solved, it's a societal problem in that either the companies or the politicians pushing for age verification don't want to support it.
> German IDs support age verification that just returns a yes/no response to the question "is this user above the age of 18,"
If the only thing that came out of the ID was those letters then you wouldn't need the ID, you could just type "yes" or "no" when the site asks you if you're over 18. So it's presumably not doing that, instead it's providing some kind of signature.
And then the privacy implied by "just returns a yes/no response" isn't actually there, because it's actually returning more than that. Does the response have a fixed signature which is unique to the ID, therefore able to be correlated across sites? Does the ID have a unique public keypair that it uses to sign, with the same problem? If someone extracts the key from one ID, or just hooks it up to a computer, can they now set up a service to anonymously sign for everyone in the world? If they can't anonymously sign for everyone, can't the same mechanism used to identify them also be used to identify anyone else?
"Someone attempted to do this but no one uses it" is no proof that their attempt was any good or addressed the concerns people have about doing this.
My understanding is that the responses are signed, but in a way that prevents linking signatures across vendors, so the same card being used for verification on different sites could not be linked, while the same card being used multiple times for the same vendor could.
As I'm not an expert on the crypto underlying the protocol, feel free to check the eIDAS standard for more info (the documents are in English, even if the link is not): https://www.bsi.bund.de/EN/Themen/Unternehmen-und-Organisati...
A cursory look implies they're using group signatures:
https://en.wikipedia.org/wiki/Group_signature
Which allow the group manager (presumably the government, or anyone who compromises them) to identify who signed something.
If using the same card multiple times with the same site allows the site to correlate them then that obviously also allows the site to link two accounts you intended to be separate, or two sites to set themselves up as the same "vendor" and thereby correlate your accounts between them.
This is immensely counter-intuitive to many Americans. They wrongly assume that digital IDs are some Biblical apocalyptic level invasion of privacy, when every state ID database is already 1) linked to Federal ones, and 2) full of the same data on your driver's license anyway.
I've tried to explain this to people, that a digital ID done well is better than the fraud-enabling 1960's hodgepodge in use that has served fraudsters better than citizens for 30 years. They set their teeth and refuse based on use of the word "digital" in the title alone.
It will take generational change for the US to get something as banal as a digital ID already in use in dozens of countries, for no other reason than mindless panic over misunderstanding everything about digital ID systems, how IDs even work, and how governments work.
Oh, that's not the half of it. In my own country, digital ID adoption was a political hot topic for a long time after the Orthodox Church realized that the new chips contain 12-digit long IDs that might contain the sequence 666. This despite everyone in the country having a legal ID with a number code that can also happen to contain this same sequence - but somehow the mere possibility of this happening in the digital IDs sparked a huge outrage and made politicians avoid the topic for quite a while.
> In my own country, digital ID adoption was a political hot topic for a long time after the Orthodox Church realized that the new chips contain 12-digit long IDs that might contain the sequence 666.
Indeed, look at those ignorant Bible thumpers objecting to the spreading installation of barcode scanners for their barcode tattoos. Surely the number is not an allegory for the general principal that we should strongly resist attempts to centralize authority or serialize humans like a herd of cattle.
> but somehow the mere possibility of this happening in the digital IDs sparked a huge outrage and made politicians avoid the topic for quite a while.
Maybe because the objection was never really about a specific sequence of digits and was more about the expansion of human tracking.
I agree that there's a lack of awareness of what happens in other countries with ID, but I think it is also a different situation in the US.
States in the US in a lot of ways are more comparable to countries in the EU. It's not exactly like that but in many ways it is. So it would be like requiring an EU ID on top of a national ID.
I also don't think privacy per se is the real issue of concern, it's concern about consolidation of federalized power. Privacy is one criterion by which you judge the extent to which power has been consolidated or can be consolidated.
The question isn't "can this be federalized safely in theory", it's "is it necessary to federalize this" or "what is the worse possible outcome of this if abused?"
As we are seeing recently, whatever can be abused in terms of consolidated power will be eventually, given enough time.
I guess discussions of whether or not you can have cryptographic verification with anonymity kind of miss the point at some level. It's good to be mindful of in case we go down the dystopian surveillance route, but it ignores the bigger picture issues about freedom of speech, government control over access (cryptographic guarantees of credential verfication don't guarantee issuance of the id appropriately, nor do they guarantee that the card will be issued with that cryptographic system implemented in good faith), and so forth.
The argument is that the mechanisms in use in the German IDs (and others like them) rely on trusted parties and/or trusted hardware, and therefore don't adequately assure anonymity. And this is in fact true; the trusted parties are among the ones you might want to hide the information from.
Trust is bad in security. It's not complicated to understand this.
The age verification system is being developed with an EU-wide standard. It's supposed to become part of the EU digital wallet initiative.
The trick with age verification is to do it in a way that doesn't allow tracking by the service itself (i.e. returning the same token/signature every time) or from the government (shouldn't see what sites you use when). That has pretty much been solved now, though.
I wish all governments would just run identity services and mandate usages that return anonymous attestations. Age being the most obvious attestation but something like residence status could also be useful.
Something as simple as a JWT with claims (and random uuid id) would work
It can't be quite that simple because you have a couple additional problems to solve - (effectively restating bits of the article poorly and partially)
1. You don't want these to be replayable (give your JWT to someone else to use) so they need to be bounded in some ways (eg intended website, time, proof it came from you and not someone else).
2. You don't want the government to know which website you're going to, nor allow the government and the website to collaborate to deanonymize you (or have the government force a website to turn over the list of tokens they got). So the government can't just hand you a uuid that the website could hand back to them to deanonymize.
The SD JWT and related specs solve for these, which is how mDL and other digital IDs can preserve privacy in this situation.
> You don't want these to be replayable (give your JWT to someone else to use) so they need to be bounded in some ways (eg intended website, time, proof it came from you and not someone else).
But these are the things that make it non-anonymous, because then instead of one token that says "is over 18" that you get once and keep forever, everyone constantly has to request zillions of tokens. Which opens up a timing attack, because then the issuer and site can collude to see that every time notbob69 signs into the website, Bob Smith requested a token, and over really quite a small number of logins to the site, that correlation becomes uniquely identifying.
Meanwhile we don't need to solve it this way, because the much better solution is to have the site provide a header that says "this content is only for adults" than to have the user provide the site with anything, and then let the user's device do what it will with that information, i.e. not show the content if the user is a minor.
3 replies →
But one overlooked advantage of manually copying JWTs is that the user doesn't have to blindly trust they're not hiding extra information. They can be decoded by the user to see there's only what should be there.
I just recently used my ID to register for a lottery website using the AusweissApp the first setup was a bit annoying, but once you are registered its actually easy to use and apparently you don't even need a phone you can use a card reader on your PC as well
It's also gateway to push more. Once APIs are in place and databases are full, what's another "check" or a bit of info to add ?
Surely the safety of children is worth it right ?
If it is the case that German IDs supporting selective disclosure aren't seeing adoption for services then it needs to looked at what the friction is or even just because it's optional. It doesn't necessarily have to be an ulterior motive. It'd be easy to be called out as conspiratorial otherwise.
Right now with age assurance laws and online services there has been no singular approach beside falling back to use of government ID that any country has required. Each country has just said 'here are the minimum criteria, choose what you want' and left it up to services to comply.
So what have services chosen? The least friction and cheapest existing solution to be compliant. For most services that's been using readily available facial scanning services and government IDs as fallback. Not all of them of course but it's so scattered that it makes it difficult for a person to know what they'll need for one service vs another (and perhaps even avoid use of a service if their approach doesn't align with the person's values).
Without mandating better minimum privacy criteria governments can just point to the fact they're not preventing such tech from being used and leave it at that. But solutions also need to be affordable to adopt for a wide range of sites/services and have good support (interfaces, etc) around them to catch on so it's not just entirely whether tech exists per se.
I remember reading in tech magazines about the "foss" acheivement which went on to become Aadhar. Remember this was prior to 2007 I think.
The idea was your id would be an autehnticator of sorts. You need to verify yourself, the website asks Aadhar if the person is genuine, the website returns binary yes no. Same for you, is gender male? Or ages above 18?
They would not return any other data.
In the end, it became just another "formality" and tool for politicians and to flex muscles.
People ended up taking photocopies of your card "just in case" and "that's the norm" even when it was said that's a bad idea.
People still do Aadhar kyc but it is in hands of politicians now and the bureaucracy.
The problem with these "yes/no" systems is that they also involve the websites you visit calling up a centralized party and asking if you're old enough. This is fine if the websites aren't interested (or if you really trust your government with your web browsing history), but gets unfortunate if you don't want to share that information.
>Anonymous age verification
Anonymity from whom? Does the German government doesn't know that Gunter Shmidt has just verified his age to the site GreatBDSMPartiesInBerlinForDragQueens.com ? Even if they obtain the logs from the site?
afaik it comes directly from your ID's card chip, there is an App inbetween that temporarily stores that data so it can be submitted to the service you are registering to
So the app could phone home if it so desires?
[dead]