| "The saga is turning into a PR disaster for Brussels. "
imo: mostly because the Author wants it be a disaster.
The App has not launched, they published the source code in order to invite external review. I dont have time to every claim, but e.g. this [see quote below] seems to be blown out of proportions to me - the app fails to delete a temp. image, which results in a selfie being stored indefinitely(?) on the internal disk of your device - if an adversary has access to the internal disk of my phone, they can also just access the photo roll.
"For selfie pictures:
Different scenario. These images are written to external storage in lossless PNG format, but they're never deleted. Not a cache... long-term storage. These are protected with DE keys at the Android level, but again, the app makes no attempt to encrypt/protect them.
This is akin to taking a picture of your passport/government ID using the camera app and keeping it just in case. You can encrypt data taken from it until you're blue in the face... leaving the original image on disk is crazy & unnecessary."
Not immediately deleting the selfie is a pretty fundamental and egregious mistake to make. People are particularly sensitive to selfies not being handled correctly after Discord lost thousands of them, despite promising to delete them after age verification occurred (and then not doing so) https://www.bbc.com/news/articles/c8jmzd972leo
The damage is limited because the selfie is only retained on device, but it still does not signal competency from the EU to fail at the most basic hurdle of disposing of the selfie once verification is complete.
Can you give a brief explanation of how this is done with a zero-knowledge proof? That site is low information and painful to navigate, and it seems quite surprising to me that this is possible. ID verification, in the government sense, is ostensibly going to require matching an ID against a some other resource. If done locally then you can trivially spoof the result, akin to hacking a game, but if done remotely then it's not zero-knowledge.
I think a zero-knowledge system here would be quite desirable. But a centralized repository that is e.g. maintaining tabs on every single adult-authorization for every single person with verifiable details of them is, by contrast, a dystopic disaster waiting to happen because it will be hacked, leaked, and abused, sooner or later.
> The point of this is that you can use the credentials on your phone to prove that you are an adult to a website using zero-knowledge proofs to avoid disclosing your identity to anybody.
It is my understanding that this is not possible. I would be happy to be shown to be wrong, but to me it seems like you can either prevent people from lending out their credentials, or you can preserve the anonymity of the user, but not both.
You can use 0KP to prove you have a signed certificate issued by your government that says you are an adult, but then anyone with such a certificate can use it to masquerade as however many sock puppets they like and act as a proxy for people who aren't adults. You can have the issuing government in the loop signing one-time tokens to stop Adults-Georg from creating 10k 18+ attestations per day, but then the issuing government and the service providers have a timing side-channel they can use to correlate identities to service users. Is there some other scheme I'm missing that solves this dilemma?
> It is my understanding that this is not possible. I would be happy to be shown to be wrong, but to me it seems like you can either prevent people from lending out their credentials, or you can preserve the anonymity of the user, but not both.
This is not designed to prevent adults from coöperating with minors; that makes no sense as a design goal because any technical measure can always be bypassed with “download this for me and give me the file”. This is designed to prevent minors from being able to access systems without an adult.
Nothing prevents an adult from buying alcohol on behalf of minors; that doesn’t mean laws that prevent minors from directly buying alcohol are useless.
> You can use 0KP to prove you have a signed certificate issued by your government that says you are an adult, but then anyone with such a certificate can use it to masquerade as however many sock puppets they like and act as a proxy for people who aren't adults
The certificates in question can use a few mitigations: short lived, hardware stored (in a TPM, making distribution harder), be single use, have a random id which the service being accessed can check how many times has been used.
> but then the issuing government and the service providers have a timing side-channel they can use to correlate identities
That's not reallya concern, IMO. That would always exist as a risk - most people would probably have a flow of trying to do something, having to prove ID/age, doing that step, continuing with the something, which means you'd probably be able to time correlate the two sides quite often. The solution here is legal with strong barriers, not technical.
> The solution leverages the existing eIDAS infrastructure, including eIDAS nodes and the trust framework for trusted services, to ensure a high level of security and reliability. By aligning with the technical architecture of the EU Digital Identity Wallet ARF, the solution delivers secure, reusable, and interoperable proofs of age.
> The solution enables users to present their Proof of Age attestation to Relying Parties, primarily for online use cases. The system is optimised for secure and privacy-preserving online presentation, allowing users to prove their eligibility without disclosing unnecessary personal information.
> AVI SHOULD support the generation of Zero-Knowledge Proofs using the solution detailed in: "Matteo Frigo and abhi shelat, Anonymous credentials from ECDSA, Cryptology ePrint Archive, Paper 2024/2010, 2024, available at https://eprint.iacr.org/2024/2010".
> Anonymous digital credentials allow a user to prove possession of an attribute that has been asserted by an identity issuer without revealing any extra information about themselves. For example, a user who has received a digital passport credential can prove their “age is ” without revealing any other attributes such as their name or date of birth.
> The point of this is that you can use the credentials on your phone to prove that you are an adult to a website using zero-knowledge proofs to avoid disclosing your identity to anybody.
That's the theory. How is it in practice?
In my opinion, it just means there is a single government database to hack to get copies of all IDs...
By the way have the "security experts" checking this app evaluated that part? Or they're just worried about the app users cheating?
> In my opinion, it just means there is a single government database to hack to get copies of all IDs...
That doesn't make sense, all IDs are already in a single government database. Kind of by definition in fact, for IDs to be useful they need to be emitted by a central authority with associated security and revokability guarantees.
The implementations I've seen rely on an app reading your physical ID and its NFC chip, comparing that with a selfie to ensure it's the same person, and being able to provide anonymous proof you are of age based on that, or proof that you are indeed who you say you are.
> The point of this is that you can use the credentials on your phone to prove that you are an adult to a website using zero-knowledge proofs to avoid disclosing your identity to anybody.
No it isn't.
Literally that is not the scope document, and such a solution would not be permitted by the EU as compliant with the legislation.
The app isn't zero knowledge. A prototype workflow has been designed for a one way transfer to sites that is zero knowledge, but it doesn't actually deliver zero knowledge because it you have to verify your age with an external provider to get the credential (which is not zero knowledge), the app has to be secured with either Apple or Google's attestation services (which are not zero knowledge), and the site has to be able to check with the original external provider that the credential hasn't been revoked (which is in no way zero knowledge).
Zero knowledge proofs are when the prover can prove the statement is true to the verifier without disclosing more information beyond the statement. It doesn’t mean the prover cannot talk to other systems to produce the statement.
The alternative would be to just not do anything and to remove liability from Meta et al. In the world we live in, where competing interests already spent tens of billions to bribe/lobby the EU, we have to be realistic about it.
This open source and transparent ZKP-based approach is extremely surprising to see, publishing a draft in advance and inviting the public to break it so it can be improved? Are you kidding me? What about the billions of private investment in all the companies that offer centralized ID checks like Persona, Socure, ID.me and more? Thats a growing billion dollar industry. They all counted on this as a future market opportunity that the EU just seem to have destroyed at least in the EU?
People fighting against this age id app might be paradoxically useful idiots for billion dollar investments and lobbying efforts. The demos is once again dragged into the trenches to fight a war they don't understand.
The main issue appears to be that as per the blueprint user MUST use one of the mandated handsets (iPhone or Android with pre-installed and privileged Google Services) and:
- MUST use either Google or Apple account
- must not be banned by the provider or sanctioned in the USA
These issues have been flagged to the devs working on the blueprint since the inception, only to be handwaved away.
Getting banned can happen randomly even if you're not doing anything illegal or wrong (it's enough for a robot to decide you're within the blast radius), getting sanctioned can happen if you're an UN lawyer investigating human rights abuses USA actually likes.
1. Devs forgot to delete images in some failed scenarios. Images that do not get sent anywhere and remain locally. In an open source app that anyone can point calmly to the bug and it will get fixed easily.
2. "an attacker can simply remove the PinEnc/PinIV values from the shared_prefs file"... Any android developer knows that to access the shared prefs file you need ROOT access on the phone, which is impossible on the stock os. Rooting the phone requires advanced knowledge. It means deliberately nuking your phone security, which most likely will require factory resetting the phone in the process. Or a hacker would need to use a sophisticated exploit, maybe even 0day, to access an app that would allow him to log in on some adult sites. Sounds reasonable (no).
So, the guy found two very superficial problems in a early demo app. Does not even look at the important code with the actual implementation of the zero knowledge proof cryptography, as it is way above his skill level. Throws malicious allegations mixed with blatant lies. Cries for attention to the whole internet and it gets augmented by news and people who understand security and technology even less than him. He dares calling it "hacking" in under 2 minutes. That's just disgusting.
He even calls himself "Security Consultant". Lord have mercy on whoever is going to work with him.
The “hack” in question is pointing out that the app forgets to delete images of the user's face and ID (stored). A lot of people have pictures of their face already on the phone, and often their ID as well so this is hardly a security flaw in any real sense.
"Let’s say I downloaded the app, proved that I am over 18, then my nephew can take my phone, unlock my app and use it to prove he is over 18." - and how is that something that could, or should, be addressed by the app? Are we even serious??
well of course because the whole reason you're making free men and women verify their identity with government-issued documents... was supposed to be to prevent that. If its not going to prevent such an easy work-around ITS NOT WORTH IT (not that it was in the first place)
Because people share phones with their kids. It's not rare or even mildly unusual. The problem isn't that the app needs to solve this. The problem is the app is useless, along with this whole bizarre "need for age verification" plot that poofed out of existence simultaneously around the whole globe mysteriously a few months ago.
Well, reality called and says: Like ID, drivers license, credit cards and guns: Phones are sth. you dont just "share" with your kids. Also there is an option to guard the ID App with an additional PIN/Biometric.
Exactly. "Age verification" is the "think of the children" marketing campaign for "identity verification". Governments don't like anonymity; it makes it harder to find those they consider enemies. But it's hard to market something people don't want and get no benefit from. So, you dress it up in fear and make it easy to villify people who argue against it.
On top of the pretty bad article, HN finds the “can’t win” scenario again. There’s no age verification scheme that will survive “collusion”, that’s when the adult allows the minor to use validated credentials, devices, etc. And whatever more intrusive age verification schemes we come up with will also fail this but add the intrusiveness to ruffle even more HN feathers. We can have the constant face, fingerprint and DNA scan for as long as the sensitive apps is used. Everything gets stored on a central server for safety so your kid can’t hack the device and replace the reference sample. /s
> "Let’s say I downloaded the app, proved that I am over 18, then my nephew can take my phone, unlock my app and use it to prove he is over 18."
Love the magic step in the middle, unlock my app. Ask for passcode or faceid to “unlock your app”. That’s a lot of legwork the adult has to do so the child can “trick” the system.
Some people will forever be shocked that if they leave on the table an open booze or medicine bottle, loaded gun, etc. a child can just take them and misuse them. The blame is unmistakably with bottle and gun manufacturers, right?
Put a modicum of effort to protect the sensitive apps or supervise the child when you share your device. They can do a lot of damage even with age appropriate apps. Wanna see how quickly your kid will tell everyone on the net how much money you have (via proxies), where you live, and when you go on vacation? Or tell someone the credit card number they swiped from your pocket if the other person makes it sound like a game?
> "Let’s say I downloaded the app, proved that I am over 18, then my nephew can take my phone, unlock my app and use it to prove he is over 18."
While I appreciate the zero-knowledge proofs is considered, how the hell did no one in charge of the app design think of this? It's is literally the first question I asked when I first heard about this app. You go to the app in a store to buy alcohol, you're asked to verify your age, but that's not what you're doing. Your simply showing the store that you have a phone, with and app, which was configured by some over 18 (maybe).
Honestly I don't think it's possible to verify that you're over 18 without also providing something like a photo ID (and even that is error prone).
You can probably do something online, where the website or app does some back channel communication to a server that verifies a token. Even that is going to have issues. You could add a "List of sites that has verified your age" option where you can revoke the verification, in case your nephew borrows your phone.
They are going to implement this and it will be "good enough", but I don't see this being 100% secure or correct.
That's not what you're competing with. Your competing with a drivers license with a photo (not a great photo) and some countries have pretty easily faked drivers licenses, but others have drivers licenses in hard plastic with holographic features.
If it's just a PIN, and the PIN is his aunts birthday, it might not be much of a challenge. We also have to consider the cases where the adult is complicit, in these cases the app is even less secure than photo ID (for store purchases, not necessarily online).
These are the sources cited by the article:
[1] https://xcancel.com/Paul_Reviews/status/2044502938563825820
[2] https://xcancel.com/paul_reviews/status/2044723123287666921
[3] https://csa-scientist-open-letter.org/ageverif-Feb2026
| "The saga is turning into a PR disaster for Brussels. "
imo: mostly because the Author wants it be a disaster.
The App has not launched, they published the source code in order to invite external review. I dont have time to every claim, but e.g. this [see quote below] seems to be blown out of proportions to me - the app fails to delete a temp. image, which results in a selfie being stored indefinitely(?) on the internal disk of your device - if an adversary has access to the internal disk of my phone, they can also just access the photo roll.
"For selfie pictures:
Different scenario. These images are written to external storage in lossless PNG format, but they're never deleted. Not a cache... long-term storage. These are protected with DE keys at the Android level, but again, the app makes no attempt to encrypt/protect them.
This is akin to taking a picture of your passport/government ID using the camera app and keeping it just in case. You can encrypt data taken from it until you're blue in the face... leaving the original image on disk is crazy & unnecessary."
>The App has not launched, they published the source code in order to invite external review.
I read that from many reactions in discussions, but not from their own channels? (Maybe I missed that)
It is ready for deployment: https://commission.europa.eu/news-and-media/news/european-ag...
The message is that it is ready, 'ticks all the boxes' (the published code does not) and that is now ready for integration by other countries. https://xcancel.com/vonderleyen/status/2044340323120193595#m
Then in the article I read that what we see now is a 'demo' version. So the code on Github is not the current code?
Not immediately deleting the selfie is a pretty fundamental and egregious mistake to make. People are particularly sensitive to selfies not being handled correctly after Discord lost thousands of them, despite promising to delete them after age verification occurred (and then not doing so) https://www.bbc.com/news/articles/c8jmzd972leo
The damage is limited because the selfie is only retained on device, but it still does not signal competency from the EU to fail at the most basic hurdle of disposing of the selfie once verification is complete.
Note that this is an implementation of eIDAS:
https://news.ycombinator.com/item?id=45521738
Can you give a brief explanation of how this is done with a zero-knowledge proof? That site is low information and painful to navigate, and it seems quite surprising to me that this is possible. ID verification, in the government sense, is ostensibly going to require matching an ID against a some other resource. If done locally then you can trivially spoof the result, akin to hacking a game, but if done remotely then it's not zero-knowledge.
I think a zero-knowledge system here would be quite desirable. But a centralized repository that is e.g. maintaining tabs on every single adult-authorization for every single person with verifiable details of them is, by contrast, a dystopic disaster waiting to happen because it will be hacked, leaked, and abused, sooner or later.
> The point of this is that you can use the credentials on your phone to prove that you are an adult to a website using zero-knowledge proofs to avoid disclosing your identity to anybody.
It is my understanding that this is not possible. I would be happy to be shown to be wrong, but to me it seems like you can either prevent people from lending out their credentials, or you can preserve the anonymity of the user, but not both.
You can use 0KP to prove you have a signed certificate issued by your government that says you are an adult, but then anyone with such a certificate can use it to masquerade as however many sock puppets they like and act as a proxy for people who aren't adults. You can have the issuing government in the loop signing one-time tokens to stop Adults-Georg from creating 10k 18+ attestations per day, but then the issuing government and the service providers have a timing side-channel they can use to correlate identities to service users. Is there some other scheme I'm missing that solves this dilemma?
> It is my understanding that this is not possible. I would be happy to be shown to be wrong, but to me it seems like you can either prevent people from lending out their credentials, or you can preserve the anonymity of the user, but not both.
This is not designed to prevent adults from coöperating with minors; that makes no sense as a design goal because any technical measure can always be bypassed with “download this for me and give me the file”. This is designed to prevent minors from being able to access systems without an adult.
Nothing prevents an adult from buying alcohol on behalf of minors; that doesn’t mean laws that prevent minors from directly buying alcohol are useless.
2 replies →
> You can use 0KP to prove you have a signed certificate issued by your government that says you are an adult, but then anyone with such a certificate can use it to masquerade as however many sock puppets they like and act as a proxy for people who aren't adults
The certificates in question can use a few mitigations: short lived, hardware stored (in a TPM, making distribution harder), be single use, have a random id which the service being accessed can check how many times has been used.
> but then the issuing government and the service providers have a timing side-channel they can use to correlate identities
That's not reallya concern, IMO. That would always exist as a risk - most people would probably have a flow of trying to do something, having to prove ID/age, doing that step, continuing with the something, which means you'd probably be able to time correlate the two sides quite often. The solution here is legal with strong barriers, not technical.
Can attestations be rate-limited or is that the timing side-channel you are talking about?
1 reply →
You are mixing things up, and EU abbreviations do not help.
Many countries in EU already have electronic identity documents and delegate authentication to mobile apps one way or another.
eID or mobile identity application operating over QR codes and used to log into websites and apps is a commodity here.
This has nothing to do with age verification.
I’m not sure what you are saying I am mixing up.
The article links to the source code repository here:
https://github.com/eu-digital-identity-wallet/av-app-android...
That links to the tech spec:
> The solution leverages the existing eIDAS infrastructure, including eIDAS nodes and the trust framework for trusted services, to ensure a high level of security and reliability. By aligning with the technical architecture of the EU Digital Identity Wallet ARF, the solution delivers secure, reusable, and interoperable proofs of age.
> The solution enables users to present their Proof of Age attestation to Relying Parties, primarily for online use cases. The system is optimised for secure and privacy-preserving online presentation, allowing users to prove their eligibility without disclosing unnecessary personal information.
— https://github.com/eu-digital-identity-wallet/av-doc-technic...
Annex A includes details on the ZKP:
> AVI SHOULD support the generation of Zero-Knowledge Proofs using the solution detailed in: "Matteo Frigo and abhi shelat, Anonymous credentials from ECDSA, Cryptology ePrint Archive, Paper 2024/2010, 2024, available at https://eprint.iacr.org/2024/2010".
— https://github.com/eu-digital-identity-wallet/av-doc-technic...
And the linked paper:
> Anonymous digital credentials allow a user to prove possession of an attribute that has been asserted by an identity issuer without revealing any extra information about themselves. For example, a user who has received a digital passport credential can prove their “age is ” without revealing any other attributes such as their name or date of birth.
— https://eprint.iacr.org/2024/2010
1 reply →
> The point of this is that you can use the credentials on your phone to prove that you are an adult to a website using zero-knowledge proofs to avoid disclosing your identity to anybody.
That's the theory. How is it in practice?
In my opinion, it just means there is a single government database to hack to get copies of all IDs...
By the way have the "security experts" checking this app evaluated that part? Or they're just worried about the app users cheating?
> In my opinion, it just means there is a single government database to hack to get copies of all IDs...
That doesn't make sense, all IDs are already in a single government database. Kind of by definition in fact, for IDs to be useful they need to be emitted by a central authority with associated security and revokability guarantees.
The implementations I've seen rely on an app reading your physical ID and its NFC chip, comparing that with a selfie to ensure it's the same person, and being able to provide anonymous proof you are of age based on that, or proof that you are indeed who you say you are.
4 replies →
> The point of this is that you can use the credentials on your phone to prove that you are an adult to a website using zero-knowledge proofs to avoid disclosing your identity to anybody.
No it isn't.
Literally that is not the scope document, and such a solution would not be permitted by the EU as compliant with the legislation.
The app isn't zero knowledge. A prototype workflow has been designed for a one way transfer to sites that is zero knowledge, but it doesn't actually deliver zero knowledge because it you have to verify your age with an external provider to get the credential (which is not zero knowledge), the app has to be secured with either Apple or Google's attestation services (which are not zero knowledge), and the site has to be able to check with the original external provider that the credential hasn't been revoked (which is in no way zero knowledge).
Zero knowledge proofs are when the prover can prove the statement is true to the verifier without disclosing more information beyond the statement. It doesn’t mean the prover cannot talk to other systems to produce the statement.
1 reply →
The alternative would be to just not do anything and to remove liability from Meta et al. In the world we live in, where competing interests already spent tens of billions to bribe/lobby the EU, we have to be realistic about it.
This open source and transparent ZKP-based approach is extremely surprising to see, publishing a draft in advance and inviting the public to break it so it can be improved? Are you kidding me? What about the billions of private investment in all the companies that offer centralized ID checks like Persona, Socure, ID.me and more? Thats a growing billion dollar industry. They all counted on this as a future market opportunity that the EU just seem to have destroyed at least in the EU?
People fighting against this age id app might be paradoxically useful idiots for billion dollar investments and lobbying efforts. The demos is once again dragged into the trenches to fight a war they don't understand.
The main issue appears to be that as per the blueprint user MUST use one of the mandated handsets (iPhone or Android with pre-installed and privileged Google Services) and:
- MUST use either Google or Apple account - must not be banned by the provider or sanctioned in the USA
These issues have been flagged to the devs working on the blueprint since the inception, only to be handwaved away.
Getting banned can happen randomly even if you're not doing anything illegal or wrong (it's enough for a robot to decide you're within the blast radius), getting sanctioned can happen if you're an UN lawyer investigating human rights abuses USA actually likes.
So I do see a problem here.
> The alternative would be to just not do anything and to remove liability from Meta et al.
Or just give parents easy to use parental controls. But that wouldn't grow the surveillance state.
Or just let us set our age in the OS profile? Works for adults and kids.
The title of the original article seems wrong, they didn't launch the app, they published the source code ahead of the launch.
This all feels a bit like letting children into a nightclub and then needing to see ID every time you buy a drink.
1. Devs forgot to delete images in some failed scenarios. Images that do not get sent anywhere and remain locally. In an open source app that anyone can point calmly to the bug and it will get fixed easily.
2. "an attacker can simply remove the PinEnc/PinIV values from the shared_prefs file"... Any android developer knows that to access the shared prefs file you need ROOT access on the phone, which is impossible on the stock os. Rooting the phone requires advanced knowledge. It means deliberately nuking your phone security, which most likely will require factory resetting the phone in the process. Or a hacker would need to use a sophisticated exploit, maybe even 0day, to access an app that would allow him to log in on some adult sites. Sounds reasonable (no).
So, the guy found two very superficial problems in a early demo app. Does not even look at the important code with the actual implementation of the zero knowledge proof cryptography, as it is way above his skill level. Throws malicious allegations mixed with blatant lies. Cries for attention to the whole internet and it gets augmented by news and people who understand security and technology even less than him. He dares calling it "hacking" in under 2 minutes. That's just disgusting.
He even calls himself "Security Consultant". Lord have mercy on whoever is going to work with him.
They didn't launch an app per se - they've released the source code of such app. So, let's be more precise on the terminology, please!
If my kids cannot change a boolean into a json, they do not deserve the [redacted]
I don't work with json very often, and this is probably a joke, but how would that even work?
op meant "in" not "into"
The title seems totally misleading.
The app still hasn’t launched. There’s only so long you can run on hype before you lose the readers you were trying to win over.
The “hack” in question is pointing out that the app forgets to delete images of the user's face and ID (stored). A lot of people have pictures of their face already on the phone, and often their ID as well so this is hardly a security flaw in any real sense.
Previously on source: https://news.ycombinator.com/item?id=47803773
"Let’s say I downloaded the app, proved that I am over 18, then my nephew can take my phone, unlock my app and use it to prove he is over 18." - and how is that something that could, or should, be addressed by the app? Are we even serious??
well of course because the whole reason you're making free men and women verify their identity with government-issued documents... was supposed to be to prevent that. If its not going to prevent such an easy work-around ITS NOT WORTH IT (not that it was in the first place)
The phone also needs to be rooted for any of the attacks to work.
At least that's what the manufacturer's AI generated article says: https://eidas-pro.com/blog/eu-age-verification-app-hack-expl...
Because people share phones with their kids. It's not rare or even mildly unusual. The problem isn't that the app needs to solve this. The problem is the app is useless, along with this whole bizarre "need for age verification" plot that poofed out of existence simultaneously around the whole globe mysteriously a few months ago.
Well, reality called and says: Like ID, drivers license, credit cards and guns: Phones are sth. you dont just "share" with your kids. Also there is an option to guard the ID App with an additional PIN/Biometric.
20 replies →
My kid can take my phone and not be able to transfer any money form my bank account, because it's protected by pin and biometrics.
That's a solved problem and making an immense vulnerability out of it is silly.
Exactly. "Age verification" is the "think of the children" marketing campaign for "identity verification". Governments don't like anonymity; it makes it harder to find those they consider enemies. But it's hard to market something people don't want and get no benefit from. So, you dress it up in fear and make it easy to villify people who argue against it.
2 replies →
The Solution: constant face tracking /s
[dead]
[dead]
On top of the pretty bad article, HN finds the “can’t win” scenario again. There’s no age verification scheme that will survive “collusion”, that’s when the adult allows the minor to use validated credentials, devices, etc. And whatever more intrusive age verification schemes we come up with will also fail this but add the intrusiveness to ruffle even more HN feathers. We can have the constant face, fingerprint and DNA scan for as long as the sensitive apps is used. Everything gets stored on a central server for safety so your kid can’t hack the device and replace the reference sample. /s
> "Let’s say I downloaded the app, proved that I am over 18, then my nephew can take my phone, unlock my app and use it to prove he is over 18."
Love the magic step in the middle, unlock my app. Ask for passcode or faceid to “unlock your app”. That’s a lot of legwork the adult has to do so the child can “trick” the system.
Some people will forever be shocked that if they leave on the table an open booze or medicine bottle, loaded gun, etc. a child can just take them and misuse them. The blame is unmistakably with bottle and gun manufacturers, right?
Put a modicum of effort to protect the sensitive apps or supervise the child when you share your device. They can do a lot of damage even with age appropriate apps. Wanna see how quickly your kid will tell everyone on the net how much money you have (via proxies), where you live, and when you go on vacation? Or tell someone the credit card number they swiped from your pocket if the other person makes it sound like a game?
The first premise you are avoiding is that a child can misuse a phone.
The second premise you are avoiding is that the government can define, for every child, what constitutes misuse.
You are advocating thought crime. You do not have my support.
My government cannot adequately manage responsibility for my cupboards. It therefore shall not have authority over them.
> "Let’s say I downloaded the app, proved that I am over 18, then my nephew can take my phone, unlock my app and use it to prove he is over 18."
While I appreciate the zero-knowledge proofs is considered, how the hell did no one in charge of the app design think of this? It's is literally the first question I asked when I first heard about this app. You go to the app in a store to buy alcohol, you're asked to verify your age, but that's not what you're doing. Your simply showing the store that you have a phone, with and app, which was configured by some over 18 (maybe).
Honestly I don't think it's possible to verify that you're over 18 without also providing something like a photo ID (and even that is error prone).
You can probably do something online, where the website or app does some back channel communication to a server that verifies a token. Even that is going to have issues. You could add a "List of sites that has verified your age" option where you can revoke the verification, in case your nephew borrows your phone.
They are going to implement this and it will be "good enough", but I don't see this being 100% secure or correct.
Just like anyone can take anyone's credit card and go shopping - but in contrast Phones are (or at least can be) much more secure.
That's not what you're competing with. Your competing with a drivers license with a photo (not a great photo) and some countries have pretty easily faked drivers licenses, but others have drivers licenses in hard plastic with holographic features.
The credit card doesn't work as age verification.
7 replies →
How does the nephew unlock the phone and app?
If it's just a PIN, and the PIN is his aunts birthday, it might not be much of a challenge. We also have to consider the cases where the adult is complicit, in these cases the app is even less secure than photo ID (for store purchases, not necessarily online).
1 reply →
[dead]