← Back to context

Comment by ForHackernews

6 hours ago

No they do not. A properly designed government app that uses cryptography to generate a deniable token that can't be cross-correlated but proves your humanity/age to a consuming site is manifestly different than Google adtech hoovering up as much of your activity as possible.

8 comments

ForHackernews

Reply
AnthonyMouse  6 hours ago

> A properly designed government app

Oof, that's not a great premise to take as a requirement right out of the gate. More counterexamples than examples for that one.

> that uses cryptography to generate a deniable token that can't be cross-correlated but proves your humanity/age

If it's actually deniable/anonymous then how would it work for rate limiting? If you can't correlate their activity then you don't know if the million requests are a million people or one bot with a million connections. If you can correlate their activity then it's not anonymous.

Moreover, it's a false dichotomy that we should be doing either of these things. The better alternative to corporate surveillance isn't government IDs, it's no surveillance.

  • ForHackernews  5 hours ago

    A site can still choose to have a login system if it wants to. Sites can still rate limit based on IP address or cookies or whatever they use today.

    The idea would be to use ZK proofs to demonstrate that "yes, this anonymous request is from a client acting on behalf of an adult human EU citizen" - that's something that is not easy to do today.

    • AnthonyMouse  5 hours ago

      > A site can still choose to have a login system if it wants to. Sites can still rate limit based on IP address or cookies or whatever they use today.

      So then you don't need either attestation or government IDs, right?

      > The idea would be to use ZK proofs to demonstrate that "yes, this anonymous request is from a client acting on behalf of an adult human EU citizen" - that's something that is not easy to do today.

      But how is that even useful? Is it good to exclude real people from Korea or South America? Do we really expect criminal organizations or for that matter even children to be unable to find a single adult EU citizen willing to anonymously loan them an ID?

      It's about as plausible as criminals being unable to run their code on a device that can pass attestation. They're both authoritarians with a conflict of interest trying to foist a hellscape on everyone under a pretext their proposal can't even really address.

      2 replies →

sterlind  6 hours ago

I have not seen any government adopt such a standard.

some EU countries claim to provide anonymous age verification services, but those only hide your identity from the relying party. the site you visited is logged to the government's database along with your identity, before you're redirected to the target site with an "anonymous" token.

  • ForHackernews  5 hours ago

    > the site you visited is logged to the government's database along with your identity

    Is that true, or are you spreading FUD? Because the system in question is not even live yet, it's only had experimental releases.

SturgeonsLaw  5 hours ago

They could do it like that, but they won't do it like that, because tracking the population is a feature not a bug