Comment by microtonal
7 hours ago
First, I should say that I am against online age identification. But if we are going to get age verification because the larger population wants it, I definitely prefer the EU's privacy-preserving age verification that uses zero knowledge proofs (yes, they have issues too) over private companies doing age verification, requiring uploading scans of your ID, filming your face, etc. For the reasons that you mention (people can easily be tricked into giving information to the wrong people), but also because I simply do not want my data to be in the hands of random private companies that will sell the data, give it to Palantir, etc.
That makes this fight so annoying, we have to fight age identification, while at the same time also promoting privacy-preserving age verification for the case it happens anyway.
I think this is folly. You cannot communicate this level of nuance at scale, especially when faced with opposition that actively lies to achieve their goals.
Quoting an older post...
> In a benevolent dictatorship, sure, go for a zero-knowledge proof verification as your solution. In the reality of democracy, where politicians are corporate puppets who cloak surveillance laws in "think of the children" to rally support from the masses, we need to convince people to see through the lie and reject the proposals outright while reassuring them that they can protect the children themselves via parental controls. You will never be able to sufficiently inform 50.1% of the population of any country of what zero-knowledge proof even means, let alone convince them to support age verification laws but strictly conditional on ZKP requirements. That level of nuance is far too much to ask of millions of people who are not technically-informed, and idealism needs to give way to pragmatism if we wish to avoid the worst-case scenario.
In a benevolent dictatorship, sure, go for a zero-knowledge proof verification as your solution. In the reality of democracy, where politicians are corporate puppets who cloak surveillance laws in "think of the children" to rally support from the masses
I do not (completely) agree with this. This seems like the very typical US-centric view of politics. A lot of members of the European Parliament are not corporate puppets and have ideals (even if they often do not align with mine). Why would the EU come with a ZKP-based verification reference app if they were sock puppets? The corporate sock-puppet politician would just push the narrative that age verification should be left to the market (which is probably what happens in the US, where most politicians are sock-puppets due campaign sponsoring, etc.).
You will never be able to sufficiently inform 50.1% of the population of any country of what zero-knowledge proof even means, let alone convince them to support age verification laws but strictly conditional on ZKP requirements.
We do not have to convince the population. We have to convince regulators and if it becomes necessary the EU/national-level courts that handle human rights violations.
Also, in the case of the EU, they made a reference implementation of ZKP age verification and asked national governments to roll this out in their apps. One of the large issues though is that the reference implementation relies on Google Play Integrity for device attestation (+ the iOS counterpart), so if national software development agencies use the reference implementation as-is, it shuts out competing systems. They should have used AOSP device attestation, which is also supported by GrapheneOS, etc. So, besides protesting age verification, I'm trying to get the message to politicians that how device attestation is done in the reference implementation is an issue. The thing that might help here is that sovereignty is also high on the agenda.
> We do not have to convince the population. We have to convince regulators and if it becomes necessary the EU/national-level courts that handle human rights violations.
Without the population on your side, it's some insignificant minority's words vs. corporation's power determining where the lines get drawn by regulators. The people can put a leash on politicians who cave too hard to corporations by voting them out of office, but if they don't even understand the issue and have been conditioned to accept age verification, that will never happen.
> One of the large issues though is that the reference implementation relies on Google Play Integrity for device attestation (+ the iOS counterpart)
I am confused as to why you suggest my view is US-centric, and then go on to acknowledge that the EU is currently in the midst of rolling out regulation that de facto enshrines the Google+Apple duopoly in law. The EU bureacracy seems to be just as captured by corporate interests as the US. At times, they put up a token protest against Apple/Google, but generally only insofar as to promote competing European corporate interests where applicable. The EU would certainly prefer to serve European corporations over American ones, but the European people don't seem to factor into the equation at any point.
1 reply →
>They should have used AOSP device attestation
No, they shouldn't have used any attestation. If they are using sound cryptosystem for their ZKPs, they don't need to care at all about what hardware and software I'm using.
>In the reality of democracy, where politicians are corporate puppets who cloak surveillance laws in "think of the children" to rally support from the masses
Conspiratorial gibberish
Are you seriously blind? Do you genuinely believe politicians don't legislate in ways that benefit corporations over individuals? Or do you genuinely believe the sudden worldwide push across dozens of countries to surveil all internet access, prevent VPN usage, and lock down devices at the OS level is the result of an organic, grassroots desire to protect children no matter the cost?
5 replies →