Comment by j2kun

> They become a traceable identity token

Not if you use a challenge-response protocol where the client returns a zero-knowledge proof of age, where the proof incorporates a random string sent by the website.

The traceable stuff is private information that the website never sees. If a minor is caught with it, then law enforcement has local access to the minor's hardware and can probably view the private data.

At that point, the private key can be put on a public revocation list. The zero-knowledge proof can include a proof that you're not on the revocation list. Once you've been revoked, you have to go through the hassle of setting this all up again, which might be enough incentive to keep it reasonably secure.

But could you not set up a system where you need to go get (for free) a limited use token at a physical location, or have them mailed to your home, and they have a rough geographical lock? If a bunch of those tokens start appearing in random locations, it is a good indication that someone is reselling them to minors? I'm not saying this is idiot proof, but what could go wrong?

There is a way to prevent this (or at least slow it down), but that way requires device integrity protection.

With integrity protection, tokens can only be minted with a government app, driven by both biometrics and physical human hands touching the physical screen. There's no way to do it in the background. Without it, you can indeed have a single activist mint 10 billion tokens and give them out for free, defeating the entire scheme.

There's a CAP-style triangle here. You can have age assurance and anonymity but lose the ability to run your own software, have age assurance and device control but lose anonymity (via traditional ID checks, which don't require IP in theory), or have anonymity and device control but lose age assurance.

The tokens could be tied to the device and Apple account by a provider like Apple, in fact you don’t need to issue tokens, only provide a web api that Apple and other browser providers support, which attests age.

This is certainly something that can be solved technically if we want.

I thought a solution to this would be to use a physical smartcard to store the certificate(perhaps on your government ID). if the protocol is a challenge/response and the private key never leaves the card it would make proxying without the physical card more difficult.

We are talking about porn here. And the internet will be always full of it - and that can only be prevented by controlling all of it, or have each state have a golden firewall.

All of these solutions seem very complicated, for little benefit. So a anonymous age verification scheme, fine with me. But making it more complicatdd, because dark entities could capture and resell tokens .. seems a step in the direction of madness.

Trusted computing solves this problem handily.

having kids fiddle around with alternative means and schemes of communication might well turn out to be an intellectual and academic net positive.

> Is the child going to inform on themselves? No. Is the adult, when they don't even know about it?

In the context of social media, if they want to actively participate they have to given that it's the entire point. It's true that even with a government ID scheme people could borrow someone's ID to get passive access with their consent. But a kid couldn't share an account with a parent without that parent knowing because you see their activity, and they also couldn't post.

> What these governments want to do

I feel strongly that this conspiratorial mind-reading approach to this sort of issue is just counterproductive.

What all the governments (and non-governments, frankly, there are many supporters of these things) are asking for is excluding minors from certain websites and services.

The problem is that this translates to age verification, which translates to identify verification, which incidentally gives states and other actors a variety of other tools they can use for anti-civil-liberties purposes.

In the end their motives are just irrelevant unless there is a clear way to exclude minors from certain services without going down the chain towards identity verification. Such a way does not exist, so we have to fight it here, at the point where the basic ask emerges.

[dead]

>charged with a crime roughly equivalent to providing alcohol to a minor

In most countries it's perfectly legal to provide alcohol to your kids.

I know! What puzzles me is responses every such article gets even on HN - let's build some cool tech that 95% of the general population and 100% of politicians won't even understand not to mention agree to.

Yes, government want to end anonymity and that's clear to some. But governments enjoy on a pretty broad support for this and many people supporting this believe it's a real problem. Suggesting to leave it unsolved or solve it in a way they can't trust or understand is only going to alienate them, making the government job easier.

I think suggesting a simple, cheap and effective solution to this problem that has no impact on privacy is a way better way to counter that. I think local parental controls fits the bill.

> That's not the problem governments are solving. They're solving the problem of convincing the public it's a good idea to end the anonymity of internet use.

I'm really sorry, but that's giving politicians far to much credit for being able to plan ahead.

Look at both the UK and the USA. The UK's just yeeted its PM because he had the personality of a block of cheese. The USA is currently inches away from shooting people if they mention the word green and water in DC. None of that screams "I am a master at planning ahead and manipulating public opinion in to doing x"

The politicians have no idea about how this all works, they see that "social media" is causing harm (its not the only source, we might get to that) The public, especially in the UK really do not like americanised media being forced in their faces and want "something to be done"

Again for the UK specifically the OSA specifically didn't layout a government mechanism for age verification. they left it to the end company to avoid the suggestion of tracking. Despite it being ripe for uberfraud and blackmail.

it would be much more private if ofcom had published an opensource gateway to anonymously authenticate against. (assuming the thing was built properly and verified)

But to the point you are hinting at

Google, meta, apple and $OS makers already track you. This is not an issue of privacy persay, its about who can track you and why. I'd much rather a list of times I access a site that required age verification being stored by the government, than every single fucking page I looked at tracked by google/meta.

The latter is already here.

That's why they are still appealing to sentiment rather than established research (which actively refutes the arguments they are making).

which begs the question, In preparation for what?

Precisely. The people in power would love nothing more than to stop “disinformation” (facts that cause social unrest).

> I don't understand why we suddenly think that's the end of civilization.

Because they've been told to think it by the combined forces of Meta and the Heritage Project. They spelled it all out in Project 2025, a check list which has been followed nearly to the letter. They're also rampaging through libraries and trying to keep books of the shelves.

Conservatives don't like porn, because controlling sexuality is part of the cult playbook to control people. (Addendum: they don't like other people having it. They're hypocrites, of course.) They also want to, while instituting a backdoor ban on porn, define everything else they don't like as pornography. Project 2025 repeatedly uses the term "pornographic" as a synonym for for LGBT issues and other things.

The goal, after de-anonymizing the Internet, is specifically to control access to information and entrench their fascist Overton window shift.

They're really sore that many Millennials and Gen Z had the internet as an escape hatch from local, abusive churchy bubbles and want that locked down going forward.

> Yeah. Didn't you find your dad's dirty VHS tapes when you were young? I'm sure most of us did. And we turned out fine.

Were they delivered to you in truckload volumes every day, including tapes recording executions, child molestation, foreign political propaganda, domestic political propaganda and misleading advertisements?

Every day, any day, unlimited quantities? Including giving your phone number to any strangers anywhere in the world so they can talk to you without limits, supervision or even parental knowledge?

No?

Then let's perhaps stop pretending that millenial internet free childhood is a thing that exists and let's talk about actual modern issues.

My God, what a horrific and evil idea

Have you missed the recent moral panic about the declining birth rates of white children? Brought to you by the same people who hate pronouns [0], trans people, and/or covid vaccines. In such a world, condoms will be required for non-whites (or race mixing relationships) and forbidden to aryan/white couples.

Notes:

0 - For an example of using 2 pronouns in one sentence: "I am he".

https://www.biblegateway.com/passage/?search=John%2018%3A6-8...

Have decent defaults. “Is this phone for a child” and “scan this wr from parents phone”. 90% of problems solved.

That said while Apple does a good job at parental controls, Microsoft is altered. Trying to have controls on Minecraft across a windows laptop and a switch involved a multi hour odyssey, creating tons of accounts for parent and child.

You've got to be really on the margin of society to not be able to set it up when every grandma and her dog use smartphones. There're about 1000 different ways to improve the lives of such people without making everyone use their government ID when scrolling Instagram.

> The parents job is to keep their kids out of trouble. Learning how to keep track of what their kids access shouldn't be difficult

Unfortunately it is, but we could fix that with only minimally invasive legislation. Right now you either whitelist which breaks half the internet on a recurring basis (things are constantly changing) or you blacklist which is swiss cheese. Either way you're relying on third parties.

I think it would be much better to legally mandate a certain minimum level of self classification for website operators along with a simple and extensible scheme for communicating such. It might also be useful to mandate that devices ship from the OEM with parental control software supporting that standard but honestly I doubt that's necessary - if their were a standardized and above all reliable signal available I think browsers and operating systems would rapidly adopt support for it.

The problem with this idea is that it assumes responsible parents, which are not a given. I agree with you completely - I don't want any kind of controls on the Internet - but we live in a world where we cannot actually rely on parents to fulfill what you would consider to be basic and reasonable expectations of parental duties.

>The parents job is to keep their kids out of trouble.

I challenge that anyone believes this, and for my evidence, I would submit all the age based laws that protect children regardless of what parents do.

We have already, long ago, decided that it is the government's job to protect children, at least in cases where parents fail to do an adequate job. That's why I don't see this ending any other way. The march to total domination by the side of the government might be slow, but they already won the war around a century ago (exact timeline for laws protecting children in place of parents is a very long topic and does differ country to country, I recall hearing some places still even let kids buy alcohol if they say it is for their parents to consume).

> For those parents life is easier if nobody is allowed on these things.

Get over it, and stop caring how other people parent their kids. Or, better yet, learn from them.

> It's anonymous. The clerk or his POS system knows your name and age, but doesn't know your number. The vendor providing the tape doesn't know your number or your name.

Where does this 3rd party identity token provider come from?

For government-issued identity tokens, there are not separate parties. It's just the government, and they can choose to link whatever they want in their internal system if they decide it's in the interests of national security.

You're also forgetting that lottery tickets are tracked. This is how they can announce which store sold the winning ticket before anyone steps forward with it. It would be trivial to match a buyer to the ticket if they wanted to inspect the records. In the case of a government identity token service, there isn't even a separation of parties providing the records. They do it all and can have all the data.

> It's the exact same process by which you buy lottery tickets in a world where they don't need to verify your identity when you redeem them.

I’ve sold lottery tickets, and you have to be legal age to both buy and redeem them, so I’m not sure that this analogy or hypothetical solution is comparable to lottery tickets, nor is it likely to be the panacea you think it is.

I don’t think that the nascent online age verification schemes are good for society in general, either, but that’s not really the point you were making in your comment, so I don’t assume that you believe they’re good or bad, but simply advocating for a more privacy-preserving implementation. Which is kind of the whole point of the argument against bad implementations, but those who mandate and implement the systems likely view uniquely identifying people as a boon, whereas you and I probably don’t, which is why I am not hopeful that your ticket system will be used, because it will be higher friction for more people than uploading scans of their IDs and/or their face.

The ticket system, if implemented, would be used by so few people that the folks who do could likely be re-identified by Bluetooth tracking beacons and facial recognition in the same stores which they bought the ID tickets you suggest, and so I think the number of people who would escape tracking by any such means to be so few as to be a rounding error.

Those folks who do pursue this privacy hobby/fetish are statistically likely to ultimately mess up on their opsec eventually on a long enough timeline, so it’s hard to even imagine a scenario in which it matters either way what individual privacy activists do or don’t do from the point of view of the panopticon designers or implementers. Those not identified to a desired confidence interval by the mass surveillance system will just be retargeted for more sophisticated surveillance measures.

Despite how we rage, we’re still just rats in a cage.

More and more, the privacy debate feels like a quixotic struggle against giants, when everyone already knows that those giants are actually windmills; the majority of society now lives on reclaimed lands which rely on those windmills’ continued existence, and so no one cares about privacy in the way that you or I might care, because they are incapable of perceiving windmills as giants, nor do they have the intellectual or philosophical or political beliefs which would allow them to even entertain such perceptions even for the purposes of discussion. The privacy debate is beyond their ken.

> It's anonymous. The clerk or his POS system knows your name and age, but doesn't know your number.

What prevents a commercial "AI" security camera analysis firm from doing a decent job of linking footage of a store's customers to a likely subset of tokens, based on the knowledge of which tokens are sent to which store and how many tokens have been pulled off of the roll so far? Remember that you can design the token roll packaging so the easiest thing for a clerk to do is to pull off the rolls in the order in which they were shipped. Or -hell- you can design the token dispenser so that it phones home to the oracle that sent the roll to the store with the range of tokens in the roll when the roll is loaded into the dispenser (for "security purposes").

> It's the exact same process by which you buy lottery tickets in a world where they don't need to verify your identity when you redeem them.

I've seen many people buy lotto tickets. I've never seen anyone asked for ID. Perhaps the merchant is supposed to check for ID, but they don't. Relatedly:

> The clerk pulls a scratch-off ticket from the front of a ticket tape. The ticket contains a token identifier.

What prevents rolls of those tickets from falling off of a truck and either being handed out for free or at a substantial markup, no questions asked? [0]

In the real world, the system you propose absolutely will not function to the standards required by the people agitating for these systems. You can't "protect the children" if "children" can easily get their hands on anonymous access-granting tokens.

[0] The fact that this doesn't happen with lotto tickets often enough to be newsworthy is not a compelling counterexample. Stores make a decent amount of money selling those, and wouldn't want to get cut off from that revenue source by regularly "losing" shipments of tickets. What you propose doesn't make stores any money, so either you have to spend a bunch of money to induce them to carry the tokens [1], or you have to have harsh penalties for "losing" shipments of tokens. If you risk harsh penalties for choosing to sell the tokens, why even bother? Stores put up with the risk of selling booze because it's quite profitable... selling 5c or 0c tokens absolutely is not.

[1] Where does that money come from? From you and me, of course!

You go to the store. You give the clerk many quarters, and get the maximum number of tickets. You go online and sell the lot, perhaps for $20. Since the system preserves privacy, doing this carries no risk for you.

Eventually this becomes common knowledge and "something must be done". Facebook (the corpo sponsoring these age verification laws to absolve their own liability) and their ilk decide that the token system no longer meaningfully proves age. They switch to demanding full government ID in cleartext, as there is still no comprehensive privacy law that would prevent such a thing.

Every single approach that puts the onus on the company to verify age falls apart this way, possibly including a de facto mandate for remote attestation (ie say good bye to libre operating systems and browsers that aren't MSIE, Safari, or Chrome). The only workable systems are ones in which the onus remains on parents giving their kids networked computing devices to enable parental controls and/or otherwise monitor their kids' usage, with those parental controls based on information flowing strictly from the website to the user agent (eg a content tag that asserts "this page is suitable for kids").

(and I say this as a parent who is staring down having to deal with this problem in a short year or two)

No, I'm meant me, using my 18+ ID to generate a bunch of tokens that can't be linked back to me, and then giving it to random < 18 year olds for the lulz.

There's two strong incentives - deanonymization for law enforcement is pretty useful so that's one. You want to make it easier to subpoena information about posters for various reasons, access to stores on different dates etc. Lots of reasons for that.

And you want to satisfy voters who are worried about children online or have heard scary things about anonymous criminals. You want to be seen to do something about those.

A distant third is that you want the system to be cheap and built up fast and relatively easy so voters don't complain about it.

All together this leads you to something like "any time a site needs to verify your age (based on this broad list of requirements) put in your government ID number / picture". The infrastructure already exists for that, banks need it, social media needs it, and the current president has agitated for it a few times now. If you're really aiming high you set up some digital ID attached to it that's easier for the users.

>In what direction

Checkpoint Charlie directly ahead, not that far down the road.

If you venture into No Man's Land you could be shot on sight.

For who?

Okay - so you verify age and what else?

What combination of details can you validate on that is meaningfully privacy-preserving and couldn't result in wide-spread re-use of tokens?

Additionally - what would prevent some kids from getting a homeless man in the city to hand them his ID, get a facial scan, and everything else you can think of to generate a token and then pass that token around?

ZKP are a cryptography-nerd's joy but are are categorically unsuitable for the purpose of age verification. I stand by this without the slightest reservation.

Every government has been working on ways to identify and target individuals online since as long as the internet has existed. Governments are incentivized to continuously increase control. Why would you assume this is not yet another escalation towards their goal of being able to track and silence anyone who pushes back?

> that it's basically just be another government issued "thing" that they have to know about and be able to produce when requested

During COVID, there were protests about "vaccine passports" and masks. My state legislature tried introducing bills that would outlaw such things. In 2024, in several states (including mine), legislators introduced bills that would outlaw mRNA (and every vaccine made from it) [0]. REAL ID took almost 2 decades to get every state to implement it until the feds threatened to close all (commercial) airports in states refusing to implement it.

Notes:

0 - every year one of my legislators introduces a bill to outlaw chemtrails. This year, he added the plot of Termination Shock to his bill.

Bill to make "pureblood" a thing:

https://web.archive.org/web/20250118232059/https://apps.legi...

Bill to outlaw chemtrails & Termination Shock:

https://apps.legislature.ky.gov/record/26rs/hb60.html