Lauren WeinsteinMar 26, 2024

It's important to understand that "age verification" schemes being passed by states, ostensibly to "protect the children", won't do that and will bring about incredible abuses.

In order to age verify children, obviously EVERYBODY of any age must be verified, for every account, under every name or pseudonym, ultimately on every site no matter how public or private the topic, and before downloading any apps.

Children will find ways to work around this. They'll use the accounts of adults, which will be openly traded. But because these age verification systems must by definition be based on government IDs, the verification process creates a linkage between your account names and your actual identity, subjecting you to all manner of leaked personal information, government abuses (think MAGA in charge), and worse. Firms will claim their systems either don't keep this data or can't be abused. History strongly suggests otherwise, and when courts step in, those firms will have to do what the courts say, often in secret, when it comes to collecting data.

Age verification is in actuality a massive Chinese-style Internet identity tracking project -- nothing less -- and there are many politicians in the U.S. who look with envy at how China controls their Internet and keeps their Internet users under police state controls.

Show threadHoward CohenMar 26, 2024
@lauren That is exactly what I was thinking. How can you possibly have an age limiting system without a real identity to tie verification to?
Show threadLauren WeinsteinMar 26, 2024
@hoco You can't, of course. And everybody must be identified of all ages, or else you can't identify children as children. And only government IDs will be considered authoritative. These are key points so many people are missing. They assume this all applies only to children. But that's a logical impossibility. It's universal, and ripe for abuse of both children and adults. A tracking nightmare, that government has wished for since the earliest days.
Show threadtdietterichMar 26, 2024
@lauren @hoco I think we need cryptographic digital ids. These will probably need to be government-issued (although perhaps government could license third parties?). Each person could have a collection of digital ids, each of which reveals different information. The base id would just certify that you are a human being. It would replace CAPCHAs. Another could certify citizenship. Another could certify minimum age. Finally, some could certify your full identity. Other use cases?
Show threadHoward CohenMar 26, 2024
@tdietterich @lauren If they are tied to you, they destroy anonymity. It isn't the data inside the ID that is the problem, it is that it becomes possible to identify you using the ID. So, encrypting the content doesn't insulate you from being identified.
Show threadtdietterichMar 26, 2024
@hoco @lauren I wonder if there is a way to combine differential privacy with cryptography to achieve some of these goals. Certificate distribution and usability would also be huge challenges, I'm sure. Thank you for your advice.
Show threadMatt AusternMar 26, 2024
@tdietterich @hoco @lauren I'm pretty sure there is no such way. By definition, differential privacy means nothing is linked to any one individual. Literally, that's the definition: what makes it "differential" is that the presence of absence of a single record doesn't affect a query result. (This can all be made precise with probabilities and εs.) You're talking about a token that's tied to an individual, which is the direct opposite of differential privacy
Show threadtdietterich
@austern @hoco @lauren The simplest idea: Suppose there is a token shared by a group of people who all satisfy some property (e.g., age). Observing the token doesn't tell you the identity of the person, but only the shared property. I'm sure this is buggy, but perhaps something along these lines can be worked out?
Mar 26, 2024 at 4:26amWeb
Show threadtdietterichMar 26, 2024
@austern @hoco @lauren I realize this isn't classic DP. And some authority would still need to certify the ages and distribute appropriate tokens.