Mastodawn

The UK has announced plans to fast-track legislation requiring “age verification for VPN use”. The correct term, however, is not age verification but identity verification.

A law like this would require everyone to identify themselves in order to use a VPN. This would pose a risk to whistleblowers, violate human rights, and represent yet another step toward an authoritarian society.

Show thread

Kirill Chernyshov Feb 17

@mullvadnet curious timing. just about an hour ago I forged and verified my first zero knowledge proof that can tell the verifier that proof holder was born before a certain timestamp (aka. older than N years) at the same time reveling absolutely (!) nothing about proof holders, not even those who authorize it.

Show thread

Fluffy Kitty Cat Feb 17

@dotfox @mullvadnet why are you working on tech to help the Nazis?

Show thread

wojtek Feb 18

@fluffykittycat @dotfox @mullvadnet do you even grasp what "Nazi" is and what it entails?

Show thread

Fluffy Kitty Cat Feb 18

@wojtek yes, they've taken over my country and are censoring the internet

Show thread

wojtek Feb 19

@fluffykittycat I don't know what "your country" is (UK?) but last I checked majority of "western world" runs uncesored. Care to elaborate without using vocabulary that you seem to not grasp completely?

Show thread

Fluffy Kitty Cat Feb 19

@wojtek age verification deanonimized people and in the USA, ICE is functionally above the law, explicitly profiling activists, and is building out concentration camps. None of these systems are gonna e built to use zero knowledge proofs because that would defeat the point. Discord switched from on-device AV to a theil company

Show thread

Fluffy Kitty Cat Feb 19

@wojtek zero knowledge proofs talk just has the effect of legitimizing the while affair

Show thread

Kirill Chernyshov

@fluffykittycat The age verification mandates are coming whether or not privacy tech exists - that's literally what the Mullvad VPN post that started this thread is about. The question is whether those mandates get implemented with systems that deanonymize people (which is what you're rightly worried about) or with systems where deanonymization is mathematically impossible.

Show thread

Kirill Chernyshov Feb 20

@fluffykittycat And here's the thing: the mere existence of a privacy-preserving alternative gives people a much stronger argument against invasive systems. Right now when governments push for identity verification, the response is just "don't do it." If a working ZK-based system exists, the argument becomes "there is no reason to collect identity data - you can verify what you need without it." That's a far harder argument for surveillance states to dismiss.

Show thread

Fluffy Kitty Cat Feb 20

@dotfox "The age verification mandates are coming" because they're being pushed from on high. there's no reason we should accept this. why all of a sudden are we expected to hand over or IDs to use the internet? nothing good is intended here

furthermore, no one has ever rebutted the obvious flaw in any ZK-based system: how do you know that the ID belongs to the actual user and not someone handing out "Over 18" tokens en mass? I've asked this of people and no one's told me how they plan to stop this

discord promised up and down there were being super private and everything was all on device, and that lasted about a week and now your IDs go straight into Peter Thiel's ICE database. if we give in to "zero knowledge" how can we know that won't just happen?

no, we have to take a stand against this in it's totality

Show thread

Kirill Chernyshov Feb 20

@fluffykittycat How easy is it for you to get a fake identity that will be accepted as legit by some gov agency or even your local pub? My system does not reinvent the wheel here, it will be equally hard. But it solves a problem that to get to the pub you have to reveal your name, exact date of birth, address, etc. With this system, the verifier can't see that data even if they wanted to - it's never transmitted, not just "promised not to be stored".

Show thread

Fluffy Kitty Cat Feb 20

@dotfox what's to stop me from verifying people who can't verify themselves? If you can't stop it, it's not effective. If you can, it's not anonymous. How do you square that circle?

Furthermore, who gets to decide what you need to AV for and what you don't? They've already admitted they want this for anti LGBT and pro Gaza genocide reasons explicitly. It's not innocent, not in the slightest

Show thread

Kirill Chernyshov Feb 20

@fluffykittycat Anonymity in my system is from the verifier, not from the issuer. The issuer (say, a gov agency) knows who you are - same as when they issue you a passport. But the website/service checking your age learns nothing about you. So: the issuer can stop fraudulent issuance (not anonymous to them), and the verifier can't track you (anonymous to them). No circle to square - these are two different relationships.

Show thread

Kirill Chernyshov Feb 20

@fluffykittycat and, as I said in another reply - If a privacy-preserving alternative exists, it's leverage to fight the invasive version. I'd rather have the option than not.