Mastodawn

@Em0nM4stodon There are technical solutions without mass surveillance.

But I am not optimistic enough to believe those will be demanded.

Specifically because of the lack of surveillance, and the lack of monopoly protection for big tech.

Pretty sure big tech lobbyists are making sure the worst approaches possible get put into law. Not because they are evil per se, but because it strengthens their monopolies.

@divVerent @Em0nM4stodon No there are not. This is a fundamental fact of mathematical logic. Given a proposed age verification system you can prove that it's either trivially bypassed (doesn't actually verify age) or violates key privacy properties.

Em's point is spot-on. If you think of this as a problem to be solved, you are going to be wrong and you are going to be a useful fool for fascists.

Ed Wiebe Feb 22

@dalias @divVerent @Em0nM4stodon Knowing how old someone is does not limit their speech nor their ability to vote (we verify age for that already, and for many other reasons). Age verification isn’t state censorship. I suppose it could be a way to limit anonymous speech. That isn’t a Right where I am from (nor is ‘free’ speech). I doubt anonymous speech is a Right anywhere.

I have no doubt it’s absolutely technically feasible in a way that infringes on no one’s privacy. Ultimately though, yes, it could be abused by bad actors. Like everything else in civilisation we need some balance of enforcement to deal with those people.

@edwiebe @divVerent @Em0nM4stodon There is no way to know how old someone is without attestation by some authority who knows their identity. This precludes participation by anyone not known to such an authority (undocumented, outside of jurisdiction, etc.) or for whom it is not safe to let that authority know they are participating. And this is only the tip of the iceberg.

You are dangerously wrong, and you should stop advocating about things you're dangerously wrong about.

Talya (she/her) 🏳️‍⚧️✡️Feb 22

@dalias @edwiebe @divVerent @Em0nM4stodon
while that's true, it is possible to make such an attestation without destroying privacy (see https://soatok.blog/2025/07/31/age-verification-doesnt-need-to-be-a-privacy-footgun/).
however, even if you do that, it'll still be morally wrong in most cases.

and also, corporations are deliberately not going for the private solution, and governments are shifting the blame to users. the Czech government recently admitted social media is already illegal for teens (due to privacy laws), but they want new laws anyway.

Age Verification Doesn’t Need to Be a Privacy Footgun - Dhole Moments

“Won’t someone think of the poor children?” they say, clutching their pearls as they enact another stupid law that will harm the privacy of every adult on Earth and create Prior R…

Dhole Moments

Cassandrich

@Yuvalne @edwiebe @divVerent @Em0nM4stodon No, it is not possible. The ZPK bs is privacy-washing designed to bamboozle policy makers and privacy activists who don't understand math. Either it doesn't actually verify age (I can setup a proxy to hand out age proof verification tokens to anyone who wants them using my identity; I would absolutely do that if it were cryptographically safe) or something exposes to the token providing authority that I'm doing this and allows detection that someone else used my identity (thereby violating my privacy).

@dalias @Yuvalne @edwiebe @Em0nM4stodon Precisely - also as I described.

The one way around that would be storing the secret for the ZKP in a TPM.

Yeah, right, with that you can still run your own proxy and provide the ZKP for someone else.

But it is possible to then also use some forms of remote attestation so this doesn't work. Like, yeah, you can forward the ZKP, but then only you can decrypt the connection and not your "customer", as the decryption key is in your TPM and can't get out.

Despite all that, in worst case you can run a web browser in a VNC session for others to use, with your age claim. Nothing can prevent that - other than the ZKP not being actually ZK.

And that, indeed, is why ZKP aren't gonna happen for this. Even if they're cryptographically ZK, they'll end up signing more than just the age - at which point it's a privacy violation again and also no stronger than merely claiming your age in the first place.

Talya (she/her) 🏳️‍⚧️✡️Feb 22

@divVerent @Em0nM4stodon @dalias @edwiebe the crypto discussion misses the point.

no corporation has went down this way, and that's a deliberate choice of them. countries introduce ID requirements for social media instead of going after corpos for collecting kids' data, and that's a deliberate choice of them.

and they all treat a flat age limit as a solution, as if when someone's 16 and a day it's suddenly okay to hook them up on this digital drug, and that's a deliberate choice of them.

@Yuvalne @divVerent @Em0nM4stodon @edwiebe There are multiple points here, all important.

Abstinence-only approach to addictive shit.

Privacy and anonymity.

Right of people without identity (including children!) to participate in society & access information.

Capitalist platforms being abusive.

Etc.

None of these point to the awful "solutions" industry & government & normie simps for those two are pushing.

@Yuvalne @Em0nM4stodon @dalias @edwiebe Well, Google does provide a "ZKP" solution.

But one that verifies that you are holding an ID document. While revealing its content.

Which isn't ZK in the sense that we would need here.

As said, I want a solution that works twofold:

- Legal requirement for parents to not let their children use certain social media platforms except while supervised. Think of this as comparable to movie ratings. If a platform doesn't like its age rating, it can change its feature set (e.g. remove ML-"curated" feeds).

- Voluntary supervision software for use by parents that can block inappropriate social media sites. Minor mandatory support by sites for such software (like a small file indicating what type of service this is, kinda like the old age-de.xml we once had). If parents want to supervise by other means, they can do that as well instead.

- Mandatory support by social media sites to disable tracking when requested by the clients. Said supervision software then shall set that flag, but users can also do that without such software. Sites must never be allowed to pressure users into removing this disablement request and to opt into tracking, which means, they must keep providing service even to users who opt out.

Of course, this solution allows anyone, regardless of age, to opt out of tracking. So it's already totally against anything Big Tech wants. And it's quite possible this solution will lead to the vast majority turning off tracking, which, you know, they really won't like.

And even with my solution care has to be taken to not accidentally reveal the entire birth date, e.g. by a user moving from one age bracket to another on a given day. I thus propose merely using the birth year and to live with some amount of inaccuracy (interpreting it in favor of allowing access, but also in favor of not tracking).

@divVerent @Yuvalne @Em0nM4stodon @edwiebe "Legal requirement for parents to not let their children use certain social media platforms except while supervised"

This is absolutely evil and immensely harmful to LGBTQ and NNT kids and you should feel bad for even suggesting it. I can't imagine what you'd want done to enforce such a law.

@dalias @Yuvalne @Em0nM4stodon @edwiebe And yet this requirement is already law in many countries.

E.g. in Germany, see § 832 BGB and § 171 StGB.

Parents are literally not allowed to let children do anything unsupervised. Just what supervision means is up to them, and can definitely also include methods such as "talking after the fact".

@divVerent @Yuvalne @Em0nM4stodon @edwiebe Yes because our society at large does not respect personhood of children but treats them as property. But at least that definition of "supervision" is a lot less harmful. Still, it would be a lot less odious to impose liability for bad outcomes than policing relationship dynamic.

@dalias @divVerent @Yuvalne @Em0nM4stodon

Ed Wiebe Feb 22

Children are not treated as property. That's just not true. In Canada, we can't buy or sell a child. We can't dispose of a child. In fact, though anyone biologically capable can grow one, once born they have the same human rights as everyone else, much to the dismay of some parents. Maybe none of this is true where you come from. That would be terrible.

@dalias @Yuvalne @Em0nM4stodon @edwiebe I did not define "supervision" in any particular way but am intentionally leaving it open. I am for providing tools, not for depanding any particular way of using them.

@dalias @Yuvalne @Em0nM4stodon @edwiebe Precisely. Liability for bad outcomes is also how the cited German laws work.

su_liam Feb 23

@Yuvalne @divVerent @Em0nM4stodon @dalias @edwiebe We will make sure your private information isn’t intercepted. Trust us.
We will discard your private information and not resell it. Trust us.
We will protect your private information while we have it. Trust us.
We will never use your private information to track or manipulate you. Trust us.
We have a long history of what “trust us” is worth.