Mastodawn

@edwiebe @divVerent @Em0nM4stodon There is no way to know how old someone is without attestation by some authority who knows their identity. This precludes participation by anyone not known to such an authority (undocumented, outside of jurisdiction, etc.) or for whom it is not safe to let that authority know they are participating. And this is only the tip of the iceberg.

You are dangerously wrong, and you should stop advocating about things you're dangerously wrong about.

Show thread

Talya (she/her) 🏳️‍⚧️✡️Feb 22

@dalias @edwiebe @divVerent @Em0nM4stodon
while that's true, it is possible to make such an attestation without destroying privacy (see https://soatok.blog/2025/07/31/age-verification-doesnt-need-to-be-a-privacy-footgun/).
however, even if you do that, it'll still be morally wrong in most cases.

and also, corporations are deliberately not going for the private solution, and governments are shifting the blame to users. the Czech government recently admitted social media is already illegal for teens (due to privacy laws), but they want new laws anyway.

Age Verification Doesn’t Need to Be a Privacy Footgun - Dhole Moments

“Won’t someone think of the poor children?” they say, clutching their pearls as they enact another stupid law that will harm the privacy of every adult on Earth and create Prior R…

Dhole Moments

Show thread

Cassandrich Feb 22

@Yuvalne @edwiebe @divVerent @Em0nM4stodon No, it is not possible. The ZPK bs is privacy-washing designed to bamboozle policy makers and privacy activists who don't understand math. Either it doesn't actually verify age (I can setup a proxy to hand out age proof verification tokens to anyone who wants them using my identity; I would absolutely do that if it were cryptographically safe) or something exposes to the token providing authority that I'm doing this and allows detection that someone else used my identity (thereby violating my privacy).

Show thread

divVerent Feb 22

@dalias @Yuvalne @edwiebe @Em0nM4stodon Precisely - also as I described.

The one way around that would be storing the secret for the ZKP in a TPM.

Yeah, right, with that you can still run your own proxy and provide the ZKP for someone else.

But it is possible to then also use some forms of remote attestation so this doesn't work. Like, yeah, you can forward the ZKP, but then only you can decrypt the connection and not your "customer", as the decryption key is in your TPM and can't get out.

Despite all that, in worst case you can run a web browser in a VNC session for others to use, with your age claim. Nothing can prevent that - other than the ZKP not being actually ZK.

And that, indeed, is why ZKP aren't gonna happen for this. Even if they're cryptographically ZK, they'll end up signing more than just the age - at which point it's a privacy violation again and also no stronger than merely claiming your age in the first place.

Show thread

Talya (she/her) 🏳️‍⚧️✡️Feb 22

@divVerent @Em0nM4stodon @dalias @edwiebe the crypto discussion misses the point.

no corporation has went down this way, and that's a deliberate choice of them. countries introduce ID requirements for social media instead of going after corpos for collecting kids' data, and that's a deliberate choice of them.

and they all treat a flat age limit as a solution, as if when someone's 16 and a day it's suddenly okay to hook them up on this digital drug, and that's a deliberate choice of them.

Show thread

Cassandrich

@Yuvalne @divVerent @Em0nM4stodon @edwiebe There are multiple points here, all important.

Abstinence-only approach to addictive shit.

Privacy and anonymity.

Right of people without identity (including children!) to participate in society & access information.

Capitalist platforms being abusive.

Etc.

None of these point to the awful "solutions" industry & government & normie simps for those two are pushing.