Em Feb 22

Age Verification isn't a technical problem to solve. If you think that, you're missing the point.

It's a social problem used by authoritarian governments as an excuse for population control and censorship.

It's a fundamental attack on free speech and democracy.

It must not be accommodated.
It must be stopped.

#MassSurveillance #AgeVerification #Privacy #Democracy #HumanRights

Show threaddivVerentFeb 22
@Em0nM4stodon There are technical solutions without mass surveillance.

But I am not optimistic enough to believe those will be demanded.

Specifically because of the lack of surveillance, and the lack of monopoly protection for big tech.

Pretty sure big tech lobbyists are making sure the worst approaches possible get put into law. Not because they are evil per se, but because it strengthens their monopolies.
Show threadCassandrichFeb 22

@divVerent @Em0nM4stodon No there are not. This is a fundamental fact of mathematical logic. Given a proposed age verification system you can prove that it's either trivially bypassed (doesn't actually verify age) or violates key privacy properties.

Em's point is spot-on. If you think of this as a problem to be solved, you are going to be wrong and you are going to be a useful fool for fascists.

Show threadEd WiebeFeb 22

@dalias @divVerent @Em0nM4stodon Knowing how old someone is does not limit their speech nor their ability to vote (we verify age for that already, and for many other reasons). Age verification isn’t state censorship. I suppose it could be a way to limit anonymous speech. That isn’t a Right where I am from (nor is ‘free’ speech). I doubt anonymous speech is a Right anywhere.

I have no doubt it’s absolutely technically feasible in a way that infringes on no one’s privacy. Ultimately though, yes, it could be abused by bad actors. Like everything else in civilisation we need some balance of enforcement to deal with those people.

Show threadCassandrichFeb 22

@edwiebe @divVerent @Em0nM4stodon There is no way to know how old someone is without attestation by some authority who knows their identity. This precludes participation by anyone not known to such an authority (undocumented, outside of jurisdiction, etc.) or for whom it is not safe to let that authority know they are participating. And this is only the tip of the iceberg.

You are dangerously wrong, and you should stop advocating about things you're dangerously wrong about.

Show threadTalya (she/her) 🏳️‍⚧️✡️Feb 22

@dalias @edwiebe @divVerent @Em0nM4stodon
while that's true, it is possible to make such an attestation without destroying privacy (see https://soatok.blog/2025/07/31/age-verification-doesnt-need-to-be-a-privacy-footgun/).
however, even if you do that, it'll still be morally wrong in most cases.

and also, corporations are deliberately not going for the private solution, and governments are shifting the blame to users. the Czech government recently admitted social media is already illegal for teens (due to privacy laws), but they want new laws anyway.

Age Verification Doesn’t Need to Be a Privacy Footgun - Dhole Moments

“Won’t someone think of the poor children?” they say, clutching their pearls as they enact another stupid law that will harm the privacy of every adult on Earth and create Prior R…

Dhole Moments
Show threadCassandrichFeb 22
@Yuvalne @edwiebe @divVerent @Em0nM4stodon No, it is not possible. The ZPK bs is privacy-washing designed to bamboozle policy makers and privacy activists who don't understand math. Either it doesn't actually verify age (I can setup a proxy to hand out age proof verification tokens to anyone who wants them using my identity; I would absolutely do that if it were cryptographically safe) or something exposes to the token providing authority that I'm doing this and allows detection that someone else used my identity (thereby violating my privacy).
Show threaddivVerentFeb 22
@dalias @Yuvalne @edwiebe @Em0nM4stodon Precisely - also as I described.

The one way around that would be storing the secret for the ZKP in a TPM.

Yeah, right, with that you can still run your own proxy and provide the ZKP for someone else.

But it is possible to then also use some forms of remote attestation so this doesn't work. Like, yeah, you can forward the ZKP, but then only you can decrypt the connection and not your "customer", as the decryption key is in your TPM and can't get out.

Despite all that, in worst case you can run a web browser in a VNC session for others to use, with your age claim. Nothing can prevent that - other than the ZKP not being actually ZK.

And that, indeed, is why ZKP aren't gonna happen for this. Even if they're cryptographically ZK, they'll end up signing more than just the age - at which point it's a privacy violation again and also no stronger than merely claiming your age in the first place.
Show threadTalya (she/her) 🏳️‍⚧️✡️Feb 22

@divVerent @Em0nM4stodon @dalias @edwiebe the crypto discussion misses the point.

no corporation has went down this way, and that's a deliberate choice of them. countries introduce ID requirements for social media instead of going after corpos for collecting kids' data, and that's a deliberate choice of them.

and they all treat a flat age limit as a solution, as if when someone's 16 and a day it's suddenly okay to hook them up on this digital drug, and that's a deliberate choice of them.

Show threadsu_liam
@Yuvalne @divVerent @Em0nM4stodon @dalias @edwiebe We will make sure your private information isn’t intercepted. Trust us.
We will discard your private information and not resell it. Trust us.
We will protect your private information while we have it. Trust us.
We will never use your private information to track or manipulate you. Trust us.
We have a long history of what “trust us” is worth.
Feb 23 at 3:32amWeb