Submitted 2 weeks ago by Beep@lemmus.org to technology@lemmy.world
I am actually not fundamentally against the idea of age verification for some things online. We have many things with age restrictions in real life, for various reasons, it kind of makes sense to have it online as well for some things.
but…it has to be done with zero-knowledge proof so we limit the amount of private data exposed to the absolute bare minimum.
Zero-knowledge proofs are a good concept. They’ve been possible for a long, long time, and allow age check without surveillance.
So why are they not being used? Because age check is just a cover. These people want to do surveillance, not protect kids.
So it’s a good counter. Want age check? Do it like this. Oh, you don’t want it that way? Why not, pray?
Whether it works (it has, previously) or not (as with the current bullshit from the US), it does bring to the public debate that this is unnecessary surveillance.
There’s also precedent you can point to. Germans had implemented a reasonable system of digital identification and (seperable) condition confirmation (age gate).
Maybe in alternate timeline where tech companies have historically acted ethically.
In this timeline where each new company and/or ceo is less ethical than the last, I know that any type of identification will be mismanaged at best or used maliciously at worst
There is already age verification, it’s called an ISP bill.
I also want zero knowledge personhood/Nationality verification for social media. Maybe with age too. I want to know where the accounts come from and whether they are a bot or not.
It can be optional, as long as I get a filter to remove all non-verified people.
Best our corporate dictatorships can offer is requiring you to surgically implant a microchip into your brainstem. Everyone without the chip will be classified as woke, and cleansed by the AI killbots on judgement day.
All heil skkkynet.
Your point of view: We have so many fascists in reality, why couldn’t we tolerate some fascism on the internet?
Do you also think age restrictions in real life is fascism?
Well your fundamentally wrong enjoy your safe little cage bird, perhaps your master will lift the sheet today.
Or — just make it easier for parents to install filters for their kids??
It’s already easy as fuck. Most patents just don’t bother. The mandates should be on ISPs and cell carriers to provide network-level filtering. I filter adult sites on my home network and there’s no getting around that without cracking the password on the service or factory resetting the gateway.
Plenty of companies you already deal with already know who you are, thus how old you are. Cell carriers, ISPs, banks, stock brokerages, utility companies, and so on. It would be much more secure, done properly, for a service like this to provide a simple “yes/no” answer to the age question.
That would resemble a zero-knowledge solution yes
Nym did some work on a zero knowledge verification system:
Whenever this comes up, this style of zero-knowledge proof/blind signature thing gets suggested. But the problem is that those only work if people care about keeping their private keys secret. It works to secure eg. “I own $1” but “I’m over 18” is less important to people and it won’t be hard for kids to get their hands on a valid anonymous signing key on the web. Because the verification is anonymous and not trackable, many kids can share the same one too, so it only takes one adult key to leak for everyone to use. It’s one of the reasons they push biometrics that at least appears to need a real human. Requiring ID has a lot of the same issues on top of being a privacy nightmare.
I’m starting to think that actual age verification is technically impossible.
People have been forgetting that home routers come with something called parental controls.
This is the most privacy respecting solution that puts all the power of parenting into a parents hands.
If the government were really “thinking of the children” I would propose a group of bipartisan curators to curate the Internet. Thinking of how libraries function, we have librarians that classify books by age and genre. The same can be done for websites, and these curated lists be made available to parents. This can be funded by local government and be region and country specific.
These lists would effectively function as whitelists, blocking everything that’s not on the whitelist. Parents can then turn on a specific whitelist for their kids if they so choose, and they gain access to a curated list of age approved websites.
Parents can then, if they so choose, add or remove items form the list to grant their children access to specific sites.
All this tech is already available and it would prevent children and adults from having to provide a website any extra information. It would also mean websites would now not need to build infrastructure to collect this information.
Could you imagine a publisher of books needing you to send them a picture of your face to verify your age and identify before you even opened a book? Why are we proposing the same equivalent concept for a website or “digital book”.
Governments know about parental controls. They don’t care. If they cared, they’d develop their own parental control software, offer it for free, and encourage it’s use. If they really wanted to get draconian about it, as they are doing now with age verification, they would pass laws to prosecute parents who don’t use parental controls with negligence.
But it’s not about the children. At all. It’s about preventing you and me, and all of us from talking to each other and entertaining ourselves. It’s about turning the Internet into TV, a one way faucet of entertainment and information controlled by the wealthy .001% where us peons can’t talk back.
These age verification laws are just the first step. They kill small forums and games like Urban Dead, and leave only sites controlled by megacorporations that can afford the age verification infrastructure and the massive corporate fines if a single kid sneaks in. Once you get used to this, it’s easier for you to accept not being able to communicate online at all, or start your own forum, or YouTube channel.
I’m skeptical that governments know about these solutions given how little people in general understand technology. It’s a “we’ve tried nothing and we’re all out of ideas” situation. Ideally they should have experts available to consult with when making laws to prevent BS like this.
People have been forgetting that home routers come with something called parental controls.
When my wife and I first signed up with Virgin as our ISP there was parental control turned on by default. Had to put in my credit card info to be able to flap. This was 2021ish? So before the current stupidity.
Also, it’s easy to feel like this is all being pushed by parents who just straight up refuse to properly parent their children…but it’s mostly being championed by Puritan lobby/pressure groups. They think even totally consensual, CIS/HET amateur porn is disgusting and sinful. They don’t want to see, so they’re on a mission to make it so literally no one can see it.
With help from companies and people who have a vested interest in creating a panopticon-esque surveillance state. And the rest of the people involved in passing it are too old or ignorant or paid too well by the other two groups to stand in the way of it, or to have cut out the really egregious shit from these bills before they were passed.
Also, it’s easy to feel like this is all being pushed by parents who just straight up refuse to properly parent their children…but it’s mostly being championed by Puritan lobby/pressure groups.
No, its being pushed by corporations who are interested in identifying you. They pressure the government who ALSO now takes an interest in tracking your for wrong think and power grabbing.
Parents are just pawns who get manipulated into thinking this is a problem at all.
These lists would effectively function as whitelists, blocking everything that’s not on the whitelist. Parents can then turn on a specific whitelist for their kids if they so choose, and they gain access to a curated list of age approved websites.
Yeah, i’d say if they were serious about “protecting children”, they should provide a “child safe” DNS to log onto for your kids’ devices.
Came here for this comment.
IMO steam does a reasonable job of age verification - if you’ve registered a credit card, you’re obviously old enough to have one.
I am a baby with an 800 credit score. I undersigned my parents home mortgage so they’d get a good rate. The bank knows I’m a reliable lender.
Googoogaagaa
I think I saw a movie about you
But they still ask for my DoB when I open a store page for a horror game.
I was born back on jan 1st 1900
“Why don’t you just trust me that I was born January 1, 1900?”
Nice, same birthday
I’m born 1.1.1970
I changed to 2000 because it’s less scrolling.
Age verification wouldn’t be a problem if there was a service I trusted that could verify my age, generate an anonymous one way hash or public/private key pair that could verify my age, and then dispose of all information that would could tie me to that info, I’d be ok with it. The problem is there isn’t a group that I’d trust (well that would be willing to do it) and everyone wants to hoard information and create a central repository that will be broken into. It’s not that there is a possibility it could be, but a certainty that it would be. This isn’t really an unsolvable technical problem, but an unsolvable trust problem.
Age verification if intent was to make it not tied to real ID would be a system where you could go into any store and buy a card you can scratch off for a code to put in.
But, governments want to track and get rid of anonymous accounts. They don’t actually care about age requirements. They want a 1984 type control of citizens to know what they are thinking or at the very least scare off people from expressing thoughts like politicians should be held accountable for fear of current or future consequences from a government that may decide it is treasonous.
The EU actually was working on a system described above based on some sort of zero knowledge proof (so verification via your gov’t id, but without the verifying party being able to assert anything other than age > 18 or whatever data you want to verify)
Banking and other finance related services are the only place where I don’t mind KYC. Others I drop as soon as they request it and I seek alternatives.
But I will drop my online bank as well as soon google enforce the ‘only verified developer applications’. 90% of my applications, incuding system applications like laucher, are not installed from the play store. I plan to switch to a linux ‘phone’ and only use services which are usable from a browser / without google securnet.
The thing is usually for the bank account you have gone through rigourous checks already to open or maintain and account to prove your age. So face verification via an app is redundant.
We know it’s bull anyway but it’s at least a valid reason for no.
I’m the same as you. I’ll switch to browser and TBh if they piss me off enough I’ll start using cash
Someone else in here said the laws are confusing age verification for identity verification. If anything, I’d be okay with identity verification for banking as an additional check. (Plus my bank already knows what I spend money on)
you should probably start using cash today, but you’ll probably still need a bank to receive your salary. unless you know away around employers wanting to pay through a bank account
I’m currently pushing back against discover requiring me to upload my ID to log in to my account. The amount of support people I’ve gone through that have certified me without needing to upload anything has been my main argument against it, but “they’re still investigating”
You already have one. It’s called your payment provider.
My bank once sent me a letter to my address, to tell me that they did not know what my address was. So I’m not completely sure they are exactly on the ball.
Same for me my man. I hate the fact that anonymity on the internet will eventually fall before the end of this decade. The west is not that far away from the authoritarian regimes it claims to be fighting against
In the US it is becoming common for federal services to require ID.me verification. I’ve never really had a problem with social security requiring ID verification. I do have a problem with data portals requiring it.
I even have a problem with ID.me, it’s a private company that the US government wants you to give your driver’s license and other information to. I don’t trust that.
Absolutely valid. In the context of identity verification, I trust ID.me more than random companies that do not have government contracts because government contracts come with security and compliance regulations that require regular audit and make the chances of breach less likely. In either case, it’s a private company and, as any security nut would have told you, when it gets sold all bets are off like 23andme. Even more importantly, in the US, any kind of ID verification is a terrible idea, government or private, because we have no data regulation or privacy constraints. I call out the US here because we have no GDPR equivalent (CCPA wouldn’t hold up to federal data). Even if ID verification were conducted by the government, it can still be used for gnarly shit like we saw with ICE and DOGE.
On a sliding scale of evil, ID.me is the evil I know will currently fight to continue remaining the only evil which is the only solace I have in the US.
Identifying yourself for official business on a government site is not the same as providing official ID to a random picture sharing site. Pretty much every service has had a leak which required heaps of people to change their trusted password. How would you fix this when they leaked your full official identity?
The theme of this post is “what things online would I be okay giving my government ID to.” The author did not mention government services in the article, so I brought those up and differentiated which government services I think are reasonable for ID verification. In the US, social security is basically a retirement fund and a huge target for scammers. I’m willing to verify there or for my taxes (although those should just be done for me; different argument). A data portal eg census data is not something I am willing to verify my ID for because it should be public. US trademarks, for example, now require ID verification for an account. An account gives expands some access on the website and allows the ability to file. If I file a trademark, I am fine with verifying my identity. If I make an account, I don’t need to verify my identity until I file.
I didn’t mention picture sharing websites because I agree with the author’s stance.
YouTube’s can be broken and that’s the only one I cared about. I guess steam would be an issue if they tried it.
Pretty sure anything else I can easily just bail on.
Steam’s age verification is entering your credit card details.
youtube? how?
The photo verification works on videos, I took a selfie of a 4k video and it worked. Just used a guys video on yt where he was talking to the camera
If you’ve put your real identity on your passport on some platforms and you’re going to use those platforms for purposes other than work, get ready to be a good dog.
Age verification is one thing, but I routinely verify my id online. Banking, insurance, taxes, various other government things, car registrations, some of the kids school stuff and so on. We have pretty decent infrastructure in place here in Finland and the entities I identify myself online already has my info anyways. I can use either my banking app or mobile verification to securely prove I am who I claim to be and the systems have roughly the same user experience than MFA tokens.
Each of those are roughly zero-knowledge, the website I log in receives just “User with login token xxx is IsoKiero with SSN 123456789” and the tokens expire after a while. Also there’s restrictions in place that my insurance company can’t just sell my data to whomever unless I opt-in for their “marketing” program (not going to happen) and even then there’s some limitations on how they can use the data.
The same system could be adopted to age verification, but that’s a whole another can of worms.
It’s just a new “Think of the children”, only worse than going after backdoors in cryptography.
Now it’s “OS-level” identity checks, which means TPM+secure boot hardware lockout.
Tax filing?
IRS should already know what I owe and not worry about who logs on to pay it.
Oh yeah, the states is like that right… I meant for filing and claming tax benefits.
A few years ago the IRS website wanted me to take a “video selfie” using a webcam to log in to access my tax stuff. I said Fuck That and ended the session. Finished my taxes through a 3rd party vendor instead.
There is no way the states is a real place. That’s beyond crooked and clearly trying to push people into using a 3rd party product.
I ordered some alcohol online because I couldn’t find the brand of rum I was looking for locally. They did some age verification before I could order, same that I could have encountered in a grocery store.
Of course they just got sent a token and not a photo id which changes the calculus some. I’m against trusting random websites with personal information, not an age block on its own.
Personally I’ve found online banking, medical and travel services rather hard to resist.
Those new mobile phone things the kids are using also have biometrics and internets and look pretty handy to have around.
This is just more child abuse disguised as “parental rights”. It becomes clear how harmful this is when you realise that not all parents have their childrens best interests at heart (even if they think they do and sincerely mean well) and allowing parents to censor the information children have available to them allows them to censor information that the children learn only too late to prevent harm.
Fidelity, Banks, Coinbase (before I got out of cryptocurrency entirely).
But, basically, only when government regulation does (or SHOULD) impose KYC requirements.
Age and ID verification might be good in a very few cases, but it should definitely be a deviation from the norm.
The issue is that any software is a blackbox when running.
There is no way for a user to know what code is running let alone verifying that a specific code is actually running on a device, combine that with a sector that keeps wanting more data.
Banking?
I have no issue with an online service knowing my age for as long as that’s all they know and will ever know about me.
I do think each Nation does need some form of online verification.
It’s pretty clear what kind of damage malicious actors can do by posing as a Nations citizens online, especially en masse and orchestrated.
The solution is better media literacy, better education, yatta yatta but that straight up ain’t happen, and certainly not at the scale needed to circumvent that kind of damage.
What other solutions do we have other than Nation wide online verification systems?
CosmicTurtle0@lemmy.dbzer0.com 2 weeks ago
The problem with “age” verification is that politicians are confusing it with identity verification.
I should not have to prove my name and other biometrics to prove age.
Age verification is the fascist way to get people to identify themselves and their online activity. Almost every state that has some sort of age verification law has zero method to actually verify age. No digital ID service, no way to share a credential for verification.
They want people to upload an ID.
This isn’t about keeping children safe and it never is. It’s about identifying critics of the government.
pastermil@sh.itjust.works 2 weeks ago
I hate to point out the obvious, but they didn’t accidentally confuse the two…
Limerance@piefed.social 2 weeks ago
It is possible to build an age verification system, where you use your actual ID with a cryptographic process without any personal data. The technology has existed for decades now.
WhyJiffie@sh.itjust.works 2 weeks ago
problems with that:
so far the only answer I am aware of for these questions is “you don’t”
lost_faith@lemmy.ca 2 weeks ago
Force the building of a light “honour based” age verification system (just enter your birthday, we trust you not to lie to us), then as more comply add more requirements to it til all accounts are linked and they know when you shit