Bingo, more or less
1 Like
Zero-Knowledge Proofs exist, but age verification using it is not battle-tested nor standardized. More critically, age verification using ZKPs is not mandatory, and users lack control over which age verification company a website chooses for age verification. Currently, many UK sites rely on centralized companies for this purpose (Yoti seems to be the most popular), and these companies do not implement ZKPs. And even if they do, it doesn’t mean much: Google is using ZKP. Is that anonymous or even private? Having to log into Google to use ZKP, that is like asking a well-known gossip to keep a confidential secret. Even if they can’t spill the entire secret at once, the bits of information they might share here and there could still piece together to compromise the overall confidentiality.
For ZKP age verification, the EU Age Verification App is currently the white label solution under development. But the ZKP feature is not yet implemented nor mandatory, and the project has several unresolved issues that could indirectly compromise privacy.
If a FOSS solution were implemented to perform ZKP in a way that prevents linking the attestation output to a real identity and avoids producing side-channel metadata for tracking or correlating different identities, then privacy concerns would be significantly reduced. However, even with such a solution, I would still have reservations about age verification laws due to them making a geolocked web even more of a thing.
Geolocking harms anonymity and privacy in indirect ways, such as requiring users to turn off their VPN to complete the age verification process, thereby revealing their country of residence. While this might not be a significant issue for users from larger countries like the United States or India, it could make users from smaller countries, for example Luxembourg, more easily identifiable, especially if they share additional information.
Because the scenarios I outlined can happen if trust is compromised, it makes sense to look for genuinely private solutions that can be proven to be secure. How is that fear-mongering? It’s just as reasonable as wondering if your no-logs VPN might start logging your traffic at any point. In the context of my VPN analogy, Tor offers a private solution; however, a verifiably anonymous age verification option is not available.
That phrasing suggests that online age verification is effective. Just as you can highlight the limitations of parental controls, I can point out the numerous ways online age verification fails.
You can force big companies like PornHub to implement them, but “You have to be very naive or childless” to assume that children won’t find ways to share information about accessing pornographic content. Whether it’s through free VPNs, free SOCKS proxies, free web proxies, visiting pirate sites hosted offshore, using P2P sharing, torrenting, direct download file hosts, encrypted files on direct messages, Telegram groups, the methods are numerous. It only takes one TikTok video to make a new bypass go viral. How can online age verification method be effectively implemented, without resorting to extreme measures of internet control?
Good parental controls and good whitelist-based filters are indeed the solution.
9 Likes
Do you even live in the US? I noticed a lot of people have opinions on things like this when they don’t even live there.
Do people who post in this thread need to have a connection to the US? OP covers the US context, but age verification is a current issue in many countries, not just the US, and US tech policy has significant ramifications on the internet.
2 Likes
The biggest and most annoying thing for me is when people who don’t live in that country complain about their laws. These are the internal matters that will be decided by their citizens. Sure, we can talk about the topic in general.
There NO age verification mechanism that is compatible with digital freedom.
Even with age restrictions on mainstream porn websites, plenty of content will still be found in the high seas or exchanged privately. It’s just a lost cause.
3 Likes
Everyone arguing against any and all age verification seems to be forgetting that in meatspace, age verification is locked in. We aren’t getting rid of age verification for buying beer or entering a strip club.
I think the only productive action against privacy invasive age verification is developing/advocating for privacy respecting alternatives. A digital government ID could output a simple yes/no boolean to the “are you 18+” query.
In meatspace, age verification already occurs when signing up for internet service with your ISP, as this requires an adult to sign the agreement.
Similarly, when purchasing alcohol, age verification happens at the point of sale. Once the product is brought home, no further age checks are conducted, and it becomes the responsibility of the purchaser to ensure that the product does not end up in the hands of an unsupervised minor at home.
Therefore making your anonymity set automatically confined to your country’s population size, as you won’t be able to use a VPN since doing so will trigger the age verification process for the virtual location.
2 Likes
That’s a very good point. Despite the fact that a lot of institutions (libraries, schools, coffee shops) hand out free internet, bypassing the direct agreement with parents, theoretically most of these only provide sfw web access (via domain blacklisting). However, the fact that home internet service is generally nsfw enabled by default (isp modems do not enable nsfw blacklists by default ime), and users generally accept defaults (see Google’s billion dollar default deals), represents a de facto break with this framing.
Of course, none of our drugs, legacy nsfw media, nightclubs, etc compare particularly coherently to unfiltered internet, which is general purpose. A better comparison is libraries, which can contain adult media among their general/varied purpose collections. Key differences are libraries are only accessed with an individually issued library card (not entirely unlike a state ID), and checkouts are subject to individual approval (i.e. your librarian will not let a kid check out adult media).
I don’t think this metaphor fits so well.
I agree. Signing up for internet service is like signing up for a library card that gives you access to the largest library on earth. But even this metaphor falls short after a bit of analogizing, because you are not given an “ID” card that can be used only by you.
You are instead given a “key” (that anyone can carry on their person, like house keys) to enter the biggest digital room ever. There is no “unsupervised minor at home” because they are not at home, they are instead in a “digital room” called the internet.
And in this digital room or cyberspace or whatever, people may EG sell alcohol. Parents are still responsible for whether their kid uses this “key” to buy alcohol or not (AKA whether they access the internet or not) in the same way that they are responsible for whether their kid goes inside the liquor store to buy alcohol.
But also in the same way: even though parents are responsible for their kids, it does not mean that the store is not responsible for assuring that their customers are of age during the point of sale. Meatspace verification and digital verification service the same function. In your example, you forget that the digital world also has points of sale and focus only on meatspace.
Using the internet also does not imply you are an adult. It is not a verification of age, it is a public service (digital room) that is accessed by a “key” that anyone of a large range of ages can have and use at any moment, just like how walking inside and buying alcohol can be done at any moment from anyone of varying ages. That is the point of age verification.
All that being said, I am against these age verification bills that not only are privacy invasive but also extend their power to products and services that don’t even need age verification.
1 Like
All of these “age verification” bills are a witch hunt designed to subjugate people. I grew up at a time when the Internet was free and unfiltered, all of us watched porn as minors, and the vast majority of us became normal adults. Even if such a bill passes and can be effectively enforced, distribution and dissemination will move to peer-to-peer platforms and nothing will have been achieved other than reducing people’s freedom.
4 Likes
Sure, because access to the internet is a service, not a product like beer. The point of that analogy is to remind people that the internet is not a place where age verification does not apply. Instead, age verification can and already happens during the process of onboarding (accessing the digital room, as you put it) into the internet. To maintain a free and private internet, I believe protections should be implemented during this step
If the method of obtaining this key requires a legal agreement that only adults can sign, then it should imply that you are an adult. I don’t think this is an unreasonable suggestion. For instance, where else does this logic apply? Ofcom allows the use of a credit card as a reliable age verification method because, to have a credit card, you must be an adult. Therefore, the holder of the credit card number is presumed to be an adult. Couldn’t a minor steal their parent’s credit card and use it? Of course.
Plus, it’s not like the “key” can’t be tailored to individual situations. For instance, if you have children at home, the library could issue a restricted key that only grants access to certain sections (e.g., whitelist filters enabled by default by your ISP, as I mentioned earlier). If you need full access, you can request your ISP to enable it temporarily.
I also don’t find the library analogy to be a perfect fit for the internet, as the library both issues library cards and owns all the assets within it. The library is more analogous to a website being required to implement age verification, not the internet as a whole. It’s difficult to find a one-to-one analogy for the internet due to its unique characteristics.
1 Like
Since there are many parents not doing their jobs, I think the next steps would be for government to install cameras in all houses so they can make sure nobody drink or use illegal substances before the age of 18 (or insert random number where society deems someone is an adult).
It’s to protect them kids after all.
Sigh.
1 Like
I agree with this.
And they not only regulate harmful things.
Example: If a person under 18 wants to open a bank account in my country, they require BOTH parents to agree with this, this is making a lot of trouble, especially when the parents are divorced and one of them is an idiot.
And note: This underage banking account cannot be used to make debt or buy anything that is age restricted.
That age restriction are harder/impossible to enforce on crypto currency is another advantage of them over traditional finance
1 Like
A bill requiring age verification and mandating VPN blocking for adult content sites is under consideration in Wisconsin. It has passed the House and is now being debated in the Senate, but this trend will likely occur in all regions pushing age verification laws.
As expected, the day when VPNs become ineffective for bypassing age verification laws may truly be near. Worst case, VPNs and Tor could be blocked from accessing most of the internet, potentially undermining their usability.