Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Any kind of zero knowledge verification should be ok.

But with minors it often goes a long way to just make the law. It’s a good instruction to parents who should be able to control this. Laws on bike helmets for minors are followed nearly 100% not because they are enforced by authorities but because the law gives parents guidance.



There is no such thing in practice.

Anything with zero knowledge is never going to be considered robust enough by a government. Zero knowledge protocols really have no functional revocation mechanism.


The EU has been working on a zero knowledge system as part of the EU Digital Identity Wallet project for a few years now. It is currently undergoing large scale field tests in several countries with expected release late this year. All member states are required to provide at least one free secure interoperable implementation to their citizens, and regulated industries such as banks and telecoms, are required to accept it. If a member state passes a law requiring age verification on social media it must include the EU Digital Identity Wallet as one of the verification methods the site must support.

What was that about no government would consider zero knowledge to be robust enough?


Which of these governments do you trust? The same governments, mind you, that are working diligently to end anonymity on the Internet.


Introducing a solid zero-knowledge age verification option is the opposite direction of ending anonymity in the Internet, which other parts of the same governments are also working on.

So yeah, I'll gladly trust and cheer on the part working in the right direction.


The EU Digital Identity Wallet isn't zero knowledge. I mean it's just not. It relies on Google Play Integrity Attestation on Android and the iOS equivalent on Apple devices because those give it a revocation mechanism, and those aren't zero knowledge.

https://github.com/eu-digital-identity-wallet/av-doc-technic...

It says that it wants to be zero knowledge, but it has no zero knowledge implementation and no plan of how it even possibly could be zero knowledge, and it never will precisely because that is incompatible with the revocation requirements set down by the EU.


Same EU that wants to ban encryption?


(Without accepting the premise that it should be acceptable to have to provide any kind of proof...)

> Zero knowledge protocols really have no functional revocation mechanism.

None would be needed, you (sadly) only age in one direction, so valid proof would never become invalid proof.


>valid proof would never become invalid proof

Somebody can give their proof of age to another person.


And? Presentation of someone else's valid credentials is not fixable by any privacy-preserving mechanism. You can set an expiration date in order to rotate them, and they can be fast-rotating.

In any case, it's a moot point: the correct amount of required identification is zero.


> Presentation of someone else's valid credentials is not fixable by any privacy-preserving mechanism.

And that is precisely why governments will never implement a privacy-preserving mechanism, which is exactly my point.

Compromised tokens would be trivially google-able within a day otherwise.


expiry


Bike helmets are for safety but reading the article the ban is more for some kind of societal change. I don’t know if it’s really comparable.


I think parent's _want_ to keep kids in helmets and away from social media. But the pressure is some times high when Joe can ride without helmet, or can use TikTok. A law really helped the bike helmet thing at least. That they are fundamentally different I think doesn't matter since the peer pressure thing and what parents want is the same.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: