HackerLangs
TopNewTrendsCommentsPastAskShowJobs

DennisP

19,298 karmajoined 19 years ago

comments

DennisP
·4 days ago·discuss
The only requirement I dropped is absolute perfect security, which no system will have and certainly not the nonsense "show your ID to the camera" stuff they're actually using.

I showed how to eliminate proxies, and without that, the only hole is the credentials themselves getting passed around. If that happens at a small scale between people who know each other, it's a minor problem. If a credential gets posted online and widely shared, it's easy to notice and revoke it.
DennisP
·5 days ago·discuss
How? The websites don't see anything consistent from one session to the next. They can't tell when the credential is renewed, and don't see a credential id.
DennisP
·9 days ago·discuss
You can fix the leaked token problem if your prover also proves that (a) the private token id is not on the public revocation list, and (b) the token has not yet expired. Use short expirations and auto-renew, this is just to keep the revocation list from growing forever.

Attackers could still compromise the system with proxies, but you can fix that by (a) passing in a random sessionid from the server so proofs can't be replayed, (b) also passing in the server's public key, so a MITM attack will result in proof the server can't verify, and (c) as you mention, using secure hardware on the client, and encrypting communications between that hardware and the server. The secure hardware doesn't have to preclude general-purpose computers; it can work like a yubikey or hardware wallet, just plug into USB or bluetooth.

Without proxies, a leaked key has a minor impact unless it's widely distributed online, in which case it's easy to notice and add to the revocation list.

Tracking clients can be prevented if the client generates a new public key for each session.

Requiring hardware is in one sense a downside, and strong protections for access would have to be part of the law. But giving everyone secure cryptographic hardware that can do key management and zero-knowledge proofs would be a huge improvement for everyone's privacy and security, so it might be a good trade.
DennisP
·9 days ago·discuss
Ideally, but in practice only if the bits are uncorrelated and each divides the population in half.
DennisP
·9 days ago·discuss
But there are a couple in production that are topping the benchmarks.
DennisP
·11 days ago·discuss
For the optimistic case, read this piece by RethinkX:

https://www.rethinkx.com/blog/rethinkx/the-disruption-of-lab...

(Fwiw, >20 years ago RethinkX correctly projected the exponential cost declines of solar and batteries, when everybody else was drawing straight lines.)
DennisP
·11 days ago·discuss
Since they've reduced the max RAM on current Studios from 512GB to 96GB, I'm not holding my breath.
DennisP
·12 days ago·discuss
I already described in detail how to do revocations despite the website not being able to identify the device.

The whole point of zero knowledge is that you can prove you have possession of information with particular properties, without having to actually reveal the information. I explained how to use this in my first reply to you. You're just repeating your claim without bothering to understand the first thing about the technology I'm talking about.

Age verification itself is a change to regulations. Obviously to make a private system, our regulations would have to change in a way that allows that, instead of in a way that destroys all privacy as they're attempting now.
DennisP
·12 days ago·discuss
Yeah, but it's everything getting fuzzed, including the parts you care about.
DennisP
·12 days ago·discuss
https://archive.is/xMD3t
DennisP
·12 days ago·discuss
Well it would be anonymous because the client public key is randomly generated every time, and the zk proof doesn't include the identifier.
DennisP
·13 days ago·discuss
I don't think this is about becoming a great musician. Maybe that comes later. As the title suggests, this is just about becoming a musician in the first place.

As a piano player who's been noodling around for a few years, trying to learn to write original stuff and not making much progress, something like this is probably what I need.
DennisP
·13 days ago·discuss
Thinking about this further: it looks to me like we can fully prevent proxy attacks if we assume secure hardware handling the cryptography on the client side, and send an encrypted sessionid to the client after verification.

The reason is that:

- We send a random number from the server at the beginning which is associated with the session, so a proxy can't just replay the encrypted proof.

- We pass the server key into the proof, so a MITM attack would give the wrong server key to the client, and the real server wouldn't be able to verify the proof.

Then with each request the secure hardware can provide encrypt(sessionid, nonce).
DennisP
·13 days ago·discuss
I'm not sure what my "attitude" is but I'm being pragmatic. This is not a binary situation, where it's either perfectly secure or useless. If our society is not willing to do what you and I prefer and leave things entirely open, then perhaps it's good enough to make things more difficult for teens to access, rather than accept pervasive surveillance to make it impossible. If people think it will improve society enough if most teens stay off certain sites, then we can do that and maintain anonymity.

I'll note that you skipped over my point that even with a "perfect" system, teens could still pay foreign porn sites etc directly. And that using a proxy would require installing an untrusted app on the phone, which would be relatively easy for parents to monitor and could be prevented entirely on iPhone. And that we can probably fix proxies with secure hardware anyway.

And no, the police idea that I do not support would not require surprise inspections. It just requires careless teenagers to occasionally reveal their identities online, with enough evidence to convince a judge to issue a warrant. It's dumb to make a federal case out of this, but not as dumb as losing all privacy and anonymity online. And, as I mentioned, this is not something actually required to make the idea workable.

I'm not going to keep repeating myself so I think I'm done here unless you have a point I haven't addressed in previous comments.
DennisP
·14 days ago·discuss
So as I've mentioned elsewhere, that depends on how much of a stickler we insist on being.

If we're ok with "mostly fix it but if a few teenagers get through it's not the end of the world," then there are a few simple measures that could help a lot:

- Keep an eye out for any credentials posted online, and put those on the revocation list.

- Keep expirations short (and auto-renew).

- Keep the credentials in phone secure enclaves and USB hardware "wallets."

- Consider including private information like name/dob/ssn or credit card number in the credentials, so users have good reason not to share. (We could consider making USB hardware optional if we do this.)

Given secure hardware it might be possible to prevent proxies entirely, the same way we prevent other MITM attacks.

Failing that, we could start by making it illegal to run proxies. Installing a proxy on your phone would mean getting an app from a criminal, not checked by an app store, and giving the criminal a way to pay you. I wouldn't expect this to happen much. Installing on a computer, using a VPN, taking payment via anonymous cryptocurrency, sure, if the VPN isn't compromised. But I wouldn't expect all that many people to do all this. Generating the proofs is a bit expensive so you wouldn't have huge capacity per person.

Criminals in foreign countries could do it with stolen credentials, and they'd only need one. But our teenagers would have to pay a foreign company for the service, and for porn at least they could just pay a foreign porn site directly. For phones, the teenager would have to install an app to use the proxy, which is another dodgy untrusted app (on android, and not possible at all on iphone), and it's easier for parents to check what apps are on the phone than to check what websites the kid visits. And social media gets less appealing if a lot of your friends aren't on it.

If we want to lock things down harder we could go with criminal penalties for intentionally sharing your credentials, which I do not support, but would still be better than pervasive surveillance of everything we do online.

Requiring everyone to have secure cryptographic hardware would in one sense be annoying, but less so if we use it for other things too.
DennisP
·14 days ago·discuss
Well technically, you could still have open PCs, and just plug in a device like a USB hardware wallet.
DennisP
·14 days ago·discuss
I don't know how many times I can repeat that I agree with that.

"Here is a plan that is bad in an obvious way, but not near as bad as what the government actually plans to do."

"Omg you proposed something bad."

Aside from that, I was mainly interested in the narrow point that pervasive surveillance is not the only way to do age verification. If you don't insist on near perfection, then you don't need to bother sending police around. If you do insist on near perfection, then my plan is better than the universal surveillance plan.
DennisP
·14 days ago·discuss
> It’s beyond crazy that we’re actually talking about police showing up at someone’s house because they suspect a social media post came from an under-18.

As I've said repeatedly, I agree that this is beyond crazy. But at least it's a visible crazy.

What's even more crazy is that we're heading quickly into a world where we track everything that every person looks at and says online. This is a way worse outcome. But it has less immediately visible consequences so we're jumping in with both feet.
DennisP
·14 days ago·discuss
No, you don't look up the token. You check a zero-knowledge proof.

The way this works is, there's a function with both public and private inputs, and an output. You can send me public inputs, and I can pass those plus my private inputs into the function, and give you the function output, along with a proof that the output is correct given your inputs.

So in this case, the government has a public key, which it uses to sign your credentials, consisting of your birthdate and a unique identifier.

The website sends you a large random number.

The public inputs are the government public key, the random number, today's date, and maybe a revocation list of identifiers.

The private data is my unique identifier and birth date.

The function returns true if my calculated age > 18, the government's signature of my data is valid, my private identifier is not on the public revocation list, and (to avoid replays) that the hash of your random number is not zero.

I send you back the generated proof, which is just a 256-bit number. You can check that the proof is correct without looking anything up. The proof does not give you any way to reconstruct my private data. It is only associated with the random number you gave me, and the public data everyone knows.

To keep the revocation list from growing forever, we could also make credentials expire after some period of time. Add an issue date to the private data, and we can add an expiration check to the function. Client software can automatically get a new credential if the old one is valid, expiration is just to allow us to delete old identifiers from the revocation list.

A hole in the above scheme is that government could try redoing proofs for a given random number, using all the current identifiers. To prevent this, the user passes in another random number as private data, and the function checks that that doesn't hash to zero either. User can change that random number every time, its only function is to change the generated proof to something the government can't replicate.
DennisP
·14 days ago·discuss
I'm not missing the point, and if you'll think about my scheme for a bit you'll see that anonymity is maintained in normal circumstances even though there's incentive to protect your credentials. Let's go through scenarios:

1) You give a teenager your full credentials. Teenager is careless, as teenagers often are, and posts something revealing who he is. Cops have option to search teenager's phone, see who you are, and at least revoke the credentials.

2) You install a relay app on your phone, for money. Now you've installed an untrustworthy app from a criminal, who might hack you, or might be arrested and reveal details of your device and where they're sending your money.

Neither scenario happens because the age verification is traceable.

3) Your credentials get stolen, and used in a foreign country to implement a relay scheme.

This one, I admit, my scheme can't do anything about. But this means our teenager has to pay a foreign entity. Teenagers can also pay foreign porn sites directly, if porn is our concern.

On top of that, the age verification systems we've seen so far have their own security holes that teenagers are exploiting without having to pay anything.

My personal view is that the whole thing is ridiculous and we shouldn't bother with any of this. My point is just that we can implement reasonably good age verification without eliminating anonymity on the internet.