> I should have clarify, I'm part of a local group, itself part of a network of groups.
Which is great! Though my understanding is a big weakness of the ACLU/EFF/etc... crowd is that they typically pigeonhole themselves. The ACLU immolated its hard-earned partisan-but-principled reputation in the past decade and the EFF has a reputation of keeping non-lefty-libertarians at a very long arm's length away.
Beyond that - those groups tend to be sclerotic in their coalition membership. That inflexibility isn't always great!
Take the (largely) Progressive-funded Effective Altruist movement - in particular the Center for AI Safety. They are single-minded in their political goals, going so far as to enlist the help of Glenn Beck and Steve-Bannon-associate Joe Allen. They have spun off additional organizations to cater their pro-AI-regulation framing and messaging to different audiences: conservative and biblical messaging to evangelicals, fighting social media disinformation and fascism to progressives, and a hefty dose of civic grassroots rhetoric for their social media presence.
They have goals and are willing to make unsavory temporary alliances if it means enacting regulation.
I do not see such an appetite to influence politics from most of internet civil liberties organizations.
> I should have clarify sorry: I live in the US. That seems unlikely, to say the least.
And? Corporate lobbyists do this lobbying-by-proxy crap with decent regularity. Heck - Nintendo is known to have laundered some of its lobbying through NCMEC years back and credit card companies and banks have long laundered their wishlist through various LEAs. Turns out if you get a bureaucrat to convince FBI leadership of the importance of your pet cause and the nexus it has to their agency, legislative pushes in Congress tends to follow.
That all said - it works both ways and not necessarily with any negative connotations. The DoJ and FTC in administrations-past have had representatives come to hacker conventions to describe the collaborative efforts they've had with members of the community - to include lobbying congress for legislative change.
Getting government agencies on your side as a partner in affecting policy change is relevant only if the change is seen as relevant to a given agency's mission.
As cynical as it sounds given its frequent use in marketing and often inappropriate use in legal circles, securing what data is collected is important too.
Raise the bar for a data breach. It has value. Much more value if the law did a much better job of restricting what is collected in the first place and its dissemination.
Not every lawmaker is the same and there's more than one way to get a lawmaker's attention.
Get more people with you. Or convince a group that's previously established trust in your jurisdiction to join you in speaking out. Or find out what causes the policymakers do care about and think of a compelling way to frame arguments against age verification in those terms. Heck - if you can get a local government agency to officially back you up, all the better.
There's more to politics than just going to town hall meetings or sending emails or making phone calls!
> Cool, ignore my point about technology changing the situation. I assume you’ll ignore Jefferson talking about how the constitution should be changed every 19-20 years because the world changed.
The Constitution doesn't have a "except when technology gets advanced enough" clause either. I checked.
You wanting the Constitution to change is something else entirely - and that's not what you're advocating for.
> That’s the literal reality with mandated car insurance. If you don’t have car insurance you can be banned from driving. What was your point here?
I fail to see what car insurance analogizes to here.
>Yea, the freedom to swing your fist ends at my nose. Freedom of speech to explicitly lie like Steve Bannon organized and many others using the “flood the zone” strategy seems to the be at the end of my nose. If you are actively lying to manipulate me or others knowledge of reality, that is not feee speech, that’s Machiavellian manipulation.
Speech is not violence. Comparing it to violence diminishes the suffefing and harm faced by people who have been a victim of violence.
You have the freedom to pay attention to whatever you want to - as do media outlets and political consultants.
Why should the entire country suffer because the media frequented by political-news-saturated people is so easily disatractable? They have the option to just...not...cover irrelevant nonsense.
It's not the option they choose to take though. See: The reflecting pool news cycle.
> it's actually clear that you are the one who isn't familiar with this, I referenced remote attestation which you appear to know little about as it addresses the problem of identifying information (the service has no way to link tokens across without help from the CA).
You've promoted mutually exclusive concepts with regards to cryptography which is why I said you don't seem to understand it. And again - and again and again and again and again and again - what is the additional information you are authenticating based off of beyond age? Remote attestation provides absolutely zero privacy utility here whatsoever on its own! So you've remotely attested this ZKP key represents a person who is an adult. Creating another key based on that information alone is trivial to spoof - for it not to be trivial, it would require validating additional information!
What is your root of trust? What is the basis by which age is verified in a way that can't readily be spoofed?
> you also don't appear to know what a nullifier is, in a ZKP system you submit identifying information and a hash of a secret string. the CA adds the hash to a public database and in the future you prove you one of the members of the database with a nullifier - the anonymity-set is everyone in the database who entered it prior to your submission. this can also be done with a blind signature to the same effect.
That's nice and all for trivia on ZKP but how does that touch upon the problem being discussed?
The mechanics of ZKP are not relevant to the problem of ZKP being categorically worthless for the problem at hand. I don't say ZKP is worthless out of ignorance - more discussions about it won't change that.
The specifics of ZKP do not change the fact that you are validating either too little information to be useful for preventing fraud or too much to have privacy-preserving value.
> there is no further point to this discussion.
Evidently not.
We can't solve private age verification with blockchain tech. I'm happy you're so passionate about it, but it isn't a silver bullet.
> at the terminus, yes. there is no other way to avoid the homeless problem you listed. by terminus I am referring to where a central authority vouches for unforgability. this does not mean advertisers will have a token they can use (see remote attestation infrastructure).
Where to even begin here....
To generate the token, it needs to be based on specific data. How do you prevent people from generating tokens based on fake data and submitting that to the "terminus" that you mention? We already have cases of people bypassing facial scan liveliness checks for banks using AI-generated footage.
What about validating tokens during the token enrollment process based on your government ID? Though that makes sure that poor or undereducated people who don't have such an ID are locked out of large swaths of Internet services.
Though there's also the matter of it being trivial to generate fake IDs using AI.
If you have no gatekeeping for the token enrollment process, anyone can submit an arbitrary number of new tokens.
And if you do have gatekeeping, you're right back to square one of needing to validate against more than just your age.
After all - the cryptography algorithms will be publicly known. If the only thing ZKP is validating against is age, it won't take long to figure out how to generate identifiers based on fabricated information.
> whether or not the terminus can tie a token to a real world identity will depend on how careless the user was and how much collusion there is between the terminus and the services. at the very least it will impose an investigation cost.
No it won't. A user submits a token to a server. The user also logs in with their e-mail address or phone number. Their email and/or phone number is hashed and it, along with the ZKP token and any additional information the website has on you, will be sent to data brokers.
This is the same as any other bit of information out there that data brokers collect on the internet. They just associate your new info with other info you are required to provide in order to use various services.
This will be automated and will cost next to nothing for data brokers to take advantage of.
> contrast this with the situation as it currently is (under ideal assumptions) where a central authority verifies your real identity and issues temporary rate limited tokens which are then saved by each service and can at any time be linked to you whenever the central authority can get the service to disclose the database entry. the nullifier will force the central authority to do an investigation about who the nullifier actually belongs to which may actually fail.
....what? What investigation by central authorities? You are talking of a system that would constantly mediate permissions for billions upon billions upon billions of devices across dozens of services and accounts per device.
You couldn't hire an army of people large enough to handle this and AI is infamously awful at detecting when a given image has been generated with AI.
> realistically I expect VPNs and Tor to just become more popular in response to such nonsense. I wouldn't be using government issued tokens for anything that isn't trivial to tie to your identity already: such as a personal bank access.
Their popularity would only rise in order to VPN into jurisdictions that don't enforce this. Assuming major websites don't just mandate age/identity verification for all new users regardless of jurisdiction just because it's easier and cheaper to apply one system to everyone.
Look - I know you mean well, but it is clear from this discussion you aren't familiar with cryptography, system security guarantees, Internet infrastructure scaling, or what would be needed to introduce new descriptive information about a person on the Internet and not have it become a new privacy risk.
This is an issue that has no tech-only solution. The specifics aren't just something to just figure out at a later date - the specifics are everything. And it's something that is enormously difficult to get right and extremely easy to get very, very wrong.
Wait - so you're advocating for use of a persistent identifier tied to a person? How is that any different than what advertising networks do right now beyond giving them additional guaranteed information of your age bracket?
To clarify - it's not cryptographically necessary to present the same token for each and every transaction and serves to categorically defeat the entire privacy guarantee of ZKP.
It also makes it trivial to associate your ZKP token with your real identity.
So....what exactly would platform detection mechanisms be basing their decisions off of that wouldn't defeat the entire privacy-preserving premise of ZKP?
What combination of details can you validate on that is meaningfully privacy-preserving and couldn't result in wide-spread re-use of tokens?
Additionally - what would prevent some kids from getting a homeless man in the city to hand them his ID, get a facial scan, and everything else you can think of to generate a token and then pass that token around?
ZKP are a cryptography-nerd's joy but are are categorically unsuitable for the purpose of age verification. I stand by this without the slightest reservation.
The first amendment doesn't have a clause that exempts Americans from anonymous speech if it's possible a foreigner could inadvertently take advantage of the freedom too.
You may as well advocate for no one to be allowed to drive cars because of the possibility of someone getting into a car accident.
Or (in case you're a fan of the second amendment) - advocate for guns not being allowed to be sold to law-abiding citizens because of the possibility of the gun later working its way into the hands of someone who would use it for a mass shooting.
Freedoms exist with the understanding that both positive and negative consequences can result from them. The argument is that the good vastly out-weighs the bad and are worth preserving.
Either they validate so little information that a single homeless person can authenticate the entire country or they validate so much information as to not have a significant privacy guarantee.
There is no in-between for ZKP validating someone's age.
Which is great! Though my understanding is a big weakness of the ACLU/EFF/etc... crowd is that they typically pigeonhole themselves. The ACLU immolated its hard-earned partisan-but-principled reputation in the past decade and the EFF has a reputation of keeping non-lefty-libertarians at a very long arm's length away.
Beyond that - those groups tend to be sclerotic in their coalition membership. That inflexibility isn't always great!
Take the (largely) Progressive-funded Effective Altruist movement - in particular the Center for AI Safety. They are single-minded in their political goals, going so far as to enlist the help of Glenn Beck and Steve-Bannon-associate Joe Allen. They have spun off additional organizations to cater their pro-AI-regulation framing and messaging to different audiences: conservative and biblical messaging to evangelicals, fighting social media disinformation and fascism to progressives, and a hefty dose of civic grassroots rhetoric for their social media presence.
They have goals and are willing to make unsavory temporary alliances if it means enacting regulation.
I do not see such an appetite to influence politics from most of internet civil liberties organizations.
> I should have clarify sorry: I live in the US. That seems unlikely, to say the least.
And? Corporate lobbyists do this lobbying-by-proxy crap with decent regularity. Heck - Nintendo is known to have laundered some of its lobbying through NCMEC years back and credit card companies and banks have long laundered their wishlist through various LEAs. Turns out if you get a bureaucrat to convince FBI leadership of the importance of your pet cause and the nexus it has to their agency, legislative pushes in Congress tends to follow.
That all said - it works both ways and not necessarily with any negative connotations. The DoJ and FTC in administrations-past have had representatives come to hacker conventions to describe the collaborative efforts they've had with members of the community - to include lobbying congress for legislative change.
Getting government agencies on your side as a partner in affecting policy change is relevant only if the change is seen as relevant to a given agency's mission.