Many might’ve seen the Australian ban of social media for <16 y.o with no idea of how to implement it. There have been mentions of “double blind age verification”, but I can’t find any information on it.

Out of curiosity, how would you implement this with privacy in mind if you really had to?

  • General_Effort@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    22 days ago

    I’d lean on the ISPs. Your ISP knows what sites you visit, and they have your location and payment information. They can just insert some verification page when a classified IP is contacted. This gives them hardly any information beyond what they already have. And since they are mainly located in Australia, it is easy to enforce laws on them.

    You have to lean on ISPs anyway because it is quite ridiculous to assume that the entire global internet will implement Australian laws. Does anyone believe that their Lemmy instance will implement some AI face scan or cryptography scheme?

    You would have to block servers that do not comply with the law anyway. The effective solution would be a whitelist of services that have been vetted. In practice, I think we’ll see the digital equivalent of ok boomer.

    If a whitelist seems extreme, then one should have another look at the problem. The point is to make sure that information is only accessed by citizens with official authorization. There is no technological difference between the infrastructure needed to enforce this (or copyrights) and some totalitarian hellscape.

    • MimicJar@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      22 days ago

      This gives them hardly any information beyond what they already have.

      Except now they know the individuals using your Internet.

      Sure if you live alone they already can easily put that information together. However if you have a partner, a relative and children all living in one house they now know who is in that home.

      Plus maybe no one in the house uses Twitter and Aunt Alice the Twitter user came to visit, does she need to reverify? Your ISP knows that now.

      ISPs would be gaining a lot of new information.

      • General_Effort@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        21 days ago

        It’s not necessary to expose the identities of the users. The age confirmation could happen via a password, PIN, or even a physical USB dongle. Tying such methods to a particular identity adds nothing to the age verification.

        If that is not enough, then one would need a permanent, live webcam feed of the user. It could be monitored by AI, and/or police officers could make random checks.

        Granted, one would have to make sure that not everyone behind the same router can use age-restricted services; eg with a VPN. That would let them assign connections to individual, anonymous adults. But I’d guess you could do that anyway with some confidence by analyzing usage patterns. Besides, information on who is in a home can also be found in other places such as social media or maybe company websites. So I do not think this is much new information.

        But thinking about it, one could compartmentalize this.

        The ISP only allows connections to whitelisted servers, including 1 or more government approved VPNs. The ISP refuses connection to these VPNs without age confirmation. The VPN provider does not need to be told the identity of the customer. There needs to be no persistence across sessions. The ISP need not know what sites are visited via VPN. While the VPN provider need not know about sites visited without.

        If you do it that way, the ISP ends up knowing less than before.

        Since both ISP and VPN servers and offices would be physically located in the country, one would have no problem enforcing prohibitions on data sharing, if desired by lawmakers.

        Anyway, this is the only realistic approach in the whole thread. Everything else assumes that Australian law will be followed globally. And then the ISP still has all that usage data. Why not just use a blockchain…

  • hector@sh.itjust.works
    link
    fedilink
    arrow-up
    0
    ·
    22 days ago

    My friend has worked with a government to create zero-knowledge proof from IDs. Turns out there’s a lot of good software engineered to solve that problem.

    The UX is still shit tho

  • conciselyverbose@sh.itjust.works
    link
    fedilink
    arrow-up
    0
    ·
    22 days ago

    You can’t.

    Age verification is not compatible with any remotely acceptable version of the internet. It’s an obscene privacy violation in all cases by definition.

    Any implementation short of a webcam watching you while you use the site is less than trivial to bypass with someone else’s ID while opening numerous massive tracking/security holes for no reason.

  • ben_dover@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    22 days ago

    in blockchain tech, there’s the concept of “zero knowledge proofs”, where you can prove having certain information without revealing the info itself

    • sinceasdf@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      22 days ago

      Would be interesting to see a govt tackle setting up a trustless system like it required for cybersecurity best practices. I think it’s a thorny issue without a trusted authority though.

      What stops an ID for being posted publicly or shared en masse? So one ID can be used unlimited times - just share the key with minors for $1 at no risk to oneself since there’s no knowledge of the ‘transaction’ being sent around. Better for individual privacy but that undermines the political impetus for wanting the verification. Usage would probably have to be monitored or capped, kind of defeating the advantage of the anonymous protocol (or accept that abuse is unenforceable).

    • IphtashuFitz@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      22 days ago

      So how would you use it to solve this problem? There still needs to be some sort of foolproof way of saying “person X is only 14 years old”.

      • planish@sh.itjust.works
        link
        fedilink
        arrow-up
        0
        ·
        22 days ago

        You would prove something like “I possess a private key that matches a public key that is in this list of public keys belonging to people at least X years old”. But without revealing which item in the list is the specific one for you. Which is the zero knowledge proofs’ cool trick.

  • /home/pineapplelover@lemm.ee
    link
    fedilink
    arrow-up
    0
    ·
    21 days ago

    Well Australia will probably so something privacy invading and fascist.

    I guess if you want it to be somewhat private you could have some kind of hash or token generated from your identification information. I bet that would be fairly private

  • PlexSheep@infosec.pub
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    21 days ago

    If the governments would get their shit together, we could have something like age assertion with the eid chips in our IDs. Imagine that. The important thing is that website.com just asks the government “is this user an adult?” And the government replies “yes”. No information besides the relevant one is provided, and it’s through a trusted authority.

    Yeah, not gonna happen, just like using the keys in my Personalausweis to send encrypted mail.

    • FooBarrington@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      21 days ago

      The system would have to be built so that the government can’t connect the user to the website, as you don’t want the government to build profiles on website usage by person. Though the bigger challenge here is trust - even a technically perfect system could be circumvented by the operators.

      A good example for this were the COVID tracking apps. The approach was built so that as little information was leaked as possible.

      • Buddahriffic@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        21 days ago

        Could have a system where a government site cryptographically signs a birth year plus random token provided by the site you want to use.

        Step 1: access site
        Step 2: site sends random token
        Step 3: user’s browser sends token plus user authentication information
        Step 4: gov site replies with a string containing birth year, token, and signature
        Step 5: send that string to the other site where it uses the government’s public key to verify the signature, showing the birth year is attested by the government

        No need to have any direct connection with the user’s identity and the site or been the gov and site.

        • Miaou@jlai.lu
          link
          fedilink
          arrow-up
          0
          ·
          edit-2
          17 days ago

          Unless the government buys the generated tokens from those websites. That’s like the entire problem

  • Harrk@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    22 days ago

    Recently I saw an article on more needs to be done about age verification because it’s easy for children to falsify it (and most do). On the other hand you have adults who falsify it because it’s nobody’s business how old you are.

    Current protections that ask you to confirm your age are completely pointless.

    Now if you were required to provide ID to access X service, would you? If we’re talking adult content then children will simply look elsewhere, taking them to potentially more dangerous areas of the internet. (Heck, so would adults) Same if you deny them social media.

    But if we’re implementing verification regardless then it needs to come from a third party. And it also has to be easy. Like something you do only once.

    First: I would allow children access to social media under a child account that has limited access and ability to be audited by a parent. This is important because you don’t want them going somewhere you have no control over. (Which they will)

    Secondly: An age verification gateway that can be implemented by developers seeking to use it. Possibly managed by the government body responsible for issuing ID (or a partner). This would be taking a short video of yourself plus uploading ID. (Banks are doing this now)

    Thirdly: ease of use. Majority of us have a google or apple account associated with whatever device we have. Let those accounts hook into the 2nd step and share if an account is a child/adult account with any social platforms you log in using it with.

    Just a few thoughts that came to mind whilst waiting dinner. Feel free to tear it apart!

  • eyeon@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    22 days ago

    All I can think of are some variations of you trusting a service to validate your id and give you a token that just asserts your id has been validated.

    But it’s still not really privacy preserving because it relies on trusting both parties to not collaborate against your privacy. if at some point the id provider decides to start keeping records of what tokens were generated from your id, and the service provider tracking what was consumes with that token, then you can still put it all back together.

    • phlegmy@sh.itjust.works
      link
      fedilink
      arrow-up
      0
      ·
      21 days ago

      That’s when you add an extra point of failure validator.
      Server 1 generates a token for server 2 to validate.
      You send the token to server 2, who validates and generates you a token for server 3. Then finally server 3 validates the token and grants/denies your access.

      The more nodes you have across different countries, the harder it is for the last server to discover your identity.

      Definitely not without its flaws, but I wonder if a decentralised node setup similar to the tor network could work.

  • socsa@piefed.social
    link
    fedilink
    English
    arrow-up
    0
    ·
    21 days ago

    It can’t be. The entire concept is a Trojan horse to kill the anonymous internet.

  • MajorHavoc@programming.dev
    link
    fedilink
    arrow-up
    0
    ·
    23 days ago

    If I really had to, I would require everyone to whip out whatever assets of sexual maturity they happen to have, and let the computer analyze it and decide a maturity level.

    I would also keep copies for blackmail purposes, because the world is a better place if we all mistrust this solution and anything remotely like it. It’ll be in the legal fine print, which I’m confident no one will read.

    Every answer (other than “trust the user to self identify”) is at least remotely like mine, but I’m proposing we cut out the half-measures on the way.

    To avoid personal consequences, the system I architect will probably wait on a dead-man-switch for me to die or be incarcerated.

    Then it will publish everything it has ever seen, along with AI generated commentary. I’m confident that some of it will be hilarious, and I am hopeful that it will piss everyone off enough that we stop doing this kind of thing.

  • e0qdk@reddthat.com
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    23 days ago

    Frankly, the only sane option is an “Are you over the age of (whatever is necessary) and willing to view potentially disturbing adult content?” style confirmation.

    Anything else is going to become problematic/abusive sooner or later.

  • letsgo@lemm.ee
    link
    fedilink
    English
    arrow-up
    0
    ·
    22 days ago

    Not a cryptographic expert by any means but maybe something like this would work. This’d be implemented in common places people shop: supermarkets for instance. You’d go up to customer service and show your ID for visual confirmation only; no records can be created. In return the service rep would give you a list of randomised GUIDs against which the only permissible record can be “has been taken”. Each time you need to prove your age you’d feed in one of those GUIDs.

      • litchralee@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        0
        ·
        22 days ago

        Sadly, this type of scheme suffers from: 1) repudiation, and 2) transferability. An ideal system would be non-repudiable, meaning that when a GUID is used, it is unmistakably an action that could only be undertaken by the age-verified person. But a GUID cannot guarantee that, since it’s easy enough for an adult to start selling their valid GUIDs online to the highest bidder en-masse. And being a simple string, it can easily and confidentially be transferred to the buyer, so that no one but those two would know that the transaction actually took place, or which GUID was passed along.

        As a general rule, when complex questions arise which might possibly be solved by encryption, it’s fairly safe to assume that expert cryptographers have already looked at the problem and that no easy or obvious solution exists. That’s not to say that cryptographers must never be questioned, but that the field is complicated enough that incomplete answers abound.

        • JeremyHuntQW12@lemmy.world
          link
          fedilink
          arrow-up
          0
          ·
          edit-2
          22 days ago

          You upload identity to a site and it gives you a date stamped token which confirms your age.

          Then when that token is uploaded to an SM site, it verfies the identity of the giver with the site that gives the token. The identity is a hash generated by the token site and contained in both the token and a namespace at the token site, so only the token site knows the real identity. Once the token has been confirmed, the namespace is re-used.

          So you can’t really sell the token, because its linked back to the identity you uploaded to the token site. You need to be logged in to the token site.

          • litchralee@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            0
            ·
            22 days ago

            To make sure we’re all on the same page, this proposal involves creating an account with a service provider, then uploading some sort of preexisting, established proof-of-identity (eg passport data page), and then requesting a token against that account. The token is timestamped and non-fungible, so that when the token is presented to an age-restricted website, that website can query the service provider to verify that: 1) the token is still valid, 2) the person associated with the token is at least a certain age.

            If I understood that correctly, what you’re describing is an account service, not strictly a proof-of-age service. And we already have account services of varying degrees and complexity: Google Accounts, OAuth, etc. Basically any service where you log-in, since the point of logging in is to associate to a account, although one person can have multiple accounts. Passing around tokens isn’t strictly necessary since you can just ask the user to prove account ownership by signing into their Google Account, for example. An account service need not necessarily verify age, eg signing in to post a comment on a news article.

            Compare this with an identity service like ID.me, which provide records on individual; there cannot be multiple records for the same live person. This type of service is distinct from an account service, but some accounts are necessarily tied to a single identity, such as online banking. But apart from KYC regulations or filing one’s taxes online, an identity service isn’t required for most day to day activities, and any additional uses pose identify theft concerns.

            Proof-of-age – as I understand it from the Australian legislation – does not necessarily demand an identity service be used to satisfy the law, but the question in this Lemmy thread is whether that’s a distinction without a difference. We don’t want to be checking identities if we don’t have to, for privacy and identity theft reasons.

            In short, can a person be uniquely, anonymously age-verified online? I suspect not. Your proposal might be reasonable for an identity service, but does not move us further towards a theoretical privacy-centric proof-of-age validation mechanism.

  • chaospatterns@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    23 days ago

    Its possible to implement something that hides your actual age from a website, but the tricky part is hiding what website you’re visiting from an identity provider.

    Let’s walk through a wrong solution to get some fundamentals. If you’re familiar with SSO login, a website makes a request token to login the user and makes claims (these request pieces of user information.) One could simply request “is the user older than 18?” And that hides the actual age and user identity.

    The problem is how do you hide what website you’re going to from the identity provider? In most SSO style logins, you need to know the web page to redirect back to the original site. Thus leaking information about websites you probably don’t want to share.

    The problem with proposals that focus on the crypto is that they actually have to be implemented using today’s browser and HTTP standards to get people to use them.

    • hemko@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      0
      ·
      23 days ago

      Could it be maybe a token signed by the verifying party living permanently on your computer (like cookie), and websites can request permission to query it to verify the age?

      • lad@programming.dev
        link
        fedilink
        English
        arrow-up
        0
        ·
        23 days ago

        Since age tends to not decrease, that may make sense: once you reach 18 you get a signed token you can use forever.

        Your token might be used by someone else, though

      • chaospatterns@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        22 days ago

        The hard part is browsers. Cookies and local storage are limited by the origin URL. You need it explicitly set on the domains you intend to visit, but those domains don’t know your age. The one that knows the age is the identity provider, but it can’t set it for all domains. There are other techniques that you could use, like a smart card combined with a browser extension to do local based user info attestation, but those are difficult to manage at a nation scale and I suspect people will struggle with them, though there are some countries that do have national smart cards (e.g. Estonia.)

    • JeremyHuntQW12@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      22 days ago

      The problem is how do you hide what website you’re going to from the identity provider?

      Not only don’t you need to, you would really have to know the generator of the token because it needs to verify that you are the user that was issued the token.

    • iknowitwheniseeit@lemmynsfw.com
      link
      fedilink
      arrow-up
      0
      ·
      22 days ago

      It can be done. The website provider can generate a request that it forwards to you. You then pass on this request to the age verifier, who can answer “yes person is over 16” without knowing why you want to know, or who generated the request.

      The requester wouldn’t know your age, just that you were old enough.

      There are a few problems.

      One is that the website could embed some identifier in the signature of their request. But any information there can be easily send by the web site provider to the age verifier directly if they wanted so this is not a big problem.

      Another problem is that the age verifier could look at times when requests were submitted and create a sort of “fingerprint” based on when requests arrived for different sites. This could be partially helped by having browsers request age verification randomly in the background any time you use a browser.