undefined | Better HN

0 pointsarrrg3mo ago0 comments

How does that follow? I don’t see the connection.

Zero trust age verification means both sides don’t have to learn anything about each other beyond old enough yes/no. Should mean that.

I’m fine with age verification if it fulfills at least the same criteria that offline age verification does. When you show your ID card in a supermarket to buy alcohol or cigarettes or whatever then the government doesn’t learn anything about what you did and if the cashier doesn’t memorize and write down anything on the card the supermarket doesn’t learn anything about your identity. Here the digital solution can and should do better and close that theoretical deanonymization vector.

But yeah, that‘s the ideal to aspire to.

0 comments

Hizonner3mo ago

> Zero trust age verification means both sides don’t have to learn anything about each other beyond old enough yes/no. Should mean that.

Well, it doesn't. Absolutely none of the systems people are putting into place, or suggesting putting into place, are actually zero trust. The ones that claim to be are "somewhat lower trust if you don't think hard about how to exploit them". Yes, we know in theory how to do zero trust. The reality of these mandates is that people can easily get de-anonymized to all kinds of actors who should't be able to identify them.

It's also a "solution" to a massively exaggerated problem, one that's not in any way specific to any given age group. But that's unrelated to the fact that nobody is, in practice, doing or planning to do anything privacy-preserving.

mzajc3mo ago

Will age verification require the use of software I can't view the source of and/or can't patch (due to remote attestation), and presumably only runs on user-hostile systems (Android with Google Services and iOS)?

It's hardly zero-trust in that case.