←back to thread

EFF launches Age Verification Hub

(www.eff.org)
347 points iamnothere | 8 comments | 10 Dec 25 20:35 UTC | HN request time: 0.427s | source | bottom

Also: We built a resource hub to fight back against age verification https://www.eff.org/deeplinks/2025/12/age-verification-comin...
Show context
throwaway198846 ◴[11 Dec 25 20:21 UTC] No.46236617[source]
Why they don't use zero knowledge proof? Also question for the USA constitution experts, is this considered a violation of free speech? The article is not clear on this.
replies(8): >>46236634 #>>46236671 #>>46236673 #>>46236726 #>>46236763 #>>46236810 #>>46236875 #>>46237112 #
1. rockskon ◴[11 Dec 25 20:38 UTC] No.46236810[source]
Zero knowledge proof is either trivially defeated by re-using the same credentials or doesn't have useful privacy guarantees. There really isn't an in-between here for something like age verification.
replies(3): >>46237042 #>>46237071 #>>46237309 #
2. nostrademons ◴[11 Dec 25 20:57 UTC] No.46237042[source]
Age verification in general is not intended to defend against people lying or using stolen credentials. If you’re 13 but know the password to your dead grandpa’s account and the website in question has no idea he’s dead, there’s no way to defend against that, with or without a ZKP.

What the ZKP does is let you limit the information the site collects to the fact that you are under 18, and nothing else. It’s an application of the principle of least privilege. It lets you give the website that one fact without revealing your name, birthdate, address, browsing history, and all your other private data.

replies(1): >>46238530 #
3. vilhelm_s ◴[11 Dec 25 20:59 UTC] No.46237071[source]
The idea is that e.g. the government would give you an app that lives on your phone. When you apply for the app you provide some documents to prove your age, but you don't say anything about what sites you plan to visit. When you want to visit an age-restricted site you use the app to generate a proof that you have it, but the site doesn't learn anything more than that, and the government doesn't learn that you used the app.
replies(1): >>46237570 #
4. zmmmmm ◴[11 Dec 25 21:19 UTC] No.46237309[source]
It's funny because the same "perfect is the enemy of good" argument is used both to criticize age verification in the first place (why bother if it isn't perfect) but then also to dismiss proprosals to implement it better (why bother if they don't perfectly fix the problem).
replies(2): >>46237600 #>>46238224 #
5. raw_anon_1111 ◴[11 Dec 25 21:41 UTC] No.46237570[source]
> the government would give you an app that lives on your phone

And you don’t see a problem with this part?

6. Aloisius ◴[11 Dec 25 21:43 UTC] No.46237600[source]
No. It's mostly that the proposed age verification schemes have fundamental problems that disqualify them from being considered "good" and none of the "better" implementations fix those problems at all.
7. rockskon ◴[11 Dec 25 22:32 UTC] No.46238224[source]
The problem is that it isn't even good. It falls squarely in the realm of "we must do something. This is something. Therefore we must do it."
8. rockskon ◴[11 Dec 25 22:59 UTC] No.46238530[source]
What prevents one kid in a friend group or in a school from sharing the same identifier?

After all - if it doesn't share anything other than a guarantee of the "age" of someone who is authenticating with the website then how would the website know there's re-use of identifiers?