←back to thread

EFF launches Age Verification Hub

(www.eff.org)
347 points iamnothere | 1 comments | 10 Dec 25 20:35 UTC | HN request time: 0.207s | source

Also: We built a resource hub to fight back against age verification https://www.eff.org/deeplinks/2025/12/age-verification-comin...
Show context
throwaway198846 ◴[11 Dec 25 20:21 UTC] No.46236617[source]
Why they don't use zero knowledge proof? Also question for the USA constitution experts, is this considered a violation of free speech? The article is not clear on this.
replies(8): >>46236634 #>>46236671 #>>46236673 #>>46236726 #>>46236763 #>>46236810 #>>46236875 #>>46237112 #
1. Aloisius ◴[11 Dec 25 20:43 UTC] No.46236875[source]
- If I can do a zero knowledge proof once per day against someone who is under age, I can eventually determine their birthday.

- If I can do a zero knowledge proof with an arbitrary age, I can eventually determine anyone's birthday.

- If the only time people need to verify their age is to visit some site that they'd rather not anyone know they visit and that requires showing identity - even if it's 100% secure, a good share of people will balk simply because they do not believe it is secure or creating a chilling effect on speech.

- If the site that verifies identity is only required for porn, then it has a list of every single person who views porn. If the site that verifies identity is contacted every time age has to be re-registered, then it knows how often people view porn.

- If the site that verifies identity is a simple website and the population has been trained that uploading identity documents is totally normal, then you open yourself up to phishing attacks.

- If the site that verifies identity is not secure or keeps records, then anyone can have the list (via subpoena or hacking).

- If the protocol ever exchanges any unique identifier from the site that verifies your identity and the site that verifies identity keeps records, then one may piece together, via subpoena (or government espionage, hacking) every site you visit.

Frankly, the fact that everyone promoting these systems hasn't admitted there are any potential security risks should be like an air raid siren going off in people's heads.

And at the end of all of this, none of it will prevent access to a child. Between VPNs, sharing accounts, getting older siblings/friends to do age verification for them, sites in jurisdictions that simply don't care, the darkweb, copying the token/cert/whatever from someone else, proxying age verification requests to an older sibling/rando, etc. there are way, way too many ways around it.

So one must ask, why does taking all this risk for so little reward make any sense?