Most active commenters
  • Seattle3503(3)

←back to thread

EFF launches Age Verification Hub

(www.eff.org)
351 points iamnothere | 15 comments | 10 Dec 25 20:35 UTC | HN request time: 0.59s | source | bottom

Also: We built a resource hub to fight back against age verification https://www.eff.org/deeplinks/2025/12/age-verification-comin...
1. zmmmmm ◴[11 Dec 25 21:29 UTC] No.46237414[source]
I feel like the EFF has stretched a bit far on this one. They need to be advocating for good solutions, not portraying age verification as fundamentally about surveillance and censorship.

As many are pointing out zero knowledge proofs exist and resolve most of the issues they are referring to. And it doesn't have to be complex. A government (or bank, or anybody that has an actual reason to know your identity) provided service that mints a verifiable one time code the user can plug into a web site is very simple and probably sufficient. Pretty standard PKI can do it.

The real battle to be lost here is that uploading actual identity to random web sites becomes normalised. Or worse, governments have to know what web sites you are going to. That's what needs to be fought against.

replies(6): >>46237437 #>>46237493 #>>46237885 #>>46238218 #>>46238399 #>>46238479 #
2. raw_anon_1111 ◴[11 Dec 25 21:30 UTC] No.46237437[source]
Age verification is about government overreach surveillance and censorship. That’s it.
3. atonse ◴[11 Dec 25 21:35 UTC] No.46237493[source]
Yep this is the first time I've disagreed with the EFF on anything civil liberties related.

My view is that there's no reason why we can't come together and come up with a rating system for websites (through HTTP headers, there are already a couple proposals, the RTA header and another W3C proposal).

Once a website just sends a header saying this is adult only content, what YOU as a user do with it is up to you. You could restrict it at the OS level (which is another thing we ALREADY have).

This would match the current system, which allows households to set their devices to block whatever they want, and the devices get metadata from the content producers.

No ID checks needed.

replies(1): >>46241642 #
4. quitit ◴[11 Dec 25 22:05 UTC] No.46237885[source]
There are overwhelming dichotomous portrayals in this debate which gives me pause because there are entities who benefit from both sides of this debate, but neither would benefit with a sensible privacy-preserving solution.

So instead of advocating for those sensible and workable solutions, the discussions are always centred on either blocking any attempt at reform while hyperventilating about vague authoritarianism or a similarly vague need to protect the innocent.

Meanwhile in the world of smartphone data providers, social media networks, and the meta/googles of the world: they all know your personal information and identity up to the wazoo - and have far more information on every one of you than what is possessed by your own governments (well except for the governments that are also buying up that data.)

So let me be clear, the gate is open, the horse has bolted - recapturing your privacy is where attention should be focused in this debate... even if it's bad for shareholders.

replies(1): >>46238493 #
5. stvltvs ◴[11 Dec 25 22:31 UTC] No.46238218[source]
What good solutions are there that prevent the age verification service and the website from comparing notes (because Big Brother told them to) and figuring out who you are and what you're doing?
replies(2): >>46238423 #>>46238521 #
6. casey2 ◴[11 Dec 25 22:47 UTC] No.46238399[source]
The reality is that even countries that have digital IDs like Belgium which would be 1 of the many requirements of implementing such a zero-knowledge system are pushing for surveillance heavy legislation right now.

Once a system is in place that infringes on rights nobody will modify it to give citizens more rights.

7. zmmmmm ◴[11 Dec 25 22:49 UTC] No.46238423[source]
If they voluntarily collude then yes, you can't avoid that. It's like third party cookies - once two parties collude it's game over. But that just outlines a situation where the user's chosen trusted service is hostile to their interests and they need to find one that isn't.

If Big Brother starts mandating the collusion - then yes, there's a hill to die on. But in some ways that's the point here. There are hills to die on - this just isn't it. And if you pick the wrong hill then you already died so you are losing the ones that really mattered. If the EFF pointed out to everyone that there is a privacy preserving answer to the core issue that is driving this, they could then mount a strong defense for the part that is truly problematic, since it isn't actually required to solve the problem.

replies(1): >>46239165 #
8. akersten ◴[11 Dec 25 22:54 UTC] No.46238479[source]
> They need to be advocating for good solutions, not

No, fighting back against horrible proposals does not require suggesting an alternative proposal to the alleged problem. That only serves to benefit the malicious actors proposing the bad thing in the first place, the hope that we'll settle on something Not As Bad.

Thank god for the EFF and their everlasting fight to stop these nonsense internet laws. I'm glad they don't waste their time on "well how about this" solutions. The middle ground will never be enough for the proponents of surveillance, and will always be an incremental loss for the victims.

9. Seattle3503 ◴[11 Dec 25 22:56 UTC] No.46238493[source]
> Meanwhile in the world of smartphone data providers, social media networks, and the meta/googles of the world: they all know your personal information and identity up to the wazoo - and have far more information on every one of you than what is possessed by your own governments (well except for the governments that are also buying up that data.)

This is where I'm concerned too. We are seeing a proliferation of third party verification services that I have to interact with and that have no real obligations to citizens, because their customer is the website.

I'd like to see governments step in as semi-trusted third parties to provide primitives that allow us to bootstrap some sort of anonymous verification system. By semi-trusted, I mean trusted to provide attestations like "This person is a US citizen over the age of 18" but not necessarily trusted with an access log of all our websites.

10. Seattle3503 ◴[11 Dec 25 22:59 UTC] No.46238521[source]
This is only hypothetical for government ID's, but in theory government IDs could provide pairwise pseudonymous identifiers with services. Your ID with a single service is stable, but it is different with each service.
replies(1): >>46239197 #
11. pseudalopex ◴[12 Dec 25 00:03 UTC] No.46239165{3}[source]
> If they voluntarily collude then yes, you can't avoid that.

You may accept this. Others will not.

> But that just outlines a situation where the user's chosen trusted service is hostile to their interests and they need to find one that isn't.

Just?

12. pseudalopex ◴[12 Dec 25 00:06 UTC] No.46239197{3}[source]
They imagined a scenario where the state ordered 2 companies to identify users. How would replacing 1 company with the state improve this?
replies(1): >>46241214 #
13. Seattle3503 ◴[12 Dec 25 05:40 UTC] No.46241214{4}[source]
What would the state force you to do in this case?
replies(1): >>46241873 #
14. kmoser ◴[12 Dec 25 07:13 UTC] No.46241642[source]
> My view is that there's no reason why we can't come together and come up with a rating system for websites

There's no way everybody will agree what constitutes "adult only content," therefore there's no way to come up with a rating for websites.

15. stvltvs ◴[12 Dec 25 07:55 UTC] No.46241873{5}[source]
Is your question about what authoritarian states do with information about everyone's private lives?