←back to thread

EFF launches Age Verification Hub

(www.eff.org)
351 points iamnothere | 4 comments | 10 Dec 25 20:35 UTC | HN request time: 0s | source

Also: We built a resource hub to fight back against age verification https://www.eff.org/deeplinks/2025/12/age-verification-comin...
Show context
pksebben ◴[11 Dec 25 20:45 UTC] No.46236900[source]
This keeps coming up and we keep having the same debates about what Age Verification isn't.

For the folks in the back row:

Age Verification isn't about Kids or Censorship, It's about Surveillance

Age Verification isn't about Kids or Censorship, It's about Surveillance

Age Verification isn't about Kids or Censorship, It's about Surveillance

Without even reaching for my tinfoil hat, the strategy at work here is clear [0 1 2]. If we have to know that you're not a minor, then we also have to know who you are so we can make any techniques to obfuscate that illegal. By turning this from "keep an eye on your kids" to "prove you're not a kid" they've created the conditions to make privacy itself illegal.

VPNs are next. Then PGP. Then anything else that makes it hard for them to know who you are, what you say, and who you say it to.

Please, please don't fall into the trap and start discussing whether or not this is going to be effective to protect kids. It isn't, and that isn't the point.

0 https://www.eff.org/deeplinks/2025/11/lawmakers-want-ban-vpn...

1 https://www.techradar.com/vpn/vpn-privacy-security/vpn-usage...

2 https://hansard.parliament.uk/Lords/2025-09-15/debates/57714...

replies(14): >>46236954 #>>46237349 #>>46237480 #>>46238016 #>>46238148 #>>46238925 #>>46240138 #>>46240141 #>>46240546 #>>46240662 #>>46240975 #>>46241941 #>>46242412 #>>46243136 #
knallfrosch ◴[11 Dec 25 21:23 UTC] No.46237349[source]
> If we have to know that you're not a minor, then we also have to know who you are

That is untrue

replies(1): >>46237429 #
phyzome ◴[11 Dec 25 21:30 UTC] No.46237429[source]
Are you aware of any age verification systems that do not have this property?

(This includes being robust against law enforcement action, legal or otherwise.)

replies(7): >>46237529 #>>46237535 #>>46237741 #>>46237759 #>>46237958 #>>46239717 #>>46240178 #
pksebben ◴[11 Dec 25 21:38 UTC] No.46237535[source]
Like many mention in other comments on this post, it's possible to implement using ZKPs. There are likely other methods that would be effective without compromising privacy. None of them are part of the Age Verification discussion because kids are not the actual point of Age Verification.

When I say "if we have to know you're not a kid, we have to know who you are" I'm not stating an actual truth, but the argument as it is playing out politically.

replies(7): >>46237671 #>>46237758 #>>46238433 #>>46239088 #>>46240107 #>>46241986 #>>46242597 #
magicalhippo ◴[11 Dec 25 21:48 UTC] No.46237671[source]
> None of them are part of the Age Verification discussion because kids are not the actual point of Age Verification.

The EU age verification solution says implementations SHOULD implement[1] their ZKP protocol[2]. Not linking it to the user is stated as an explicit goal:

Unlinkability: The goal of the solution is to prevent user profiling and tracking by avoiding linkable transactions. Initially, the solution will rely on batch issuance to protect users from colluding RPs. Zero-Knowledge Proof (ZKP) mechanisms will be considered to offer protection. More details are provided in Section 7.

[1]: https://ageverification.dev/av-doc-technical-specification/d...

[2]: https://ageverification.dev/av-doc-technical-specification/d...

replies(3): >>46237909 #>>46237981 #>>46241679 #
mzajc ◴[11 Dec 25 22:13 UTC] No.46237981[source]
Is there a good explanation of how ZKPs prevent attestation providers (which presumably know your identity) from linking an issued proof back to you if, for example, the website elects to store it? I can wrap my head around RSA and ECC and PKI, but I haven't managed to make sense of this yet.

Assuming that's even a goal, of course. The cited paragraph mentions RPs (the websites, from what I understand), but makes no mention of attestation providers.

replies(1): >>46238674 #
MatteoFrigo ◴[11 Dec 25 23:13 UTC] No.46238674[source]
This is, of course, very technical, but here is how it works at a high level.

In the non-ZKP presentation, the "holder" (phone) sends the credential to the relying party (website), and the RP executes some verification algorithm. In the ZK presentation, the holder executes the verification algorithm and sends to the RP a proof that the algorithm was executed correctly.

The "proof" has this magical property that it reveals nothing other than the check passed. (You will have to take on faith that such proofs exist.) In particular, if the check was the predicate "I have a signature by ISSUER on HASH, and SHA256(DOCUMENT)==HASH, and DOCUMENT["age_gt_18"]=TRUE", anybody looking at the proof cannot infer ISSUER, HASH, DOCUMENT, or HASH, or nothing else really. "Cannot infer" means that the proof is some random object and all HASH, DOCUMENT, ISSUER, etc. that satisfy the predicate are equally likely, assuming that the randomness used in the proof is private to the holder. Moreover, a generating a proof uses fresh randomness each time, so given two proofs of the same statement, you still cannot tell whether they come from the same ISSUER, HASH, DOCUMENT, ...

replies(2): >>46239192 #>>46239356 #
parineum ◴[12 Dec 25 00:05 UTC] No.46239192[source]
If it's not linked to an identity, why can't a kid use a parent's key?
replies(2): >>46239397 #>>46239690 #
MatteoFrigo ◴[12 Dec 25 00:31 UTC] No.46239397[source]
Excellent question. More generally, what prevents me from copying the credential and giving it to somebody else?

The currently favored approach works like this. The DOCUMENT contains a device public key DPK. The corresponding secret key is stored in some secure hardware on the phone, designed so that I (or malware or whatever) cannot extract the secret key from the secure hardware. Think of it as a yubikey or something, but embedded in the phone. Every presentation flow will demand that the secure element produce a signature of a random challenge from the RP under the secret key of the secure hardware. In the ZKP presentation, the ZKP prover produces a proof that this signature verifies correctly, without disclosing the secret key of the secure hardware.

In your example, the parent could give the phone to the kid. However, in current incarnations, the secure hardware refuses to generate a signature unless unlocked by some kind of biometric identification, e.g. fingerprint. The fingerprint never leaves the secure hardware.

How does the issuer (e.g. the republic of France) know that DOCUMENT is bound to a given fingerprint? This is still under discussion, but as a first bid, a French citizen goes to city hall with his phone and obtains DOCUMENT after producing a fingerprint on the citizen's phone (as opposed to a device belonging to the republic of France). You can imagine other mechanisms based on physical tokens (yubikeys or embedded chips in credit cards, or whatever). Other proposals involve taking pictures compared against a picture stored in DOCUMENT. As always, one needs to be clear about the threat model.

In all these proposals the biometric identification unlocks the secure hardware into signing a nonce. The biometrics themselves are not part of the proof and are not sent to the relying party or to the issuer.

replies(2): >>46239427 #>>46240423 #
parineum ◴[12 Dec 25 00:35 UTC] No.46239427[source]
So adults are required to own a phone to prove their age?

Can I log into an age gated service at a library without a phone?

replies(1): >>46239570 #
1. MatteoFrigo ◴[12 Dec 25 00:51 UTC] No.46239570[source]
Another excellent question. The current answer in the EU seems to be "you need a phone". My preferred answer (despite being one of the Google guys who designed the ZKP mechanism) would be that the government sends you some sort of plastic card with a chip that does not tie you to a phone. Still fighting that battle.
replies(2): >>46240733 #>>46242431 #
2. parineum ◴[12 Dec 25 03:57 UTC] No.46240733[source]
Thanks for answering, I appreciate it.
3. fsflover ◴[12 Dec 25 09:35 UTC] No.46242431[source]
I guess owning some computer should be fine as a requirement? It just should not be tied to the US megacorps. A web app perhaps?
replies(1): >>46243414 #
4. MatteoFrigo ◴[12 Dec 25 12:14 UTC] No.46243414[source]
Yes. However, at some point there needs to be some unforgeable piece of hardware that prevents copying the document. I am a big fan of yubikeys and I wish everybody used them, but the reality is that people lose them way more often than they lose their phone.