I have mixed feelings about a world where zero-knowledge-based ID verification gets so good that it reduces barriers to being adopted widely.
On the one hand, it's better than a world where non-privacy-respecting ID verification becomes required anyways, and thus every bit of your online behavior becomes tied to your actual identity.
On the other hand, the presence of this kind of technology makes it easier for governments to say things like "all ___ content online must be restricted to ages 18+ or 21+" and actually have a way to implement that across Discord and TikTok and gaming chatrooms and everything inbetween, in a way that has already been deployed at scale... because it had not already been fought against from a privacy perspective when it was deployed for things like public transit.
The things that can be placed in that blank are far more widespread than one might initially think.
Plus, you'd be giving Google your government ID. A company that collects and trades thousands of your behavioral metrics as their core business model.
The Baltics have handled this better with a Smart ID system[0] that also allows cryptographic document signing (like Adobe Sign but non-repudiable by law). It can perform proof-of-human like Altman's orbs, and allows Baltic citizens to file documents with the government, access electronic court records, electronic medical records, e-banking, and similar services.
One downside of the system is that its purpose is to identify a natural person using a service. So whichever service uses it as authentication, it will receive personal data. However, there are third-party sign-on gateways that use Smart ID (and other e-signature methods legal in the Baltics) to authenticate users and only disclose certain bits of personal information to those requesting authentication. In Lithuania, the government operates a service called the E-Government Gateway, and one can easily imagine it could be used for zero-knowledge age verification.
Ultimately, Google seems to be offering a far inferior product at a lot more risk to the user. Once again, their core business is user profiling, associating various user metrics with each profile. A government ID is the holy grail for user profiling. It's sort of like if a wolf offered a sheep-verification service - yes, we could trust the wolf to act professionally towards the sheep, despite it coming out in sheep court several times that it hasn't in the past. But is it wise to suspend disbelief like that? It's better to leave this to independent, expert companies, or even governments.
And it sounds like a complete nightmare when you're one of those people whose Google account gets suspended for some random reason, with no appeal process and no way to contact actual customer service.
Now you don't have any ID either, and can't prove who you are.
The difference is that as much as being cut off from Google sucks today, right now it doesn't mean you also e.g. lose access to your digital porn library that you paid for.
Think of all the authentication mechanisms you rely on: credit cards, food delivery, smart locks, uber, parking, ev charging, email, messaging, intuit, dmv and so on.
Now imagine you’re permanently banned from them all with no appeal and no way to create new accounts.
> the presence of this kind of technology makes it easier for governments to say things like "all ___ content online must be restricted to ages 18+ or 21+" and actually have a way to implement that across Discord and TikTok and gaming chatrooms and everything inbetween
There will still be sites that don’t GAF. Given the damage social media has done to our polity, particularly our youth, I’m all for age gating these services at a fundamental level.
I've had similar ideas regarding how US Military ID cards work. The tech enthusiast in me loves the idea of ubiquitous strong 2FA, functioning ID systems that separate "identification" from "authentication" (looking at you, SSNs), etc.
Identity theft would become essentially impossible. Then if it were adopted by things that are fundamentally associated with your real identity (e.g., banks, payment processors, insurance providers, government institutions) then whole classes of phishing scams would become impossible.
Then there are the use cases where it's convenient for the user. Public transit, event admissions, membership cards.
Then there are the use cases where it's convenient for the provider. Alcohol sales, social media, adult content.
... Yeah, that would turn into a dystopia incredibly fast.
> Identity theft would become essentially impossible
"The difference between a thing that might happen and a things that cannot happen, is that when a things that cannot happen happens it usually tends to be impossible to get at or repair."
For many of us the internet is the last bastion of (relatively) free speech and free-ish access to information. I've never actually lived in a society that doesn't censor everything uncomfortable to the government and wouldn't even know what it's like if not for the 'net.
Foreign companies have also repeatedly shown that they're happy to go along with the latest and greatest idea of the government to avoid being blocked. Right now it's not really a problem as I can easily pretend to be a middle-aged balding guy from rural Germany (or wherever).
You can probably combine the two and see where it leads to.
there's a reason folks insist that the research in gun violence in the US be conducted via paper and not a digital database. it slows it down /sooooo much/.
You’re more worried kids won’t be able to see filth online if they want than how this will be abused by authoritarian governments to clamp down on free speech?
The demonstration, UK railcards, is a bit odd. I thought they were sharing too much information, date of birth when only something like "under 18" would be needed. But these railcards have several different age-based options. What is the point of this age discrimination, surely you take up one seat on a train regardless of your age?
Railcards in the UK have a complicated history, but essentially there's a sliding scale of discount you can get up to the age of 30, in order to encourage more young people to use the rail network. You get more discount under 18, some between 18 and 25 for one price, and some between 25 and 30 for another price.
Additionally, the way the discounts work is that you buy a pass that lasts for a period of time. That then needs to work with your current age. i.e. you can't buy 2 years of discount for under 30s at 29, you can only buy 1 year, so they need to share your age and I think possibly in some cases, date of birth.
I prefer to frame it more like this: "People in your age range drive less or cannot legally do so and as such have few other options for transit, so we'll give you a discount. Also, the negative externalities of rail travel are far lower than other modes of transit so we should encourage as many people as possible to use it. When a frequent young user of rail transit grows out of the lower price bracket, they will likely continue to use the service to help keep it affordable for all."
Also, <25 and >60 are probably much less likely to be using rail to commute to paying jobs. Additionally most of the Railcards are scoped to only off-peak travel, which again focuses on leisure/family rather than work.
I'm not familiar with the specific situation in the UK, but age-based discounts can support many policy goals.
Maybe you want teenagers to be more independent, instead of relying too much on their parents for transportation needs. Maybe you want young adults get used to using public transit instead of driving everywhere, which can lower infrastructure costs in a densely populated country. Maybe you want to encourage retirees to get out and participate in the society, instead of sitting alone at home. Or maybe you want to encourage the use of public transit outside peak hours, which could reduce the overall need for subsidies.
Simple systems, such as age-based categories, often work well enough. Targeted subsidies can be more efficient in principle. But that assumes that regulators manage to target them properly and have the regulations implemented in software correctly and in time. All of those often fail. And even when they are successful, they may cost more than you save with better targeting. Not to mention the opportunity costs: when regulators focus on one thing, they can't work on another.
and the 26-30 Railcard, and the Children aged 5 to 15, and the for those aged 16 or 17, it just seems weird to have all these age-restricted options for exactly the same product (a seat on a train.)
Call it woke or socialism, but perhaps it's within a society's interest to make travel affordable for people who don't necessarily have access to other modes of transit. It's the difference between equality and equity.
Yeah, but what if the company has 36,500 age based discount tiers (or has heard of binary search)?
I don’t see how revealing the result of a less than comparison can be considered zero knowledge, but then I also don’t understand the difference between Google exchanging actionable confidential facts about you for money and them selling your personal information, so what do I know?
Well, a compromise would be to simply provide the user's age in years, as opposed to their date of birth. Effectively a 365-day resolution instead of 1-day.
Age is a proxy for money. You want to set the price for optimum profit (assuming the rail company isn’t controlled by the government and implements social measures), so you want to charge every group of people the amount where (number of costumers)*(profit per customer) is maximized. If you would price every group the same fare, some people wouldn’t get a ticket and you would lose customers. It makes sense to charge those users less, but try to keep the profit of other groups higher by not reducing their fare.
Can anyone explain a bit more about how this actually works in context here?
Do you hand your full PII "private key" or equivalent, to Google, or does any of the proving happen on your own device?
Then proofs are constructed to 3rd parties, proving certain properties of your data without revealing the underlying data? Are they live/interactive proofs or can static proofs be constructed for these type cases?
What is exactly being proved? Proving that you/Google knows a "private key" that can be found in a particular set of public keys published by the issuer? Or something like that?
Speaking as one of the implementors of the ZKP system described in the article.
The identity document (e.g. driver's license) is granted by an issuer (e.g. department of motor vehicles) and stored in the user's device only. Google is not part of this flow and the document is not sent to Google or stored by Google.
In fact, one major technical problem is how to make sure that the document cannot be used without having possession of the phone. To this end, the document is associated with the phone's secure element (think of a hardware yubikey already present in the phone itself) and cannot be used without the secure element.
Think of the document as a dictionary { "name": "foo", "address": "bar" ... }, although the reality is more complicated. One standard for these documents is ISO/IEC 18013-5, but other possibilities exist.
The proof itself proves the truth of a certain predicate on the document. The predicate is something like "The document parses correctly, it is bound to the device's secure element, and it contains zip_code = 012345".
The phone generates the proof at presentation time in about 1s. Another major technical difficulty is that past attempts at solving this problem required prover time of tens of seconds. Our proofs have the property that no entity, including a future quantum computer, can learn anything from the proof other than the predicate is true. See https://eprint.iacr.org/2024/2010 for the gory details. The specific predicate being proved is in Algorithm 10.
When you say "interactive" you probably mean "at presentation time", as opposed to "in advance". We generate a fresh proof at presentation time and not in advance. Be aware that the ZKP literature uses "interactive" in a different sense, in which the verifier keeps posing multiple challenges to the prover until the verifier is satisfied that the proof is correct. Our system is derived from an "interactive" protocol in this technical sense, and transformed into a "non-interactive" prover via a general transformation called "Fiat-Shamir". The net effect is that the verifier asks "tell me your age and nothing else", the prover sends one message with the proof, and that's it.
>which will use digital IDs from Google Wallet to verify user identity and ZKP to verify age
This seems to imply you have to upload your information to Google first. But if you do that then what's the point of ZKP, Google might as well just send over a signed attestation token.
The whole thing is pointless for privacy IMO because it requires a google account, which they can revoke at any time for any reason, not to mention creating one in $this_year already requires way too much personal information.
Theoretically, using zero knowledge proof for age verification is a great idea.
Too bad that while the porn website you are visiting will not get your name from google, google will sell the fact that you visited that porn website to anyone who is interested...
Google does not sell personal information, they rent it out. Targeted advertising and remarketing relies upon building up a huge dossier on each Internet user and then matching those dossiers to ad bids.
> This object is present in the bid request when the impression will be rendered on a website rather than a non-browser application.
Contains a "page" field:
> URL of the page where the impression will be shown with URL parameters removed.
EDIT: If you don't think that counts as personal info then that's that, just trying to prove GP's claim that Google will happily tell a bunch of advertisers that you're visiting a porn website.
> Real-time bidding is the process by which publishers auction off ad space in their apps or on their websites. In doing so, they share sensitive user data—including geolocation, device IDs, identifying cookies, and browsing history—with dozens or hundreds of different adtech companies.
If Google only does this when you tie your identity to a real-world ID, and refuses to auto-grant it for people whose accounts are more than 18 years old, then this is just a data heist.
A person using my ID needs to at least remotely look like me. A Google account is effectively a bearer token for anyone that can authenticate to Google, which is something that can easily be transferred.
the main thing that has saved the west from digital ID so far has been android OEM fragmentation, where there just hasn't been a way to manage hardware secrets in a way consistent enough across devices to be pushed down on people as a digital ID.
this thin edge of the wedge age verification solution is to normalize people showing ID everywhere and whether it's their age or some other social credit attribute is immaterial. the product is submission. the original hope for this was first in differential privacy, then ZKSNARKS, then FHE, and whatever proof they're on about now is intended to obfuscate not the data, but the actual use case, which is going back to covid era ID checks. for climate, surely.
I distinctly remember a conversation I had in 2013 while working on early instances of a related identity tech, where I said to the founder and CTO, "nobody wants this, it's something you want to impose on others. your security model needs a failure mode other than catastrophic because the incentives to take it down are tremendous- from fake ID and fraud to people like me who just think you're assholes."
Identity isn't a tech problem, it's a political problem people in bureaucracies who problematize human freedom and dignity keep trying to bully through with increasingly obfuscated tech.
for googlers reading this though, I've got a great name for your identity product: holler-it! it's just like hollerith but so much quirkier and safe feeling.
Google Wallet will keep working for 6 months. Then stop. Around the same time Google Money Wallet will launch. Neither will support credit cards correctly for another 6 months.
Google can open source some libraries here, but to what ends? Ultimately there is not zero knowledge here, there's one very concrete bit of information: Google says so.
Sure other people might be able to replicate the signing process. But who else is going to be able to get governments around the world to add those other would be zk proof providers?
This feels like such a vicious demented technological gordian knot being woven to trap humanity in.
Meanwhile the web has it's own devilry in progress, a similar effort to make non authenticated people utterly unable to use the web, the Digital Credentials API, brought to you again by Google.
https://developer.chrome.com/blog/digital-credentials-api-or...
This is all so hideously bad for humanity. The zero knowledge aspect is the absolute bare minimum to not make this pure scum and villainy, but it's still a sick awful thing to do to humanity, uses a lure of convenience to walk us into a place where the individuals of the world are powerless and where ever expanding digital dominion over us corals and steers us. Do not want, go back to hell & stop trying to drag hell to earth, monsters.
This is going to be a disaster. Societies rely on imperfect enforcement of the law in order to progress. There's no way to create a critical mass of resistance and disobedience that will lead to the toppling of an unfair law if you enforce the law perfectly and universally, and this will lead society to ossify.
Imagine if every single gay person were caught and put in jail the moment they acted on their urges, or every single person who bought or sold weed (or alcohol, during the prohibition) were similarly arrested. We'd still be stuck in the mindset of a century ago.
A society that has removed its own ability to progress is truly a horrifying prospect.
> Societies rely on imperfect enforcement of the law in order to progress. There's no way to create a critical mass of resistance and disobedience that will lead to the toppling of an unfair law if you enforce the law perfectly and universally, and this will lead society to ossify.
Don't worry, it won't be perfect and universal. Politicians, the police, and their friends and family will surely make themselves exempt.
> Societies rely on imperfect enforcement of the law in order to progress.
This is quite a leap.
Societies would be perfectly capable of evolution as long as they are not totally convinced of their own perfection at any given moment. It is quite possible to have everyone follow a law while simultaneously supporting changing it.
>Societies rely on imperfect enforcement of the law in order to progress.
No, they rely on leadership to progress.
>There's no way to create a critical mass of resistance and disobedience that will lead to the toppling of an unfair law
Encouraging the breaking of laws is not good. Changing laws does not require them to be broken. Allowing for a critical mass of criminals to be created is a bug and not a feature.
>if you enforce the law perfectly and universally, and this will lead society to ossify.
Even if true, that is not neccessarily a bad thing. I find unequal enforcement of the law to be a bigger issue and it allows for vague laws to exist which are selectively applied. If things were perfect much more thought would need to be put into the design of laws.
>We'd still be stuck in the mindset of a century ago.
I'd prefer living in a society like that with strong morals that doesn't cave in and make compromises.
>A society that has removed its own ability to progress is truly a horrifying prospect
As I mentioned above progress can still happen via leadership. Leadership can take in information and make decisions in the way society should be led. Cutting off the information of how much crime is happening doesn't seem like it will make it impossible to make new decisions. There are more data sources that can be used.
I honestly think this is a bad/dumb idea. Age verification in general is just silly on the internet and laws mandating it are inane.
The main thrust of such measures is "Let's make sure a kid can't see/access this". However, without an actual camera to double check that "yes indeedy, this really is the person attached to the ID" then "faking" it is all too simple. I can almost guarantee you'll get IDs floating around the internet which kids will use to completely bypass these protections (or they'll simply swipe their parents' ids when they aren't looking). It's a half step above "what's your birthday" checks.
Too true. The better option is for each computing device with internet access to continuously do a biometric scan of the user (fingerprint, retina, face, etc) and check against a government controlled database that stores identity info.
:D If perfect law enforcement is the end goal then yes, that's the better security approach.
Now, I (and I assume you and most people) don't value perfect law enforcement. I certainly value my privacy more than I value "catching bad guys" or keeping kids from seeing a trailer for an M rated game.
That's why I'm calling the idea dumb. It won't work and the next steps to make it work better are horrifying. It's better if we didn't even try.
We have the results of what happens when kids grow up with no actual age verification on the internet or with video games.
Nothing. Nothing happens. Millenials grew up on the internet where ID checks were "Promise you are 18", and what bad has come of it? A generation of murderers and rapists? Please...
I don't think this is true? Generations seem to be getting Internet access at younger and younger ages and the Internet takes up more and more time in our lives with every passing year, and Phones Bad / Social Media Bad seems to be a pretty commonly accepted concept.
- No site asked me for credit card numbers at 14 to prove I was 18+.
- The person who operated our house's tech infrastructure was me, since my parents were too technically illiterate to do it. And it took operating in these days, rather than the relatively one stop wifi boxes of today.
- Parental filters, where they existed, could be defeated with a simple alternate DNS server.
- I was also just allowed be unsupervised in general for way longer than gen Z or alpha kids are allowed. My country hasn't quite gone to the same "a child in the wild, call CPS" levels as some parts of the US has, but certainly the average child now is more limited than they were in the 90s
So yes, gen alpha kids have phones. But unlike when I first got a laptop and could do basically anything on it, the phones these days are much more locked down, and by the OS manufacturers who actually try to plug holes as they're discovered.
Hm, you're right, I'd agree that access can be more controlled and filtered today than before. But how many websites/parents/devices actually enforce it?
And also, what I was trying to get at is that the total amount of (addictive) content on the Internet and the amount of time people, including kids, spend on the Internet has exploded. Sure, millennials could do whatever online, but there just wasn't that much to do and you would still spend the bulk of your day offline. Now we can (and do) spend basically all day on the Internet. Seeing something bad once is whatever, but seeing it constantly... IDK
Right but you have to look at this data honestly because we have one and a half generations of people who grew up with an unrestricted, and arguably worse in terms of content, internet. If you're going to point to a cause it had better be something in the set of things that didn't affect millennials or older gen-z, stuff like violent and pornographic content clearly aren't in it.
gross and blatantly illegal under dutch law. companies don't need a copy of my id. most of them don't even adhere to the law anyway and demand an uncensored copy. every time I follow the instructions from my government to blank out the BSN (SSN) the (usually american) company rejects it and demands an uncensored version they're not even permitted to have.
Not good.. yet another thing that will not work on devices with unlocked bootloader..
I hate how smartphones with preinstalled spyware are becoming necessary..
I have mixed feelings about a world where zero-knowledge-based ID verification gets so good that it reduces barriers to being adopted widely.
On the one hand, it's better than a world where non-privacy-respecting ID verification becomes required anyways, and thus every bit of your online behavior becomes tied to your actual identity.
On the other hand, the presence of this kind of technology makes it easier for governments to say things like "all ___ content online must be restricted to ages 18+ or 21+" and actually have a way to implement that across Discord and TikTok and gaming chatrooms and everything inbetween, in a way that has already been deployed at scale... because it had not already been fought against from a privacy perspective when it was deployed for things like public transit.
The things that can be placed in that blank are far more widespread than one might initially think.
Plus, you'd be giving Google your government ID. A company that collects and trades thousands of your behavioral metrics as their core business model.
The Baltics have handled this better with a Smart ID system[0] that also allows cryptographic document signing (like Adobe Sign but non-repudiable by law). It can perform proof-of-human like Altman's orbs, and allows Baltic citizens to file documents with the government, access electronic court records, electronic medical records, e-banking, and similar services.
One downside of the system is that its purpose is to identify a natural person using a service. So whichever service uses it as authentication, it will receive personal data. However, there are third-party sign-on gateways that use Smart ID (and other e-signature methods legal in the Baltics) to authenticate users and only disclose certain bits of personal information to those requesting authentication. In Lithuania, the government operates a service called the E-Government Gateway, and one can easily imagine it could be used for zero-knowledge age verification.
Ultimately, Google seems to be offering a far inferior product at a lot more risk to the user. Once again, their core business is user profiling, associating various user metrics with each profile. A government ID is the holy grail for user profiling. It's sort of like if a wolf offered a sheep-verification service - yes, we could trust the wolf to act professionally towards the sheep, despite it coming out in sheep court several times that it hasn't in the past. But is it wise to suspend disbelief like that? It's better to leave this to independent, expert companies, or even governments.
[0] https://www.smart-id.com/
Google is offering a superior service than relying on third parties to do redaction because it uses cryptography.
[dead]
And it sounds like a complete nightmare when you're one of those people whose Google account gets suspended for some random reason, with no appeal process and no way to contact actual customer service.
Now you don't have any ID either, and can't prove who you are.
Well, what is the difference to today even if you can proof who you are?
The difference is that as much as being cut off from Google sucks today, right now it doesn't mean you also e.g. lose access to your digital porn library that you paid for.
I think that’ll be the least of your worries.
Think of all the authentication mechanisms you rely on: credit cards, food delivery, smart locks, uber, parking, ev charging, email, messaging, intuit, dmv and so on.
Now imagine you’re permanently banned from them all with no appeal and no way to create new accounts.
You must be insane if you use META or google for this. Have your own domain!
your ID would not be tied to the whims of a corporation
> the presence of this kind of technology makes it easier for governments to say things like "all ___ content online must be restricted to ages 18+ or 21+" and actually have a way to implement that across Discord and TikTok and gaming chatrooms and everything inbetween
There will still be sites that don’t GAF. Given the damage social media has done to our polity, particularly our youth, I’m all for age gating these services at a fundamental level.
I've had similar ideas regarding how US Military ID cards work. The tech enthusiast in me loves the idea of ubiquitous strong 2FA, functioning ID systems that separate "identification" from "authentication" (looking at you, SSNs), etc.
Identity theft would become essentially impossible. Then if it were adopted by things that are fundamentally associated with your real identity (e.g., banks, payment processors, insurance providers, government institutions) then whole classes of phishing scams would become impossible.
Then there are the use cases where it's convenient for the user. Public transit, event admissions, membership cards.
Then there are the use cases where it's convenient for the provider. Alcohol sales, social media, adult content.
... Yeah, that would turn into a dystopia incredibly fast.
> Identity theft would become essentially impossible
"The difference between a thing that might happen and a things that cannot happen, is that when a things that cannot happen happens it usually tends to be impossible to get at or repair."
I really wish Governments would operate digital infrastructure like this. I've heard some do, sorta.
i am in favor of increasing government capacity
And yet governments can do this in the offline world. Why is it so much more dangerous in the online world?
For many of us the internet is the last bastion of (relatively) free speech and free-ish access to information. I've never actually lived in a society that doesn't censor everything uncomfortable to the government and wouldn't even know what it's like if not for the 'net.
Foreign companies have also repeatedly shown that they're happy to go along with the latest and greatest idea of the government to avoid being blocked. Right now it's not really a problem as I can easily pretend to be a middle-aged balding guy from rural Germany (or wherever).
You can probably combine the two and see where it leads to.
How, besides the internet, do you transmit information in an easily-accessible format to loads of people who are not currently in your vicinity?
Why is it a right to be able to communicate instantly with people of all ages?
there's a reason folks insist that the research in gun violence in the US be conducted via paper and not a digital database. it slows it down /sooooo much/.
You’re more worried kids won’t be able to see filth online if they want than how this will be abused by authoritarian governments to clamp down on free speech?
Re-read the last sentence
> The things that can be placed in that blank are far more widespread than one might initially think.
This part is quite true for English Internet, thresholds for content removals and algorithmic de-ranking is dropping rapidly.
The demonstration, UK railcards, is a bit odd. I thought they were sharing too much information, date of birth when only something like "under 18" would be needed. But these railcards have several different age-based options. What is the point of this age discrimination, surely you take up one seat on a train regardless of your age?
Per https://www.railcard.co.uk/
Railcards in the UK have a complicated history, but essentially there's a sliding scale of discount you can get up to the age of 30, in order to encourage more young people to use the rail network. You get more discount under 18, some between 18 and 25 for one price, and some between 25 and 30 for another price.
Additionally, the way the discounts work is that you buy a pass that lasts for a period of time. That then needs to work with your current age. i.e. you can't buy 2 years of discount for under 30s at 29, you can only buy 1 year, so they need to share your age and I think possibly in some cases, date of birth.
But then you start getting a discount again when you are over 60, or a veteran of the armed forces? The 30-60 age group is hit hard!
Which age tranche is the richest?
Its like "people in your age range are richer than average, so we are going to charge you extra."
I prefer to frame it more like this: "People in your age range drive less or cannot legally do so and as such have few other options for transit, so we'll give you a discount. Also, the negative externalities of rail travel are far lower than other modes of transit so we should encourage as many people as possible to use it. When a frequent young user of rail transit grows out of the lower price bracket, they will likely continue to use the service to help keep it affordable for all."
Also, <25 and >60 are probably much less likely to be using rail to commute to paying jobs. Additionally most of the Railcards are scoped to only off-peak travel, which again focuses on leisure/family rather than work.
It's a blunt tool, but it's not terrible.
I suppose it would almost work for me, I had my highest income in my early 40s, but now I'm in my 50s and my income is quite low.
Over 60's
I'm not familiar with the specific situation in the UK, but age-based discounts can support many policy goals.
Maybe you want teenagers to be more independent, instead of relying too much on their parents for transportation needs. Maybe you want young adults get used to using public transit instead of driving everywhere, which can lower infrastructure costs in a densely populated country. Maybe you want to encourage retirees to get out and participate in the society, instead of sitting alone at home. Or maybe you want to encourage the use of public transit outside peak hours, which could reduce the overall need for subsidies.
Simple systems, such as age-based categories, often work well enough. Targeted subsidies can be more efficient in principle. But that assumes that regulators manage to target them properly and have the regulations implemented in software correctly and in time. All of those often fail. And even when they are successful, they may cost more than you save with better targeting. Not to mention the opportunity costs: when regulators focus on one thing, they can't work on another.
The Railcard website you linked is pretty clear.
> For those aged 16-25, save 1/3 off rail fares for days out, seeing family and friends and even festivals!
> For those aged 60 and over, save 1/3 off rail fares for days out, holidays, seeing family and friends, and theatre trips!
So, provide proof of age via ID and get a discount. It's very common on public transit for the young and elderly to get a discount.
and the 26-30 Railcard, and the Children aged 5 to 15, and the for those aged 16 or 17, it just seems weird to have all these age-restricted options for exactly the same product (a seat on a train.)
Call it woke or socialism, but perhaps it's within a society's interest to make travel affordable for people who don't necessarily have access to other modes of transit. It's the difference between equality and equity.
I'm not sure that age is the biggest factor in wealth inequality. I could be wrong, but there are plenty of rich kids and poor middle aged.
Proper ZK off of that would be it would simply provide which of those age ranges you're in, not your actual date of birth.
Yeah, but what if the company has 36,500 age based discount tiers (or has heard of binary search)?
I don’t see how revealing the result of a less than comparison can be considered zero knowledge, but then I also don’t understand the difference between Google exchanging actionable confidential facts about you for money and them selling your personal information, so what do I know?
Well, a compromise would be to simply provide the user's age in years, as opposed to their date of birth. Effectively a 365-day resolution instead of 1-day.
ZK biometric telomere measurements coming soon to a turnstile near you!
Age is a proxy for money. You want to set the price for optimum profit (assuming the rail company isn’t controlled by the government and implements social measures), so you want to charge every group of people the amount where (number of costumers)*(profit per customer) is maximized. If you would price every group the same fare, some people wouldn’t get a ticket and you would lose customers. It makes sense to charge those users less, but try to keep the profit of other groups higher by not reducing their fare.
If they want to go that way, why even use a proxy? Just demand annual income instead of age, and make the price a fixed fraction of the income.
Because it’s much harder to verify annual income than just checking the birthday on the ID, I guess.
Can anyone explain a bit more about how this actually works in context here?
Do you hand your full PII "private key" or equivalent, to Google, or does any of the proving happen on your own device?
Then proofs are constructed to 3rd parties, proving certain properties of your data without revealing the underlying data? Are they live/interactive proofs or can static proofs be constructed for these type cases?
What is exactly being proved? Proving that you/Google knows a "private key" that can be found in a particular set of public keys published by the issuer? Or something like that?
Speaking as one of the implementors of the ZKP system described in the article.
The identity document (e.g. driver's license) is granted by an issuer (e.g. department of motor vehicles) and stored in the user's device only. Google is not part of this flow and the document is not sent to Google or stored by Google. In fact, one major technical problem is how to make sure that the document cannot be used without having possession of the phone. To this end, the document is associated with the phone's secure element (think of a hardware yubikey already present in the phone itself) and cannot be used without the secure element.
Think of the document as a dictionary { "name": "foo", "address": "bar" ... }, although the reality is more complicated. One standard for these documents is ISO/IEC 18013-5, but other possibilities exist.
The proof itself proves the truth of a certain predicate on the document. The predicate is something like "The document parses correctly, it is bound to the device's secure element, and it contains zip_code = 012345".
The phone generates the proof at presentation time in about 1s. Another major technical difficulty is that past attempts at solving this problem required prover time of tens of seconds. Our proofs have the property that no entity, including a future quantum computer, can learn anything from the proof other than the predicate is true. See https://eprint.iacr.org/2024/2010 for the gory details. The specific predicate being proved is in Algorithm 10.
When you say "interactive" you probably mean "at presentation time", as opposed to "in advance". We generate a fresh proof at presentation time and not in advance. Be aware that the ZKP literature uses "interactive" in a different sense, in which the verifier keeps posing multiple challenges to the prover until the verifier is satisfied that the proof is correct. Our system is derived from an "interactive" protocol in this technical sense, and transformed into a "non-interactive" prover via a general transformation called "Fiat-Shamir". The net effect is that the verifier asks "tell me your age and nothing else", the prover sends one message with the proof, and that's it.
I appreciate the reply and link to your paper, that's very interesting and helpful! Thanks!
>which will use digital IDs from Google Wallet to verify user identity and ZKP to verify age
This seems to imply you have to upload your information to Google first. But if you do that then what's the point of ZKP, Google might as well just send over a signed attestation token.
The whole thing is pointless for privacy IMO because it requires a google account, which they can revoke at any time for any reason, not to mention creating one in $this_year already requires way too much personal information.
AFAICT, Google have the internal culture/belief that "User privacy" means "only Google hold user data, since we're sure we are trustworthy".
At least, reading their claims with that in mind has often helped me to make sense of the various claims they make.
Theoretically, using zero knowledge proof for age verification is a great idea.
Too bad that while the porn website you are visiting will not get your name from google, google will sell the fact that you visited that porn website to anyone who is interested...
> google will sell the fact that you visited that porn website to anyone who is interested.
Has Google has actually done this? According to Google, they don't sell personal information:
https://about.google/company-info/how-our-business-works/#:~...
I'm willing to believe they've broken this promise, but if you can point to some actual proof, I'd like to see it.
Google does not sell personal information, they rent it out. Targeted advertising and remarketing relies upon building up a huge dossier on each Internet user and then matching those dossiers to ad bids.
Look up real-time bidding.
Some context: https://www.classaction.org/news/google-breaks-user-privacy-...
I read it. It doesn't seem to show that ”google will sell the fact that you visited that porn website to anyone who is interested.” What am I missing?
From Google's OpenRTB spec (https://developers.google.com/authorized-buyers/rtb/openrtb-...):
> Site
> This object is present in the bid request when the impression will be rendered on a website rather than a non-browser application.
Contains a "page" field:
> URL of the page where the impression will be shown with URL parameters removed.
EDIT: If you don't think that counts as personal info then that's that, just trying to prove GP's claim that Google will happily tell a bunch of advertisers that you're visiting a porn website.
According to that description, it only shows that someone has visited a porn website, not you.
This kinda invalidats the claim that Google is selling this information about you
"sell the fact that xyz" can this phraseology die? this is not what these big companies do. they sell attention, not data.
Wrong, they sell your activity too. Seems like your information on this topic may be significantly out of date.
how do they "sell your activity"
If you wanted to know, you would know. It's not exactly a secret. Here you go though:
https://www.eff.org/deeplinks/2020/03/google-says-it-doesnt-...
> Real-time bidding is the process by which publishers auction off ad space in their apps or on their websites. In doing so, they share sensitive user data—including geolocation, device IDs, identifying cookies, and browsing history—with dozens or hundreds of different adtech companies.
They sell data too, if the governments wants the data, they even give it out for free.
If you're using Chrome, which most people are, I'd assume this is the case anyway?
Note - agree with your sentiment.
If Google only does this when you tie your identity to a real-world ID, and refuses to auto-grant it for people whose accounts are more than 18 years old, then this is just a data heist.
For reference, 2007 is 18 years ago.
An 18 year old account doesn't necessarily pass the liability requirements legally.
Who would guarantee that the account has been used by the same person all those 18 years?
The same one who guarantees that it's really your ID: nobody.
A person using my ID needs to at least remotely look like me. A Google account is effectively a bearer token for anyone that can authenticate to Google, which is something that can easily be transferred.
the main thing that has saved the west from digital ID so far has been android OEM fragmentation, where there just hasn't been a way to manage hardware secrets in a way consistent enough across devices to be pushed down on people as a digital ID.
this thin edge of the wedge age verification solution is to normalize people showing ID everywhere and whether it's their age or some other social credit attribute is immaterial. the product is submission. the original hope for this was first in differential privacy, then ZKSNARKS, then FHE, and whatever proof they're on about now is intended to obfuscate not the data, but the actual use case, which is going back to covid era ID checks. for climate, surely.
I distinctly remember a conversation I had in 2013 while working on early instances of a related identity tech, where I said to the founder and CTO, "nobody wants this, it's something you want to impose on others. your security model needs a failure mode other than catastrophic because the incentives to take it down are tremendous- from fake ID and fraud to people like me who just think you're assholes."
Identity isn't a tech problem, it's a political problem people in bureaucracies who problematize human freedom and dignity keep trying to bully through with increasingly obfuscated tech.
for googlers reading this though, I've got a great name for your identity product: holler-it! it's just like hollerith but so much quirkier and safe feeling.
Let's say I set up my ID with this. Next year, when Google Wallet is replaced by Google Money, will the ID transfer? Will it have this feature still?
Nah it would be called Google Wallet Money Duo.
Google Wallet will keep working for 6 months. Then stop. Around the same time Google Money Wallet will launch. Neither will support credit cards correctly for another 6 months.
Then Google Billfold will launch...
Better than Apple Intelligence which put the cart before the horse.
Google can open source some libraries here, but to what ends? Ultimately there is not zero knowledge here, there's one very concrete bit of information: Google says so.
Sure other people might be able to replicate the signing process. But who else is going to be able to get governments around the world to add those other would be zk proof providers?
This feels like such a vicious demented technological gordian knot being woven to trap humanity in.
Meanwhile the web has it's own devilry in progress, a similar effort to make non authenticated people utterly unable to use the web, the Digital Credentials API, brought to you again by Google. https://developer.chrome.com/blog/digital-credentials-api-or...
This is all so hideously bad for humanity. The zero knowledge aspect is the absolute bare minimum to not make this pure scum and villainy, but it's still a sick awful thing to do to humanity, uses a lure of convenience to walk us into a place where the individuals of the world are powerless and where ever expanding digital dominion over us corals and steers us. Do not want, go back to hell & stop trying to drag hell to earth, monsters.
This is going to be a disaster. Societies rely on imperfect enforcement of the law in order to progress. There's no way to create a critical mass of resistance and disobedience that will lead to the toppling of an unfair law if you enforce the law perfectly and universally, and this will lead society to ossify.
Imagine if every single gay person were caught and put in jail the moment they acted on their urges, or every single person who bought or sold weed (or alcohol, during the prohibition) were similarly arrested. We'd still be stuck in the mindset of a century ago.
A society that has removed its own ability to progress is truly a horrifying prospect.
> Societies rely on imperfect enforcement of the law in order to progress. There's no way to create a critical mass of resistance and disobedience that will lead to the toppling of an unfair law if you enforce the law perfectly and universally, and this will lead society to ossify.
Don't worry, it won't be perfect and universal. Politicians, the police, and their friends and family will surely make themselves exempt.
Yep, every society believes itself perfect (or about to become perfect with just one more law), and then 10 minutes later is proven hilariously wrong.
> Societies rely on imperfect enforcement of the law in order to progress.
This is quite a leap.
Societies would be perfectly capable of evolution as long as they are not totally convinced of their own perfection at any given moment. It is quite possible to have everyone follow a law while simultaneously supporting changing it.
Do you have any such examples?
>Societies rely on imperfect enforcement of the law in order to progress.
No, they rely on leadership to progress.
>There's no way to create a critical mass of resistance and disobedience that will lead to the toppling of an unfair law
Encouraging the breaking of laws is not good. Changing laws does not require them to be broken. Allowing for a critical mass of criminals to be created is a bug and not a feature.
>if you enforce the law perfectly and universally, and this will lead society to ossify.
Even if true, that is not neccessarily a bad thing. I find unequal enforcement of the law to be a bigger issue and it allows for vague laws to exist which are selectively applied. If things were perfect much more thought would need to be put into the design of laws.
>We'd still be stuck in the mindset of a century ago.
I'd prefer living in a society like that with strong morals that doesn't cave in and make compromises.
>A society that has removed its own ability to progress is truly a horrifying prospect
As I mentioned above progress can still happen via leadership. Leadership can take in information and make decisions in the way society should be led. Cutting off the information of how much crime is happening doesn't seem like it will make it impossible to make new decisions. There are more data sources that can be used.
I honestly think this is a bad/dumb idea. Age verification in general is just silly on the internet and laws mandating it are inane.
The main thrust of such measures is "Let's make sure a kid can't see/access this". However, without an actual camera to double check that "yes indeedy, this really is the person attached to the ID" then "faking" it is all too simple. I can almost guarantee you'll get IDs floating around the internet which kids will use to completely bypass these protections (or they'll simply swipe their parents' ids when they aren't looking). It's a half step above "what's your birthday" checks.
Too true. The better option is for each computing device with internet access to continuously do a biometric scan of the user (fingerprint, retina, face, etc) and check against a government controlled database that stores identity info.
:D If perfect law enforcement is the end goal then yes, that's the better security approach.
Now, I (and I assume you and most people) don't value perfect law enforcement. I certainly value my privacy more than I value "catching bad guys" or keeping kids from seeing a trailer for an M rated game.
That's why I'm calling the idea dumb. It won't work and the next steps to make it work better are horrifying. It's better if we didn't even try.
even if kids stop visiting porn sites, there are many other ways of downloading porn and what they will download will be even worst
We have the results of what happens when kids grow up with no actual age verification on the internet or with video games.
Nothing. Nothing happens. Millenials grew up on the internet where ID checks were "Promise you are 18", and what bad has come of it? A generation of murderers and rapists? Please...
> We have the results of what happens when kids grow up with no actual age verification on the internet or with video games.
A mental illness epidemic? [0]
[0] https://www.afterbabel.com/p/the-teen-mental-illness-epidemi...
Amongst gen z, who were more restricted than millenials
> who were more restricted than millenials
I don't think this is true? Generations seem to be getting Internet access at younger and younger ages and the Internet takes up more and more time in our lives with every passing year, and Phones Bad / Social Media Bad seems to be a pretty commonly accepted concept.
- No site asked me for credit card numbers at 14 to prove I was 18+.
- The person who operated our house's tech infrastructure was me, since my parents were too technically illiterate to do it. And it took operating in these days, rather than the relatively one stop wifi boxes of today.
- Parental filters, where they existed, could be defeated with a simple alternate DNS server.
- I was also just allowed be unsupervised in general for way longer than gen Z or alpha kids are allowed. My country hasn't quite gone to the same "a child in the wild, call CPS" levels as some parts of the US has, but certainly the average child now is more limited than they were in the 90s
So yes, gen alpha kids have phones. But unlike when I first got a laptop and could do basically anything on it, the phones these days are much more locked down, and by the OS manufacturers who actually try to plug holes as they're discovered.
Hm, you're right, I'd agree that access can be more controlled and filtered today than before. But how many websites/parents/devices actually enforce it?
And also, what I was trying to get at is that the total amount of (addictive) content on the Internet and the amount of time people, including kids, spend on the Internet has exploded. Sure, millennials could do whatever online, but there just wasn't that much to do and you would still spend the bulk of your day offline. Now we can (and do) spend basically all day on the Internet. Seeing something bad once is whatever, but seeing it constantly... IDK
Right but you have to look at this data honestly because we have one and a half generations of people who grew up with an unrestricted, and arguably worse in terms of content, internet. If you're going to point to a cause it had better be something in the set of things that didn't affect millennials or older gen-z, stuff like violent and pornographic content clearly aren't in it.
gross and blatantly illegal under dutch law. companies don't need a copy of my id. most of them don't even adhere to the law anyway and demand an uncensored copy. every time I follow the instructions from my government to blank out the BSN (SSN) the (usually american) company rejects it and demands an uncensored version they're not even permitted to have.
https://www.rijksoverheid.nl/onderwerpen/identiteitsfraude/v...
Last time I checked Google isn't any of the following:
* a government instution
* a bank
* a notary
* a casino
* my life insurer
* my employer
https://www.rijksoverheid.nl/onderwerpen/identiteitsfraude/v...
Why do you think Google "gets" data in Google Wallet?
Not good.. yet another thing that will not work on devices with unlocked bootloader.. I hate how smartphones with preinstalled spyware are becoming necessary..
that AI voiceover is downright embarassing. I expect better from the likes of google.
[dead]
[dead]