I've been really enjoying all these articles proposing solutions to anonymous age verification, mainly because most of them are written as if this has never been implemented in the real world. German IDs support age verification that just returns a yes/no response to the question "is this user above the age of 18," and not a single service in the entire country supports it.
Anonymous age verification isn't a technical problem to be solved, as it's already been solved, it's a societal problem in that either the companies or the politicians pushing for age verification don't want to support it.
This is immensely counter-intuitive to many Americans. They wrongly assume that digital IDs are some Biblical apocalyptic level invasion of privacy, when every state ID database is already 1) linked to Federal ones, and 2) full of the same data on your driver's license anyway.
I've tried to explain this to people, that a digital ID done well is better than the fraud-enabling 1960's hodgepodge in use that has served fraudsters better than citizens for 30 years. They set their teeth and refuse based on use of the word "digital" in the title alone.
It will take generational change for the US to get something as banal as a digital ID already in use in dozens of countries, for no other reason than mindless panic over misunderstanding everything about digital ID systems, how IDs even work, and how governments work.
Oh, that's not the half of it. In my own country, digital ID adoption was a political hot topic for a long time after the Orthodox Church realized that the new chips contain 12-digit long IDs that might contain the sequence 666. This despite everyone in the country having a legal ID with a number code that can also happen to contain this same sequence - but somehow the mere possibility of this happening in the digital IDs sparked a huge outrage and made politicians avoid the topic for quite a while.
> In my own country, digital ID adoption was a political hot topic for a long time after the Orthodox Church realized that the new chips contain 12-digit long IDs that might contain the sequence 666.
Indeed, look at those ignorant Bible thumpers objecting to the spreading installation of barcode scanners for their barcode tattoos. Surely the number is not an allegory for the general principal that we should strongly resist attempts to centralize authority or serialize humans like a herd of cattle.
> but somehow the mere possibility of this happening in the digital IDs sparked a huge outrage and made politicians avoid the topic for quite a while.
Maybe because the objection was never really about a specific sequence of digits and was more about the expansion of human tracking.
I agree that there's a lack of awareness of what happens in other countries with ID, but I think it is also a different situation in the US.
States in the US in a lot of ways are more comparable to countries in the EU. It's not exactly like that but in many ways it is. So it would be like requiring an EU ID on top of a national ID.
I also don't think privacy per se is the real issue of concern, it's concern about consolidation of federalized power. Privacy is one criterion by which you judge the extent to which power has been consolidated or can be consolidated.
The question isn't "can this be federalized safely in theory", it's "is it necessary to federalize this" or "what is the worse possible outcome of this if abused?"
As we are seeing recently, whatever can be abused in terms of consolidated power will be eventually, given enough time.
I guess discussions of whether or not you can have cryptographic verification with anonymity kind of miss the point at some level. It's good to be mindful of in case we go down the dystopian surveillance route, but it ignores the bigger picture issues about freedom of speech, government control over access (cryptographic guarantees of credential verfication don't guarantee issuance of the id appropriately, nor do they guarantee that the card will be issued with that cryptographic system implemented in good faith), and so forth.
> German IDs support age verification that just returns a yes/no response to the question "is this user above the age of 18,"
If the only thing that came out of the ID was those letters then you wouldn't need the ID, you could just type "yes" or "no" when the site asks you if you're over 18. So it's presumably not doing that, instead it's providing some kind of signature.
And then the privacy implied by "just returns a yes/no response" isn't actually there, because it's actually returning more than that. Does the response have a fixed signature which is unique to the ID, therefore able to be correlated across sites? Does the ID have a unique public keypair that it uses to sign, with the same problem? If someone extracts the key from one ID, or just hooks it up to a computer, can they now set up a service to anonymously sign for everyone in the world? If they can't anonymously sign for everyone, can't the same mechanism used to identify them also be used to identify anyone else?
"Someone attempted to do this but no one uses it" is no proof that their attempt was any good or addressed the concerns people have about doing this.
My understanding is that the responses are signed, but in a way that prevents linking signatures across vendors, so the same card being used for verification on different sites could not be linked, while the same card being used multiple times for the same vendor could.
As I'm not an expert on the crypto underlying the protocol, feel free to check the eIDAS standard for more info (the documents are in English, even if the link is not): https://www.bsi.bund.de/EN/Themen/Unternehmen-und-Organisati...
A cursory look implies they're using group signatures:
https://en.wikipedia.org/wiki/Group_signature
Which allow the group manager (presumably the government, or anyone who compromises them) to identify who signed something.
If using the same card multiple times with the same site allows the site to correlate them then that obviously also allows the site to link two accounts you intended to be separate, or two sites to set themselves up as the same "vendor" and thereby correlate your accounts between them.
ZKPs are mentioned in the technical specs but no implementation yet. Would go for lack of standardisation / lack of harware support for these protocols as the explanation but who knows..
I wish all governments would just run identity services and mandate usages that return anonymous attestations. Age being the most obvious attestation but something like residence status could also be useful.
Something as simple as a JWT with claims (and random uuid id) would work
It can't be quite that simple because you have a couple additional problems to solve - (effectively restating bits of the article poorly and partially)
1. You don't want these to be replayable (give your JWT to someone else to use) so they need to be bounded in some ways (eg intended website, time, proof it came from you and not someone else).
2. You don't want the government to know which website you're going to, nor allow the government and the website to collaborate to deanonymize you (or have the government force a website to turn over the list of tokens they got). So the government can't just hand you a uuid that the website could hand back to them to deanonymize.
The SD JWT and related specs solve for these, which is how mDL and other digital IDs can preserve privacy in this situation.
> You don't want these to be replayable (give your JWT to someone else to use) so they need to be bounded in some ways (eg intended website, time, proof it came from you and not someone else).
But these are the things that make it non-anonymous, because then instead of one token that says "is over 18" that you get once and keep forever, everyone constantly has to request zillions of tokens. Which opens up a timing attack, because then the issuer and site can collude to see that every time notbob69 signs into the website, Bob Smith requested a token, and over really quite a small number of logins to the site, that correlation becomes uniquely identifying.
Meanwhile we don't need to solve it this way, because the much better solution is to have the site provide a header that says "this content is only for adults" than to have the user provide the site with anything, and then let the user's device do what it will with that information, i.e. not show the content if the user is a minor.
The government can already do this with the ISP. I dont think government should be part of the average person's threat model.
Which is why you separate the credential issuance from the credential use, per the standard mentioned.
The cryptography provides nothing to establish that this separation is actually being maintained and there is plenty of evidence (e.g. Snowden) of governments doing exactly the opposite while publicly claiming the contrary.
On top of that, it's a timing attack, so all you need is the logs from both of them. Government gets breached and the logs published, all the sites learn who you are. Government becomes corrupt/authoritarian, seizes logs from sites openly or in secret (and can use the ones from e.g. Cloudflare without the site itself even knowing about it), retroactively identifies people.
I'd review the setup here. You're missing the critical distinction that the cryptography supports - separating entirely (in time and space) the issuance of the cred to the user and the use of that cred with a website.
Unless you're getting the device logs from the users device (in which case... All of this is moot) there is no timing attack. Six months ago you got your mobile drivers license. And then today you used it to validate your age to a website anonymously. What's the timing attack there.
If the driver's license can generate new anonymous tokens itself then anyone can hook up a driver's license to a computer and set up a service to sign for everybody. If it can't, whenever you want to prove your age to a service you need to get a new token from a third party, and then there is a timing correlation because you're asking for the token right before you use the service.
The article proposes a hypothetical solution where you get some finite number of tokens at once, but then the obvious problem is, what happens when you run out? First, it brings back the timing correlation when you ask for more just before you use one, and the number of times you have to correlate in order to be unique is so small it could still be a problem. Second, there are legitimate reasons to use an arbitrarily large number of tokens (e.g. building a search index of the web, content filters that want to scan the contents of links), but "finite number of tokens" was the thing preventing someone from setting up the service to provide tokens to anyone.
But one overlooked advantage of manually copying JWTs is that the user doesn't have to blindly trust they're not hiding extra information. They can be decoded by the user to see there's only what should be there.
The age verification system is being developed with an EU-wide standard. It's supposed to become part of the EU digital wallet initiative.
The trick with age verification is to do it in a way that doesn't allow tracking by the service itself (i.e. returning the same token/signature every time) or from the government (shouldn't see what sites you use when). That has pretty much been solved now, though.
The argument is that the mechanisms in use in the German IDs (and others like them) rely on trusted parties and/or trusted hardware, and therefore don't adequately assure anonymity. And this is in fact true; the trusted parties are among the ones you might want to hide the information from.
Trust is bad in security. It's not complicated to understand this.
I just recently used my ID to register for a lottery website using the AusweissApp the first setup was a bit annoying, but once you are registered its actually easy to use and apparently you don't even need a phone you can use a card reader on your PC as well
It's also gateway to push more. Once APIs are in place and databases are full, what's another "check" or a bit of info to add ?
Surely the safety of children is worth it right ?
If it is the case that German IDs supporting selective disclosure aren't seeing adoption for services then it needs to looked at what the friction is or even just because it's optional. It doesn't necessarily have to be an ulterior motive. It'd be easy to be called out as conspiratorial otherwise.
Right now with age assurance laws and online services there has been no singular approach beside falling back to use of government ID that any country has required. Each country has just said 'here are the minimum criteria, choose what you want' and left it up to services to comply.
So what have services chosen? The least friction and cheapest existing solution to be compliant. For most services that's been using readily available facial scanning services and government IDs as fallback. Not all of them of course but it's so scattered that it makes it difficult for a person to know what they'll need for one service vs another (and perhaps even avoid use of a service if their approach doesn't align with the person's values).
Without mandating better minimum privacy criteria governments can just point to the fact they're not preventing such tech from being used and leave it at that. But solutions also need to be affordable to adopt for a wide range of sites/services and have good support (interfaces, etc) around them to catch on so it's not just entirely whether tech exists per se.
I remember reading in tech magazines about the "foss" acheivement which went on to become Aadhar. Remember this was prior to 2007 I think.
The idea was your id would be an autehnticator of sorts. You need to verify yourself, the website asks Aadhar if the person is genuine, the website returns binary yes no. Same for you, is gender male? Or ages above 18?
They would not return any other data.
In the end, it became just another "formality" and tool for politicians and to flex muscles.
People ended up taking photocopies of your card "just in case" and "that's the norm" even when it was said that's a bad idea.
People still do Aadhar kyc but it is in hands of politicians now and the bureaucracy.
The problem with these "yes/no" systems is that they also involve the websites you visit calling up a centralized party and asking if you're old enough. This is fine if the websites aren't interested (or if you really trust your government with your web browsing history), but gets unfortunate if you don't want to share that information.
>Anonymous age verification
Anonymity from whom? Does the German government doesn't know that Gunter Shmidt has just verified his age to the site GreatBDSMPartiesInBerlinForDragQueens.com ? Even if they obtain the logs from the site?
afaik it comes directly from your ID's card chip, there is an App inbetween that temporarily stores that data so it can be submitted to the service you are registering to
So the app could phone home if it so desires?
We all know these laws are about suppressing dissent and not about age.
If anyone implemented this privacy preservation scheme, would all the laws flip to say "yeah we really did mean it govt id tied to your post".
All the more reason for us to get out an actual implementation of age verification that IS anonymous first, so that when a law is pushed for or passed, companies can adopt the anonymous implementation.
No, there's no compromise here. Anyone pushing for age verification or going along with it needs to get replaced by a service that is immune to government overreach.
Some of us do see value in age and identity verification if the anonymity problem is solved so I very much disagree.
Might be vulnerable to classic salami tactics, though. Once we arrive at a general consensus on new norms that expect age verification online, we can just legislate it to ID users as a step 2.
Maybe wait for the next terror-attack before pushing for it, but it's an easy fix to a culture that already accepted a layer control against the user. The end user will only perceive a small difference in whether they provide full ID or just verified age information.
I want to believe that some supporters of age verification are not cynical. However, whatever good can be achieved through age verification seems such a small win, compared to the dangerous precedent it sets for the internet in general. I cannot get my head around it.
I only skimmed the article, but the proposed solution seems to be that the authority (the "issuer") sends data to a device the user owns but has no control over. Like an Android or iOS phone.
The data is of such form that the phone then can pass challenges of type "are you of at least x years old" without giving out any other information.
And the user cannot share that data with other users because their phone will not let them.
This article is a great explainer of the basics underlying anonymous credentials. I look forward to the promised follow-up explaining real-world examples.
The key issue however is trust. The underlying protocols may support zero-knowledge proofs. But as a user I'm unlikely to be able to inspect those underlying protocols. I need to be able to see exactly what information I'm allowing the Issuer to see. Otherwise a "correct" anonymous scheme is indistinguishable from a "bad" scheme whereby the Issue sees both my full ID and details of the Resource I wish to access. Assuming a small set of centralized Issuers, they are in a position of great power if they can see exactly who is trying to access exactly what at all times. That's the question of trust - trust in the Issuer and in the implementation, not the underlying math.
In Switzerland a digital identity like this will launch this summer and the underlying infrastructure and app is open source. And the issuer of the ID and the registry that holds and verifies credentials are separated. The protocol also isn't novel and is already used in other countries (Germany(?)).
For more information check the out technology behind it: https://www.eid.admin.ch/en/technology
This is exactly it. It is a huge issue if the authentication can trivially become non-privacy preserving in a way that is impenetrable to users.
There's a good explainer and Q&A of BBS+[1], which is one such zero-knowledge anonymous credentials standard, in a joint talk by cryptographer Brent Zundel. It covers the history of getting it into the W3C verified crentials spec and how various competing verified credential standards aren't privacy-preserving or as performant. It seems very promising and has considered various pitfalls.
From what I understand the issuer signs a credential and then the user on their local device generates unique proofs based on the signature each time, preventing verifiers from colluding/tracking the original signature across services. It also seems to be designed with safeguards against the issuer.
Info based on credentials can be selectively disclosed like whether you're over 18 or whether you have above a certain threshold in an account without disclosing the underlying data.
Obviously if the type of services you use need literal PII then they can still tie activity to a real-world identity but for services only requiring age assurance being able to prove you're over 18 without providing the actual age or other identifiers is better than solutions being actively used.
I have a really great, really novel solution that nobody has suggested before:
Just ban social media outright. Facebook, Twitter, Instagram, TikTok, dating apps, etc. They created this problem. They're destroying the fabric of our society. Sometimes the best solution is subtractive.
Title has been modified by this submission. Actual title of article is Anonymous credentials: an illustrated primer.
Most people outside of a narrow set of cryptography engineers are unfamiliar with the term anonymous credentials, while age and identity verification are two privacy-invasive requirements that are being heavily discussed and rapidly being written into laws lately. The post's intro discusses both quite heavily, and they form the author's entire motivation for writing the post.
The central question the post attempts to answer is "The problem for today is: how do we live in a world with routine age-verification and human identification, without completely abandoning our privacy?"
My rephrase is an attempt to surface that, compared to the dry and academic title that will get overlooked. I think this is a very important topic these days where we are rapidly ceding are privacy to at best, confused and at worst, malicious regulations.
shutting down the cameras rather than releasing the data tells you everything about what was being collected. the system was designed around the assumption that nobody outside law enforcement would ever see the footage.
This is a really frustrating topic, because there are so many layers of wrong.
First you have people running around claiming that systems are "anonymous" and "privacy preserving"... meaning that they're anonymous if you trust somebody you shouldn't be trusting. Just simple snake oil. Often offered by people who know perfectly well what they're doing, too.
Then somebody like Matt Green writes something like this, or some standards committee decides to try to do zero knowledge right, or whatever. But (a) people don't understand how it's different from the snake oil, and (b) almost nobody understands how hard it is to get it right. Information wants to be free, and even if you have a perfect privacy-preserving protocol, it doesn't work if you embed it in a workflow that turns around and leaks the information you're trying to hide. So there are an infinite number of more mistakes to argue against.
But all of THAT just distracts from the fact that age verification is a bad goal. Setting up an ubiquitous, actually functional age verification tool is just handing weapons to people like, say, [Ken Paxton, Attorney General of the great state of Texas](https://thehill.com/policy/healthcare/5762893-paxton-opinion...). A system like that is an attractive nuisance that should not exist. What people like that will do with it is far worse than any problem it could possibly solve.
... and that fact gets lost in all the other stuff...
Note that there is a broken link to "great paper" in:
> These techniques are described in a great paper whose title I’ve stolen for this section.
I believe they were attempting to link to https://eprint.iacr.org/2006/454 a paper titled How to Win the Clone Wars: Efficient Periodic n-Times Anonymous Authentication.
If the goal was to protect the children, there are much simpler solutions. But for whatever reason, companies and governments are avoiding the simple solutions like the plague.
Let me explain the simple solutions:
Don't let phone manufacturers lock the bootloader on phones. Let the device owner lock it themselves with a password if they want to. Someone will make a kid-friendly OS if there is market demand and tech-savvy parents can install that and lock the bootloader.
What about the non-tech-savvy parents?
Don't restrict people from sideloading apps. Let the user set a password-based app installation lock if they want to. It should be a toggle in the phone's settings. Someone will make kid-friendly apps if there is demand. This lets average parents control what apps get installed or uninstalled on their kid's phone.
But what about apps or online services that adults also use?
Apps and online services can add a password-protected toggle in their user account settings that enables child mode. Let the user set the password and toggle it themselves. Parents can take their child's phone and toggle this.
----
Notice how easy these things are to implement? All of these features could be implemented in less than a week. But instead of doing this, they want to implement much more complicated schemes where the gov and corps control all the toggles, and you control none. Why is it like that? Surely there are no ulterior motives, right?
Where's the profit.
One must be a realist. If there is no profit motive, it won't happen. Ever.
One profit motive is "the government has regulations, I will be fined if I don't do this".
Another is "my competitors do it, and people buy their stuff because of it".
All the technical solutions are easy. And you're right, it's not about age verification, it's about profits.
The same way cars are regulated to have air bags, couches be made from non flammable materials, and so on.
Human nature has been the same forever. It will never, ever change. Ever. Profit drives all.
Profit does not drive all. There are other valuable things besides money. A healthy society must regulate shortsighted profit-seeking and power-seeking. That's what these conversations are for.
My point is that the market will never take care of things like this, without a profit motive. Even if it is "fines hurt profit".
Ignoring this when planning and discussing won't help the end goal. It will doom one to failure.
The solve must fit the puzzle.
How about the better option- don’t.
Can anything from this scheme prevent the issuer from figuring out that I have verified my age to a site? If the answer is no, it is once again a non starter. Both the government and the site shouldn't know who the age verified person is and both shouldn't be able to deanonymize them even if they collude.