I’m kind of surprised they’re actually going through with the zero-knowledge proof setup. This is pretty much the only method I find mostly acceptable for stuff like this tbh.
which would work on any device
This part seems unlikely. It’ll work on “most” devices but if you’re running something weird like a Linux phone I doubt it’ll work (although since it’s open-source I guess someone could potentially add support).
EDIT: nvm I read the spec, it’s more like “minimal knowledge” but they can still track everything pretty easily.
It doesn’t seem very sensible to me. The specs say that a ZKP proof “should” be used.
Basically, you get a token from some source that knows your age and identity, such as the government. You pass this token on to some other entity that wants to know if you are above a certain age.
If both of these parties record the tokens they send and receive, then your browsing history can be tied to your identity. Realistically, this would only happen if the government wants it.
Using ZKP, you could prove that you have a valid token, without disclosing the details. But if the government decides that the tokens have to be recorded, then sites simply would not accept the ZKP.
I think one could also make a more subtle and limited attack by issuing special tokens. Say, someone’s accused of being a terrorist, or violating copyright. Then they could be issued a special token which instructs receivers to record their activity and forward it to the police.
Hm, I’m reading the spec. It seems more simplistic than I was expecting.
Issuance of Proof of Age attestations (step 3)
Once the User’s age has been verified, the AP may either issue the Proof of Age attestation directly to the User’s AVI or generate a pre-authorized code and provide it to the User as part of a credential offer. At a later stage, the User can present this credential offer through their AVI to obtain the Proof of Age attestation.
Confirmation and presentation (step 5)
The AVI receives the Proof of Age request and presents it to the User. The User reviews the request details, verifies the information, and confirms the transaction to proceed.
The AVI securely transmits the Proof of Age attestation to the RP.
Guess it does just pass the attestation around.
2.2.3 Revocation and Re-Issuance
In its current form, the solution does not support revocation or re-issuance. Adding support for these features would introduce additional complexity, which could hinder the rapid adoption of the solution.
The attestation is ideally only used once and issued in batches, so this is both good and bad I guess, since if they ask to track you and they haven’t already recorded all the attestations, they’ll need to wait for you to generate more.
Unlinkability: The goal of the solution is to prevent user profiling and tracking by avoiding linkable transactions. Initially, the solution will rely on batch issuance to protect users from colluding RPs. Zero-Knowledge Proof (ZKP) mechanisms will be considered to offer protection. More details are provided in Section 7.
Basically a big TBD. Lovely.
The more subtle attack you mention could probably be avoided if the root certs and so on or whatever equivalent they’re using are public and you check that the attestation given to you doesn’t include extraneous details (which ideally the app would do for you). Not sure how that’ll interact with the zkSNARK solution provided as an “experimental feature.”
It doesn’t really matter though since they can just record the attestations when they’re issued, so they just have to say “look for these attestations” to whatever site and they can track your visits.
It is recommended that the Proof of Age attestation be designed as a single-use credential and remain valid for a maximum period of three (3) months from the date of issuance. If a revocation mechanism is required, a status list may be utilized as an effective solution for managing the revocation status of attestations.
Of course, using it in batches is only “recommended,” so I guess they could just issue it once and continuously reuse it, in which case it would be very easy for websites to link it to you.
There’s probably more I could pull out, but yeah, doesn’t seem great based on the spec :|
Yeah as far as i am aware, there is no such thing as zero-knowledge proof in practice for this kind of thing. If there are “bad actors” in other words “the police” with access to both the government database and (through a warrant or backdoor) the websites data, then the whole anonymization is gone. Its a sandcastle concept and an attempt to trick the population by making it sound fancy when its not at all.
ZKP has a specific meaning in cryptography. In fairness, it does a little here. But yes, it is basically a marketing term. Like “blockchain” or whatever.
Eventually, the idea here is to divide the population into 2 classes, one of which is to be denied access to certain information or services. If privacy is the only potential problem one sees with that, then… well…
Well yeah the inherent absurdity of age verification itself is a whole separate topic, but i think that battle is already kind of lost sadly. Our societies are so overobsessed with safety, there is no way they will not fall for the whole protect the children shtick.
I’m kind of surprised they’re actually going through with the zero-knowledge proof setup.
We’ll see what it is when they publish the code (if they will publish it) but they claimed it will be zero-knowledge from the beginning so it’s not surprising at all that they still claim that.
I’m kind of surprised they’re actually going through with the zero-knowledge proof setup. This is pretty much the only method I find mostly acceptable for stuff like this tbh.
This part seems unlikely. It’ll work on “most” devices but if you’re running something weird like a Linux phone I doubt it’ll work (although since it’s open-source I guess someone could potentially add support).
EDIT: nvm I read the spec, it’s more like “minimal knowledge” but they can still track everything pretty easily.
It doesn’t seem very sensible to me. The specs say that a ZKP proof “should” be used.
Basically, you get a token from some source that knows your age and identity, such as the government. You pass this token on to some other entity that wants to know if you are above a certain age.
If both of these parties record the tokens they send and receive, then your browsing history can be tied to your identity. Realistically, this would only happen if the government wants it.
Using ZKP, you could prove that you have a valid token, without disclosing the details. But if the government decides that the tokens have to be recorded, then sites simply would not accept the ZKP.
I think one could also make a more subtle and limited attack by issuing special tokens. Say, someone’s accused of being a terrorist, or violating copyright. Then they could be issued a special token which instructs receivers to record their activity and forward it to the police.
Hm, I’m reading the spec. It seems more simplistic than I was expecting.
Guess it does just pass the attestation around.
The attestation is ideally only used once and issued in batches, so this is both good and bad I guess, since if they ask to track you and they haven’t already recorded all the attestations, they’ll need to wait for you to generate more.
Basically a big TBD. Lovely.
The more subtle attack you mention could probably be avoided if the root certs and so on or whatever equivalent they’re using are public and you check that the attestation given to you doesn’t include extraneous details (which ideally the app would do for you). Not sure how that’ll interact with the zkSNARK solution provided as an “experimental feature.”
It doesn’t really matter though since they can just record the attestations when they’re issued, so they just have to say “look for these attestations” to whatever site and they can track your visits.
Of course, using it in batches is only “recommended,” so I guess they could just issue it once and continuously reuse it, in which case it would be very easy for websites to link it to you.
There’s probably more I could pull out, but yeah, doesn’t seem great based on the spec :|
Yeah as far as i am aware, there is no such thing as zero-knowledge proof in practice for this kind of thing. If there are “bad actors” in other words “the police” with access to both the government database and (through a warrant or backdoor) the websites data, then the whole anonymization is gone. Its a sandcastle concept and an attempt to trick the population by making it sound fancy when its not at all.
ZKP has a specific meaning in cryptography. In fairness, it does a little here. But yes, it is basically a marketing term. Like “blockchain” or whatever.
Eventually, the idea here is to divide the population into 2 classes, one of which is to be denied access to certain information or services. If privacy is the only potential problem one sees with that, then… well…
Well yeah the inherent absurdity of age verification itself is a whole separate topic, but i think that battle is already kind of lost sadly. Our societies are so overobsessed with safety, there is no way they will not fall for the whole protect the children shtick.
We’ll see what it is when they publish the code (if they will publish it) but they claimed it will be zero-knowledge from the beginning so it’s not surprising at all that they still claim that.