I wonder if not private age verification could not be solved with the right cryptographic protocol.
You would have to register using a digital ID with a government agency, to get a age certificate. Most European countries already have digital IDs, used for all sorts of things: such as taxes, online banking etc.
Then that certificate could be used in some sort of challenge-response protocol with web sites to verify your age, creating a new user ID in each session but without divulging anything that identifies that particular certificate.
I'm afraid that the alternative would be that social media would instead require login with the digital ID directly.
In your proposed scheme, it is in the best interest of web sites to store the certificates from users indefinitely, since it's the only evidence they have that prove that their users are not minors.
Since authorities have the power of accessing that data and identify the user who created the certificate, this scheme is not anonymous.
Authorities can access that data via court orders today, or via a global automatic mandatory data sharing law in the future.
In the example of USA, even if for some reason people still trust the current Government (although ICE already accessed private medical records to track and arrest people), I don't see why they should trust all future Governments which will have retroactive access to all that data.
So let's make it illegal to keep the tokens more than e.g 6 months.
We should not underestimate the power of the legal system to enforce freedom and anonymity. And on the flip side, it's hard to create a technical system which can actually withstand the force of the government if it chooses to come after you.
I believe the correct battlefield for freedom is the political one, in the end it decides everything. And neither guns nor technical tricks can secure freedom against a tyrannical state.
Wuth that said, it does tickle the curiosity to think about! A technical-political solution could be to introduce a new actor, the broker. It sits between the webpage and the age-verifier, receiving the age-verification, but then giving it's own proofs to the webpage (so acting as a trusted middleman). Now to match up visitors with identities you need to get the data from both the webpage, the broker and the age-verifier.
You could imagine that the broker were in a different jurisdiction, maybe even one without a close cooperation with the government. Maybe people could even choose their own brokers (among certified ones).
So let's trust all future Governments to never remove the 6-month law?
Once the whole technical system is implemented, it will be trivial to remove that bureaucratic limitation, and somehow it will be sold as better protection for the children.
The legal system wasn't at all required to "enforce" freedom and anonymity, on the contrary. Social media did want to end it and so do some states now.
Yes, it can be. Google has a zero-knowledge proof based system in Google Wallet that lets you store store signed credentials such as government ID and then prove to third parties that you have such a signed ID and to disclose to them facts of your choosing from that ID, with the third party gaining no information other than that you have such an ID and that it confirms those facts. This has been running in production for a few months.
They have opened source this [1][2].
This was designed to comply with eIDAS in Europe so that it could be incorporated into the EU Digital Identity wallet.
Current implementations depends on smartphones but it should be possible to make it runs on other devices that have similar cryptographic hardware.
It can't be solved, but you can choose different loopholes and privacy trade-offs.
Untraceable-but-single-use proof-of-age tokens? Good for privacy, but now that 14-year-old can get tokens from an 18-year-old friend for cash.
Proof tokens that only last a few minutes, or a three-way handshake between user, government and website? Harder to trade, but now the government's got a good guess about who's opening pornhub.
Requiring sites to keep audit records, to prove they really did the verification procedure? Wildly insecure, we don't want them storing passport photos. Requiring them to not keep audit records? Then they can skip or half-ass the checks.
Camera-based age estimation? Once again the 14-year-old can have an 18-year-old pass the check for them. Or a video game character creator or something. Scanning a government ID card? Better hope Dad never leaves his wallet unattended for 5 minutes. And not everyone has a passport or driver's license.
Age attestation from an electronic driver's license, plus face id biometric validation, with a secure element, trusted execution environment and code attestation? Congrats, now you've handed your national ID database to the world's largest adtech/tracking company. Hope you weren't trying to distance your nation from US tech dominance.
I've never seen the government try to make laws as damn bulletproof as this one "for our own good".
You'd think we were dealing with access controls for nuclear waste here, but it's actually as banal as preventing a kid from just liking a photo his friend took using an app.
It's insane seeing how this moral panic plays out.
All you need is one authority which defines who can verify age threshold (government). Those who can verify age threshold need to know your age and identity (bank). Those who are bound to restrict access based on age only need to know in which country you live (website). Nothing else is needed eg. bank, identity and age is not known to the website, website is not known to your bank or government.
While this would solve the technical problem at hand. It lacks any safeguard against a very simple workaround of sharing your certificate or even posting for everyone to use.
I hate this approach to them problem, because it is not a technical problem.
Because it focuses on technical aspects and accepts the premise of 'age verification must be solved'. It doesn’t, and discretion what content and and what age children and teenagers can consume should be up to parents.
That's what I did with my Austrian goverment ID during the COVID times. Had to go the embassy to identify myself. Those times the Deutschland ticket was still cheap, so no problem.
Agreed. But would mean having to educate people on security, privacy and computing in general… Pretty sure most government like having most people uneducated on such things
We've already got age verification protocols (in the UK) with the sale of alcohol and tobacco. If we also use those shops to sell age verification tokens (e.g. something like a scratchcard) for a nominal amount, then people could reliably verify that they're an adult without the privacy concerns and without shoddy websites leaking credentials.
Yes - pretty much the same as supplying tobacco/alcohol to minors. My point is that we've got a system which more or less works already, so it's just a matter of extending it for adult website verification.
You misunderstand. The child protection angle is just a cover story. The actual reason for this legislation is to ban anonymous publishing; to ensure that every post on the internet can be linked back to an identity for retaliation.
Verified anonymous age credentials don’t allow for this, so they don’t matter.
The negative privacy implications are the primary features of these laws, not a bug. It is intentional.
> The child protection angle is just a cover story. The actual reason for this legislation is to ban anonymous publishing; to ensure that every post on the internet can be linked back to an identity for retaliation.
> Verified anonymous age credentials don’t allow for this, so they don’t matter.
> The negative privacy implications are the primary features of these laws, not a bug. It is intentional.
This is it. Perfect.
The amount of money pouring into surveillance of all kinds (led by companies like palantir and so many others). It's surveillance capitalism without the capitalism.
People create these illusions about a system, about a country and will fight to the end to defend those illusions. The reality of what actually exists beneath the shiny (propagandized) surface is so much darker.
And what exactly would be the purpose of age verification? Because defining someone "mature" based on their age is pretty hit-and-miss: we have plenty of adults, even of a certain age, who it's hard to imagine have ever finished adolescence, for instance. On paper, they are absolutely of age. We also had a certain Alexander the Great, emperor of a large part of the planet at 20. We had 13-year-old Pharaohs active in government.
We also have gazillions of examples of apparently innocent rules being used to boil Chomsky's frog, one small temperature rise at a time. For the first time in a long while, I'm starting to sense a certain fanaticism on this topic here on HN, which sounds very much like the molecular agitation when water starts to boil.
> And what exactly would be the purpose of age verification? Because defining someone "mature" based on their age is pretty hit-and-miss: we have plenty of adults, even of a certain age, who it's hard to imagine have ever finished adolescence, for instance. On paper, they are absolutely of age. We also had a certain Alexander the Great, emperor of a large part of the planet at 20. We had 13-year-old Pharaohs active in government.
That's really no different than age of consent laws. In the majority of US states (33+DC) that age of consent for sex is 16, 17 in 6 states, and 18 in 11 states.
In Europe it is 14 in 14 countries, 15 in 12 countries, 16 in 20 countries, 17 in 2 countries, and 18 in 3 countries.
All of those are somewhat arbitrary. There are many people over 18 who lack whatever maturity age of consent laws are trying to ensure people have before they can consent.
Going the other way there are people who are under the age of consent in most of those countries or states who are mature enough that there would be no harm in letting them consent.
Any particular population wide age of consent in a state or country then cannot simultaneously protect everyone who needs protection and avoid forcing protection on people who do not need it.
It would in theory be possible to make the age of consent an individual thing where you have to be psychologically evaluated and if you pass you get your consent license. (A hybrid approach might also be possible--a high automatic age of consent like 21, with people under that able to apply for a lower age. Probably also combined with "Romeo and Juliet" laws so people under 21 who just want to fool around with people close to their own age can do so without having to be psychologically evaluated first).
I expect that very very few people would be in favor of replacing the one size fits all approach to age of consent with such an individualized system.
I prefer no filters instead, for one simple reason: who watches the watchmen? If we had a digital identity on a national blockchain run by open-hardware home servers and FLOSS software, where every node exists by virtue of digital identity, meaning there's no risk of a 51% attack and everyone is forced to play with their cards on the table, I might accept a ZK proof. But that's not the case, and the privacy guarantees of private entities and the very subjects pushing for this verification make me say, quite simply, NEVER.
Because we know perfectly well that it's the precursor to mandatory SSO for everything, South Korea style, which is unacceptable and incompatible with Democracy.
Always with the increasing government control. Heaven forbid people go online without training wheels. We need safety nets everywhere - a grazed knee means the state failed.
What about Japanese hot springs? ("onsen")
Those are typically around 40°C but could be up to 60°C. Because it is hot water and not hot air the temperature would be transferred differently to the body though, so I don't think the numeric temperature is directly comparable.
Onsen baths are taken all year round: including summers that get hotter than in Finland, but especially enjoyed in winter.
I am a Spanish guy currently living in Japan, and honestly I hate sauna but love onsen. Most on my Spanish colleagues seem to think the same. I guess the main factor being that both Spain and Japan are have really hot summers, so why would you get in a hot room to sweat like a pig when you are already sweating outside?
If had first meant a coffee table form factor PC with touch screen and special software, which was able to sense special objects placed on top of it.
Then that was renamed to "PixelSense" [1] and "Surface" instead got put on a line of touchscreen tablet form factor PCs launched together with Windows 8. OK, reusing a strong name for a product line expected to sell more, and which still fit the theme made sense.
.. but then the brand was also put on laptops, convertibles, desktop PC and an Android phone ... eh, OK, but at least those also had touch screens.
... but then the brand was also put on generic peripherals: keyboard, mouse, headphones, earbuds, etc. which diluted the brand to mean practically nothing.
For example, a search for "surface keyboard", could result in a "type cover" for some kind of tablet PC or a keyboard intended for desktop computers.
Microsoft later did the same with the "Microsoft Sculpt" brand. It was first a compact curved "sculpted" ergonomic keyboard with chiclet keys and an ergonomic mouse that were most often sold as a set. That got quite popular and so the brand achieved recognition.
But later, Microsoft decided to reuse that brand for completely generic peripherals with no special ergonomic designs whatsoever.
BTW. Not long after, Microsoft also released products with the similarly ungoogleable names "Microsoft Bluetooth Keyboard" and "Microsoft Ergonomic Keyboard".
Lots of people have bad feelings about things. If it all turns out okay, they generally forget about the premonitions. If it goes bad, then they believe that their gut instinct is reliably correct.
When I was small, I used to have bad feelings about my parents getting in a car accident every time they went out. It never happened, and they lived into their 90s.
I was thinking of the risk of the crew capsule burning up on reentry, due to a possibly faulty heat shield — and people in charge knowing about the risk beforehand but going on with it anyway.
I had forgotten that O.J Simpson had been in the movie, to be honest.
Was required back in the early 2000s already, but that’s not really what the article is about. It’s talking about derived work created by recreating another artist’s existing work in a different medium. Being able to provide WIP material is only evidence that the technical labor is yours, not that the artistic concept is original.
The reality about the nature of programming does not matter. It is simply the perception among managers that AI could help them save money that causes job loss.
Alsup liked to write a lot about his my66000 on Usenet, but does not share documents about it with everyone. (Yes, I've emailed him and been ignored. I have had to piece together what I know about it from multiple posts.)
Apparently it runs in FPGA and there are assemblers and compiler back-ends for it.
Like the 88000, the register file is shared between integer and floating point units.
One interesting detail is that it supports CRAY-style vector operations using the same architectural registers, and downgrades to scalar operation automatically on interrupts. This means that the register state to load/store on context switches is small.
In my neighbourhood it has become popular to build "bee hotels" to have in the garden. They are commonly built by cutting logs into lengths, stacking them up and drilling multiple holes in one end of each log, each hole sized just enough for a wild bee to enter.
However, the holes need to be deep enough for the bees to be safe from bee-eating birds. Otherwise, the log will instead function as a bee trap, allowing a bird to pick off one helpless bee after the other.
reply