Post · bonfire.cafe

@Em0nM4stodon@infosec.exchange · 3 weeks ago

If every country starts requiring that people provide official ID in order to "verify their age" to use social media, there will be no way to use any social media without associating the account with a legal identity.

This is horrible for democracy,
and should terrify everyone.

It doesn't matter if platforms use third-parties or not. It doesn't matter if they use some special encrypted code, the result is the same. This gatekeeps open discussions and government criticisms free from reprisals.

This is bad.
This is China "free-speech" bad.

#Democracy #AgeVerification #Privacy

Michał "rysiek" Woźniak · 🇺🇦

@rysiek@mstdn.social replied · 3 weeks ago

@Em0nM4stodon I agree this is bad in general, but this:

> there will be no way to use any social media without associating the account with a legal identity

...is not true.

One could devise a protocol where the only thing that is certified to the website is age, without any identity information.

For a somewhat imperfect example that gives an idea, see here:
https://rys.io/en/178.html

Add zero-knowledge proofs to the mix and it becomes much more solid. It's totally something that could be done.

Michał "rysiek" Woźniak · 🇺🇦

@rysiek@mstdn.social replied · 3 weeks ago

There are some good replies beliow, and tl;dr zero-knowledge proofs are not by themselves enough to solve this:
https://www.eff.org/deeplinks/2025/07/zero-knowledge-proofs-alone-are-not-digital-id-solution-protecting-user-privacy

Electronic Frontier Foundation

Zero Knowledge Proofs Alone Are Not a Digital ID Solution to Protecting User Privacy

In the past few years, governments across the world have rolled out digital identification options, and now there are efforts encouraging online companies to implement identity and age verification requirements with digital ID in mind. This blog is the first in this short series that will explain...

Cassandrich

@dalias@hachyderm.io replied · 3 weeks ago

@rysiek @Em0nM4stodon https://hachyderm.io/@dalias/115240115186185851

Trillion Byter

@TrillionB@mstdn.social replied · 3 weeks ago

@rysiek @Em0nM4stodon While there can be a hypothetical protocol, I'm concerned about the slippery slope.

Org A could offer a service of providing age verification. "Yes, token <blah> is an adult."

Org A will keep some ID record for liability protection. (Token <blah> is person X.)

Those records will leak, be sold/acquired, be shared with government, etc.

Software isn't the problem. (Bad) people are the problem. Even "good" people doing "tough" things for "the right" reasons.

Michał "rysiek" Woźniak · 🇺🇦

@rysiek@mstdn.social replied · 3 weeks ago

@TrillionB @Em0nM4stodon that's why it's important to design the protocol in a way that Bad People also can't connect these dots. And there are ways to do just that.

Irenes (many)

@ireneista@adhd.irenes.space replied · 3 weeks ago

@rysiek @TrillionB @Em0nM4stodon so in our view (hi! this is our field), focusing on this aspect ignores the harm that happens at the moment of enforcement, regardless of where the data goes after

governments do not get to decide which people are eligible to engage in speech. we all already know where that goes, let's not fool ourselves

Michał "rysiek" Woźniak · 🇺🇦

@rysiek@mstdn.social replied · 3 weeks ago

@ireneista @TrillionB @Em0nM4stodon fair enough and I strongly agree with you here.

But if we use faulty arguments to against such ideas, it's going to be easier for their proponents to say: "ha, but they are wrong here in this particular case, therefore they must be wrong in general!"

I'd prefer us not to open ourselves to this kind of a thing unnecessarily.

Irenes (many)

@ireneista@adhd.irenes.space replied · 3 weeks ago

@rysiek @TrillionB @Em0nM4stodon yes, it's important to be accurate about what is and isn't possible

we do prefer to just not have the side discussion about the merits of particular proposed technologies, because it misses the point SO HARD and it is SUCH a shiny, effective distraction

Michał "rysiek" Woźniak · 🇺🇦

@rysiek@mstdn.social replied · 3 weeks ago

@Em0nM4stodon I feel it's important to make this clear because as governments are more and more pushing for age verification online, more and more hare-brained schemes will keep getting implemented.

While I am no fan of age verification online, I do believe that we should at least try to minimize the damage and harm and risk by pointing every time we get a chance: if you want to do this, at least do it well.

C.Suthorn :prn:

@Life_is@no-pony.farm replied · 3 weeks ago

@rysiek@mstdn.social @Em0nM4stodon@infosec.exchange Thing is: it is Not impossible to Do, but most people will still use WhatsApp. Unless there comes an App, that has an even worse age Check Implementation than WhatsApp.

1980 Microsoft had the worst DOS, people chose MSDOS. In 1990 Microsoft had the worst Windows, people chose MSwindows. In 2000 Microsoft had the worst Webbrowser, people chose Internet Exploder. In 2010 Häägén Däßß had the worst ice cream, people chose Häägén Däßß. In 2020 the World had Corona viruses, people chose SARS-Cov2.

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.0-rc.3.21 no JS en

Automatic federation enabled