dadoum 18 hours ago

Still, I don't want to gate people based on age.

Parents should at least be able to overwrite the age of their child, maybe selectively allow bypasses. My experience with a computer would have been completely different if I was blocked from half of the internet. Especially when I see which kind of content gets blocked.

  • doginasuit 17 hours ago

    As a millennial-aged person I saw a fair amount of content I would not want the young people in my life to see, but it's probably not nearly as harmful as the non-age gated content that they will still have access to. There is a lot creepy youtube and tiktok content that isn't off limits but still unhealthy and my younger relatives are fascinated by it.

    • echelon 16 hours ago

      We need to stop this helicopter civilization bullshit.

      We're building 1984 to protect from god knows what imaginary harms.

      Stop putting plastic wrap around people's freedoms, liberty, and right to privacy.

      • Gigachad 15 hours ago

        The harms of smartphones and social media are about as far from imaginary as it could get. The data is screaming at us.

        We will look back at handing kids phones with instagram like giving kids cigarettes and think wtf were we doing.

        • AngryData 14 hours ago

          And I find that harm to be far less than the harm caused by identifying everybody all the time and censoring topics to people based on government provided tokens.

          • kelseyfrog 10 hours ago

            Therapy and meditation is an effective remedy for this kind of suffering.

        • echelon 14 hours ago

          Are you sure it's just kids?

          In dealing with the ills of social media, you do what you do with every other negative externality - you tax it. At least the parts of it you don't like.

          Designing privacy, freedom, and liberty destroying mechanisms is not the way.

          Big social wants these regulations to pass so that they can get better identity tracking for ads targeting. To them it doesn't matter if the tech ushers in 1984. It makes them more money.

          • Gigachad 14 hours ago

            It's definitely not just kids. Social media is a lot like meth, we should at a bare minimum stop giving it to kids as soon as possible. And then come to realise it's bad for everyone and should be wound back.

            • Paracompact 11 hours ago

              Their argument would be, "If meth is a negative externality, we should just tax it instead of banning it in stores for kids to buy." Kids may die, but I'm sure with all that extra state revenue we'll get a nice park or museum or kickback to Tesla or something.

              • kelseyfrog 10 hours ago

                Be careful this is HN. There's a decent chance someone genuinely believes this.

                • tancop 5 hours ago

                  looking for me?

                  • kelseyfrog 2 hours ago

                    Are you willing to expound on the meth tax idea? Just curious.

              • AnthonyMouse 6 hours ago

                > Kids may die, but I'm sure with all that extra state revenue we'll get a nice park or museum or kickback to Tesla or something.

                The argument, which has some pretty decent evidence behind it, is that prohibition is the thing that kills people. Because it has to be smuggled, dealers switch from "normal" hard drugs to overdose triggers like fentanyl with 1000x the potency because then they only have to smuggle 0.1% as much of it, which in turn kills people because street dealers cut it improperly and users get wildly different effective doses or drugs cut with dangerous contaminants.

                Notice that meth literally is legal in the US. Essentially anyone can get amphetamines by going to a doctor and telling them you have the symptoms it gets prescribed to treat. It's even prescribed to kids. The primary barrier is having health insurance and the ability to take off work during the day every month to get a refill. Which is why the people dying of overdose are the people priced out of that system, who wouldn't be if they could buy it at Walmart, but because they can't they resort to the entirely unregulated black market and die of a fentanyl overdose.

            • AnthonyMouse 7 hours ago

              But then what's the point of forcing IDs on everyone instead of cutting to the chase?

          • bloqs 13 hours ago

            I'm not sure I get your arguement here

            Are you saying that we should let children smoke and just tax it because its better for their liberty and freedoms?

            Or are you saying we should just tax social media for adults but banning it for kids is ok

            • anonzzzies 11 hours ago

              We do that here; heavy tax sigarettes (and booze): both dropped like a lead balloon. So yes, tax it for everyone. Kids cannot pay for sigarettes and most adults don't want to (most vapers I know do it because it costs far less; that should be taxed more too imho). If browsing insta/tiktok costs an euro per hour, let's see how many still do it; I'd say they go bankrupt in a few months. Apparently it was never that interesting.

        • imjonse 12 hours ago

          It's no coincidence cigarettes were named 'torches of freedom' to get women to start paying up for the privilege of using them a hundred years ago.

        • mike_hearn 10 hours ago

          The data isn't screaming at us. That's an illusion caused by the flood of bad academic papers on the topic.

          A good example is the Jonathan Haidt/Aaron Brown fiasco from a few years ago. Brown has been methodically trying to stop the stampede off yet another pseudo-scientific cliff but not enough people are listening.

          https://reason.com/2023/03/29/the-statistically-flawed-evide...

          https://reason.com/video/2024/04/02/the-bad-science-behind-j...

          https://reason.com/2023/05/30/not-every-study-on-teen-depres...

          > In a recent article for Reason, I argued that the hundreds of studies that New York University professor Jonathan Haidt has assembled to support his claim that social media is causing the teen mental health crisis not only don't back up his claim; they undermine it.

          Age verification campaigners like Haidt play a smooth game but consistently downplay how useless social science actually is for answering questions like this:

          > I didn't express "concerns" about specific studies; I argued that the majority of the 301 papers cited in his document are garbage. I went through each category of studies on Haidt's list, chose the first one that studied social media and depression to get a random sampling, and then showed that they were so embarrassingly bad as to be completely useless. They were guilty of coding errors, fatal defects hidden in mid-paper jargon, inappropriate statistics, longitudinal studies that weren't longitudinal, experiments in name only, and red flags for hypothesis shopping and p-hacking (that is, misusing data analysis to yield results that can be presented as statistically significant).

          It's possible that in the past few years a wealth of robust evidence has suddenly emerged but it seems doubtful.

          This stuff does matter. If you misdiagnose the problem then congrats, you just let governments censor the internet - quite possibly creating a China style totalitarian system that pretends to be democratic along the way - and kids will still have the same problems. A bad outcome!

        • sajithdilshan 9 hours ago

          Why are we only focused on kids? the boomers are doing more harm to the society and democracy by spreading mis-information via social media. If we want to have an honest conversation let's talk about every age group and limit it to everyone rather than using kids as a scapegoat

        • cortic 5 hours ago

          I remember the video nasties of the 90s were 'far from imaginary dangers' for kids, before that it was rock music that the data was screaming at us about. Maybe social media does hold an actual danger this time, but we are a hysterical bunch of knee-jerk reactionary nutjobs, when it comes to new things and kids.

          I wouldn't be surprised if 20 years from now we see social media as just another hysterical reaction that generated a generation of bad law, wrecking, or diminishing a number of lives, for no good reason at all.

        • rpdillon 4 hours ago

          You're restating the problem, but the issue is with the proposed solution. Creating a surveillance state in an attempt to improve society is myopic. We know a surveillance apparatus will be abused to oppress people (it's already happening in the US: we have stories all the way back to the NSA/Snowden, but just last week Flock cameras were being abused to stalk ex-girlfriends, the list is endless), so pushing for that particular approach creates a bigger problem (authoritarian surveillance state) than it solves (some kids watching porn and tiktok).

          Edgar Friendly got it right, back in 1993:

          > See, according to Cocteau's plan, I'm the enemy. Cause I like to think, I like to read. I'm into freedom of speech and freedom of choice. I'm the kind if guy who wants to sit in a greasy spoon and think, "Gee, should I have the T-bone steak or the jumbo rack of barbecued ribs with the side order of gravy fries?" I want high cholesterol. I want to eat bacon, butter and buckets of cheese, okay? I want to smoke a Cuban cigar the size of Cincinnati in a non-smoking section. I wanna run through the streets naked with green Jello all over my body reading Playboy magazine. Why? Because I suddenly might feel the need to. Okay, pal? I've seen the future, you know what it is? It's a 47-year-old virgin sittin' around in his beige pajamas, drinking a banana-broccoli shake singing "I'm an Oscar-Meyer Wiener".

      • Balinares 12 hours ago

        I have a hunch that the Epstein class is getting increasingly upset about the kids encountering ideas about what ought to be done about the Epstein class, and mostly are keen to see the next generation molded back into good little subservient laborers. It really isn't about the well-being of the kids.

      • PeterStuer 11 hours ago

        "We" are building 1984 to make sure "We" stay in power of our EU Animal Farm.

        • krige 11 hours ago

          EU? It's mostly happening elsewhere though. See: Australia. See: California. See: KIDS act. See: KOSA.

          Sounds like denial or tunnel vision.

    • kentm 12 hours ago

      Not that I want my kids looking at porn or violent content, but I’m far more concerned about man-o-sphere influencers than that other stuff.

      • pphysch 12 hours ago

        Manosphere content is toxic and harmful but the hyperviolence and desensitisation of the former should not be downplayed. That's where the mass shooters evidently come from.

        • nearlyepic 12 hours ago

          > That's where the mass shooters evidently come from.

          I mean, quite a few have come from proto-manosphere circles, too. Elliot Rodger comes to mind.

          • scotty79 7 hours ago

            Given how large it is, I don't think it's a high stat. Especially compared with other subcultures. And we don't blame feminism for every instance where a man is killed by a man hating woman.

            • tsimionescu 5 hours ago

              > And we don't blame feminism for every instance where a man is killed by a man hating woman.

              The fact that this is basically unheard of, while incels shooting up schools is somewhat common, may explain why blame is often thrown at one movement and not the other.

              • scotty79 3 hours ago

                Things people not talk about are unheard of. They tend to talk about incels a lot.

                • tsimionescu 2 hours ago

                  So can you give an example of a crazed man-hating feminist woman engaging in a mass shooting? Or just of a woman engaging in a mass shooting (alone, not with a man) in the last, say, 10 years? 20 years? 50 years?

                  Because I can definitely give you examples of incels doing this. Not a huge amount, mind you, but at least some.

                  • acdha 1 hour ago

                    The asymmetry is striking: when feminists talk about incels, it’s about how to improve their lives and help them out of the cognitive trap they’ve fallen or been lured into. I’ve never seen the equivalent of the pervasive casual, often gleeful, calls for violence and degradation which characterize the “manosphere”.

                • mrguyorama 1 hour ago

                  Half the country talks about feminism like it is an existential threat, including the millions upon millions of people who consume manosphere content.

          • pphysch 2 hours ago

            I wouldn't equate incel with manosphere. Manosphere is often hypersexual and about greed/consumption and being insecure and getting scammed, whereas inceldom is more hate-based.

        • Balinares 12 hours ago

          A hundred thousand furries consuming unfathomable amounts of porn without shooting up anyone kind of cast doubt about that point.

          • sciencejerk 12 hours ago

            Who is talking about furries? But Tyler James Robinson and Benjamin Jeffrey Smith. I guess that's only 2/100k to your point?

          • vharish 9 hours ago

            And 99 out of hundred get tired of porn at some point. We all have watched it and moved on. If only one can shoot and move on.

        • Zababa 9 hours ago

          >That's where the mass shooters evidently come from.

          Citation needed?

        • mschuster91 8 hours ago

          > That's where the mass shooters evidently come from.

          Bollocks. European teenagers watch just as much porn and play GTA at age 10 and yet we don't end up having 12 children a day die from gun violence [1].

          Note, I'm not an anti-gun nut, I think German and British anti-gun laws are ridiculously strict. But the American way of dealing with guns is equally bad.

          [1] https://www.sandyhookpromise.org/resources/gun-violence-fact...

          • technothrasher 4 hours ago

            > we don't end up having 12 children a day die from gun violence

            Note that this definition of "children" includes ages up 24 years old. Not that the US doesn't have a gun violence problem, but pretending 24 year olds are "children" in order to gain a better sound bite doesn't help anybody.

      • sciencejerk 12 hours ago

        I had to Google "man-o-sphere". Is it particularly more dangerous or toxic than other identity-based activist communities? Genuinely curious to know

        • grey-area 11 hours ago

          Yes, a lot of it involves denigrating women and an entitled and very rigid attitude towards the male place in society (alphas etc).

          This is incredibly toxic for young men growing up and the women they interact with.

          Some of the more prominent proponents are actual pimps (the Tate brothers).

          • elcritch 6 hours ago

            How is that different than pervasive pornography though? Many young boys now think it’s normal to ask girls for sexual acts before having ever kissed a girl.

            • khalic 6 hours ago

              Seems like they could use some sex ed courses

            • squidbeak 5 hours ago

              > Many young boys now think it’s normal to ask girls for sexual acts before having ever kissed a girl.

              This is a common media talking point, but are there any hard figures for this 'many'? The type you're describing existed when I was young, long before the internet. My impression of boys and young men today is that they are generally just as decent, cautious, respectful and idealistic as they ever were - but that a small crude and unpleasant minority taints the reputation of the whole generation.

              • elcritch 2 hours ago

                I don't think it's a "reputation" issue, more of a what they're being exposed to and what it's normalizing. From studies I've seen it's a significant percentage (from a random Google search [1]):

                The review talked to young people aged 13 to 19 and surveyed 1,000 young people aged 16 to 21. Over 6 in 10 (64%) said they had seen online pornography. Of these:

                    1 in 10 (10%) of nine-year-olds had seen pornography
                    3 in 10 (27%) of children had seen pornography by age 11
                    Half (50%) of children had seen it by age 13
                    4 in 5 (79%) had seen violent pornography before the age of 18, with the report stating “young people are frequently exposed to violent pornography, depicting coercive, degrading or pain-inducing sex acts”.
                

                1: https://www.fpa.org.uk/rshe-for-teachers/uk-online-child-sex...

            • tsimionescu 5 hours ago

              It is, as pornography is about sexual acts, while the manosphere is discussing the role they believe men and women should play in all aspects of life, not just sex and romance. They believe and teach that women shouldn't be managers, knowledge workers, professors, politicians, shouldn't have a right to vote (at least not differently from the man who essentially owns them) etc.

              Pornography may give some people some wrong ideas about sex and romantic relationships, might even instill some level of implicit misoginy in certain straight men, but I'm pretty sure you won't get the idea that women should be allowed in Parliament from watching too much porn.

            • scott_w 3 hours ago

              Huge gap between producing material that depicts (presumably) consensual sexual activities between adults and telling young boys to commit rape.

              • elcritch 2 hours ago

                Practically speaking there's not much difference since there's a large amount of violent or extreme pornography which also teaches boys that directly or indirectly. It also teaches girls that it's "ok" cause they see it online.

                There's many studies and organizations who publish warnings about violent pornography and young adults:

                Dr Ruth Weir of City St George's, University of London, said extreme porn had been "normalised online" and was now "playing out in young people's relationships". [1]

                1: https://www.bbc.com/news/articles/c8e82pwyg33o

                • jplusequalt 1 hour ago

                  Unless I'm missing somethiny, that article has no data that backs up Dr. Ruth Weir's claim.

                  It first posits that adult content has been normalized online, then cites unrelated statistics about abuse victims who had watched adult content. There's nothing that convincingly links that that first statement to the latter data.

                  • elcritch 38 minutes ago

                    Perhaps try reading the report linked in the third paragraph of the news article?

                    It's at: https://www.childrenscommissioner.gov.uk/resource/pornograph...

                    To quote from that report:

                    A literature review of 19 academic papers, drawing on multiple methodologies since 2005, conducted by the Government Equalities Office (GEO) to assess the relationship between pornography exposure and negative behaviours towards women and girls found that pornography use had a statistically significant association with attitudes supporting violence against women (with violent pornography showing an even stronger association). [44] A meta-analysis of 9 studies found a significant association between pornography use among adult men and attitudes supporting violence against women, such as ‘rape myth acceptance’. [45] The association was found to be significantly stronger for violent pornography than non-violent pornography. Other studies involving young adults, including Peter and Valkenburg (2009) [46] and Hald et al. (2013), [47] have found that past pornography exposure among young males is significantly associated with less egalitarian and more aggressive attitudes towards women. This is particularly worrying when young people are being exposed to pornography.

          • AlexandrB 4 hours ago

            > very rigid attitude towards the male place in society (alphas etc)

            Unfortunately this has been embraced by many feminists as well - consider how "incel" is now used as a general insult from such folks, implying that "getting laid" is essential to being a man. This is a huge reversal from the attitude in the early 2000s where it was seen as important to move beyond such traditional masculine expectations and that associating sexual success with worth was a part of "toxic masculinity". The older I get the more I think "horseshoe theory"[1] is directionally, if not literally, correct.

            [1] https://en.wikipedia.org/wiki/Horseshoe_theory

            • Tadpole9181 4 hours ago

              I want to be excruciatingly clear: Andrew Tate is a sex trafficker that tells millions of impressionable boys they are owed sex and that women should not be permitted to vote or hold positions of influence, and that they cannot have platonic relationships with women.

              The word incel, on the other hand, describes men who are disgustingly behaved and as a result are unable to have romantic relationships.

              These are not, in any way, the same thing. This is NOT an example of horseshoe theory.

        • ACCount37 7 hours ago

          Maybe? "Identity-based activist communities" are incredibly toxic as a rule.

          Maybe there's lasting harm from engaging in them early. Or maybe it's better to get exposed to them early in your life, so that you have time to figure out why you don't want anything to do with them.

          Either way, it seems pretty clear that preventing children and teens from engaging them is a nonstarter. You can't get anywhere close to consensus on "this is harmful and should be banned" because, guess what, someone's entire identity is going to be built around such communities.

          • doginasuit 7 hours ago

            I think it is safe to rule out early engagement as a positive factor.

            • tsimionescu 5 hours ago

              Early engagement maybe, but early exposure, especially to communities that you happen to not be attracted to, may be a net positive.

        • doginasuit 7 hours ago

          I would say what sets it apart is the undercurrent of anger and grievance combined with the self destructive beliefs that are prevalent in the community. It's men and boys who struggle to find acceptance and belonging, maybe even for reasons that are initially sympathetic. But instead of healthy self-reflection and feedback, they find a distorted understanding of themselves and masculinity that only reinforces their isolation.

          • philipallstar 3 hours ago

            This is just a caricature. It's like saying all women's spaces are bad because some female influencers tell their massive followings that men should pay for expensive shopping trips on the first date. This mischaracterisation through cherry picking is destructive.

        • jrm4 5 hours ago

          "Identity based activist communities" feels like a hilariously ham-fisted attempt to connect together extremely different groups.

        • totetsu 4 hours ago

          I'm "Genuinely curious" and I'm "just asking" are so man-o-sphere "coded"

      • lo_zamoyski 4 hours ago

        The "man-o-sphere" is pornographic. Look at the porn-brained Tate brothers for an example. That is their whole ethos and their souls are rotted out by it. Both are based in dehumanization and contempt for women and draws from the well of insecurity, viciousness, and psychological disorder. Both entrench and deepen psychological disorder and immorality.

        I think the basic error is that we're making a concession to obscene content and the sophists in our midst who have spent decades deploying the garbage of moral relativism and fallacious appeals to "freedom" to defend evil. The argument for age verification here is weakened if, instead, the production and distribution of pornography is outlawed.

        That you cannot perfectly enforce the law doesn't mean the law has no value or function. The purpose of the law is not undermined by imperfect enforcement, and it isn't exhausted by enforceability. Law is a teacher. Anti-porn laws would still carry psychological and social weight. They are a declaration of what is not tolerated and what is not good and contributes to the stigmatization of bad things. That creates a higher hurdle in people's minds to seek out and engage in such activity and creates shame around such activities that itself dissuades.

        I would also add that pornography and drugs have a history of being used in psychological warfare. Oligarchs ruining society? Allow pornography and it will absorb people's attention and cripple them emotionally and rationally to neutralize them. Or consider the recent loosening of drug laws or debate about loosing them - which I do not accept is coincidental - to give people another dulling and numbing agent and an escape. It is in the corrupt interests of an oligarchic elite to corral the herd. The police baton is painful and creates a dangerous indignation and resentment, but pornography and drugs do not.

    • vasco 12 hours ago

      If you saw a bunch of it and presumably are fine what does it matter then? Sure it might have been uncomfortable for a few days and you may not have understood right away but so what? That's almost every week as a kid. Seeing some titties is probably the least confusing.

      • anonzzzies 11 hours ago

        Many uncles of friends (or fathers, who knows) had stacks of porn mags we knew where they were as 70s kids. When very young they were icky and after that we took them home. Who cares.

    • giancarlostoro 5 hours ago

      I was going to name drop one, but then I realized, I wouldn't want others on HN to wind up looking it up. Let's just say, you eventually see snuff films and the like. Not something any child should be exposed to, heck even as an adult, I want nothing to do with such things, but there it was, a random .mp4 someone shared, what do you do? Curiosity killed the innocence.

  • skybrian 11 hours ago

    Websites should have an easy way to check whether the connecting device has a child lock turned on. We don’t need to identify the person using the device at all. It should be up to parents to make sure their kids use device that are locked.

    • IshKebab 11 hours ago

      This is clearly the right way to do things. Just make devices have a forced choice for their age setting on initial setup, and expose that to apps and websites.

      Insane that they didn't even try this simple solution first. Yeah people will get around it, but they'll get around any solution.

      • tzs 5 hours ago

        That’s what the California law does.

    • kevincox 7 hours ago

      Or even better, just let the website return a set of flags (like age_rating=18) in a header and let the user agent decide if it wants to show it, block it, ask for approval, ...

      Then the policy lives on the user agent.

  • Nevermark 10 hours ago

    You are imagining that a solution for you will be deemed a solution for the political powers pushing for this. Or that being age-verified is the main danger of having age-verification.

    That would be nice!

    But if there isn't a safe market driven solution to age-verification, which provides anonymous, unsurveiled, age-attested site access, with no ability for the government to individual monitor, deny or revoke, then that is exactly what is going to get pushed on all of us.

    You don't defeat an enemy by not needing the manacles they are very motivated to force on everyone..

    Increasingly: We adopt zero knowledge proofs, and other decentralized open-sourced hard-security technologies, and resolve seemingly-small, but not-going-away practical issues like age & porn, or empower and "trust" every weak politician, interest group and stranger on the internet to not use our lack of awareness and defense against us.

    Add AI to the mix, and the risk/damage of passivity becomes extreme.

  • nerdsniper 10 hours ago

    I hesitate to comment on these because hundreds of comments have already said it and I don't have anything new to add.

    - The age-gate should just be a setting on the device: either over 18 or under 18. Websites/apps should at most only be legally required to respect the device's assertions.

    - Devices should be controllable by parents: let the parents decide whether the child should be age-restricted or not.

    - Devices should have profiles so that you can let your kids use your own phone/laptop without messing up your stuff or getting into things they shouldn't.

    Historically parents have been allowed to rent R-rated movies for their kids with nudity and sex and violence even if the video store isn't supposed to rent it out to the kids directly. That was always considered okay. If I think my 16-year old is mature enough to watch some porn, that should be the parents' decision.

    • tzs 5 hours ago

      That’s pretty close to the California law.

  • delis-thumbs-7e 7 hours ago

    I do. I’m going to take a wild guess that you are an old head like me, male, and lived your youth in the wonderful internet free of commercialisation of human interaction, free to roam and find new cool things and people, a wonderful library of Alexandria to learn and spend time in.

    Discuss what the experience was/is to zoomers and younger, especially girls. Did you try to play a silly online game with your friends while being constantly harassed by 3-4 adult men? How many times someone offered you money (in form of “lootboxes”) to get nude pictures of you when you were severely underage? Or was on every site you visited an algorithm pushing on your face content about how you should embrace anorexia, start gambling on what Trump says on TV, use drugs, or simply do a suicide?

    Hey fellow unc’s, we really need to stop nostalgising on the computer childhood of our youth and listen to the kids (as well as a bunch of research on the topic) and face the fact that the internet of the friendly geeks and nerds of the yesterday does not exist anymore. Things have to change, if we want to have any kind of working society left whatsoever.

    • finghin 7 hours ago

      I completely agree with you, but what this shows is a momentous change in the landscape of the internet, facilitated by mass marketing, data collection, commercialisation and even financialisation of digital game assets.

      This is a huge shift that cannot be rectified by simple age filters.

      Being realistic about the problem requires being realistic about ill-conceived solutions with conspicuous benefits for commercial actors.

      Besides an array of largely static, non-interactive websites, there is no hard line between content that is suitable for young eyes and not.

    • corroclaro 6 hours ago

      A bit further up there's a really nice comment about how those studies are just garbage.

Nevermark 10 hours ago

If you need personalized government attestation to visit a site, then the government has the ability to dynamically deny and rescind your individual access to any site that adopts age verification, at any time.

Once adult sites adopt the system, it will creep over to any site wanting to limit their liability. Banks. Business services. Eventually almost everyone.

Liability the government will dramatize and escalate. You won't see the government pass any laws to create age-liability safe harbors.

Wikipedia is already being forced to fight to not implement age verification. Age verification managed by the government = No Wikipedia access without individually tracked, controlled and revokable government permission. [0]

Seldom has a slippery slope been so slippery.

The distance between government controlled per-citizen access to obviously adult sites, and government permissioned/controlled access to any site of substance, does not even involve a technical hurdle. It just becomes a site adoption curve. Every adoption increasing the scope of real-time government surveillance in our minute-to-minute lives, and its real-time at-will ability to deny access to whatever it chooses, whenever it chooses, and for whoever it chooses. In any combination.

Dystopia is here.

In my opinion, this is terrifying.

We need: Third party attestation, providable by anyone/entity meeting basic openly-defined criteria, limited to age attestation only, implemented with Zero Knowledge Proofs, to create a safe anonymous (unsurveiled/no personalized denials) alternative, to take the wind out of the sails of this constant governmental power grab. If it isn't solved by security minded technologists and the marketplace, the freedom destroying version will prevail - and it won't be undone.

[0] https://www.eff.org/deeplinks/2025/07/we-support-wikimedia-f...

  • kelseyfrog 10 hours ago

    If you're ok with slippery slopes, are you ok with ad hominems?

  • xinayder 9 hours ago

    We don't need age attestation or any kind of identity attestation, period.

    • Nevermark 1 hour ago

      You are framing the debate in a reasonable way.

      But apparently are unaware that this debate is being forced by powerful unreasonable people who are not going to give up if we leave a resolution up to them.

      Reasonable and informed people want to avoid that. By stronger means than repeating “I don’t need that” until we realize that didn’t work.

      When a site you and i need requires you and I to register with our governments to access it, how is your reasonable opinion going to help us navigate that?

  • like_any_other 5 hours ago

    > Once adult sites adopt the system, it will creep over to any site wanting to limit their liability. Banks. Business services. Eventually almost everyone.

    This needs more emphasis. Once we make (even zero-knowledge) proofs convenient and common, it'll spread, and soon it won't be just age that's getting assured.

doginasuit 17 hours ago

Zero-knowledge seems to be a bit of an oversell here. It is more like you break the knowledge up and only share the relevant parts with each party. And the facilitator (Google) arguably has access to the most information out of any of the parties involved.

  • dgrin91 17 hours ago

    There are true ZKP setups where no one learns anything but the absolute minimum (e.g. is this person over 16, not what is their dob). This is hard to prove though and I don't know if I trust Google to do it

  • slwvx 17 hours ago

    zero-knowledge proofs are a well-known tool in cryptography [1]. All Google is sharing is the library to implement it. Google would not have access to the information any more than they have access to the bank info of people who use Android or Gmail.

    [1] https://en.wikipedia.org/wiki/Zero-knowledge_proof

    • doginasuit 17 hours ago

      It's my understanding that they are sharing the library but they will also be involved as a facilitator, at least to the extent that people use their identity wallet service. It also seems like they will have access to who you are sharing information with, which seems like the most valuable information for a company in their position, with nothing but a pinky promise that it will not be tracked. Let me know if any of that is inaccurate.

      • _alternator_ 16 hours ago

        I don't know the technical details of this ZKP library, but there is no technical reason that I'm aware of that the ID provider would need to know who you are sharing with. Not to say Google didn't build it this way for business reasons.

      • xinayder 9 hours ago

        You also can't know if Google has broken any of the ZKP promises, or in terms of the field, if Google is cheating and uncovered the secret bits you shared.

    • ForHackernews 10 hours ago

      > any more than they have access to the bank info of people who use Android or Gmail.

      ...but they do? Google pay gives them your credit card and transaction details; any time your bank sends a statement to your gmail account, Google has that, too.

      Am I missing your sarcasm?

  • wmf 17 hours ago

    Ideally the government would be the issuer and the facilitator but the US lacks the state capacity to do this. Maybe it will work that way in Estonia.

    • miki123211 12 hours ago

      The US is in the weird position of having a class of people (undocumented immigrants) who are often provisionally allowed to live there, known to their state in some capacity, and yet unable to receive some government documents that a permanent resident or citizen would be entitled to.

      Europe doesn't really have that status. Either you're known to the government and can receive documents from it, or you're a criminal in hiding, avoiding any and all government offices.

      • vasco 12 hours ago

        No it's not like that in "europe". Plenty of people have been in the limbo state for years in portugal for example until the new government started expediting processes. I had several refugee friends which were in this situation and had local jobs and some forms of id but not others. Like having social security and a tax number but no official ID

      • wmf 3 hours ago

        I think that's been kind of solved by some states issuing IDs that don't make any claims about citizenship or immigration status. Then you could use that same ID online to prove age in our new dystopian future.

  • EGreg 12 hours ago

    Google has pioneered a few technologies where they are the trusted dealer. For example, Private State Tokens.

    I have written a paper on how to do age verification in a completely privacy-preserving way, and it doesn’t even need zero-knowledge proofs:

    https://magarshak.com/papers/Personal.pdf

ortichic 6 hours ago

Lots of bias in this thread. But maybe we can have a technical discussion?

I'm not into this topic, so maybe someone else can answer this: How "zero-knowledge" is this actually?

As far as I understand, there are three parties here: 1. Me, the user; 2. The site I want to access; 3. The attestor (google? my government?). What do they know about each other?

Does the site know who I am?

Does the site know who my attestor is (and therefore, for example, that it doesn't like Winnie-the-Poo memes)?

Does the attestor know what site or kind of content I want to visit (and therefore e.g. if he agrees with it)?

Does the attestor know who I am?

Do I always know who the site and attestor are, and when this proof happens?

  • hoppp 6 hours ago

    Its not really possible to know.

    the system is valid zkp but any of the services in practice can still collect personally identifiable information from their users.

    There is also nothing stopping the attestor to collude with the site you want to access, to reveal information about you.

    • rcxdude 3 hours ago

      If you are controlling the middle part of the zkp (or at least can validate it), then identification should not be possible through the zkp even if the attestor and and site collude with each other (they could maybe collude based on some other information, like IP address or browser fingerprinting, ofc).

  • ongy 6 hours ago

    I tried to find something definitive, but it would take more time than I have right now. So to some degree this is assumptions, though generalized.

    * Does the site know who the user is: No. That's the entire purpose here.

    * Does the site know who the attestor is: Yes, they need to validate asymmetric crypto on the proof, so they need a list of public keys (which they can attach attestor identity to).

    * Does the attestor know what kind of content I want to visit: They should not. With the JWT you can validate without telling the attestor which user's proof you validate. OTOH, if there's some "is this one revoked" type of API one could easily re-introduce such an information channel on accident.

    * does the attestor know who the user is: Yes (or at least have some bits of information about you they are willing to attest to others. In practice assume it's Google/Apple/MS with information associated with your account, or your bank or ...)

    * Does the user always know site/attestor: From a technical perspective yes. From a practical human one... doubtful.

    --Googler, though far removed from this project, so no internal knowledge.

  • abricq 6 hours ago

    I'm not an expert either, but i've studied it a little and tried some of these stuffs.

    First, the attestor is not google. Google here only provides the infra (to generate proof and verify them). Let's call the attestor the issuer, and it's the trusted authority that gives you a proof of identity.

    A possible flow is:

    1. (pre-req) Some issuer (a state, bank, mobile operator, etc.) issues a signed credential to my wallet (stored on my phone, for instance). This could be a full digital ID, or a narrower “proof of age” attestation.

    2. Later, a site asks my browser for a proof that I satisfy some predicate, e.g. age >= 18. The site provides the "zk-program" (circuit) that needs to be executed, and awaits for proof (which are essentially proof of executions of the program on trusted yet undisclosed inputs).

    3. My phone generates (ideally locally, but not ready today yet) a ZK proof that it knows a valid issuer-signed credential whose hidden attributes satisfy that predicate. Essentially, it is executing the circuit with some inputs (some are public, like public key of issuers, some of private, like the issued ID)

    4. The site verifies the proof against public inputs: the issuer public key, the circuit being used, the predicate being requested, and a fresh nonce/challenge.

    So to answer some of your questions.

    > Does the site know who I am? Not from the ZK proof itself, it will know who has issued your ID.

    > Does the site know my attestor? Yes, it knows their public key.

    > Does the attestor know what site I am visiting? No.

    > Does the attestor know who I am? Yes

    > Do I know who the site and attestor are, and when proof happens? I guess there are multiple possible ways to do this, depends on the UX.

  • amwet 6 hours ago

    I have some experience with zkp, so I’ll try to answer your question to the best off my ability. First on the terminology, the “attester” in this case I assume is whoever is anchoring the data or issued the credential you’re trying to prove. For the canonical example, let’s say you’re trying to prove age >= n via a government ID.

    1. The site does not know who you are. This is the whole point. You generate a mathematical proof you possess a valid government ID that says “age >= n”

    2. Yes. You are generating a zkp based on information anchored by the attester. In this case the ID issuing gov. That attester can be something other than a gov, but zkps are a bit useless if the site doesn’t know what exactly is being proved. In this case you are proving “I possess a government ID saying age >=n”. You must know about the government to care about this proof.

    3. Not in this case. The attester only knows it has issued you an ID, but does not need to be further consulted. You could certainly construct a scheme such that you require a ZKP of recent written permission from some entity, but this is not inherent to ZKPs.

    4. This is a UX question. If the ZK wallet and website are implemented in such a way that it’s always displayed when a credential is requested and what credential that is, then yes.

    • oceansky 5 hours ago

      Does the "attester" knows who is requesting the information?

      Can they map which places requests which person?

      • sizero 4 hours ago

        That depends on the setup but is not related to the ZKP part. “who is requesting the proof that person X has a gov ID where age >= N” is irrelevant in the context of the proof.

      • rcxdude 3 hours ago

        AFAIK, If the scheme is designed properly, then no. The attestor only knows who they have issued certificates to and the verifier only knows that they have a user that has been verified by that user. Neither the attestor or the verifier can link the two any further than that, even if they collaborate.

  • mindslight 5 hours ago

    There is an important question you haven't asked: As presented, is this system secure for the implied use cases?

    And the answer to that is a resounding no. As long as you can run software of your choosing, then it is trivial to proxy a zero knowledge proof such that a third party can provide proof of the given property for you to use. If the system is really zero-knowledge, then that third party will suffer no repercussions for defeating the purpose of the system. And we can easily imagine people willing to provide this service (for ideological reasons and/or simply payment).

    To be secure, all of these schemes rely on an unstated assumption of remote attestation that will prevent users from running their own software. Locking down computing is Google's basic agenda, but saying this would make the systems less appealing to people, so they obviously downplay it.

Nevermark 1 hour ago

A great number of people here are engaged in civilized debates about whether parenting needs age verification.

That might seem to be the issue, but it is a red herring.

Powerful people are ramming age verification through in a way that will surveil you and give government the ability to not just attest for your age, but surveil what sites you use, and revert their attestation, for anyone, on any site, for whatever reason.

Not just porn sites but any site they convince to use their age verification scheme.

Even Wikipedia is having to fight this with the help of the EFF to not force all its users to submit to this.

Wake up. We all need to wake up.

The purpose of an anonymizing open source alternative is to head off dystopia. Nuanced opinions about parenting are not a defense strategy. Not against a closed internet permissioning system run by governments. Implemented by people who are using parenting as a cover.

Your parenting opinions won’t help you log onto increasing numbers of sites that block you without a government supplied key.

Wake up.

We must not let governments use this issue to lock down the internet. But that is now the default outcome.

The problem is insidious.

sciencejerk 12 hours ago

It is suspicious to me that "age assurance" is trending EXACTLY as AI agents become capable of autonomously operating a personal computer in the same way a human office worker would.

I'm afraid "age assurance" has nothing to do with "the children".

  • chii 11 hours ago

    > I'm afraid "age assurance" has nothing to do with "the children".

    and you should be afraid, very afraid. Because none of these (and other measures to invade privacy) has ever had anything to do with children.

  • sigmoid10 11 hours ago

    >It is suspicious to me that "age assurance" is trending EXACTLY as AI agents become capable of autonomously operating

    It is not, because your premise is false. This whole thing has been going on for as long as kids have been online. The early 2000s tried (and obviously failed) by using credit cards. The UK tried and failed last decade to ban porn for minors this way. AI tools are probably not even on the radar for the kind of politicians that keep pushing this.

    • M95D 9 hours ago

      > AI tools are probably not even on the radar for the kind of politicians that keep pushing this.

      Forget about the politicians for a bit. There still are many regions on the globe where no age verification is mandatory, yet websites chose to implement it anyway. Why, if not for tracking and bots?

      • sigmoid10 5 hours ago

        Well, because of things like COPPA I imagine most companies wouldn't want to risk anything here. So unless you have a website that is somehow guaranteed 100% blocking all traffic from the US or American citizens, you may as well implement it. But very few (if any) public websites will fall into that category.

  • u1hcw9nx 10 hours ago

    The point of ZKP in EU wallet is that it separates checking age and privacy.

    You can both give a proof your age and not lose privacy.

    • xinayder 9 hours ago

      Except that ZKP for sensitive data is far from being a thing, and also, I don't want the fucking government to have anything to do with what sites I access. Period.

      Why the hell do I need to login to my digital wallet to access a fucking website???

      • Almondsetat 7 hours ago

        The web is not a magical place detached from reality. Wanting absolutely zero goverment involvement (which does not mean spying btw) with it is frankly absurd.

        • brigandish 7 hours ago

          The web has not had age gating via large-scale government coercion since its inception. To claim that it's absurd to think we can do without it is to detach from that reality, and is itself absurd.

          The irony.

          • Almondsetat 7 hours ago

            I am not making an argument based on tradition. I couldn't care less that the web has not been government-gated for the past X years, because through this logic you should adhere to any dumb tradition or custom humans have ever had. I am concerned with the present and the future of the web's impact on the world, which of course requires government intervention like any other big phenomenon or technology in the history of humanity.

            Before snarkily calling "irony", at least understand the topic of discussion and make appropriate comparisons.

            P.S.:

            Not only is your assumption false, since in its first years the web was only accessible to academics so the gating was implicit, but the internet itself from its beginning to the present day requires heavy governmental intervention and international collaboration to make it work. Do you know what's behind the cables that carry your bytes? The ICANN? The IANA? I hope you never do, if you dislike government involvement this much

          • u1hcw9nx 2 hours ago

            Web will not have age gating after this either.

            The authentication requirements for some web pages have exited for a long time.

krunck 4 hours ago

"ZKP makes it possible for people to prove that something about them is true without exchanging any other data. So, for example, a person visiting a website can verifiably prove he or she is over 18, without sharing anything else at all."

But not "...without sharing anything else even when setting up your token."

Can I prove that some cryptographic token A) doesn't contain any PII and B) that the token itself can't be used as an ID tied to my identity in a Google or government database?

No and no. So, I do not support schemes like this.

  • geek_at 4 hours ago

    Of course not? The idea would be a government (who already has your age data for example) will allow you to create a signed message and the platform you are verifying your age to doesn't know who you are, what age you are but that you are of age

    • rcxdude 4 hours ago

      And also, crucially, that the government does not get to know what platforms you are visiting. (the process goes: you get a certificate for certain facts, then your 'ID wallet' generates a ZKP itself that can prove that you have a certificate of any subset of those facts, and neither the certificate issuer nor the receiver of that proof can link that to anything but those facts, even if they collude)

  • rcxdude 3 hours ago

    As I understand it, ZKPs can prove both those properties. You can get a certificate from whoever is trusted to verify that you're over 18, and then you can use that to generate tokens that only encode the information 'X has verified that I am over 18' without either the original verifier or the entity you are providing it to being able to link that to the original certificate.

    See section 2 of this document: https://eudi.dev/2.4.0/discussion-topics/g-zero-knowledge-pr... . If there are any objections that this is not technically feasible to achieve in practice, I would like to know what they are.

    (Also, AFAIK, setting up such a thing would comply with any of the age-verification laws that are being proposed around the world. You could even set up this as two arms of the same company and be able to prove to your users that while you've seen all their IDs, you cannot link their usernames to their IDs. This still isn't the best because you're still handling their PII with associated risk of leaks but it's a lot better than anyone is doing ATM)

anon-3988 15 hours ago

Age is just one metric. I don't want zero proof tech about information X. I don't want to have an identity. Full stop.

  • ambicapter 14 hours ago

    This can be used to have zero-proof knowledge of "over 18" or "not over 18". So they don't really get your age, except that you are in two broad ranges.

    • wmf 14 hours ago

      I think anon's point is that it could be used for other attributes in the future, like your nationality or... your social credit score (don't worry, it only proves that your score is over or under 500).

    • onion2k 13 hours ago

      If you get enough signals like that you can often narrow down a very large cohort of people to an individual.

      First it's 'over 18?', then it's 'over 25?', and then 'biological sex?', 'employed?', 'enjoys posting on HN?', 'active in the early morning?' and after half a dozen questions, all with binary answers that are safe individually, you can zero in on a 23 year old woman who has a job and posts on HN in the morning.

      Ask a few dozen questions like that and you'd be able to sieve an individual from a group of millions, especially if they're unlucky enough not to be absolutely typical.

      • alexghr 12 hours ago

        Proper ZK proofs don’t work that way. N different proofs will not be linked to each other unless the circuits are written to emit a stable identifier.

        Obviously if you see a bunch of proofs for known circuits coming from the same IP address then yeah, you can infer a bunch of info from that metadata.

        • za_creature 11 hours ago

          > N different proofs will not be linked to each other

          Please sign up to continue

        • xinayder 9 hours ago

          > Proper ZK proofs don’t work that way. N different proofs will not be linked to each other

          in theory. How do you do that on paper? How do you "anonymize" this data, to make it so they aren't related to each other?

          This is just like Facebook implementing the Signal protocol on WhatsApp. They technically can't access your messages, but they have all the metadata which most of the times will allow someone to infer the content of the conversation.

      • 0-_-0 8 hours ago

        Browser fingerprinting can already pinpoint you exactly. We should focus on that.

    • adrianN 13 hours ago

      You only need about 33 bits of information to uniquely identify every human.

      • DennisP 4 hours ago

        Ideally, but in practice only if the bits are uncorrelated and each divides the population in half.

    • flipbrad 11 hours ago

      The point perhaps is that these things enable discrimination based on extremely gross grained and defective criteria - in some ways the least relevant parts of your identity.

    • hashmal 9 hours ago

      the visited site won't have the info. but someone in the chain will definitely know your identity. the government, private contractors.

marginalia_nu 5 hours ago

ZKP for this purpose is a trojan horse for identity tracking and device attestation, as those are prerequisites for avoiding the scenario of someone printing attestations that everyone is of age in bulk and handing them out for free.

It works for contract signing and payments, because there is a built in incentive there, but not for age attestation.

PeterStuer 11 hours ago

Will they not just argue that you could share the assertion, and hence we need a 'trusted' verfication point to establish it is actually you in posession of the zkp token, right now. So turn on that smartphone camera right now and obediently follow our biometric verfication instructions ...

  • sigbottle 11 hours ago

    Or even simpler - they can just claim to implement it but still store your data just because.

    Doesn't seem like government is taking any steps here to try and regulate anything anymore. Possibly not ever again.

    • xinayder 8 hours ago

      There is literally no way of us knowing if Google hasn't chosen to cheat during the ZKP protocol or not. Zero chance.

  • Seattle3503 10 hours ago

    Maybe, but we should force them to make that argument after we demonstrate age verification doesn't require identifying ourselves to every website. It would reveal they aren't seeking pragmatic solutions.

trashb 8 hours ago

I'm not a fan of age checks. There is a reason Google is offering this (for free).

As always with tracking, the value is in the metadata.

The knowledge if you are or are not above a certain age is already privacy invasive but not that relevant for tracking or ads.

But with ZKP at least you won't need to send your creditcard, copy of ID and address to the 3rd party to verify.

  • human305893 7 hours ago

    They already know everything about you. They are already tracking you.

watersb 19 hours ago

We need "How to talk to your legislators about zero-knowledge proofs".

  • dboreham 18 hours ago

    Not really any point since US legislators aren't motivated by the interests of regular people.

    • consumer451 18 hours ago

      Yes, they are not.

      > Today, we open sourced our Zero-Knowledge Proof (ZKP) libraries, fulfilling a promise and building on our partnership with Sparkasse to support EU age assurance.

  • protocolture 18 hours ago

    "Dont do age assurance, ever"

    Done.

    • Avicebron 18 hours ago

      Ok, they have ignored that. I did my part and sent an email. Now what?

      • protocolture 16 hours ago

        Violent revolution I guess. Genuinely what are the other options?

        I made a formal submission to the Australian Government in the very small consulting window they held for the Access and Assistance bill. Pleading with them to consider simply not introducing the law, as there was no justification for it at all. Google also made a submission against the bill, as did many large local and overseas corporations.

        The government went ahead anyway.

        What are the chances of me swinging any government when Google et al are on the other side, determined to provide privacy and anonymity destroying products to bolster their bottom line?

        Probably worth mentioning that the Access and Assistance bill permits the Australian government to secretly (even just verbally) compel anyone building age assurance technology to secretly backdoor it to collect metadata, or any other information they choose. There's no level of safety from the government one can achieve with any app. If they resist they go straight to the Australian version of a secret national security court. The bill doesn't even make it clear whether briefing their solicitor about the request is legal. It doesn't matter how good the crypto is if the app is recording details outside of that. Its all just theatre at this point. There's no safe app, so we should completely resist all attempts to do things the government could restrict, leak or misuse.

        I dont see how this is even slightly contentious in the year of our lord two thousand and twenty six, after decades of leaks affirming governments do this stuff, decades of governments and corporations dangerously failing their citizens privacy, when a particular government is hell bent on using all the personal data it can hoover up to persecute migrants and refugees. How are people blindly monofocusing on the crypto while trusting everything else?

        • Gigachad 15 hours ago

          The vast majority of the population supports banning social media for kids so revolution isn't happening. Of course the social media companies object to their product being banned. It's like cigarette companies objecting to plain packaging.

          • protocolture 15 hours ago

            >The vast majority of the population supports banning social media for kids so revolution isn't happening

            Age assurance is being used in more than a single scope. I dont disagree that the revolution isnt happening, but theres no need to be so reductive.

            >Of course the social media companies object to their product being banned. It's like cigarette companies objecting to plain packaging.

            They aren't objecting to age assurance tools. They are objecting to the current ham fisted model, but when they can organise something less nebulous than the current regime they will be fighting to implement it first.

            • Gigachad 14 hours ago

              Sure, the implementation details are blunt. But Facebook, Google, and Reddit have had decades to sort this out on their own and yet they have only poured fuel on the problem and watched the ad dollars rain in.

              So I have little sympathy that the resulting laws are not optimal for them.

              • protocolture 14 hours ago

                >But Facebook, Google, and Reddit have had decades to sort this out on their own

                It was solved. Dont collect information.

                The problem is making shitty psychotic apps, not determining who can use them.

                I would much rather they cut meta into pieces and sold them off as scraps, than just scarfing up the PID of the users to make arbitrary determinations about who can have what brainrot.

                • intended 12 hours ago

                  It was solved for you.

                  There are more people than just you (and other tech literate folk) online.

                  I would also rather meta be cut an sold of as scraps. This is sadly not the question being framed.

                  I’ve dedicated a portion of my life volunteering to moderate content in communities. It is an unmitigated shit show. The status quo is great for firms and corrosive for society.

                  If theres a takeaway from this sub thread, is why “meta being broken up and sold for scraps” not being raised as a question in the first place.

                  Is it another case of too big to fail?

          • vlian2088 13 hours ago

            >The vast majority of the population supports banning social media for kids so revolution isn't happening.

            reddit isn't the vast majority of the population, fren. it's 1% of 4%.

            unless you've got polls you could show to back up your claim? polls, not opinion pieces. polls asking unambiguous questions like "are you in favor of banning social media?" or "are you in favor of age verification laws?", not vague ones like "are you concerned about the content your kids might see on the internet?". got any of those?

            • Gigachad 13 hours ago

              77% of the Australian population were in support of "Proposed ban on social media for children under 16"

              https://yougov.com/articles/51000-support-for-under-16-socia...

              This was in 2024, since then the attitude is still very much that kids should be taken off social media, but that the current restrictions aren't yet working as the face scanning verification is easily bypassed.

              • vlian2088 12 hours ago

                well, shit. Australians absolutely deserve having to scan their faces/fingers/eyeballs/assholes every time they touch their phones, then.

            • intended 12 hours ago

              > 6 in 10 parents worldwide support social media ban for under 16s - but children are divided

              > Support among parents for a social media ban for under-16s is highest in Malaysia (77%) and India (75%), Argentina (55%) and lowest in Japan (38%) and Nigeria (39%)

              > Globally, the majority of Gen Z (51%) – the first true digital natives – support a social media ban for under-16s. Support for the ban is highest in India (73%) and UAE (67%), Argentina (54%) and lowest in Japan (28%), UK, and Canada (both 40%

              https://www.varkeyfoundation.org/post/6-in-10-parents-worldw... Support among parents for a social media ban for under-16s is highest in Malaysia (77%) and India (75%), Argentina (55%) and lowest in Japan (38%) and Nigeria (39%)

              • vlian2088 12 hours ago

                >among parents

                increasingly few people are parents, so these numbers are don't reflect 'the vast majority' of the population.

                • intended 11 hours ago

                  A majority of Gen Z dont want it for kids, so that isn't true either. Plus, thats a moving of goal posts.

                  • vlian2088 10 hours ago

                    I responded to "the vast majority of the population supports banning social media", not "the vast majority of parents supports banning social media".

                    the latter wouldn't surprise me at all, I've seen all kinds of degenerates suddenly begin to act like boomers after they've had a kid.

        • IanCal 11 hours ago

          There are steps in between “send an email saying don’t do the thing you want” and “murder lawmakers”.

          > I dont see how this is even slightly contentious in the year of our lord two thousand and twenty six

          Violent revolution in response to data privacy issues?

          • ForHackernews 10 hours ago

            Tech people really will do absolutely anything to avoid talking to their neighbors and engaging in electoral politics, won't they?

    • matheusmoreira 17 hours ago

      "Do the opposite of what Meta is lobbying for"

      Done.

    • miki123211 12 hours ago

      It's much easier to convince somebody to achieve their goals your way than to not achieve their goals at all.

      Politicians don't want to be seen as going soft on child predators and harms to children. That is a career-ending move. Whether the bills they introduce even protect children at all has no bearing on it. PR is PR.

      If you're essentially telling somebody that children don't need to be protected, you might feel smug and superior, but you're achieving nothing. You'll be ignored as a conspiracy-theory-loving nutjob.

      If, on the other hand, you tell politicians that there are multiple approaches to protecting children, all as effective, with one of them having fewer side-effects to the rest of society, now that's a much easier sell. You sound like somebody who knows their stuff and has a nuanced take.

ggm 11 hours ago

CSIRO and the Australian privacy commissioner suggested this path to the Australian Government a few years ago.

I'm not a fan of technology fixes for social problems but i do think this may be in the sweet spot.

I see a lot of people here don't agree. I think they may not appreciate quite how concerned a lot of the community is about the effects of networked communication on minors. I'm not here to change people's minds, but this isn't a US problem it's a global one, and US constitutional rights views do not predominate worldwide.

Google has more customers outside the US than inside, and has more business with entities subject to non US laws than solely US domiciled entities.

Groxx 18 hours ago

I've been trying to figure out how zero-knowledge stuff would work in practice for age verification, where "when issued" (or extremely coarse, like what year), "to whom", and "where it's used" are hidden from everyone except the individual holding the proof (since that's the gold standard, and the only one worth accepting).

I get that ZK techniques work, and reveal "nothing". That's useful.

But if they reveal nothing, isn't it wide open for abuse? Couldn't one over-18-person's proof become everyone's proof, because they can't tell it's the same proof, and the issuer can't tell where or how often the proof is being used? Or are there ways to construct data leaks that are not user-identifying but are abuse-identifying (and what would that even mean)?

  • doginasuit 17 hours ago

    My understanding as someone who is just learning about the tech is that zero-knowledge isn't a great description of what is happening. The issuer (some party with the proof, like the government) shares the knowledge and that is only valid for a single verifier. So knowledge is held and is shared, just the minimum amount possible to be credible.

  • Aurornis 17 hours ago

    > But if they reveal nothing, isn't it wide open for abuse? Couldn't one over-18-person's proof become everyone's proof, because they can't tell it's the same proof, and the issuer can't tell where or how often the proof is being used?

    Yep!

    This is why the concept of zero knowledge age gating is such a trap for technically minded people. They imagine receiving a private cryptographic object that can be used to anonymously confirm that the government says it was issued to someone over 18.

    That’s completely useless because a single leaked token could be used forever, so nobody actually considers this.

    All of the real proposals have various compromises baked in. Some people want to require device attestation, so you could only do this handshake from a government approved device running a government approved operating system. Forget using Linux or maybe even a general purpose computer at all.

    Other proposals involve online government handshakes in various ways, with a pinky promise that the government won’t keep logs or tap it for national security purposes. So we get back to anonymous by trust only.

    • countcol 16 hours ago

      You can use a Linux… if it’s a Android

      :(

    • whiplash451 15 hours ago

      We might be over complicating things here.

      The governments’ focus might be on protecting genuine users (adults or not), not fighting fraudsters.

      In other words if ZKP works for the vast majority of technically illiterate people with their EU ewallet, the job is done.

      • denkmoon 15 hours ago

        Absolutely. We don't look at the use of false identity documents as a failure of age gating tobacco and alcohol, it's just an accepted consequence that we try to mitigate knowing that we cannot stop all instances.

    • zeofig 14 hours ago

      I agree with your analysis, but doesn't that make this blogpost by google a bit overoptimistic, or even disingenuous?

    • semi-extrinsic 13 hours ago

      > Some people want to require device attestation, so you could only do this handshake from a government approved device running a government approved operating system. Forget using Linux or maybe even a general purpose computer at all.

      The reason this is a non-problem for the purpose being discussed (age verification on social media) is that you can simply allow anyone with a de-Googled phone or using Linux on a laptop (or even Mac or Windows) to bypass the age check. You don't need a 100.0% accuracy solution, anything above 90% is fine.

      Essentially all teenagers are using social media on Android or iOS with apps from the official app store. If you make social media unavailable only on those devices, they are not going to be switching en masse to SailfishOS or start to carry around backpacks with laptops.

      Maybe a few will. But then they're going to be very lonely on their social media and subsequently stop caring.

      • miki123211 12 hours ago

        Oh you'd be surprised.

        Social media is something people want. A large part of why people buy smartphones in the first place (especially at that age) is to be on social media. If you need to buy some weird kind of smartphone to do it, or ask your tech-savvy friend to do some voodoo on it for ten bucks, people absolutely will do that.

        See the story of console modchips in eastern Europe for an example. Legal games were so expensive at that time that most kids / families weren't able to afford them. Console modchips existed, but they were difficult to install, and most people just didn't have the expertise. What ended up happening was that everybody "knew a guy", and that guy would do their modchip for a fee. They didn't need to know anything about rooting, ROMs, flashing or soldering, they gave a legal console to somebody and got a console that could play pirated games back.

      • hexasquid 11 hours ago

        This is interesting in light of the discussion on hacker news yesterday, where folk were talking about how they had to learn how to make games work on early PCs, given limitations that aren't present to the young today.

        Motivated kids can find a way! Perhaps evading age gates will produce the next generation of hackers.

    • Nursie 12 hours ago

      There are a variety of schemes possible that do not have these flaws.

      There's an interesting post here which goes into some of this - https://blog.cryptographyengineering.com/2026/03/02/anonymou...

      So -

      > Yep!

      Actually nope.

      • quasisphere 5 hours ago

        Thanks for sharing, this was interesting to read! I wonder if the approach in the "How to win clone wars" section would also work to limit the number of accounts one can have on a given service (the article seems to rather consider rate limiting). It would be refreshing to have a forum where everyone is guaranteed to have at most 1 (or perhaps 2, say one anonymous and one with your name) account that is also backed by a unique government ID (without disclosing to the government your account or even that you have one). This could help a lot with the bot spam and trust issues.

    • mavhc 10 hours ago

      why would a token a) last forever, and b) not be created as a response by your smart ID card to a challenge token?

    • xinayder 8 hours ago

      From my limited knowledge of ZKP I believe there are protocols that don't allow token reuse, i.e., once you consume a token for one round, you cannot reuse it for another attestation.

      • Aurornis 4 hours ago

        Which requires some record keeper transaction.

        Which turns into a handshake with the centralized entity, the government.

        If every token is single use then you also need to get them all from the government, either on demand or in bulk. They can then be sold.

    • mindslight 6 hours ago

      > All of the real proposals have various compromises baked in. Some people want to require device attestation, so you could only do this handshake from a government approved device running a government approved operating system. Forget using Linux or maybe even a general purpose computer at all.

      SPOT ON! This needs to be plastered across the top of every single thread on "age verification" (really: identity verification).

      Talk of "zero knowledge proofs" or other technical schemes are essentially just nerd sniping on this topic. These sound like really cool solutions where we can have our cake and eat it too, but the reality is that the cool technical bits are just the tip of the iceberg. For them to actually be secure (ie prevent the trivial proxying of credentials), there has to be another, much more draconian, part to the system.

      Even if that part is missing to begin with, then calls to add it down the line will be inevitable once the idea that websites are responsible for verifying users "ages" (identities) has taken hold and those flaws become glaringly apparent.

      I am a parent who will be staring down this issue in a few short years. The Internet is not the place we grew up. Faceboot and other engagement-farming companies are most certainly malevolent threats to the human psyche [0], and it's reasonable to assume that their effects are even stronger on developing minds.

      The only approaches that are workable to protect kids as well as preserve Internet/computing freedom (which is actually an additional angle of protecting kids from continuing loss of freedom to roam) involve the client device being responsible for what to block/show, with information only ever flowing from the server to the client - for example tags that assert a site/app is suitable for people over a given age, and on-device parental control software that operates on those tags. If parental controls are enabled and a website has no tags, then the site does not display - failing closed and preserving compatibility with the open web.

      Given that this is a dire problem that parents face that has reached a tipping point, it would be reasonable to create a legal mandate that mass market device manufacturers must include parental control software that can be enabled during setup process, and that websites over a certain size have to include tags stating their age appropriateness. That would bootstrap the ecosystem and lead to the development of more vibrant tags and blocking software, enabling parents to set their own policies independent of corporate attorneys decreeing what is acceptable for their kids.

      [0] It is also worth keeping in mind that it is exactly Faceboot and its ilk that are pushing these identity verification laws in the first place! They are simply trying to remove their legal liability for harming kids, so they can otherwise continue business as usual

    • DennisP 4 hours ago

      You can fix the leaked token problem if your prover also proves that (a) the private token id is not on the public revocation list, and (b) the token has not yet expired. Use short expirations and auto-renew, this is just to keep the revocation list from growing forever.

      Attackers could still compromise the system with proxies, but you can fix that by (a) passing in a random sessionid from the server so proofs can't be replayed, (b) also passing in the server's public key, so a MITM attack will result in proof the server can't verify, and (c) as you mention, using secure hardware on the client, and encrypting communications between that hardware and the server. The secure hardware doesn't have to preclude general-purpose computers; it can work like a yubikey or hardware wallet, just plug into USB or bluetooth.

      Without proxies, a leaked key has a minor impact unless it's widely distributed online, in which case it's easy to notice and add to the revocation list.

      Tracking clients can be prevented if the client generates a new public key for each session.

      Requiring hardware is in one sense a downside, and strong protections for access would have to be part of the law. But giving everyone secure cryptographic hardware that can do key management and zero-knowledge proofs would be a huge improvement for everyone's privacy and security, so it might be a good trade.

  • wmf 17 hours ago

    This is basically the double spending problem which has been solved in various ways.

    • Groxx 17 hours ago

      It has? I've been under the impression that the "solutions" are "trust us, we don't allow that" (relying on an authority with full knowledge, as partial knowledge isn't sufficient) and "use more resources than anyone can feasibly contest" (bitcoin).

      You could build a merkle tree to say "we exist after X" but not "there is no other X". And publishing that tree for verification would seemingly violate "zero knowledge", unless you know of some way to scrub that, and also hide timing information, because timing information can identify visitors to observers.

    • wmf 14 hours ago

      For example, Chaum's blind signatures https://en.wikipedia.org/wiki/Blind_signature let you create a credential that can be anonymously used once but it gets de-anonymized and invalidated if used a second time. This could be applied to age verification so that each credential could only be used once.

      • Groxx 10 hours ago

        I should really look into blinding strategies some time - there are some very interesting possibilities in there.

  • Epa095 17 hours ago

    Idk if this scheme is zero knowledge, but what's wrong with it? :

    - you enter ph and must age-verify. It says 'your secret: "capable peanut", enter age proof below'.

    - you go to age-knower (e.g bank or government page). You provide the secret phrase, and you get back a cryptographically signed json with the secret phrase, a claim 'above18', and a field stating who attested for the age (e.g government or bank or whoever).

    - you paste this signed json (maybe encoded as base64 or something) into ph. It will verify that the attestee is good, then use it's public key to verify the signature, before checking that the secret is the correct one, and that it contains the age-claim.

    Is the problem that if ph and the attestee colludes they can compare the secret string and figure out who you are?

    • Groxx 16 hours ago

      Yes, that allows collusion. Which has historically happened quite regularly any time money or politics are involved, which means we should not accept that strategy.

      For some isolated scenarios, that collusion risk may be completely fine. But not for something that is poised to control access to the internet as a whole, or in any way relates to maintaining safe free speech on the dominant public platform for doing so (the internet). People need protection from their government (present and future), or it's not a "right", it's just temporary retroactively-revokable permission.

  • tzs 14 hours ago

    Briefly, your government issues you a digital signed copy of a document, such as a driver's license or passport, that gets bound to a hardware security element that you own. In current implementations these are the secure elements of smart phones, but there is no reason that standalone hardware security elements could not be supported.

    When you want to provide information from that document to a third party a protocol is used which allows you to demonstrate to the third party that (1) you have a document from the government bound to your hardware security device, (2) you have unlocked the hardware security device, (3) and the document says what you say it says (e.g., "the birthdate field in this document contains a value that is more than 18 years in the past").

    This third party gets no additional information about the contents of your document. The protocol takes place entirely between your device and the third party, so the government that issued you the bound document has no idea when or if you use it.

    Someone over 18 person could indeed decide to help others prove age, but they would either have to do it in person or be willing to loan their unlocked security element to those others.

    • ulrikrasmussen 6 hours ago

      > Someone over 18 person could indeed decide to help others prove age, but they would either have to do it in person or be willing to loan their unlocked security element to those others.

      You can still automate age-verification-as-a-service using a physical autoclicker on a smartphone with the camera oriented at a screen showing QR codes. I expect this to happen, and for that reason I also expect true anonymity to be something that will last a year or so until it will be politically decided to fix the issue using some central party that verifiers have to contact to impose rate limiting.

  • baby 14 hours ago

    There are different ways to think about this:

    1. Imagine what the protocol would look like without privacy (zk allows you to “sign” a computation, so just do the computation in the clear)

    2. Imagine what the protocol would look like by revealing a hash of the passport only (the idea of a “nullifier”, a unique identifier that hides the data and and can be revealed to prevent replays)

    The first one should already answer your question: the way you would prevent replays or portability (I use your proof) is to attach some sort of session context to your proof

  • vatsachak 12 hours ago

    Even if you had to submit a picture of your driver's license, you can send someone else's

  • miki123211 12 hours ago

    That's where trusted computing comes in.

    Your proof proves two claims. That the person proving their age is over 18, and that they're using a device and software that hasn't been tampered with. That software requires human presence at every age check.

    ZKPs for age assurance are trading off privacy at the expense of software malleability.

    Note that this has nothing to do with open source; it's perfectly fine to release the source code for the relevant software. You can even allow for reproducible builds and full auditability if that's what you want.

    • vasco 12 hours ago

      > Note that this has nothing to do with open source; it's perfectly fine to release the source code for the relevant software. You can even allow for reproducible builds and full auditability if that's what you want

      The released code can do all of that, and then nothing still assures me that they didn't implement just a POST <my whole information> to their partner and called it ZKP and pointed at google's repo.

    • mindslight 6 hours ago

      > Note that this has nothing to do with open source; it's perfectly fine to release the source code for the relevant software. You can even allow for reproducible builds and full auditability if that's what you want.

      But note that it does have everything to do with software freedom. Being able to read the source is little consolation if you're unable to modify it. And preventing users from using modified software is the entire point of remote attestation.

      "Zero-Knowledge Proof" based schemes for this problem is nothing more than a marketing scheme by Google to continue locking down devices and the previously-open web ala WEI, SafetyNet, etc. https://news.ycombinator.com/item?id=48760232

  • rstuart4133 10 hours ago

    > But if they reveal nothing, isn't it wide open for abuse?

    Good point, they do contain more information than "They are over 18". The primary (usually only) thing is who is attesting they are over 18. That might be the government, or a bank.

    That's inevitable, because the usual flow is rather like Google's OAuth - the site needing you to prove your age rediects to the provider (Google, or whoever), who asks questions to verify your identity, and then replies with "over 18" or "not over 18".

    This can leak other information aside from the site knowing who is verifying your age. For example, done the wrong way, the Google / the government could know what porn sites you like. OAuth, for example leaks that sort of information. But there is no technical reason it has to be that way.

    The major barrier to all this isn't whether it's possible to design a protocol that proves your age, having a driver's licence or even an amount in a bank account. It is absolutely possible. It's that to be useful, everyone has to agree on the same protocol. That has so far proved to be near insurmountable.

    • ulrikrasmussen 6 hours ago

      > the usual flow is rather like Google's OAuth - the site needing you to prove your age rediects to the provider (Google, or whoever), who asks questions to verify your identity, and then replies with "over 18" or "not over 18".

      This is false. There are many problems with age verification, but the EU approach does not involve the id provider in the verification flow. The site requiring verification presents a QR code which encodes a presentation request and the provider controlled URL which is to receive a presentation of the age credential, and then the smartphone generates a unique presentation signed by a device bound key and sends it to that endpoint.

      It is however true that in addition to the one bit of information saying age>18, what is also revealed is the public key of the identity provider. This will at least reveal the nationality of the credential holder and - in the case there are multiple issuers within a nation - may reveal even more information about their demography.

quietthrow 15 hours ago

This seems great - one question (ideally for Alan stapleberg) why is this not available for everyone? Seems like this is only applicable to the EU? Genuine question - Why would other governments not want this for their people ? I am sure there is a flip side that EU thinks is not worth more than thier people getting this kind of privacy. But what’s has to be true for some govts to think that the flip side is more beneficial than the privacy aspect. Appreciate if someone can break down how incentive structures are different and hence the resultant choices/positions

rho138 18 hours ago

[2025]

  • consumer451 18 hours ago

    Yes, but it's never been more important than now. Also, I did not have enough chars for an HN title.

    • stephen_g 17 hours ago

      Funny though how whenever these laws are pushed though, the legislators are more interested in strongly identifying people to gate services despite the fact that they should have plenty of advice that things like zero-knowledge proofs exist.

      I hate to be cynical but I worry that this isn't going to matter, because it really seems that a lot of the pressure behind age verification isn't actually very interested in the age verification part...

      • consumer451 16 hours ago

        Agreed. Now is our chance to very publicly inform our legislators. Not all is lost, yet.

      • semi-extrinsic 12 hours ago

        It seems to me that the technical people who get invited to public debates are simply not competent or knowledgable enough. We definitely need to step up!

        But a part of me wonders if this may be by design from the debate moderators - if a technical expert opens up by saying "we have a cryptographically secured solution that is backed by experts and privacy advocates alike", what's the next 45 minutes of the TV show going to be about?

        • bigfishrunning 6 hours ago

          The same thing every 45 minutes of every TV show is about -- selling cars and mattresses.

      • rho138 9 hours ago

        It’s like they’re searching for a gap to fill with a product… where have I seen this go terribly wrong before?

RedComet 10 hours ago

It is painfully obvious that the "age assurance" push is to limit anti-zionist propaganda.

I wonder who or what will abuse this infrustructure when they fail.

emsign 18 hours ago

What's the point of giving a single point of information about yourself to a single website, when all the websites you visit use the same trackers (from Google for example) only to merge these data points together and sell them as a package.

  • TalkingCodeMonk 18 hours ago

    Because of the principle of least privilege: https://wikipedia.org/wiki/Principle_of_least_privilege

    All current age verification measures open up a torrent of attack vectors on user PII and privacy. Limiting the number of entities that are able to access data is one of the best ways to prevent it's leak or abuse. Don't let perfection be the enemy of good.

    But therein lies the fundamental problem with surveillance capitalism. Until the sale of personal data/metadata is outlawed, the practice of targeting content based on an individuals personal data/metadata is outlawed, there is a highly punitive cost for violations and leaks that make storage outside core business functionality a major criminal and financial risk, and the compilation of this data by "intelligence" agencies it treated as a critical attack vector to national security – the attack on each citizens civil rights that it truly is – most privacy laws and regulations are just virtue signals designed specifically avoid the root causes, and further entrench the power of monopolies and incumbents.

    FYI I don't believe Google sells user data. They sell products which leverage user data to give them a critical advantage over every competitor who does not have trackers in everyones pockets/computers, does not store their entire web search/browsing history, etc. It's in the interest of big tech to protect their market advantage (like ZKP, which would prevent competitors from having a new gov-mandated vector to compile user data).

    • sroussey 17 hours ago

      Google never sold user data until the DoubleClick acquisition, from what I understand

rimworld 10 hours ago

how would you get everyone to accept a economy 2.0 pre-req technology?

jrm4 5 hours ago

This is going to be a thing where the individual parties might get something like reliable anonymity, and Google will still be able to trace it, right?

mahirsaid 11 hours ago

more like walled off garden where they only, have access to children and what they watch. so now they will feed them the junk and ads curated only for children so they can get them hooked on products early on. Way to go Google yo uhave succeeded in your goal.

coppsilgold 17 hours ago

Unfortunately ZKP's aren't magic.

When not doing privacy oriented cryptocurrency (cough money laundering cough) with ZKP's, if you really want private verification you are in a position where a single actor can authenticate the entire world and no one will know it happened. And to prevent it you assemble the pieces necessary to deanonymize anyone.

Make no mistake. ZKP age verification, as proposed, will just require multiple parties to collude to figure out your identity.

They can't even implement ZKP for remote attestation due to the auth-the-world problem.

  • consumer451 16 hours ago

    Assuming that perfect is the enemy of good, this is still better than all the proposed alternatives, isn't it?

    • coppsilgold 16 hours ago

      With ZKP age verification, services will not be able to track you without help from the CA. The CA will not be able to track you without help from the services. Both will contain the necessary information in their databases that when combined deanonymize you. The CA is the central authority/certificate authority.

      So you should assume the government can track you, because you should assume both will be streaming those identifiers to it.

      • consumer451 16 hours ago

        Yes, there is one party that can track you, which in some countries is still slightly trusted.

        Ideally, no age verification would be required or proposed. However, if it is, this implementation should be the base minimum, should it not?

        This is a gazillion percent better than a foreign corporation being in charge, isn't it?

      • ekr____ 14 hours ago

        This isn't correct. With ZKP-based systems even the CA can't track you. That's the "zero-knowledge" part.

        • nubg 11 hours ago

          but how is that possible? that even the CA cannot track you?

          • ekr____ 5 hours ago

            That's not really possible to explain in this space, unfortunately, but the overall idea is that there are mathematical techniques that allow you to prove that you have a valid certificate without revealing which one it is.

    • krupan 15 hours ago

      Better than no age verification (and therefore, privacy) coupled with parents doing their job?

      • consumer451 15 hours ago

        That would be ideal. However, this is tech proposal which takes so much of the slop out of the entire thing. With this implementation, there is no profit in it, unless your government is directly cooperating, aka a scandal in many countries.

brigandish 7 hours ago

Someone else in the thread asked, as others have, but most pithily

> How about not needing to do age verification?

Which I agree with. However, I think that ship is sailing. Those who care about this had better find a provider that they trust and support providers they trust, because the perfect is the enemy of the good, and without the good there'll be no way to rollback to the perfect at all.

  • jonathanstrange 6 hours ago

    The people who are against this do not trust any of them for good reasons, so that ship has sailed long ago, too.

spacington 12 hours ago

It's not zero proof

It's moving the goal post from one entity to another.

You can also fake it by letting someone else solve it for you.

  • salviati 12 hours ago

    > You can also fake it by letting someone else solve it for you.

    Fair enough, that's true. But there is no solution that could ever prevent this, right?

    • spacington 8 hours ago

      Yeah exactly.

      I find the naming and the way it gets sold wrong because of it.

userbinator 12 hours ago

Another attempt at a technological solution to a sociopolitical problem. No thanks.

metalman 9 hours ago

lying bastards fuck off nobody will trust ANYTHING if this shit keeps going on