this post was submitted on 30 Nov 2024

123 points (99.2% liked)

Programming

17608 readers

237 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Follow the programming.dev instance rules
Keep content related to programming in some way
If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities [email protected]

founded 2 years ago

MODERATORS

[email protected]

123

How could digitial age verification be possibly implemented with privacy in mind? (programming.dev)

submitted 1 week ago by [email protected] to c/[email protected]

83 comments fedilink hide all child comments

Many might've seen the Australian ban of social media for <16 y.o with no idea of how to implement it. There have been mentions of "double blind age verification", but I can't find any information on it.

Out of curiosity, how would you implement this with privacy in mind if you really had to?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 50 points 1 week ago (4 children)

Homomorphic encryption (zero knowledge cryptography) is a known solution to this problem.

https://crypto.stackexchange.com/questions/96232/zkp-prove-that-18-while-hiding-age

[–] actually 13 points 1 week ago (1 children)

Doesn’t this assume the issuing agency has all employees who are morally sound and not leaking data, unnoticed by an internally badly designed system, which is designed by people who are out of touch? Most things like this are designed that way, irregardless of country .

I’m sure one can make it watertight but it’s so hard and still depends in trusting people. The conversation here is about one thing of a larger system. There are probably a hundred moving parts in any bureaucracy.

[–] [email protected] 36 points 1 week ago (2 children)

This is the understanding ANYWHERE. How do we know there aren’t back doors in our OS’s? We literally have no clue. We do THE BEST WE CAN using the clues we have.

[–] [email protected] 18 points 1 week ago* (last edited 1 week ago) (1 children)

Yeah, these things quickly boil down to the trusting trust thing (see Ken Thompson's Turing award lecture). You can't trust any system until you've designed every bit from scratch.

You gotta put your trust somewhere, or you won't be able to implement jack.

[–] [email protected] 1 points 1 week ago

This isn't as limiting as it seems at first glance though. Sending pictures of a true one time pad cipher doesn't rely on the security of the transport or the camera. From there you can choose to make a compromise of convenience and get to things like Private key cryptography where the ciphers are done via basic xor arithmetic you can do by hand.

[–] actually 5 points 1 week ago

I don’t know anything about cryptology; I have an imagination about how many things can go wrong hooking up parts and running them.

If it’s the law to make an age verification system then it will be made.

But I think one either has an age verification or privacy, but not both, in any country in the world.

I’m totally sure many of the discussions here about crypto are way above my head. But I’m equally sure while any one part will look fine in paper, the sum total will be used by an expanding government agency, crime, or both.

[–] [email protected] 4 points 1 week ago (1 children)

God I hate cryptography so much for making me feel stupid every time I read anything about it.

I want to feel smat!

[–] [email protected] 25 points 1 week ago* (last edited 1 week ago) (1 children)

I find it intimidating for sure. They say “never roll your own crypto” and I take those words to heart. Still, it would suck to have to hire someone and just trust their work. That person could be another Sam Bankman Fried or Do Kwan and you’d be party to their scam and you’d have no idea.

[+] [email protected] -10 points 1 week ago (1 children)

I'm not sure what these things have to do with each other. How exactly would cryptography have prevented SBF, you know, a crypto bro.

[–] [email protected] 12 points 1 week ago (1 children)

It wouldn’t have. You totally misunderstood my comment. Reread it.

To paraphrase: when you hire a cryptographer to work on your project you have to hope that they are not a scammer because they could easily lie to you about the soundness of their cryptography and you’d have no idea. You see, SBF and Do Kwan were liars. If they had been cryptographers (they aren’t and weren’t) their employer would have to believe them since they would be an expert in something nearly impossible for a layman to understand.

Do you get it yet?

[–] [email protected] -4 points 1 week ago (1 children)

I get what you're trying to say, but I'm not sure it makes sense.

I mean, that's literally every field you're not an expert in. And most of us are experts in less than one field.

You don't know about medicine, car engines, electricity or tax laws, you have your guys for that. Even in our field, we have guys for databases, OSes, networking, because quite frankly nobody understands those really.

So I'm not sure what the point of your comment is. That having experts is good? Yeah, I guess? Did we need to have that reinforced?

[–] [email protected] 14 points 1 week ago

If a doctor or mechanic was wrong, at least you’d have an inkling that things were wrong and you’d be able to sue them. Whereas with cryptography, no one has ANY IDEA WHATSOEVER if there are back doors until they are used to rob people blind. In all of the cases you mentioned, victims of those abuses have recourse whereas in cryptography, if things are wrong, they often CANNOT be patched and it’s even exceptionally hard for an expert to prove what went wrong.

[–] [email protected] 2 points 1 week ago (1 children)

No! Because it leaked everything but the birth date to the verification party.

[–] [email protected] 5 points 1 week ago

I've always thought that it should be the relevant ID issuing organisation, with whom the damage to privacy has already been done, might as well leverage it.

[–] [email protected] -3 points 1 week ago (2 children)

sounds too simple bro, what it needs is more blockchain /s

[–] [email protected] 19 points 1 week ago* (last edited 1 week ago) (1 children)

You seem to be joking but ZK and Homomorphic encryption don’t necessarily need to involve blockchain but they can.

This is like someone mentioning UUID’s and you leave a weird sarcastic comment about databases (and everyone suddenly villainizing them due to them being used for scams).

[–] [email protected] 6 points 1 week ago (2 children)

I believe they were referring to last year's trend of blockchain being introduced to everything unnecessarily (as a marketing buzzword, similar to AI).

[–] [email protected] 14 points 1 week ago* (last edited 1 week ago) (1 children)

I got the joke. What I didn’t get is why it was even remotely relevant to the discussion at hand since ZK is used a lot in crypto but it’s also used everywhere else. It muddied the waters and made the joke somewhat nonsensical, IMO. Perhaps OP was unaware of how prevalent ZK is in the crypto world…

Oh well. Have a good day.

[–] [email protected] -2 points 1 week ago* (last edited 1 week ago) (1 children)

You say you got the joke, but everything else you said suggests you didn't. Just to be clear I wasn't being critical of your reply, I was mocking the cryptobros the other poster mentioned.

[–] [email protected] 9 points 1 week ago (1 children)

It was a vapid, low effort, hiveminded Reddit joke.

[–] [email protected] 2 points 1 week ago

looks at post history I mean lazy as my joke was, now I understand how you got so upset about it.

[–] [email protected] 4 points 1 week ago

Only last year? I thought it was the whole last decade