> The point of this is that you can use the credentials on your phone to prove that you are an adult to a website using zero-knowledge proofs to avoid disclosing your identity to anybody.
It is my understanding that this is not possible. I would be happy to be shown to be wrong, but to me it seems like you can either prevent people from lending out their credentials, or you can preserve the anonymity of the user, but not both.
You can use 0KP to prove you have a signed certificate issued by your government that says you are an adult, but then anyone with such a certificate can use it to masquerade as however many sock puppets they like and act as a proxy for people who aren't adults. You can have the issuing government in the loop signing one-time tokens to stop Adults-Georg from creating 10k 18+ attestations per day, but then the issuing government and the service providers have a timing side-channel they can use to correlate identities to service users. Is there some other scheme I'm missing that solves this dilemma?
> It is my understanding that this is not possible. I would be happy to be shown to be wrong, but to me it seems like you can either prevent people from lending out their credentials, or you can preserve the anonymity of the user, but not both.
This is not designed to prevent adults from coöperating with minors; that makes no sense as a design goal because any technical measure can always be bypassed with “download this for me and give me the file”. This is designed to prevent minors from being able to access systems without an adult.
Nothing prevents an adult from buying alcohol on behalf of minors; that doesn’t mean laws that prevent minors from directly buying alcohol are useless.
But laws against selling/giving alcohol to minors are moderately successful at curbing teen alcohol use because they carry with them a risk of punishment that grows with the scale of the operation. If all it took was one adult who thought "kids should be allowed to drink if they want" to provide all the kids in the country with free booze and that adult had no meaningful fear of repercussions, the laws would be nothing but sternly worded advice.
If the proof of adulthood scheme is truly anonymous, one adult with some technical chops who thinks "kids should be allowed to watch porn if they want" would be able to, say, run an adult-o-matic-9000 TOR hidden service that anyone can use to pinky promise that they are an adult without fear of repercussions. If such a service comes with a meaningful risk of being identified and punished, it is by definition not anonymous.
I suppose I'm just not convinced giving up some basic liberties for a law that converts into sternly worded advice if just one adult chooses to break it is a great idea.
It's always fascinating when people put "tor hidden service" in a sentence that describes something that will reach millions.
I also don't think you'll find many ISPs terribly keen to fight for the neutral treatment of TOR connections when the reason for this fight is explicitly to serve porn to minors.
Sure, the big sites could also serve the content without an age gate, both would just have to have to avoid being found as they would be breaking the law that proscribed the age gate.
> You can use 0KP to prove you have a signed certificate issued by your government that says you are an adult, but then anyone with such a certificate can use it to masquerade as however many sock puppets they like and act as a proxy for people who aren't adults
The certificates in question can use a few mitigations: short lived, hardware stored (in a TPM, making distribution harder), be single use, have a random id which the service being accessed can check how many times has been used.
> but then the issuing government and the service providers have a timing side-channel they can use to correlate identities
That's not reallya concern, IMO. That would always exist as a risk - most people would probably have a flow of trying to do something, having to prove ID/age, doing that step, continuing with the something, which means you'd probably be able to time correlate the two sides quite often. The solution here is legal with strong barriers, not technical.
Precisely. To rate-limit attestations you either need government somewhere in the loop so that they get notified and can revoke certificates when they detect abuse (but then they can correlate requests to prove adulthood with the service provider), or you need the proof of adulthood to be tied to the certificate in some way that the service provider can tell if a certificate is being re-used. But then anyone with a copy of all the certificates (read: the government) can re-run the proof on their end and figure out who is who.
The app would be restricted to environments certified by Apple or Google. Then the app can apply features like trusted time to implement client-side rate limiting.
> Just because a company folds doesn't mean they can violate licensing agreements.
It does if that's the law. Every jurisdiction routinely overrules contracts as unenforceable on the basis of some overriding law, so it wouldn't even really be that unusual. Whether it's a good idea or not is another question and one that depends almost entirely on second, third and higher order effects.
There probably is a world where all software is libre software and we still see similar rates of development, but it's not at all clear how you could get there. Especially not if you cared about the damage caused by upending the business models of a significant fraction of the world economy.
> It's clear how insane this culture war against trans people is when you consider this only applies to trans women and not trans men?
In most sports, the "mens" division is actually an open division that accepts all participants regardless of sex. Women just don't compete in it because they have no shot at getting a decent placement. The fact that males and females can't fairly compete with each other is the raison d'être of the women's league. This, and not culture war propaganda reasons is why only the most deranged bigots have an issue with trans men competing in "mens" sports.
Fun fact: "open divisions" only last as long as men are winning them. Women often outshoot men, and after Shan Zhang's win they were siloed into their own division.
> Fun fact: "open divisions" only last as long as men are winning them. Women often outshoot men, and after Shan Zhang's win they were siloed into their own division.
That decision was made before her win.
> the International Shooting Union, at a meeting in April of 1992, and therefore ahead of the Games, elected to bar women from shooting against men in future events.
The EU is perfectly capable of collaborating even when it can't reach full consensus or when it wants to include peripheral states without them becoming full members. See for example the Schengen area, Eurozone, European Economic Area, and more recently (and specifically to circumvent member state vetos) when the enhanced cooperation procedures were invoked to lend money to Ukraine.
People who live in authoritarian states like North Korea or California can (and arguably should) ignore the fact that GrapheneOS is illegal where they live and use it anyway.
As the complexity of a system increases, the number of single points of failure also tends to increase. Sometimes you can make sure that several subsystems need to fail before the whole system fails. Often, the best you can do is swap one SPoF (e.g. unreliable power grid) for another, more robust SPoF (unreliable UPS).
"Actual malice" is confusingly not about if the defendant was acting maliciously. It is specific legal jargon meaning that the defendant knowingly or with reckless disregard for the truth made the false statements.
Going on the stand and stating that you "don't know" whether the allegedly defamatory statements you are suing over are true or not is a... bold legal strategy.
The ACLU called it a SLAPP lawsuit. If true, they probably didn't care if they won or not.
That said, going on stand when your opponent has proven they can and will use your words and actions against you in the court of public opinion is a... bold strategy.
Honestly it was pretty ballsy of Afroman to release songs during the trial (which did come up, but I think they sort of ignored due to some law that changed in 2024?)
>Going on the stand and stating that you "don't know" whether the allegedly defamatory statements you are suing over are true or not is a... bold legal strategy.
if the statement is true, that's a defense against defamation.
if the statement is not believable, that is also a defense against defamation.
it actually was legal strategy designed to dance around the legal strategy behind those questions being asked, taking the air out of your insult
Are you saying you believe the cop who said, under oath, he "doesn't know" whether his wife could be having an affair with afroman chose to do that as part of a deliberate legal strategy? And that you think this casts him in a more positive light than merely being clueless?
That wasn't actually what I was implying. Just that if the plaintiff isn't even willing to assert that the statements were false, what are you wasting the court's time for?
> He falsely claimed my wife is cheating on me!
> So you assert that your wife didn't cheat on you?
> No.
> ???
It is my understanding that this is not possible. I would be happy to be shown to be wrong, but to me it seems like you can either prevent people from lending out their credentials, or you can preserve the anonymity of the user, but not both.
You can use 0KP to prove you have a signed certificate issued by your government that says you are an adult, but then anyone with such a certificate can use it to masquerade as however many sock puppets they like and act as a proxy for people who aren't adults. You can have the issuing government in the loop signing one-time tokens to stop Adults-Georg from creating 10k 18+ attestations per day, but then the issuing government and the service providers have a timing side-channel they can use to correlate identities to service users. Is there some other scheme I'm missing that solves this dilemma?
reply