this post was submitted on 24 Apr 2025

53 points (100.0% liked)

Europe

5676 readers

1007 users here now

News and information from Europe 🇪🇺

(Current banner: La Mancha, Spain. Feel free to post submissions for banner images.)

Rules (2024-08-30)

This is an English-language community. Comments should be in English. Posts can link to non-English news sources when providing a full-text translation in the post description. Automated translations are fine, as long as they don't overly distort the content.
No links to misinformation or commercial advertising. When you post outdated/historic articles, add the year of publication to the post title. Infographics must include a source and a year of creation; if possible, also provide a link to the source.
Be kind to each other, and argue in good faith. Don't post direct insults nor disrespectful and condescending comments. Don't troll nor incite hatred. Don't look for novel argumentation strategies at Wikipedia's List of fallacies.
No bigotry, sexism, racism, antisemitism, islamophobia, dehumanization of minorities, or glorification of National Socialism. We follow German law; don't question the statehood of Israel.
Be the signal, not the noise: Strive to post insightful comments. Add "/s" when you're being sarcastic (and don't use it to break rule no. 3).
If you link to paywalled information, please provide also a link to a freely available archived version. Alternatively, try to find a different source.
Light-hearted content, memes, and posts about your European everyday belong in !yurop@lemm.ee. (They're cool, you should subscribe there too!)
Don't evade bans. If we notice ban evasion, that will result in a permanent ban for all the accounts we can associate with you.
No posts linking to speculative reporting about ongoing events with unclear backgrounds. Please wait at least 12 hours. (E.g., do not post breathless reporting on an ongoing terror attack.)
Always provide context with posts: Don't post uncontextualized images or videos, and don't start discussions without giving some context first.

(This list may get expanded as necessary.)

Posts that link to the following sources will be removed

on any topic: RT, news-pravda:com, GB News, Fox, Breitbart, Daily Caller, OAN, sociable:co, citjourno:com, brusselssignal:eu, europesays:com, geo-trends:eu, any AI slop sites (when in doubt please look for a credible imprint/about page), change:org (for privacy reasons)
on Middle-East topics: Al Jazeera
on Hungary: Euronews

Unless they're the only sources, please also avoid The Sun, Daily Mail, any "thinktank" type organization, and non-Lemmy social media. Don't link to Twitter directly, instead use xcancel.com. For Reddit, use old:reddit:com

(Lists may get expanded as necessary.)

Ban lengths, etc.

We will use some leeway to decide whether to remove a comment.

If need be, there are also bans: 3 days for lighter offenses, 7 or 14 days for bigger offenses, and permanent bans for people who don't show any willingness to participate productively. If we think the ban reason is obvious, we may not specifically write to you.

If you want to protest a removal or ban, feel free to write privately to any of the mods: @federalreverse@feddit.org, @poVoq@slrpnk.net, or @anzo@programming.dev.

founded 10 months ago

MODERATORS

federalreverse@feddit.org

poVoq@slrpnk.net

anzo@programming.dev

EuroMod@feddit.org

Digital Identities and the Future of Age Verification in Europe (www.eff.org)

submitted 1 day ago by schizoidman@lemm.ee to c/europe@feddit.org

37 comments fedilink hide all child comments

The UN Convention on the Rights of the Child clearly expresses that minors have rights to freedom of expression and access to information online, as well as the right to privacy.

These rights would be steamrolled by age verification requirements.

you are viewing a single comment's thread
view the rest of the comments

[–] kbal@fedia.io 6 points 1 day ago (3 children)

There is no way to remotely verify someone's age across the Internet without violating their privacy. If there was, there would be no way to use it that doesn't violate their other rights.

[–] Nomad@infosec.pub 7 points 1 day ago (1 children)

It security engineer here: zero knowledge proofs are exactly that. Proof your age isg higher than X, but not even how much higher. They can't even profile you based on that information as they can't recognize you across visits.

Some government identity cards already support that. For everybody else there are companies that offer that service.

BTW I'm against age verification. We had access to porn at a certain age, I want my children to be able to look when that gets interesting to them. But then again I'm pretty progressive and open with sexuality in general and I take time out of my day to actually talk to my kids about dangers on the internet.

[–] kbal@fedia.io 3 points 23 hours ago (1 children)

If I search for zero-knowledge proofs relating to age verification the only thing I see is the hash chain method "based on a 2013 paper by Angel & Walfish" which is clever enough but does not in itself solve the problem of proving age while maintaining one's privacy. It allows Alice to demonstrate to a verifier that she is over the age of 65 while revealing nothing else other than her name or some other identifying piece of information. Avoiding the reveal of any such information is what we would want to avoid.

Is there some better way to do it?

[–] Nomad@infosec.pub 3 points 21 hours ago (1 children)

You only need to prove the number in your government id is greater that the required. Number. The number is signed by the government CA

[–] freeman@feddit.org -2 points 20 hours ago

Any reasonable government doesnt gove out ascending number-IDs, Right??!

[–] Ooops@feddit.org 3 points 1 day ago* (last edited 1 day ago) (1 children)

Your government... you know... the people that already have all your data and issue your passport... cannot include a flag (properly cryptographically signed by them) that tells a service "Yes, the guy that just inserted this valid passport is an adult. You don't need to get any other info. We already checked for you.", no other connection or transfer of data neccessary?

[–] kbal@fedia.io 3 points 1 day ago (1 children)

If you know a way to do it without invading people's privacy you'd better go tell the government of Spain about it, because they didn't manage to find it when they designed their eIDAS scheme which they hoped would become the Europe-wide standard. Not sure if that's still seen as likely but I haven't heard about any other concrete proposals yet.

[–] Ooops@feddit.org 1 points 1 day ago* (last edited 1 day ago)

I'm talking about things you can do technically.

Governments don't plan completely idiotic ideas because they don't know better but because their actual reason for choosing the system they chose is NOT creating a workable system that protects your privacy.

That's the whole point. Articles like this aren't completely wrong. The systems planned are indeed a risk to privacy rights. But we need to stop pretending that it's an accident and the government simply don't know better or there is no better solution at all. Actual solutions exist and we need to talk about the fact that those are ignored intentionally because a working system that protects your privacy is simply not the goal here.

[–] Kissaki@feddit.org 2 points 1 day ago* (last edited 1 day ago) (1 children)

What do you mean by violating privacy?

If you have a passport, citizenship, or birth certificate your age is already documented.

[–] desktop_user@lemmy.blahaj.zone 2 points 1 day ago (1 children)

yes, however the government should NEVER have access to what social messaging apps ANYONE uses without a warrant.

[–] Kissaki@feddit.org 3 points 1 day ago (1 children)

Isn't that a matter of implementation whether they even receive this information or not during validation?

[–] desktop_user@lemmy.blahaj.zone 1 points 1 day ago (1 children)

the fact that they received a validation request is informative that they probably shouldn't be able to access, however regardless of implementation, assuming causality and the speed of light remain, this will be information the government will recieve. Some entity (probably the government) would* also need to know who to send the response to, technically they could just broadcast this over some low frequency transmission broadcast to everyone, but realistically the government would need some kind of address (IP, fax number, po box, etc.).

Technically this is an implementation detail, however the only ways to implement this type of thing that wouldn't be comprimizing would involve citizen prompted government broadcasts and trust that the government won't have records of who requested the broadcast and what number was sent (which would make it trivial for adults to just sell the age identifier) and would still worsen the average citizen's security because it still takes effort to generate a unique identifier for every site.

[–] Kissaki@feddit.org 2 points 23 hours ago* (last edited 23 hours ago) (1 children)

If my gov creates a digital cert of age and signs it then I should be able to use that and the service provider can verify against gov public key, no? No information of visit exchanged.

As an alternative I also expect it to be possible via zero knowledge proof https://en.m.wikipedia.org/wiki/Zero-knowledge_proof

[–] desktop_user@lemmy.blahaj.zone 0 points 22 hours ago

that still uniquely identifies you to the company and would make having multiple accounts that are fully separate harder. in addition there would be no way of knowing whether or not the government has or hasn't hidden another layer of data (like your name) in the certificate.

This would also be trivial for children to bypass as it would need to be usable an unlimited number of times (or else individuals couldn't have multiple accounts) therefore it would only take one adult sharing their cert and signature publicly for any child to have a valid certificate.