The problem is not that we aren’t doing age verification, it’s that a group of authoritarians are trying to force mandatory implementation of age verification (and concomitant removal of anonymity). That’s the problem.
It seems like the solution is to provide an age verification mechanism with robust privacy protections. That way when we offer a solution that works for all of their states concerns, if they disagree with the privacy preserving approach we force them to say outright "I want to keep a record of every website you visit."
Unfortunately not. They will use even the most privacy preserving protocol to push remote attestation of end devices. Which in itself is a stepping stone making their next steps much easier.
They actually already do in the EUDI wallet reference implementation. There, as this is part of a more general ID system, they probably want to avoid that people duplicate or export IDs.
In case of a privacy preserving age check, the fear could be that a copied private key could be enough to generate unlimited age proofs, indistinguishable from the original app instance.
In another thread someone gave an even lazier argument: the eudi wallet requires hw backed keys by law regardless, and the laziest implementation would be device attestation...
"We show that large language models can be used to perform at-scale deanonymization. With full Internet access, our agent can re-identify Hacker News users and Anthropic Interviewer participants at high precision, given pseudonymous online profiles and conversations alone, matching what would take hours for a dedicated human investigator. "
It seems like the solution is to provide an age verification mechanism with robust privacy protections. That way when we offer a solution that works for all of their states concerns, if they disagree with the privacy preserving approach we force them to say outright "I want to keep a record of every website you visit."
Unfortunately not. They will use even the most privacy preserving protocol to push remote attestation of end devices. Which in itself is a stepping stone making their next steps much easier.
Why would they say that is necessary?
They actually already do in the EUDI wallet reference implementation. There, as this is part of a more general ID system, they probably want to avoid that people duplicate or export IDs. In case of a privacy preserving age check, the fear could be that a copied private key could be enough to generate unlimited age proofs, indistinguishable from the original app instance. In another thread someone gave an even lazier argument: the eudi wallet requires hw backed keys by law regardless, and the laziest implementation would be device attestation...
Hrm that does seem suboptimal. There have got to be better approaches available to us through cryptography.
I don't understand how such a thing could be possible. Privacy is inherently gone, even if the third party doesn't learn your real name.
Anonymity is a myth. I am sure by now an LLM can figure out who you are and where you live by your HN posts alone.
Do it then
I nave never, and will never, use AI on my own accord.
Hey, iamnothere, look at this!
https://arxiv.org/abs/2602.16800
"We show that large language models can be used to perform at-scale deanonymization. With full Internet access, our agent can re-identify Hacker News users and Anthropic Interviewer participants at high precision, given pseudonymous online profiles and conversations alone, matching what would take hours for a dedicated human investigator. "