127

Many might've seen the Australian ban of social media for <16 y.o with no idea of how to implement it. There have been mentions of "double blind age verification", but I can't find any information on it.

Out of curiosity, how would you implement this with privacy in mind if you really had to?

you are viewing a single comment's thread
view the rest of the comments
[-] demesisx@infosec.pub 50 points 3 weeks ago

Homomorphic encryption (zero knowledge cryptography) is a known solution to this problem.

https://crypto.stackexchange.com/questions/96232/zkp-prove-that-18-while-hiding-age

[-] actually@lemmy.world 15 points 3 weeks ago

Doesn’t this assume the issuing agency has all employees who are morally sound and not leaking data, unnoticed by an internally badly designed system, which is designed by people who are out of touch? Most things like this are designed that way, irregardless of country .

I’m sure one can make it watertight but it’s so hard and still depends in trusting people. The conversation here is about one thing of a larger system. There are probably a hundred moving parts in any bureaucracy.

[-] demesisx@infosec.pub 36 points 3 weeks ago

This is the understanding ANYWHERE. How do we know there aren’t back doors in our OS’s? We literally have no clue. We do THE BEST WE CAN using the clues we have.

[-] pro3757@programming.dev 19 points 3 weeks ago* (last edited 3 weeks ago)

Yeah, these things quickly boil down to the trusting trust thing (see Ken Thompson's Turing award lecture). You can't trust any system until you've designed every bit from scratch.

You gotta put your trust somewhere, or you won't be able to implement jack.

[-] socsa@piefed.social 1 points 3 weeks ago

This isn't as limiting as it seems at first glance though. Sending pictures of a true one time pad cipher doesn't rely on the security of the transport or the camera. From there you can choose to make a compromise of convenience and get to things like Private key cryptography where the ciphers are done via basic xor arithmetic you can do by hand.

[-] actually@lemmy.world 5 points 3 weeks ago

I don’t know anything about cryptology; I have an imagination about how many things can go wrong hooking up parts and running them.

If it’s the law to make an age verification system then it will be made.

But I think one either has an age verification or privacy, but not both, in any country in the world.

I’m totally sure many of the discussions here about crypto are way above my head. But I’m equally sure while any one part will look fine in paper, the sum total will be used by an expanding government agency, crime, or both.

[-] leisesprecher@feddit.org 4 points 3 weeks ago

God I hate cryptography so much for making me feel stupid every time I read anything about it.

I want to feel smat!

[-] demesisx@infosec.pub 26 points 3 weeks ago* (last edited 3 weeks ago)

I find it intimidating for sure. They say “never roll your own crypto” and I take those words to heart. Still, it would suck to have to hire someone and just trust their work. That person could be another Sam Bankman Fried or Do Kwan and you’d be party to their scam and you’d have no idea.

[-] monk@lemmy.unboiled.info 2 points 3 weeks ago

No! Because it leaked everything but the birth date to the verification party.

[-] MalReynolds@slrpnk.net 5 points 3 weeks ago

I've always thought that it should be the relevant ID issuing organisation, with whom the damage to privacy has already been done, might as well leverage it.

[-] jonathan@lemmy.zip -3 points 3 weeks ago

sounds too simple bro, what it needs is more blockchain /s

[-] demesisx@infosec.pub 19 points 3 weeks ago* (last edited 3 weeks ago)

You seem to be joking but ZK and Homomorphic encryption don’t necessarily need to involve blockchain but they can.

This is like someone mentioning UUID’s and you leave a weird sarcastic comment about databases (and everyone suddenly villainizing them due to them being used for scams).

[-] PoolloverNathan@programming.dev 6 points 3 weeks ago

I believe they were referring to last year's trend of blockchain being introduced to everything unnecessarily (as a marketing buzzword, similar to AI).

[-] demesisx@infosec.pub 14 points 3 weeks ago* (last edited 3 weeks ago)

I got the joke. What I didn’t get is why it was even remotely relevant to the discussion at hand since ZK is used a lot in crypto but it’s also used everywhere else. It muddied the waters and made the joke somewhat nonsensical, IMO. Perhaps OP was unaware of how prevalent ZK is in the crypto world…

Oh well. Have a good day.

[-] jonathan@lemmy.zip -2 points 3 weeks ago* (last edited 3 weeks ago)

You say you got the joke, but everything else you said suggests you didn't. Just to be clear I wasn't being critical of your reply, I was mocking the cryptobros the other poster mentioned.

[-] demesisx@infosec.pub 9 points 3 weeks ago

It was a vapid, low effort, hiveminded Reddit joke.

[-] jonathan@lemmy.zip 2 points 3 weeks ago

looks at post history I mean lazy as my joke was, now I understand how you got so upset about it.

[-] sukhmel@programming.dev 4 points 3 weeks ago

Only last year? I thought it was the whole last decade

this post was submitted on 30 Nov 2024
127 points (99.2% liked)

Programming

17672 readers
36 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev



founded 2 years ago
MODERATORS