I’m asking for public policy ideas here. A lot of countries are enacting age verification now. But of course this is a privacy nightmare and is ripe for abuse. At the same time though, I also understand why people are concerned with how kids are using social media. These products are designed to be addictive and are known to cause body image issues and so forth. So what’s the middle ground? How can we protect kids from the harms of social media in a way that respects everyone’s privacy?
You should listen/read Steve Gibson’s podcast episode from Security Now that goes over Zero Knowledge Proofs: https://www.grc.com/sn/sn-1034.htm
It seems like the ideal solution that can be implemented if we take the time to do it right.
Thanks for the read, I learned something today! I worry, though, that even if someone could devise a ZPK for age verification, can end-users actually trust that platforms are using it? Say for example Meta provides a biometric-based ZPK for age. Can we trust that they’re not harvesting our biometric data? In the podcast’s examples, it’s easy for Peggy and Victor to understand that they are using a ZPK system. However, the age verification problem most often arises in arrangements where the prover is using a client app into whose inner workings they have no insight (either because it’s closed source, they’re not technologically literate enough, or who has the time to scrutinize the source code for every program they use) and which is most likely developed by the verifier. So the problem kind of moves upstream: how can you trust that ZPK is actually being used?
That’s why zero trust itself is so important. The only way it can be guaranteed is to have an open standard that is zero trust, so nobody is able to abuse it and the lay person doesn’t have to trust anyone. Not to mention if it is implemented correctly, there is no data to even trust them with, given there was zero knowledge of the end user. It would require a governing body to be competent enough to implement it, but I like to dream big