I’m asking for public policy ideas here. A lot of countries are enacting age verification now. But of course this is a privacy nightmare and is ripe for abuse. At the same time though, I also understand why people are concerned with how kids are using social media. These products are designed to be addictive and are known to cause body image issues and so forth. So what’s the middle ground? How can we protect kids from the harms of social media in a way that respects everyone’s privacy?
You should listen/read Steve Gibson’s podcast episode from Security Now that goes over Zero Knowledge Proofs: https://www.grc.com/sn/sn-1034.htm
It seems like the ideal solution that can be implemented if we take the time to do it right.
Thanks for the read, I learned something today! I worry, though, that even if someone could devise a ZPK for age verification, can end-users actually trust that platforms are using it? Say for example Meta provides a biometric-based ZPK for age. Can we trust that they’re not harvesting our biometric data? In the podcast’s examples, it’s easy for Peggy and Victor to understand that they are using a ZPK system. However, the age verification problem most often arises in arrangements where the prover is using a client app into whose inner workings they have no insight (either because it’s closed source, they’re not technologically literate enough, or who has the time to scrutinize the source code for every program they use) and which is most likely developed by the verifier. So the problem kind of moves upstream: how can you trust that ZPK is actually being used?