A great number of people here are engaged in civilized debates about whether parenting needs age verification.
That might seem to be the issue, but it is a red herring.
Powerful people are ramming age verification through in a way that will surveil you and give government the ability to not just attest for your age, but surveil what sites you use, and revert their attestation, for anyone, on any site, for whatever reason.
Not just porn sites but any site they convince to use their age verification scheme.
Even Wikipedia is having to fight this with the help of the EFF to not force all its users to submit to this.
Wake up. We all need to wake up.
The purpose of an anonymizing open source alternative is to head off dystopia. Nuanced opinions about parenting are not a defense strategy. Not against a closed internet permissioning system run by governments. Implemented by people who are using parenting as a cover.
Your parenting opinions won’t help you log onto increasing numbers of sites that block you without a government supplied key.
Wake up.
We must not let governments use this issue to lock down the internet. But that is now the default outcome.
The problem is insidious.
Some commenters have suggested regulating the "algorithms" instead of requiring "age verification"
If these "algorithms", e.g., designs for how to present content,^1 are found to be in violation of products liability law, then why not regulate them
If computer users really need something like a "feed", "suggested videos" or "AI summaries" to retrieve and present information then they can choose to run their own software to provide that, not software controlled by so-called "tech" companies
The so-called "tech" companies remove meaningful user choice and force their software on users
The effects of this software are so obviously bad that computer users are willing to consent to "age verification" to protect especially vulnerable users from these harmful effects
1. Optimised for data collection, surveillance and ad services, with user benefit a secondary purpose
If you need personalized government attestation to visit a site, then the government has the ability to dynamically deny and rescind your individual access to any site that adopts age verification, at any time.
Once adult sites adopt the system, it will creep over to any site wanting to limit their liability. Banks. Business services. Eventually almost everyone.
Liability the government will dramatize and escalate. You won't see the government pass any laws to create age-liability safe harbors.
Wikipedia is already being forced to fight to not implement age verification. Age verification managed by the government = No Wikipedia access without individually tracked, controlled and revokable government permission. [0]
Seldom has a slippery slope been so slippery.
The distance between government controlled per-citizen access to obviously adult sites, and government permissioned/controlled access to any site of substance, does not even involve a technical hurdle. It just becomes a site adoption curve. Every adoption increasing the scope of real-time government surveillance in our minute-to-minute lives, and its real-time at-will ability to deny access to whatever it chooses, whenever it chooses, and for whoever it chooses. In any combination.
Dystopia is here.
In my opinion, this is terrifying.
We need: Third party attestation, providable by anyone/entity meeting basic openly-defined criteria, limited to age attestation only, implemented with Zero Knowledge Proofs, to create a safe anonymous (unsurveiled/no personalized denials) alternative, to take the wind out of the sails of this constant governmental power grab. If it isn't solved by security minded technologists and the marketplace, the freedom destroying version will prevail - and it won't be undone.
[0] https://www.eff.org/deeplinks/2025/07/we-support-wikimedia-f...
Zero-knowledge seems to be a bit of an oversell here. It is more like you break the knowledge up and only share the relevant parts with each party. And the facilitator (Google) arguably has access to the most information out of any of the parties involved.
Lots of bias in this thread. But maybe we can have a technical discussion?
I'm not into this topic, so maybe someone else can answer this: How "zero-knowledge" is this actually?
As far as I understand, there are three parties here: 1. Me, the user; 2. The site I want to access; 3. The attestor (google? my government?). What do they know about each other?
Does the site know who I am?
Does the site know who my attestor is (and therefore, for example, that it doesn't like Winnie-the-Poo memes)?
Does the attestor know what site or kind of content I want to visit (and therefore e.g. if he agrees with it)?
Does the attestor know who I am?
Do I always know who the site and attestor are, and when this proof happens?
It is suspicious to me that "age assurance" is trending EXACTLY as AI agents become capable of autonomously operating a personal computer in the same way a human office worker would.
I'm afraid "age assurance" has nothing to do with "the children".
"ZKP makes it possible for people to prove that something about them is true without exchanging any other data. So, for example, a person visiting a website can verifiably prove he or she is over 18, without sharing anything else at all."
But not "...without sharing anything else even when setting up your token."
Can I prove that some cryptographic token A) doesn't contain any PII and B) that the token itself can't be used as an ID tied to my identity in a Google or government database?
No and no. So, I do not support schemes like this.
Age is just one metric. I don't want zero proof tech about information X. I don't want to have an identity. Full stop.
ZKP for this purpose is a trojan horse for identity tracking and device attestation, as those are prerequisites for avoiding the scenario of someone printing attestations that everyone is of age in bulk and handing them out for free.
It works for contract signing and payments, because there is a built in incentive there, but not for age attestation.
Will they not just argue that you could share the assertion, and hence we need a 'trusted' verfication point to establish it is actually you in posession of the zkp token, right now. So turn on that smartphone camera right now and obediently follow our biometric verfication instructions ...
I'm not a fan of age checks. There is a reason Google is offering this (for free).
As always with tracking, the value is in the metadata.
The knowledge if you are or are not above a certain age is already privacy invasive but not that relevant for tracking or ads.
But with ZKP at least you won't need to send your creditcard, copy of ID and address to the 3rd party to verify.
We need "How to talk to your legislators about zero-knowledge proofs".
CSIRO and the Australian privacy commissioner suggested this path to the Australian Government a few years ago.
I'm not a fan of technology fixes for social problems but i do think this may be in the sweet spot.
I see a lot of people here don't agree. I think they may not appreciate quite how concerned a lot of the community is about the effects of networked communication on minors. I'm not here to change people's minds, but this isn't a US problem it's a global one, and US constitutional rights views do not predominate worldwide.
Google has more customers outside the US than inside, and has more business with entities subject to non US laws than solely US domiciled entities.
I've been trying to figure out how zero-knowledge stuff would work in practice for age verification, where "when issued" (or extremely coarse, like what year), "to whom", and "where it's used" are hidden from everyone except the individual holding the proof (since that's the gold standard, and the only one worth accepting).
I get that ZK techniques work, and reveal "nothing". That's useful.
But if they reveal nothing, isn't it wide open for abuse? Couldn't one over-18-person's proof become everyone's proof, because they can't tell it's the same proof, and the issuer can't tell where or how often the proof is being used? Or are there ways to construct data leaks that are not user-identifying but are abuse-identifying (and what would that even mean)?
This seems great - one question (ideally for Alan stapleberg) why is this not available for everyone? Seems like this is only applicable to the EU? Genuine question - Why would other governments not want this for their people ? I am sure there is a flip side that EU thinks is not worth more than thier people getting this kind of privacy. But what’s has to be true for some govts to think that the flip side is more beneficial than the privacy aspect. Appreciate if someone can break down how incentive structures are different and hence the resultant choices/positions
It is painfully obvious that the "age assurance" push is to limit anti-zionist propaganda.
I wonder who or what will abuse this infrustructure when they fail.
What's the point of giving a single point of information about yourself to a single website, when all the websites you visit use the same trackers (from Google for example) only to merge these data points together and sell them as a package.
This is going to be a thing where the individual parties might get something like reliable anonymity, and Google will still be able to trace it, right?
In this scenario, Google is still a trusted dealer.
I just posted a general solution anyone can implement without needing Google as the trusted dealer: https://news.ycombinator.com/item?id=48760492
how would you get everyone to accept a economy 2.0 pre-req technology?
more like walled off garden where they only, have access to children and what they watch. so now they will feed them the junk and ads curated only for children so they can get them hooked on products early on. Way to go Google yo uhave succeeded in your goal.
Someone else in the thread asked, as others have, but most pithily
> How about not needing to do age verification?
Which I agree with. However, I think that ship is sailing. Those who care about this had better find a provider that they trust and support providers they trust, because the perfect is the enemy of the good, and without the good there'll be no way to rollback to the perfect at all.
Unfortunately ZKP's aren't magic.
When not doing privacy oriented cryptocurrency (cough money laundering cough) with ZKP's, if you really want private verification you are in a position where a single actor can authenticate the entire world and no one will know it happened. And to prevent it you assemble the pieces necessary to deanonymize anyone.
Make no mistake. ZKP age verification, as proposed, will just require multiple parties to collude to figure out your identity.
They can't even implement ZKP for remote attestation due to the auth-the-world problem.
It's not zero proof
It's moving the goal post from one entity to another.
You can also fake it by letting someone else solve it for you.
Another attempt at a technological solution to a sociopolitical problem. No thanks.
lying bastards fuck off nobody will trust ANYTHING if this shit keeps going on
[dead]
[dead]
Still, I don't want to gate people based on age.
Parents should at least be able to overwrite the age of their child, maybe selectively allow bypasses. My experience with a computer would have been completely different if I was blocked from half of the internet. Especially when I see which kind of content gets blocked.