> For those aged 16-25, save 1/3 off rail fares for days out, seeing family and friends and even festivals!
> For those aged 60 and over, save 1/3 off rail fares for days out, holidays, seeing family and friends, and theatre trips!
So, provide proof of age via ID and get a discount. It's very common on public transit for the young and elderly to get a discount.
I don’t see how revealing the result of a less than comparison can be considered zero knowledge, but then I also don’t understand the difference between Google exchanging actionable confidential facts about you for money and them selling your personal information, so what do I know?
Additionally, the way the discounts work is that you buy a pass that lasts for a period of time. That then needs to work with your current age. i.e. you can't buy 2 years of discount for under 30s at 29, you can only buy 1 year, so they need to share your age and I think possibly in some cases, date of birth.
It's a blunt tool, but it's not terrible.
Maybe you want teenagers to be more independent, instead of relying too much on their parents for transportation needs. Maybe you want young adults get used to using public transit instead of driving everywhere, which can lower infrastructure costs in a densely populated country. Maybe you want to encourage retirees to get out and participate in the society, instead of sitting alone at home. Or maybe you want to encourage the use of public transit outside peak hours, which could reduce the overall need for subsidies.
Simple systems, such as age-based categories, often work well enough. Targeted subsidies can be more efficient in principle. But that assumes that regulators manage to target them properly and have the regulations implemented in software correctly and in time. All of those often fail. And even when they are successful, they may cost more than you save with better targeting. Not to mention the opportunity costs: when regulators focus on one thing, they can't work on another.
On the one hand, it's better than a world where non-privacy-respecting ID verification becomes required anyways, and thus every bit of your online behavior becomes tied to your actual identity.
On the other hand, the presence of this kind of technology makes it easier for governments to say things like "all ___ content online must be restricted to ages 18+ or 21+" and actually have a way to implement that across Discord and TikTok and gaming chatrooms and everything inbetween, in a way that has already been deployed at scale... because it had not already been fought against from a privacy perspective when it was deployed for things like public transit.
The things that can be placed in that blank are far more widespread than one might initially think.
Now you don't have any ID either, and can't prove who you are.
Think of all the authentication mechanisms you rely on: credit cards, food delivery, smart locks, uber, parking, ev charging, email, messaging, intuit, dmv and so on.
Now imagine you’re permanently banned from them all with no appeal and no way to create new accounts.
This part is quite true for English Internet, thresholds for content removals and algorithmic de-ranking is dropping rapidly.
Foreign companies have also repeatedly shown that they're happy to go along with the latest and greatest idea of the government to avoid being blocked. Right now it's not really a problem as I can easily pretend to be a middle-aged balding guy from rural Germany (or wherever).
You can probably combine the two and see where it leads to.
The Baltics have handled this better with a Smart ID system[0] that also allows cryptographic document signing (like Adobe Sign but non-repudiable by law). It can perform proof-of-human like Altman's orbs, and allows Baltic citizens to file documents with the government, access electronic court records, electronic medical records, e-banking, and similar services.
One downside of the system is that its purpose is to identify a natural person using a service. So whichever service uses it as authentication, it will receive personal data. However, there are third-party sign-on gateways that use Smart ID (and other e-signature methods legal in the Baltics) to authenticate users and only disclose certain bits of personal information to those requesting authentication. In Lithuania, the government operates a service called the E-Government Gateway, and one can easily imagine it could be used for zero-knowledge age verification.
Ultimately, Google seems to be offering a far inferior product at a lot more risk to the user. Once again, their core business is user profiling, associating various user metrics with each profile. A government ID is the holy grail for user profiling. It's sort of like if a wolf offered a sheep-verification service - yes, we could trust the wolf to act professionally towards the sheep, despite it coming out in sheep court several times that it hasn't in the past. But is it wise to suspend disbelief like that? It's better to leave this to independent, expert companies, or even governments.
Identity theft would become essentially impossible. Then if it were adopted by things that are fundamentally associated with your real identity (e.g., banks, payment processors, insurance providers, government institutions) then whole classes of phishing scams would become impossible.
Then there are the use cases where it's convenient for the user. Public transit, event admissions, membership cards.
Then there are the use cases where it's convenient for the provider. Alcohol sales, social media, adult content.
... Yeah, that would turn into a dystopia incredibly fast.
"The difference between a thing that might happen and a things that cannot happen, is that when a things that cannot happen happens it usually tends to be impossible to get at or repair."
https://www.rijksoverheid.nl/onderwerpen/identiteitsfraude/v...
Last time I checked Google isn't any of the following:
* a government instution
* a bank
* a notary
* a casino
* my life insurer
* my employer
https://www.rijksoverheid.nl/onderwerpen/identiteitsfraude/v...
The main thrust of such measures is "Let's make sure a kid can't see/access this". However, without an actual camera to double check that "yes indeedy, this really is the person attached to the ID" then "faking" it is all too simple. I can almost guarantee you'll get IDs floating around the internet which kids will use to completely bypass these protections (or they'll simply swipe their parents' ids when they aren't looking). It's a half step above "what's your birthday" checks.
Now, I (and I assume you and most people) don't value perfect law enforcement. I certainly value my privacy more than I value "catching bad guys" or keeping kids from seeing a trailer for an M rated game.
That's why I'm calling the idea dumb. It won't work and the next steps to make it work better are horrifying. It's better if we didn't even try.
Imagine if every single gay person were caught and put in jail the moment they acted on their urges, or every single person who bought or sold weed (or alcohol, during the prohibition) were similarly arrested. We'd still be stuck in the mindset of a century ago.
A society that has removed its own ability to progress is truly a horrifying prospect.
This is quite a leap.
Societies would be perfectly capable of evolution as long as they are not totally convinced of their own perfection at any given moment. It is quite possible to have everyone follow a law while simultaneously supporting changing it.
Don't worry, it won't be perfect and universal. Politicians, the police, and their friends and family will surely make themselves exempt.
No, they rely on leadership to progress.
>There's no way to create a critical mass of resistance and disobedience that will lead to the toppling of an unfair law
Encouraging the breaking of laws is not good. Changing laws does not require them to be broken. Allowing for a critical mass of criminals to be created is a bug and not a feature.
>if you enforce the law perfectly and universally, and this will lead society to ossify.
Even if true, that is not neccessarily a bad thing. I find unequal enforcement of the law to be a bigger issue and it allows for vague laws to exist which are selectively applied. If things were perfect much more thought would need to be put into the design of laws.
>We'd still be stuck in the mindset of a century ago.
I'd prefer living in a society like that with strong morals that doesn't cave in and make compromises.
>A society that has removed its own ability to progress is truly a horrifying prospect
As I mentioned above progress can still happen via leadership. Leadership can take in information and make decisions in the way society should be led. Cutting off the information of how much crime is happening doesn't seem like it will make it impossible to make new decisions. There are more data sources that can be used.
this thin edge of the wedge age verification solution is to normalize people showing ID everywhere and whether it's their age or some other social credit attribute is immaterial. the product is submission. the original hope for this was first in differential privacy, then ZKSNARKS, then FHE, and whatever proof they're on about now is intended to obfuscate not the data, but the actual use case, which is going back to covid era ID checks. for climate, surely.
I distinctly remember a conversation I had in 2013 while working on early instances of a related identity tech, where I said to the founder and CTO, "nobody wants this, it's something you want to impose on others. your security model needs a failure mode other than catastrophic because the incentives to take it down are tremendous- from fake ID and fraud to people like me who just think you're assholes."
Identity isn't a tech problem, it's a political problem people in bureaucracies who problematize human freedom and dignity keep trying to bully through with increasingly obfuscated tech.
for googlers reading this though, I've got a great name for your identity product: holler-it! it's just like hollerith but so much quirkier and safe feeling.
Do you hand your full PII "private key" or equivalent, to Google, or does any of the proving happen on your own device?
Then proofs are constructed to 3rd parties, proving certain properties of your data without revealing the underlying data? Are they live/interactive proofs or can static proofs be constructed for these type cases?
What is exactly being proved? Proving that you/Google knows a "private key" that can be found in a particular set of public keys published by the issuer? Or something like that?
This seems to imply you have to upload your information to Google first. But if you do that then what's the point of ZKP, Google might as well just send over a signed attestation token.
At least, reading their claims with that in mind has often helped me to make sense of the various claims they make.
The identity document (e.g. driver's license) is granted by an issuer (e.g. department of motor vehicles) and stored in the user's device only. Google is not part of this flow and the document is not sent to Google or stored by Google. In fact, one major technical problem is how to make sure that the document cannot be used without having possession of the phone. To this end, the document is associated with the phone's secure element (think of a hardware yubikey already present in the phone itself) and cannot be used without the secure element.
Think of the document as a dictionary { "name": "foo", "address": "bar" ... }, although the reality is more complicated. One standard for these documents is ISO/IEC 18013-5, but other possibilities exist.
The proof itself proves the truth of a certain predicate on the document. The predicate is something like "The document parses correctly, it is bound to the device's secure element, and it contains zip_code = 012345".
The phone generates the proof at presentation time in about 1s. Another major technical difficulty is that past attempts at solving this problem required prover time of tens of seconds. Our proofs have the property that no entity, including a future quantum computer, can learn anything from the proof other than the predicate is true. See https://eprint.iacr.org/2024/2010 for the gory details. The specific predicate being proved is in Algorithm 10.
When you say "interactive" you probably mean "at presentation time", as opposed to "in advance". We generate a fresh proof at presentation time and not in advance. Be aware that the ZKP literature uses "interactive" in a different sense, in which the verifier keeps posing multiple challenges to the prover until the verifier is satisfied that the proof is correct. Our system is derived from an "interactive" protocol in this technical sense, and transformed into a "non-interactive" prover via a general transformation called "Fiat-Shamir". The net effect is that the verifier asks "tell me your age and nothing else", the prover sends one message with the proof, and that's it.
Nothing. Nothing happens. Millenials grew up on the internet where ID checks were "Promise you are 18", and what bad has come of it? A generation of murderers and rapists? Please...
A mental illness epidemic? [0]
[0] https://www.afterbabel.com/p/the-teen-mental-illness-epidemi...
I don't think this is true? Generations seem to be getting Internet access at younger and younger ages and the Internet takes up more and more time in our lives with every passing year, and Phones Bad / Social Media Bad seems to be a pretty commonly accepted concept.
For reference, 2007 is 18 years ago.
Google Wallet will keep working for 6 months. Then stop. Around the same time Google Money Wallet will launch. Neither will support credit cards correctly for another 6 months.
Then Google Billfold will launch...
Sure other people might be able to replicate the signing process. But who else is going to be able to get governments around the world to add those other would be zk proof providers?
This feels like such a vicious demented technological gordian knot being woven to trap humanity in.
Meanwhile the web has it's own devilry in progress, a similar effort to make non authenticated people utterly unable to use the web, the Digital Credentials API, brought to you again by Google. https://developer.chrome.com/blog/digital-credentials-api-or...
This is all so hideously bad for humanity. The zero knowledge aspect is the absolute bare minimum to not make this pure scum and villainy, but it's still a sick awful thing to do to humanity, uses a lure of convenience to walk us into a place where the individuals of the world are powerless and where ever expanding digital dominion over us corals and steers us. Do not want, go back to hell & stop trying to drag hell to earth, monsters.
holowoodman•12h ago
Too bad that while the porn website you are visiting will not get your name from google, google will sell the fact that you visited that porn website to anyone who is interested...
arealaccount•12h ago
Note - agree with your sentiment.
tmoertel•12h ago
Has Google has actually done this? According to Google, they don't sell personal information:
https://about.google/company-info/how-our-business-works/#:~...
I'm willing to believe they've broken this promise, but if you can point to some actual proof, I'd like to see it.
kmeisthax•12h ago
3984574•11h ago
Some context: https://www.classaction.org/news/google-breaks-user-privacy-...
tmoertel•11h ago
3984574•11h ago
> Site
> This object is present in the bid request when the impression will be rendered on a website rather than a non-browser application.
Contains a "page" field:
> URL of the page where the impression will be shown with URL parameters removed.
EDIT: If you don't think that counts as personal info then that's that, just trying to prove GP's claim that Google will happily tell a bunch of advertisers that you're visiting a porn website.
ffsm8•5h ago
This kinda invalidats the claim that Google is selling this information about you
whimsicalism•12h ago
ajsnigrutin•11h ago
guerrilla•10h ago
whimsicalism•10h ago
guerrilla•8h ago
https://www.eff.org/deeplinks/2020/03/google-says-it-doesnt-...
> Real-time bidding is the process by which publishers auction off ad space in their apps or on their websites. In doing so, they share sensitive user data—including geolocation, device IDs, identifying cookies, and browsing history—with dozens or hundreds of different adtech companies.