I thought so too. I seem to remember it almost being a selling point. Like: “Your adventures are being used to improve maps and train AI systems for the future of humanity! Yay!”

But I had a look at their old pages from 2017-2020ish in the Wayback machine and there’s no mention of it. In fact, their privacy policies seemed to try to make it very clear that they don’t sell or share user data except where needed to deliver the service or in anonymised aggregate to third parties (48 people went to your business while playing Pokemon!).

There’s some mention of using it to advertise but none of them mention using it to build an advanced geo-spacial dataset for AI. Unless I’m missing something or reading it wrong?

Might be a Mandela effect.

Security yes, privacy not especially.

PGP lets you encrypt the messages and sign them to digitally prove you sent them.

It doesn’t help with the problem here which is that the metadata of who you are (the IP used to log into the webmail and the email address of the sender) and who you’re talking to (the email of the recipient) and when (timestamps etc.) were able to be leaked.

In fact, depending on the implementation, PGP could be considered slightly worse for privacy because you’d have the added identity proof of the message having a signature that only you could create with your private key (although that’s encrypted, it’s a stronger identity proof than the sender email address). It also generally leaks the recipients’ key IDs too (although that’s configurable) PGP is great for accountability, message confidentiality and non-repudiation. Not so much for privacy. For that you’d need other systems.

Ah misread that it was card, not a service. That mostly works and is the same kind of thing as the other crypto solutions.

Though a bad actor could still set up a service with a legit card that provides government signed anonymous “yes” responses on demand.

I worry that the response will be to require an account and a full ID from it. Social media sites saying “we need to verify your identity to ensure you’re an adult human and to combat bots. Scan your id card…”

Still one of the better technical solutions here though.

The difference is one is physical and requires interaction with a human: “Hey uncle Bob, buy me beer?” Vs. The other one is technical and just requires them to do a Google search and click a button without interacting with anyone.

The first one has a higher barrier for entry and at least involves some form of adult supervision. The second one makes it not much different to the classic “what is your birthday?” thing.

The difference with the asking an adult to buy alcohol is mostly that, because the whole thing is online, they wouldn’t need to ever really interact with an adult.

If the circumvention is as easy as looking up “free age verification” in a search engine, typing a url and clicking a button then it might not be very effective.

If it at least required them to steal dad’s id card or get uncle Bob to help or something that’s a different story.

I agree, although in this thread I’m mostly interested in the technical puzzle.

How do they deal with the other requirements though? What’s stopping someone from setting up a service that uses their yivi account to sign “I’m over 18” for anyone who wants to be over 18?

This is the first perfect solution I’ve heard!

Granted it’s a little slow but it meets all the requirements xD

It would also reveal to the government that the user was accessing 18+ content (though not what that content is if the token is blinded).

It also doesn’t stop the easy circumvent of someone who is an adult providing a service for children or others who don’t want to auth with the government.

1. The 18+ site provides Child c with a token T and it’s blinded to b(T)
2. The child sends b(T) to a malicious service run by a real adult (Mal)
3. Mal sends the token to the AVS to create s(b(T))
4. Mal provides s(b(T)) to the child who gives it to the 18+ site as a legit S(T)

How does this work to protect privacy though? Wouldn’t the site need to know who you are to be able to look you up with the government?

Or is it more like an SSO/Oauth callback style thing where you sign into the government and they send the “age bit” digitally signed and your browser gives it back the service? Either way the government would know when you’re accessing 18+ material and possibly what specific site you’re accessing? Or is there more to it?

they could set up an online system which allows anyone to generate a proof of age and generates keypairs on demand for a requested site

This is the issue I have with most cryptographic solutions. There’s usually a way for someone to just share their private keys or run a service that generates valid site-specific credentials. If a user can generate something that says they’re over 18, it would be trivial to do that on behalf of others and set up an easy automated system for it. Adding some kind of rate or use limiting would just make it frustrating to use on multiple sites and add more implementation complexity on the side of the site.

Once such a system exists, the whole thing becomes trivial to circumvent. I guess the governments could try to play whack-a-mole with some kind of revocation capability but if the resulting keypairs are anonymous, then that wouldn’t work because they wouldn’t know who is creating them.

Those things come with a big convenience and implementation trade-off that slows adoption.

If it’s hard to export for technical reasons (eg. Needs to be in a tpm) then that adds hardware requirements and complexity and makes it difficult to log in on other devices. If it’s a software thing, then it’s rippable. Either way “install our government app to watch porn” is not an enticing prospect for people.

Aggressive rate limiting is also frustrating if you want to log into multiple things and it keeps blocking you because you’re using your key too fast, but if it’s not aggressive then it likely won’t be effective unless all the kids sharing a key are trying to use it at once.

If it’s a temporary thing where you have to auth with the government to get a fresh signing key that expires, you have the issue of having to sign into the government when you want 18+ content which is super uncomfortable.

I can see it being a browser-based thing set up a bit like video DRM but that would still need to talk to a government server each time for a temp key (like how licence servers work) and you’d need to be logged into their systems. It might still be the best option but it does still leak “X person wants to access 18+ content right now” to the government.

I’m really interested in seeing a technical/cryptographic solution that actually works but so far I haven’t really and I’m starting to doubt that it’s possible.

I think they supported the pixel fold which has the same sort of second flippy screen thing. I think the multiple screen stuff is just in the aosp base.

Whenever this comes up, this style of zero-knowledge proof/blind signature thing gets suggested. But the problem is that those only work if people care about keeping their private keys secret. It works to secure eg. “I own $1” but “I’m over 18” is less important to people and it won’t be hard for kids to get their hands on a valid anonymous signing key on the web. Because the verification is anonymous and not trackable, many kids can share the same one too, so it only takes one adult key to leak for everyone to use. It’s one of the reasons they push biometrics that at least appears to need a real human. Requiring ID has a lot of the same issues on top of being a privacy nightmare.

I’m starting to think that actual age verification is technically impossible.

But I don’t want a bunch of huge images in my face. Isn’t that what pixelfed and Instagramy things are for? I only want to click on the things I’m interested in, not be shown an ugly frustrating stream of giant, semi-traumatic political pictures one after the other. Thumbnails exist for a reason and claiming they’re bad UX is incorrect, it’s the industry standard design pattern for any control that allows a user to browse quickly through multiple images or to provide an impression to a user before they decide whether or not to open the full content.

Lemmie/piefed is more about text and conversations so titles should always be the largest clearest part so you can read them quickly to know whether you want to engage with the post or not. Otherwise, how is it different from pixelfed? Likes vs upvotes is not a big difference.