Pluralistic: "Privacy preserving age verification" is bullshit (14 Aug 2025)


Today's links


Three kids in a trenchcoat, atop one another's shoulders. They stand before a hellishly complex midcentury computing control room.

"Privacy preserving age verification" is bullshit (permalink)

I don't think that it's impossible for politicians, even nontechnical politicians, to make good tech policy. After all, the fact that no one in Congress is a microbiologist doesn't stop federal standards from delivering potable water (and it doesn't excuse the ghastly failures, such as Flint, MI):

https://pluralistic.net/2024/11/21/policy-based-evidence/

For politicians to make good policy, they don't need to be technical experts: they need to have solid, independent, well-resourced expert agencies. Those would be the very agencies that Trump and Musk have DOGEd into oblivion, which is pretty ominous, since the work of expert agencies is how you avoid dying of food poisoning, water poisoning, air poisoning, collapsing buildings, faulty antilock brakes, train explosions and plane-crashes.

But when it comes to tech policy, politicians get it all so goddamned wrong. Partly that's because the cartel of tech companies lies to them like crazy, even under oath, leading to a kind of nihilistic refusal to believe any expert input. Mark Zuckerberg wants you to think that's it's inconceivable for you to have a social life without him eavesdropping on it, and any rule demanding this is a farce, like a demand to make water that's not wet:

https://pluralistic.net/2022/11/08/divisibility/#technognosticism

Big Tech's highly resourced bullshit machine convinces some politicians that technical expertise is not to be trusted, and gives other, more cynical politicians cover for ignoring experts by saying, "Oh you people are always telling us that this or that is impossible."

For example, since the Clinton era, politicians all over the world demanded a kind of impossible encryption: encryption that works perfectly when it's doing something legitimate, like keeping hackers from pushing malware to your pacemaker or stealing your life's savings or listening in on you through your phone's microphone, but also they require that this encryption offer no protection to criminals, drug dealers, terrorists, child abusers, and other miscreants.

This really is like water that's not wet. We can make encryption that works. It's hard to get right, but when we do, it offers a wondrous level of protection from interception and eavesdropping, scrambling our data so thoroughly that you would have to consume multiple universes worth of time and space to build all the computers necessary to guess the descrambling key. We can also make encryption that doesn't work. People do this by accident all the time. Sometimes, the NSA does it on purpose (and doesn't mention that fact to the people who rely on it for their safety and integrity):

https://en.wikipedia.org/wiki/Dual_EC_DRBG

But what we absolutely, positively, totally cannot make is encryption that both works and does not work, depending on whose secrets it is protecting. That's impossible.

But when technologists tell policymakers this, they tell us that they have every confidence in our ingenuity, and also, they can't be certain we're not telling a Zuck-style fable about how the stuff we merely disprefer is actually impossible. They tell us to NERD HARDER!

NERD HARDER! is the answer every time a politician gets a technological idée-fixe about how to solve a social problem by creating a technology that can't exist. It's the answer that EU politicians who backed the catastrophic proposal to require copyright filters for all user-generated content came up with, when faced with objections that these filters would block billions of legitimate acts of speech:

https://memex.craphound.com/2019/04/03/after-months-of-insisting-that-article13-doesnt-require-filters-top-eu-commissioner-says-article-13-requires-filters/

When politicians seize on a technological impossibility as a technological necessity, they flail about and desperately latch onto scholarly work that they can brandish as evidence that their idea could be accomplished.

For example, back in 2019, Trump's Bureau of Land Management tried to impose a ton of absolutely bizarre, environmentally devastating requirements on Burning Man's land-use permit. One of these requirements was to effectively ban LED lights at night (!), on the basis that these were so bright at altitude that they could disrupt nocturnal birds.

In support of this measure, the BLM cited a PhD dissertation from a physicist who developed a method for estimating light pollution. That physicist turns out to be a burner, who filed comments in the docket describing how the BLM had misapplied his work, making crude mathematical errors that led them to grossly overstate the amount of light pollution at altitude (I've just spent an hour trying to find this comment and I came up craps – if you can find it, please let me know, as it was delicious).

That kind of Annie Hall/Marshall McLuhan/"You know nothing of my work" moment is always fantastic, and especially so when politicians are demanding that technologists NERD HARDER! to realize their cherished impossibilities.

That's just happened, and in relation to one of the scariest, most destructive NERD HARDER! tech policies ever to be assayed (a stiff competition). I'm talking about the UK Online Safety Act, which imposes a duty on websites to verify the age of people they communicate with before serving them anything that could be construed as child-inappropriate (a category that includes, e.g., much of Wikipedia):

https://wikimediafoundation.org/news/2025/08/11/wikimedia-foundation-challenges-uk-online-safety-act-regulations/

The Starmer government has, incredibly, developed a passion for internet regulations that are even stupider than Tony Blair's and David Cameron's. Requiring people to identify themselves (generally, via their credit cards) in order to look at porn will create a giant database of every kink and fetish of every person in the UK, which will inevitably leak and provide criminals and foreign spies with a kompromat system they can sort by net worth of the people contained within.

This hasn't deterred Starmer, who insists that if we just NERD HARDER!, we can use things like "zero-knowledge proofs" to create "privacy-preserving" age verification system, whereby a service can assure itself that it is communicating with an adult without ever being able to determine who it is communicating with.

In support of this idea, Starmer and co like to cite some genuinely exciting and cool cryptographic work on privacy-preserving credential schemes. Now, one of the principal authors of the key papers on these credential schemes, Steve Bellovin, has published a paper that is pithily summed up via its title, "Privacy-Preserving Age Verification—and Its Limitations":

https://www.cs.columbia.edu/~smb/papers/age-verify.pdf

The tldr of this paper is that Starmer's idea will not work and cannot work. The research he relies on to defend the technological feasibility of his cherished plan does not support his conclusion.

Bellovin starts off by looking at the different approaches various players have mooted for verifying their users' age. For example, Google says it can deploy a "behavioral" system that relies on Google surveillance dossiers to make guesses about your age. Google refuses to explain how this would work, but Bellovin sums up several of the well-understood behavioral age estimation techniques and explains why they won't work. It's one thing to screw up age estimation when deciding which ad to show you; it's another thing altogether to do this when deciding whether you can access the internet.

Others say they can estimate your age by using AI to analyze a picture of your face. This is a stupid idea for many reasons, not least of which is that biometric age estimation is notoriously unreliable when it comes to distinguishing, say, 16 or 17 year olds from 18 year olds. Nevertheless, there are sitting US Congressmen who not only think this would work – they labor under the misapprehension that this is already going on:

https://pluralistic.net/2023/04/09/how-to-make-a-child-safe-tiktok/

So that just leaves the privacy-preserving credential schemes, especially the Camenisch-Lysyanskaya protocol. This involves an Identity Provider (IDP) that establishes a user's identity and characteristics using careful document checks and other procedures. The IDP then hands the user a "primary credential" that can attest to everything the IDP knows about the user, and any number of "subcredentials" that only attest to specific facts about that user (such as their age).

These are used in zero-knowledge proofs (ZKP) – a way for two parties to validate that one of them asserts a fact without learning what that fact is in the process (this is super cool stuff). Users can send their subcredentials to a third party, who can use a ZKP to validate them without learning anything else about the user – so you could prove your age (or even just prove that you are over 18 without disclosing your age at all) without disclosing your identity.

There's some good news for implementing CL on the web: rather than developing a transcendentally expensive and complex new system for these credential exchanges and checks, CL can piggyback on the existing Public Key Infrastructure (PKI) that powers your browser's ability to have secure sessions. When you visit a website with https:// in front of the address (instead of just http://).

However, doing so poses several difficulties, which Bellovin enumerates under a usefully frank section header: "INSURMOUNTABLE OBSTACLES."

The most insurmountable of these obstacles is getting set up with an IDP in the first place – that is, proving who you are to some agency, but only one such agency (so you can't create two primary credentials and share one of them with someone underage). Bellovin cites Supreme Court cases about voter ID laws and the burdens they impose on people who are poor, old, young, disabled, rural, etc.

Fundamentally, it can be insurmountably hard for a lot of people to get, say, a driver's license, or any other singular piece of ID that they can provide to an IDP in order to get set up on the system.

The usual answer for this is for IDPs to allow multiple kinds of ID. This does ease the burden on users, but at the expense of creating fatal weaknesses in the system: if you can set up an identity with multiple kinds of ID, you can visit different IDPs and set up an ID with each (just as many Americans today have drivers licenses from more than one state).

The next obstacle is "user challenges," like the problem of households with shared computers, or computers in libraries, hotels, community centers and other public places. The only effective way to do this is to create (expensive) online credential stores, which are likely to be out of reach of the poor and disadvantaged people who disproportionately rely on public or shared computers.

Next are the "economic issues": this stuff is expensive to set up and maintain, and someone's gotta pay for it. We could ask websites that offer kid-inappropriate content to pay for it, but that sets up an irreconcilable conflict of interest. These websites are going to want to minimize their costs, and everything they can do to reduce costs will make the system unacceptably worse. For example, they could choose only to set up accounts with IDPs that are local to the company that operates the server, meaning that anyone who lives somewhere else and wants to access that website is going to have to somehow get certified copies of e.g. their birth certificate and driver's license to IDPs on the other side of the planet. The alternative to having website foot the bill for this is asking users to pay for it – meaning that, once again, we exclude poor people from the internet.

Finally, there's "governance": who runs this thing? In practice, the security and privacy guarantees of the CL protocol require two different kinds of wholly independent institutions: identity providers (who verify your documents), and certificate authorities (who issue cryptographic certificates based on those documents). If these two functions take place under one roof, the privacy guarantees of the system immediately evaporate.

An IDP's most important role is verifying documents and associating them with a specific person. But not all IDPs will be created equal, and people who wish to cheat the system will gravitate to the worst IDPs. However, lots of people who have no nefarious intent will also use these IDPs, merely because they are close by, or popular, or were selected at random. A decision to strike off an IDP and rescind its verifications will force lots of people – potentially millions of people – to start over with the whole business of identifying themselves, during which time they will be unable to access much of the web. There's no practical way for the average person to judge whether an IDP they choose is likely to be found wanting in the future.

So we can regulate IDPs, but who will do the regulation? Age verification laws affect people outside of a government's national territory – anyone seeking to access content on a webserver falls under age verification's remit. Remember, IDPs handle all kinds of sensitive data: do you want Russia, say, to have a say in deciding who can be an IDP and what disclosure rules you will have to follow?

To regulate IDPs (and certificate authorities), these entities will have to keep logs, which further compromises the privacy guarantees of the CL protocol.

Looming all of this is a problem with the CL protocol as being built on regulated entities, which is that CL is envisioned as a way to do all kinds of business, from opening a bank account to proving your vaccination status or your right to work or receive welfare. Authoritarian governments who order primary credential revocations of their political opponents could thoroughly and terrifyingly "unperson" them at the stroke of a pen.

The paper's conclusions provide a highly readable summary of these issues, which constitute a stinging rebuke to anyone contemplating age-verification schemes. These go well beyond the UK, and are in the works in Canada, Australia, the EU, Texas and Louisiana.

Age verification is an impossibility, and an impossibly terrible idea with impossibly vast consequences for privacy and the open web, as my EFF colleague Jason Kelley explained on the Malwarebytes podcast:

https://www.malwarebytes.com/blog/podcast/2025/08/the-worst-thing-for-online-rights-an-age-restricted-grey-web-lock-and-code-s06e16

Politicians – even nontechnical ones – can make good tech policy, provided they take expert feedback seriously (and distinguish it from self-interested industry lobbying).

When it comes to tech policy, wanting it badly is not enough. The fact that it would be really cool if we could get technology to do something has no bearing on whether we can actually get technology to do that thing. NERD HARDER! isn't a policy, it's a wish.

Wish in one hand and shit in the other and see which one will be full first:

https://www.reddit.com/r/etymology/comments/oqiic7/studying_the_origins_of_the_phrase_wish_in_one/

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#20yrsago Lloyds of London to offer insurance for corporate open source users https://www.theregister.com/2005/08/12/opensource_indemnification/

#20yrsago Vampire novel as a work of first-rate science fiction https://memex.craphound.com/2005/08/14/vampire-novel-as-a-work-of-first-rate-science-fiction/

#10yrsago Chinese theme-park queue-jumping techniques http://www.capndesign.com/archives/2015/08/the_art_of_queue_jumping.php

#10yrsago Even when you turn on Win 10’s “privacy” flags, it still spies on you https://arstechnica.com/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/

#10yrsago Trickle-down kids’ TV: Sesame Street will air on HBO 9 months before PBS https://memex.craphound.com/2015/08/14/trickle-down-kids-tv-sesame-street-will-air-on-hbo-9-months-before-pbs/

#10yrsago Transgenic mouse company pays academics who cite them in papers https://www.badscience.net/2015/08/so-this-company-cyagen-is-paying-authors-for-citations-in-academic-papers/

#10yrsago Australian court hands copyright trolls their own asses https://torrentfreak.com/dallas-buyers-club-ruling-devastates-copyright-trolling-down-under-150814/

#10yrsago Student suspended for tweeting two words will get to sue his school, police chief https://www.techdirt.com/2015/08/14/school-police-chief-must-face-lawsuit-brought-student-suspended-10-days-tweeting-actually-yes/

#5yrsago Maidan in Belarus https://pluralistic.net/2020/08/14/shock-doctrine/#walkaway

#5yrsago NYC Street View, WPA edition https://pluralistic.net/2020/08/14/shock-doctrine/#wpa-nyc

#5yrsago NYC homeless lose bathroom access https://pluralistic.net/2020/08/14/shock-doctrine/#everybody-poops

#5yrsago The CARES Shock Doctrine https://pluralistic.net/2020/08/14/shock-doctrine/#shock-doctrine

#1yrago The one weird monopoly trick that gave us Walmart and Amazon and killed Main Street https://pluralistic.net/2024/08/14/the-price-is-wright/#enforcement-priorities

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • Canny Valley: A limited edition collection of the collages I create for Pluralistic, self-published, September 2025

  • Enshittification: Why Everything Suddenly Got Worse and What to Do About It, Farrar, Straus, Giroux, October 7 2025
    https://us.macmillan.com/books/9780374619329/enshittification/

  • Unauthorized Bread: a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2026

  • Enshittification, Why Everything Suddenly Got Worse and What to Do About It (the graphic novel), Firstsecond, 2026

  • The Memex Method, Farrar, Straus, Giroux, 2026

  • The Reverse-Centaur's Guide to AI, a short book about being a better AI critic, Farrar, Straus and Giroux, 2026


Colophon (permalink)

Today's top sources:

Currently writing:

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. (1049 words yesterday, 30960 words total).

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Medium (no ads, paywalled):

https://doctorow.medium.com/

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://twitter.com/doctorow

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

Join the Discussion at ChinWag