this post was submitted on 18 Feb 2026
117 points (97.6% liked)

Ask Lemmy

37916 readers
1404 users here now

A Fediverse community for open-ended, thought provoking questions

Rules: (interactive)

1) Be nice and; have funDoxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them

2) All posts must end with a '?'This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?

3) No spamPlease do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.

4) NSFW is okay, within reasonJust remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either !asklemmyafterdark@lemmy.world or !asklemmynsfw@lemmynsfw.com. NSFW comments should be restricted to posts tagged [NSFW].

5) This is not a support community.
It is not a place for 'how do I?', type questions. If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email info@lemmy.world. For other questions check our partnered communities list, or use the search function.

6) No US Politics.
Please don't post about current US Politics. If you need to do this, try !politicaldiscussion@lemmy.world or !askusa@discuss.online

Reminder: The terms of service apply here too.

Partnered Communities:

Tech Support

No Stupid Questions

You Should Know

Reddit

Jokes

Ask Ouija

Logo design credit goes to: tubbadu

founded 2 years ago
MODERATORS
Bluetreefrog@lemmy.world
TheSaneWriter@lemm.ee
TheSaneWriter@lemmy.thesanewriter.com
Asudox@lemmy.world
lemmy_bot@lemmy.world
beefbaby182@lemmy.world
ModeratorCan@lemmy.world
neidu3@sh.itjust.works
asudox@lemmy.asudox.dev
candyman337@lemmy.world
candyman337@sh.itjust.works
117
How can we protect kids from the harms of social media without sacrificing everyone's privacy? (piefed.ca)
submitted 18 hours ago by ageedizzle@piefed.ca to c/asklemmy@lemmy.world
153 comments fedilink hide all child comments
 

I'm asking for public policy ideas here. A lot of countries are enacting age verification now. But of course this is a privacy nightmare and is ripe for abuse. At the same time though, I also understand why people are concerned with how kids are using social media. These products are designed to be addictive and are known to cause body image issues and so forth. So what's the middle ground? How can we protect kids from the harms of social media in a way that respects everyone's privacy?

you are viewing a single comment's thread
view the rest of the comments
[–] remedia@piefed.social 13 points 14 hours ago (2 children)

In order to provide a "yes, this person is over 18" service for a vendor, the vendor has to know which real name (or other personally identifiable piece of information) to look up, don't they?

So if you have to provide the vendor with a real name, phone number, ID card number or selfie that identifies the account "draco_aeneus@mander.xyz" with "John Doe/555-4556/X1234567" that eliminates your anonymity, they've accomplished surveillance over your personal opinions and whatever other content you share. The real problem isn't age verification, the problem is they're trying to eliminate anonymity.

[–] ravenaspiring@sh.itjust.works 4 points 10 hours ago

There are https://en.wikipedia.org/wiki/Zero-knowledge_proof which can do exactly what you just proposed. I'm not sure it's a foolproof answer, but it is designed to exactly deal with that identity conundrum as well as others.

In cryptography, a zero-knowledge proof (also known as a ZK proof or ZKP) is a protocol in which one party (the prover) can convince another party (the verifier) that some given statement is true, without conveying to the verifier any information beyond the mere fact of that statement's truth.

[–] tatterdemalion@programming.dev 10 points 13 hours ago* (last edited 13 hours ago) (3 children)

The vendor/site does not need to know a name.

The idea is that people already trust the government with their identifying info. So what the government can do is issue, for example, an opaque "age ID" that is only to be used with an "over 18?" service hosted by the government. Then anyone visiting a website with age-restrictions would provide their age ID, which tells the site nothing about the user. The site checks the "over 18?" service. At no point do arbitrary websites need to collect identifying info.

Now obviously as I've described it, there are multiple problems:

  1. People could easily publish their age ID for anyone to use.
  2. If people aren't careful (they aren't) then they will give too much identifying info away to sites anyway, and then those sites could correlate the age ID with their identity.

One solution is to make the age ID into a "one time password" (OTP). Much like an authenticator app, you could have an app provided by the government which generates a new random OTP on request, and it would expire in a minute or so. Then users provide that instead of a constant age ID. Like before, the site checks the "over 18?" service using the OTP.

It's still not perfect, but you'll never solve the "adult buying beer for kids" trick without counterproductive measures. There are probably some additional tricks to make it better, but I don't want to get too far into it.

EDIT: One more point. Having this "over 18?" service is itself a privacy risk, because it relies heavily on your trust in the government not to conspire with the sites you are visiting or to just log info about all of the age-restricted sites you visit. There are apparently solutions to this problem involving zero-knowledge proofs, but I don't know quite enough to explain that entirely here.

EDIT2: I got curious and did a little more reading. The zero-knowledge proof idea kinda fails to prevent credential sharing, unless you rely on some kind of hardware cryptographic vault thing. I'm not sure if that ends up being strictly better than the service idea.

Another way you might prevent the govt from logging all of the age-restricted sites you visit is to put the service behind something like Tor to make the requesting site anonymous. But this still doesn't prevent the govt from just knowing that you visited some age-restricted site at a specific time. Still not ideal.

[–] apftwb@lemmy.world 1 points 3 hours ago

People could easily publish their age ID for anyone to use.

Publishing their age ID can result in the age ID getting flagged and recent accounts being disabled. PITA for the user, but be more careful.

If people aren't careful (they aren't) then they will give too much identifying info away to sites anyway, and then those sites could correlate the age ID with their identity

I'm not following. The "over 18?" service should not communicate the age ID to the website and the website should not communicate the account or person name to the government? Nothing except the "over 18" service ever sees the age ID.

[–] chux@feddit.org 3 points 10 hours ago

As far as I know the german e-passport function does provide good way already. You basically use your passport to make a corresponding app only send the information "over 'certain age' or under", technically no information needs to go to the government of when and where you try to vefify your age since it can all be done locally with your passport. The app is also open source if i recall correctly. It would definitely be a better option than any third party age verification but its not really used at all.

But i am not too familar with the actual working procedure of this function so it may not be entirely accurate.

[–] ageedizzle@piefed.ca 2 points 13 hours ago

The OTP solution seems like a really good idea actually 

There are apparently solutions to this problem involving zero-knowledge proofs

If something like this could work, that would be the best solution in my opinion