The UK has announced plans to fast-track legislation requiring “age verification for VPN use”.
-
The UK has announced plans to fast-track legislation requiring “age verification for VPN use”. The correct term, however, is not age verification but identity verification.
A law like this would require everyone to identify themselves in order to use a VPN. This would pose a risk to whistleblowers, violate human rights, and represent yet another step toward an authoritarian society.
@mullvadnet To be fair, Whistleblowers should be using a more secure setup than just a VPN.
-
@mullvadnet curious timing. just about an hour ago I forged and verified my first zero knowledge proof that can tell the verifier that proof holder was born before a certain timestamp (aka. older than N years) at the same time reveling absolutely (!) nothing about proof holders, not even those who authorize it.
@dotfox @mullvadnet But I'm guessing the verification called home to let someone know which app/service you verified with, or is someone making an authorication service that doesn't need that? If so, which one?
-
@dotfox @mullvadnet But I'm guessing the verification called home to let someone know which app/service you verified with, or is someone making an authorication service that doesn't need that? If so, which one?
@paranormal_distribution No one. The presenter asks the verifier to publish their constraints — the trusted root authorities and the current revocation list (one way hashed). The presenter then forges two proofs locally: "I hold a valid capability delegated to me only" and "no intermediate delegator in my chain is revoked, and the delegation chain starts from a trusted root". The verifier checks both proofs against the published roots — no callback, no identity disclosure, no phone-home.
-
@paranormal_distribution No one. The presenter asks the verifier to publish their constraints — the trusted root authorities and the current revocation list (one way hashed). The presenter then forges two proofs locally: "I hold a valid capability delegated to me only" and "no intermediate delegator in my chain is revoked, and the delegation chain starts from a trusted root". The verifier checks both proofs against the published roots — no callback, no identity disclosure, no phone-home.
@paranormal_distribution The verifier learns what the presenter can do, never who they are or how they get this capability. Here I'm using capability as a broad term for "some knowledge I'm willing to disclose".
-
@paranormal_distribution The verifier learns what the presenter can do, never who they are or how they get this capability. Here I'm using capability as a broad term for "some knowledge I'm willing to disclose".
@paranormal_distribution For example: Some government agency can issue a certificate to the person that contains passport number, expiry date and date of birth. A person can then selectively choose what information should be displayed - NO passport number, NO expiry date and mask date of birth behind "before some date". If verifier trust this government agency then presenter can prove "I'm at least 18 years old" and this proof will hold.
-
@paranormal_distribution No one. The presenter asks the verifier to publish their constraints — the trusted root authorities and the current revocation list (one way hashed). The presenter then forges two proofs locally: "I hold a valid capability delegated to me only" and "no intermediate delegator in my chain is revoked, and the delegation chain starts from a trusted root". The verifier checks both proofs against the published roots — no callback, no identity disclosure, no phone-home.
@dotfox Yeah, I agree that it would be possible, with the same degree of certainty that we get when we flash an ID card to buy beer. The problem is that noone is making it, not even the #EUDI wallet will have this functionality in spite of all the privacywashing. If someone did make a solution like this, I would happily use it. Hell, I'd even pay to use it!
@EUCommission take note!
-
@dotfox @mullvadnet why are you working on tech to help the Nazis?
@fluffykittycat @dotfox @mullvadnet do you even grasp what "Nazi" is and what it entails?
-
The UK has announced plans to fast-track legislation requiring “age verification for VPN use”. The correct term, however, is not age verification but identity verification.
A law like this would require everyone to identify themselves in order to use a VPN. This would pose a risk to whistleblowers, violate human rights, and represent yet another step toward an authoritarian society.
@mullvadnet "A law like this would require everyone to identify themselves in order to use a VPN" yeah… but no.
Please kindly stop spreading FUD. There are ways (ZKP) to do that...
-
@mullvadnet "A law like this would require everyone to identify themselves in order to use a VPN" yeah… but no.
Please kindly stop spreading FUD. There are ways (ZKP) to do that...
@wojtek but literally nobody is going down that route? They're all paying KYC companies to harvest data. Hardly FUD is it?
-
This is exactly my point as well. The EU has done some great things in digital privacy laws and yet they still want to do dumb shit. I am appaled with the issues with CSAM and I agree something needs to be done. I also agree with the deplorable ways in which social media has infected society - howver, the answer is not to destroy privacy.
@greatlaketrout @nemo @mullvadnet I think a big issue here is, that politics are focusing far more on the M than on the CSA. However, the CSA does most of the harm, the M then adds insult to injury.
Problem is, actually fighting CSA takes time, requires a lot of effort, costs a lot of money and feels uncomfortable sometimes, as you sometimes need to intervene in family affairs.
-
I have already setup a Wireguard VPN on one over my VPS, no questions asked
@ggrey @mullvadnet And your ISP's DNS, Sir? I hope you have that covered. -
@ggrey @mullvadnet And your ISP's DNS, Sir? I hope you have that covered.
Indeed
-
@wojtek but literally nobody is going down that route? They're all paying KYC companies to harvest data. Hardly FUD is it?
@ret just because UK and usania is going that road doesn't mean "nobody"?
The EU first want to make correct technical spec and then later on implement that (https://ageverification.dev/Technical%20Specification/architecture-and-technical-specifications/)
Mullvad trew a blanket statement implaying that any age-verification is an assult on privacy, which is false.
-
@mullvadnet devil very much in the detail! Is ssh a VPN?
And https for that matter
-
And https for that matter
@Pionir @mullvadnet HTTPS doesn't have a built in way to hide your traffic origin, unlike SSH and its SOCKS support
-
@fluffykittycat @dotfox @mullvadnet do you even grasp what "Nazi" is and what it entails?
@wojtek yes, they've taken over my country and are censoring the internet
-
@mullvadnet curious timing. just about an hour ago I forged and verified my first zero knowledge proof that can tell the verifier that proof holder was born before a certain timestamp (aka. older than N years) at the same time reveling absolutely (!) nothing about proof holders, not even those who authorize it.
@dotfox @mullvadnet How would this even work? Never mind not revealing anything about the holder, how do you prove an arbitrary person's birthdate?
-
@mullvadnet "A law like this would require everyone to identify themselves in order to use a VPN" yeah… but no.
Please kindly stop spreading FUD. There are ways (ZKP) to do that...
@wojtek @mullvadnet No there are not. This is a common lie. ZPK's make it possible for the service provider not to know your identity. They do not make it possible for the identity verifier not to know your identity or not to be able to collude with the service provider to unmask you.
-
@wojtek @mullvadnet No there are not. This is a common lie. ZPK's make it possible for the service provider not to know your identity. They do not make it possible for the identity verifier not to know your identity or not to be able to collude with the service provider to unmask you.
-
