this post was submitted on 05 Nov 2025
6 points (87.5% liked)

cybersecurity

5132 readers
7 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Enjoy!

founded 2 years ago
MODERATORS
shellsharks
tweedge
6
The limits of zero-knowledge for age-verification | Brave (brave.com)
submitted 4 days ago by floofloof@lemmy.ca to c/cybersecurity
3 comments fedilink hide all child comments
 

cross-posted from: https://lemmy.zip/post/52481309

ZKPs are often advanced as a technical remedy, promising privacy-preserving attestations of age or eligibility. Yet their deployment in practice exposes both conceptual and practical limits.

you are viewing a single comment's thread
view the rest of the comments
[–] vapeloki@lemmy.world 8 points 4 days ago (2 children)

We already have zero knowledge proof in Germany, but nearly no one uses it.

Our ID cards have an embedded private key.

The theoretical flow is (very simplified of course)

  1. Webseite sends challenge to a locally running app
  2. App request the ID card (NFC, you can use your mobile phone as a reader)
  3. Reader asks for pin
  4. Requested information from website are show (for example pseudonym id, full data, age verification onlz, so older 18 or older 21)
  5. You acknowledge this
  6. Signed message with requested information is send back to server
  7. Server verifies signature with official key servers of the federal authority for our ID cards.

Works, secure and save.

But, because of privacy concerns, many users did not activate this feature and, besides some government websites, nobody essentially accepts it.

Also, it is hard to explain that, despite the fact that your ID card acting as the private key, your signature is anonymous if you don't explicitly allow the websites to see your data

[–] Kissaki@programming.dev 2 points 4 days ago (1 children)

It's new to me that it's NFC. I was under the impression I need to buy a reader device to make use of digital auth or signature stuff.

[–] vapeloki@lemmy.world 3 points 3 days ago

It was always NFC. But using your mobile as a reader is about 6 years old now. Und only because the whole client app is open source and somebody contributed it