Age verification vs privacy

Age verification often comes back as a topic in policy and lawmaking. Recently the UK forced the implementation of age verification, and it’s not going well. Regularly our Senators in Canada try to push a bill on that topic, ignoring experts and the state of technology because “think of the children”.

Back in August, Techdirt explains that Privacy‑Preserving Age Verification Falls Apart On Contact With Reality:

Steve Bellovin—one of the most respected security researchers out there, and instrumental in showing why “safe” crypto backdoors can’t exist—just published a short paper arguing that so‑called privacy‑protecting (“zero‑knowledge”) age verification can exist in theory, but not in practical reality.

This goes on to explain all the effects that checking IDs have on privacy, freedom and other, even with so called “zero knowledge privacy”.

Now

Then Zack Whittaker reports that Discord says users’ government IDs used for age checks stolen by hackers:

In a statement late on Friday, Discord confirmed that its third-party customer service systems were hacked, and users “who had contacted Discord through our Customer Support and/or Trust & Safety teams” had some of their data stolen.

1. It was a third-party to which the IDs were passed on to.
2. They collected the IDs in the first place.

No one would have predicted that. #sarcasm