What's wrong with EU age verification? Part II 0 ▲ Panagiotis Vryonis 2 hours ago · Politics · hide · 0 comments My EU age verification post triggered a long debate on lobste.rs. Here are the points I found most worth engaging with. I’ve probably missed some, the discussion was really long, and I’ve also received feedback though other channels. I will post again if I feel there’s more to share on the topic. Favoring the incumbents A point I missed the first time. In the EU design, an authority issues me an attestation that I'm of legal age; it lands in my digital wallet. When a site needs to check, the wallet generates a zero-knowledge proof that it holds the attestation, without disclosing it. With most wallets, we assume the user protects their credential — nobody voluntarily leaks the password to a wallet holding money for example. Age verification inverts this: the user is part of the threat model. Some users, given the chance, will happily share their "over 18" attestation with a minor. So the system can't trust the user. It has to trust the device or the wallet instead. And for the issuer… No comments yet. Log in to reply on the Fediverse. Comments will appear here.