this post was submitted on 12 Dec 2025
52 points (98.1% liked)
Canada
10757 readers
332 users here now
What's going on Canada?
Related Communities
🍁 Meta
🗺️ Provinces / Territories
- Alberta
- British Columbia
- Manitoba
- New Brunswick
- Newfoundland and Labrador
- Northwest Territories
- Nova Scotia
- Nunavut
- Ontario
- Prince Edward Island
- Quebec
- Saskatchewan
- Yukon
🏙️ Cities / Local Communities
- Anmore (BC)
- Burnaby (BC)
- Calgary (AB)
- Comox Valley (BC)
- Edmonton (AB)
- East Gwillimbury (ON)
- Greater Sudbury (ON)
- Guelph (ON)
- Halifax (NS)
- Hamilton (ON)
- Kingston (ON)
- Kootenays (BC)
- London (ON)
- Mississauga (ON)
- Montreal (QC)
- Nanaimo (BC)
- Niagara Falls (ON)
- Niagara-on-the-Lake (ON)
- Oceanside (BC)
- Ottawa (ON)
- Port Alberni (BC)
- Regina (SK)
- Saskatoon (SK)
- Squamish (BC)
- Thunder Bay (ON)
- Toronto (ON)
- Vancouver (BC)
- Vancouver Island (BC)
- Victoria (BC)
- Waterloo (ON)
- Whistler (BC)
- Windsor (ON)
- Winnipeg (MB)
Sorted alphabetically by city name.
🏒 Sports
Hockey
- Main: c/Hockey
- Calgary Flames
- Edmonton Oilers
- Montréal Canadiens
- Ottawa Senators
- Toronto Maple Leafs
- Vancouver Canucks
- Winnipeg Jets
Football (NFL): incomplete
Football (CFL): incomplete
Baseball
Basketball
Soccer
- Main: /c/CanadaSoccer
- Toronto FC
💻 Schools / Universities
- BC | UBC (U of British Columbia)
- BC | SFU (Simon Fraser U)
- BC | VIU (Vancouver Island U)
- BC | TWU (Trinity Western U)
- ON | UofT (U of Toronto)
- ON | UWO (U of Western Ontario)
- ON | UWaterloo (U of Waterloo)
- ON | UofG (U of Guelph)
- ON | OTU (Ontario Tech U)
- QC | McGill (McGill U)
Sorted by province, then by total full-time enrolment.
💵 Finance, Shopping, Sales
- Personal Finance Canada
- Buy Canadian
- BAPCSalesCanada
- Canadian Investor
- Canadian Skincare
- Churning Canada
- Quebec Finance
🗣️ Politics
- General:
- Federal Parties (alphabetical):
- By Province (alphabetical):
🍁 Social / Culture
- Ask a Canadian
- Bières Québec
- Canada Francais
- Canadian Gaming
- EhVideos (Canadian video media)
- First Nations
- First Nations Languages
- Indigenous
- Inuit
- Logiciels libres au Québec
- Maple Music (music)
Rules
- Keep the original title when submitting an article. You can put your own commentary in the body of the post or in the comment section.
Reminder that the rules for lemmy.ca also apply here. See the sidebar on the homepage: lemmy.ca
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
How would you get by without one? If I produce a proof right now that I'm at least 32 years old, how else do you know it's a proof for anyone in particular and I didn't get it from my older brother or some random website that sells them?
Well, that same problem exists with many of the proposed verification models, like credit cards (how can you verify this is my credit card?) , photo ID, etc.
Here's my proposal: your browser can send a request to a verification body (could be the government directly, let's say) to respond to the challenge from the website you're accessing, without sending information about which website is asking for the challenge. The verifier sends a cryptographically-signed approval back. The browser forwards this to the website. To prevent comparisons of timing as a deanonymization method, the browser can wait a random period of time before forwarding the request both ways.
Every time I've looked at the details of elaborate schemes resembling the one you imagine, I'm always left with a lot of doubts that they're secure or practical. Every time I've looked at the systems that have actually been implemented in reality, I have no doubt that they suck.
That's valid. My preference is for device-side child locks. For instance, a header that says, "I am a child." There is much to improve there still. But failing that, if the winds of politics dictate we must have verification -- why not ZKP?
I don't feel it's elaborate at all. I like these solutions because they are actually quite simple. It's just signing and verifying requests using asymmetric key cryptography, techniques which are known to be robust and secure. The government never knows which web services you are verifying for, and the web services never know your identity or any more information than they need to. They don't even learn your precise age, just that you're over 16/18/21 whatever.
You are suggesting that a system which does not yet exist will be perfectly safe and secure. None of the ones for which I have seen actual design documents are anything like as safe as you imagine.
The authorizor, who provides the ZKP to the client, knows, not he client. This should probably be the licensing / ID provider in your country (because if they're hacked everyone is screwed anyway, no additional risk) and already have your details, if not you're likely young or a fairly extreme edge case. Facebook et.al. get bupkiss except older than X. Note in this model ZKP is a nice to have.
What do you mean, "no additional risk"? It's a pretty big additional risk, creating a huge central database of everyone's ID that will be frequently interacted with through a new interface that's available to every sketchy website in the world. Even if it isn't compromised it can collect data about how often your name gets looked up, and it isn't easy to make a system where there isn't the additional risk of more personal data being collected if the central authority colludes with Facebook. You'd really need to look carefully at the details to evaluate the risks of such a system, which they have not done at all in Australia.
Such databases already exist in the government, in order to provide services to everyone like healthcare, pension, elections, etc...