zlacker

[parent] [thread] 0 comments
1. f_devd+(OP)[view] [source] 2025-09-24 19:30:42
> Anyone of age can make an anonymous age attribute faucet [1] for anyone to use. That it's not technically a bug doesn't make it any less trivial to circumvent. I wouldn't expect the public or even the Commission to make such a distinction. They'll clamor that the solution is broken and that it must be fixed, and at that point I expect the obfuscation and weakening of privacy features to start.

I can see this argument, but it has a few caveats:

- The 'faucet', providing infinite key material in an open proxy is also very vulnerable

- If the only attribute is age verification then uniqueness is not required; i.e. you can borrow the key of someone you trust and that should be fine.

- The unlinkability is a requirement from the law itself, i.e. the current implementation cannot be executed upon assuming rule of law holds

[go to top]