If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
I don't think that it's impossible for politicians, even nontechnical politicians, to make good tech policy. After all, the fact that no one in Congress is a microbiologist doesn't stop federal standards from delivering potable water (and it doesn't excuse the ghastly failures, such as Flint, MI):
For politicians to make good policy, they don't need to be technical experts: they need to have solid, independent, well-resourced expert agencies. Those would be the very agencies that Trump and Musk have DOGEd into oblivion, which is pretty ominous, since the work of expert agencies is how you avoid dying of food poisoning, water poisoning, air poisoning, collapsing buildings, faulty antilock brakes, train explosions and plane-crashes.
But when it comes to tech policy, politicians get it all so goddamned wrong. Partly that's because the cartel of tech companies lies to them like crazy, even under oath, leading to a kind of nihilistic refusal to believe any expert input. Mark Zuckerberg wants you to think that's it's inconceivable for you to have a social life without him eavesdropping on it, and any rule demanding this is a farce, like a demand to make water that's not wet:
Big Tech's highly resourced bullshit machine convinces some politicians that technical expertise is not to be trusted, and gives other, more cynical politicians cover for ignoring experts by saying, "Oh you people are always telling us that this or that is impossible."
For example, since the Clinton era, politicians all over the world demanded a kind of impossible encryption: encryption that works perfectly when it's doing something legitimate, like keeping hackers from pushing malware to your pacemaker or stealing your life's savings or listening in on you through your phone's microphone, but also they require that this encryption offer no protection to criminals, drug dealers, terrorists, child abusers, and other miscreants.
This really is like water that's not wet. We can make encryption that works. It's hard to get right, but when we do, it offers a wondrous level of protection from interception and eavesdropping, scrambling our data so thoroughly that you would have to consume multiple universes worth of time and space to build all the computers necessary to guess the descrambling key. We can also make encryption that doesn't work. People do this by accident all the time. Sometimes, the NSA does it on purpose (and doesn't mention that fact to the people who rely on it for their safety and integrity):
https://en.wikipedia.org/wiki/Dual_EC_DRBG
But what we absolutely, positively, totally cannot make is encryption that both works and does not work, depending on whose secrets it is protecting. That's impossible.
But when technologists tell policymakers this, they tell us that they have every confidence in our ingenuity, and also, they can't be certain we're not telling a Zuck-style fable about how the stuff we merely disprefer is actually impossible. They tell us to NERD HARDER!
NERD HARDER! is the answer every time a politician gets a technological idée-fixe about how to solve a social problem by creating a technology that can't exist. It's the answer that EU politicians who backed the catastrophic proposal to require copyright filters for all user-generated content came up with, when faced with objections that these filters would block billions of legitimate acts of speech:
When politicians seize on a technological impossibility as a technological necessity, they flail about and desperately latch onto scholarly work that they can brandish as evidence that their idea could be accomplished.
For example, back in 2019, Trump's Bureau of Land Management tried to impose a ton of absolutely bizarre, environmentally devastating requirements on Burning Man's land-use permit. One of these requirements was to effectively ban LED lights at night (!), on the basis that these were so bright at altitude that they could disrupt nocturnal birds.
In support of this measure, the BLM cited a PhD dissertation from a physicist who developed a method for estimating light pollution. That physicist turns out to be a burner, who filed comments in the docket describing how the BLM had misapplied his work, making crude mathematical errors that led them to grossly overstate the amount of light pollution at altitude (I've just spent an hour trying to find this comment and I came up craps – if you can find it, please let me know, as it was delicious).
That kind of Annie Hall/Marshall McLuhan/"You know nothing of my work" moment is always fantastic, and especially so when politicians are demanding that technologists NERD HARDER! to realize their cherished impossibilities.
That's just happened, and in relation to one of the scariest, most destructive NERD HARDER! tech policies ever to be assayed (a stiff competition). I'm talking about the UK Online Safety Act, which imposes a duty on websites to verify the age of people they communicate with before serving them anything that could be construed as child-inappropriate (a category that includes, e.g., much of Wikipedia):
The Starmer government has, incredibly, developed a passion for internet regulations that are even stupider than Tony Blair's and David Cameron's. Requiring people to identify themselves (generally, via their credit cards) in order to look at porn will create a giant database of every kink and fetish of every person in the UK, which will inevitably leak and provide criminals and foreign spies with a kompromat system they can sort by net worth of the people contained within.
This hasn't deterred Starmer, who insists that if we just NERD HARDER!, we can use things like "zero-knowledge proofs" to create "privacy-preserving" age verification system, whereby a service can assure itself that it is communicating with an adult without ever being able to determine who it is communicating with.
In support of this idea, Starmer and co like to cite some genuinely exciting and cool cryptographic work on privacy-preserving credential schemes. Now, one of the principal authors of the key papers on these credential schemes, Steve Bellovin, has published a paper that is pithily summed up via its title, "Privacy-Preserving Age Verification—and Its Limitations":
The tldr of this paper is that Starmer's idea will not work and cannot work. The research he relies on to defend the technological feasibility of his cherished plan does not support his conclusion.
Bellovin starts off by looking at the different approaches various players have mooted for verifying their users' age. For example, Google says it can deploy a "behavioral" system that relies on Google surveillance dossiers to make guesses about your age. Google refuses to explain how this would work, but Bellovin sums up several of the well-understood behavioral age estimation techniques and explains why they won't work. It's one thing to screw up age estimation when deciding which ad to show you; it's another thing altogether to do this when deciding whether you can access the internet.
Others say they can estimate your age by using AI to analyze a picture of your face. This is a stupid idea for many reasons, not least of which is that biometric age estimation is notoriously unreliable when it comes to distinguishing, say, 16 or 17 year olds from 18 year olds. Nevertheless, there are sitting US Congressmen who not only think this would work – they labor under the misapprehension that this is already going on:
So that just leaves the privacy-preserving credential schemes, especially the Camenisch-Lysyanskaya protocol. This involves an Identity Provider (IDP) that establishes a user's identity and characteristics using careful document checks and other procedures. The IDP then hands the user a "primary credential" that can attest to everything the IDP knows about the user, and any number of "subcredentials" that only attest to specific facts about that user (such as their age).
These are used in zero-knowledge proofs (ZKP) – a way for two parties to validate that one of them asserts a fact without learning what that fact is in the process (this is super cool stuff). Users can send their subcredentials to a third party, who can use a ZKP to validate them without learning anything else about the user – so you could prove your age (or even just prove that you are over 18 without disclosing your age at all) without disclosing your identity.
There's some good news for implementing CL on the web: rather than developing a transcendentally expensive and complex new system for these credential exchanges and checks, CL can piggyback on the existing Public Key Infrastructure (PKI) that powers your browser's ability to have secure sessions. When you visit a website with https:// in front of the address (instead of just http://).
However, doing so poses several difficulties, which Bellovin enumerates under a usefully frank section header: "INSURMOUNTABLE OBSTACLES."
The most insurmountable of these obstacles is getting set up with an IDP in the first place – that is, proving who you are to some agency, but only one such agency (so you can't create two primary credentials and share one of them with someone underage). Bellovin cites Supreme Court cases about voter ID laws and the burdens they impose on people who are poor, old, young, disabled, rural, etc.
Fundamentally, it can be insurmountably hard for a lot of people to get, say, a driver's license, or any other singular piece of ID that they can provide to an IDP in order to get set up on the system.
The usual answer for this is for IDPs to allow multiple kinds of ID. This does ease the burden on users, but at the expense of creating fatal weaknesses in the system: if you can set up an identity with multiple kinds of ID, you can visit different IDPs and set up an ID with each (just as many Americans today have drivers licenses from more than one state).
The next obstacle is "user challenges," like the problem of households with shared computers, or computers in libraries, hotels, community centers and other public places. The only effective way to do this is to create (expensive) online credential stores, which are likely to be out of reach of the poor and disadvantaged people who disproportionately rely on public or shared computers.
Next are the "economic issues": this stuff is expensive to set up and maintain, and someone's gotta pay for it. We could ask websites that offer kid-inappropriate content to pay for it, but that sets up an irreconcilable conflict of interest. These websites are going to want to minimize their costs, and everything they can do to reduce costs will make the system unacceptably worse. For example, they could choose only to set up accounts with IDPs that are local to the company that operates the server, meaning that anyone who lives somewhere else and wants to access that website is going to have to somehow get certified copies of e.g. their birth certificate and driver's license to IDPs on the other side of the planet. The alternative to having website foot the bill for this is asking users to pay for it – meaning that, once again, we exclude poor people from the internet.
Finally, there's "governance": who runs this thing? In practice, the security and privacy guarantees of the CL protocol require two different kinds of wholly independent institutions: identity providers (who verify your documents), and certificate authorities (who issue cryptographic certificates based on those documents). If these two functions take place under one roof, the privacy guarantees of the system immediately evaporate.
An IDP's most important role is verifying documents and associating them with a specific person. But not all IDPs will be created equal, and people who wish to cheat the system will gravitate to the worst IDPs. However, lots of people who have no nefarious intent will also use these IDPs, merely because they are close by, or popular, or were selected at random. A decision to strike off an IDP and rescind its verifications will force lots of people – potentially millions of people – to start over with the whole business of identifying themselves, during which time they will be unable to access much of the web. There's no practical way for the average person to judge whether an IDP they choose is likely to be found wanting in the future.
So we can regulate IDPs, but who will do the regulation? Age verification laws affect people outside of a government's national territory – anyone seeking to access content on a webserver falls under age verification's remit. Remember, IDPs handle all kinds of sensitive data: do you want Russia, say, to have a say in deciding who can be an IDP and what disclosure rules you will have to follow?
To regulate IDPs (and certificate authorities), these entities will have to keep logs, which further compromises the privacy guarantees of the CL protocol.
Looming all of this is a problem with the CL protocol as being built on regulated entities, which is that CL is envisioned as a way to do all kinds of business, from opening a bank account to proving your vaccination status or your right to work or receive welfare. Authoritarian governments who order primary credential revocations of their political opponents could thoroughly and terrifyingly "unperson" them at the stroke of a pen.
The paper's conclusions provide a highly readable summary of these issues, which constitute a stinging rebuke to anyone contemplating age-verification schemes. These go well beyond the UK, and are in the works in Canada, Australia, the EU, Texas and Louisiana.
Age verification is an impossibility, and an impossibly terrible idea with impossibly vast consequences for privacy and the open web, as my EFF colleague Jason Kelley explained on the Malwarebytes podcast:
Politicians – even nontechnical ones – can make good tech policy, provided they take expert feedback seriously (and distinguish it from self-interested industry lobbying).
When it comes to tech policy, wanting it badly is not enough. The fact that it would be really cool if we could get technology to do something has no bearing on whether we can actually get technology to do that thing. NERD HARDER! isn't a policy, it's a wish.
Wish in one hand and shit in the other and see which one will be full first:
Zero Knowledge Proof 2026: Early Presale Could Deliver 1,000,000% Gains Like Ethereum, Investors Are Racing In Now
There are rare moments in crypto that permanently change how investors view opportunity. Ethereum’s early days were one of those moments. What began as a little-known experiment eventually became the backbone of the blockchain industry, producing returns that transformed portfolios and expectations. While the exact conditions may never repeat, the pattern behind Ethereum’s rise remains a key…
ZK Bridges: Seamlessly Connecting Blockchains While Preserving Privacy and Security
The blockchain space is dynamic and is being transformed by the necessity to have decentralized applications, cross-chain payment capabilities, and effective management of digital assets. Although the blockchain networks possess distinct advantages, the lack of the ability to interact effortlessly with other chains has curbed the potential of decentralized ecosystems. Interoperability has become a major adoption, investor confidence, and ecosystem development factor. The traditional bridging mechanisms usually create vulnerabilities, and new solutions need to be developed bridging networks without jeopardizing privacy and security.
Due to the increased usage of blockchain in financial services, gaming, supply chain, and identity management, the need for secure cross-chain solutions is increasing. Users desire quick, open transactions to ensure protection of sensitive information whereas developers desire scalability to build applications free of central points of failure. ZK Bridges offer a sleek solution that is both cryptographically rigorous and useful to both interoperability and security issues. They constitute a change of traditional, sometimes delicate, bridging approaches with a mistrustful, privacy-protective model that is consistent with the concept of decentralization.
The implications of the market are immense. ZK Bridges will be able to provide more liquidity, more multi-chain involvement, and more innovation by supporting secure transfer of assets and data across a variety of networks. Investors, developers, and enterprises achieve the skill to streamline interrelated ecosystems with ease by understanding that delicate information is kept anonymous and systems are not vulnerable to assault. It is this new model of connectivity that will enable the full potential of blockchain technology to be fulfilled in a global economy that is privacy conscious.
The Complexity of the Blockchain Connection
Integrating blockchain networks is not an easy task. All networks use different protocols, consensus mechanisms and transaction models and thus direct interoperability is difficult. Initial bridging solutions were quite dependent on intermediaries or custodian methods with centralization of points of failure which were easily exploitable. History knows a lot of cases when these bridges have been hacked, which has led to the loss of millions of dollars and distrust of the ecosystem. This has led to the necessity to have a more resilient and privacy-aware solution as blockchain adoption is rapidly growing.
Zero-knowledge cryptography establishes a new plane of connectedness. Networks can communicate safely and effectively by allowing them to check with transactions without revealing the data behind them. This concept is applied using ZK Bridges to verify the cross-chain operations to make sure that there is no revelation of user identities, amount of transaction, and smart contract logic. This decreases the risks of the traditional bridging without losing the decentralized and trustless spirit of blockchain.
Regarding the development aspect, it is now possible to develop secure cross-chain applications over ZK Bridges. Multi-chain DeFi protocols, NFT marketplaces, and gaming ecosystems can be developed by developers and interact in a smooth manner, not through intermediaries. This architecture offers an assurance on asset transfer as well as minimizing risks to vulnerability among investors. Finally, ZK Bridges deal with the technical and economic difficulties of connecting blockchains, which create the base of scalable and strong ecosystems.
ZK Bridges improve Security and Privacy
Security and privacy cannot be compromised when it comes to the modern blockchain systems. The traditional bridges normally reveal the transaction information to pose a threat to both the user and the application. The solution to this problem is the use of zero-knowledge proofs, which are implemented by ZK Bridges and do not reveal any sensitive information to perform verification. End users are able to move assets, communicate with smart contracts and run cross-chain apps without losing confidentiality.
Besides individual transactions, ZK Bridges enhance network security. By eliminating centralized validators or intermediaries, the possible attack vectors are minimized, and data integrity is guaranteed through cryptography validation. This comes with the fact that at scale, with institutions and enterprises, cross-chain operations do not have to compromise compliance or confidentiality. Confidential information can be secured during transaction lifecycle e.g. financial information or a proprietary contract logic.
The ramifications in the case of wider adoption are important. The private, verifiable connectivity can be useful in industries outside the financial industry, including healthcare, identity management, and supply chain. Organizations are able to transfer information over networks, keep records transparent to allow auditing, as well as implement stringent access control mechanisms all on the basis of cryptographic proofs as to authenticity. By doing so, ZK Bridges are not only a technical breakthrough, but a foundation of privacy-focused, secure adoption of blockchain technology.
ZK Bridges Market Expansion Role
Connection and trust is inherently related to the growth of a market. ZK Bridges allow users and applications across chains to interact in a costless way, allowing them to liquidity aggregate, build multi-chain DeFi strategies, and participate globally. Applications that were once centralized to closed networks are now able to take advantage of a larger ecosystem and open up new sources of revenue as well as improving user interaction.
Privacy-preserving interoperability is a unique benefit to cross-chain NFT platforms, gaming economies, and financial service providers. Using ZK Bridges, creators, investors, and developers can cross-border anonymously without worrying about losing their digital assets, as they will be moving safely. It also fosters innovation because teams are able to test new forms of business without compromising privacy of data.
Another important consideration is regulatory and compliance. ZK Bridges offer cryptographically verifiable certainty of the authenticity of transactions without revealing personal data of the users. This balances out transparency among the auditors and the regulators and confidentiality among the end users. Due to this, there is an opportunity to implement multi-chain strategies at reduced risk by enterprises and institutional investors, making blockchain technology widely adopted.
Conclusion
The possibility to communicate between blockchain networks in a safe and confidential way is essential as more networks are implemented. ZK Bridges represent an example of the next-generation solution which solves problems of interoperability and protects sensitive information. Using zero-knowledge proofs, they can enable cross-chain interactions that are highly secure, scalable and private.
Technical efficiency is not the only advantage. All developers, investors, and enterprises become confident in multi-chain ecosystems and can participate more broadly and innovate. ZK Bridges mitigate risk, improve market opportunities and preserve the trustless culture that has made blockchain revolutionary.
Finally, ZK Bridges are more than a connectivity tool, it is a pillar on the way to a decentralized and privacy-protecting digital future. With the ongoing speed in blockchain usage, these bridges will feature prominently in the safe, smooth, and scalable multi-chain ecosystems in the coming years.
Zero knowledge rollups: The High-Performance Scaling Engine Transforming Ethereum’s Future
Solving Ethereum’s Scalability Dilemma
Ethereum has been defined as the best smart contract framework, but its fast development has indicated inherent constraints in scalability and cost-effectiveness. The congestion of networks, high gas prices, and slow finality of transactions have posed a challenge to developers and users alike on multiple occasions. Although there are currently Layer-2 solutions to solve these aspects, an early history of attempts made tradeoffs between the ideas of decentralization or security. With the demand of decentralised applications increasing, the industry has required solutions that maintain the fundamental concepts of Ethereum, and at the same time enhance the throughput and cost efficiency significantly.
This is where zero knowledge rollups have become one of the transformational technologies. These solutions reduce the interplay between scalability and trust by means of high-level cryptography to authenticate transactions off-chain, followed by succinct proofs on-chain. They promise the performance of high-performance execution without compromising on the security assurance that has seen Ethereum become the foundation of decentralized finance, identity, and digital assets.
The mechanism of zero knowledge rollups
Zero knowledge rollups reduce thousands or hundreds of transactions into a single cryptographic proof at their core. This evidence is called a zk-proof and is then published to the Ethereum mainnet whereby every transaction bundle can be confirmed by the network in an efficient manner. Such designs significantly minimize the required on-chain computation and storage, reducing the cost of transactions as well as speeding up finality. Users also have the ability to communicate with applications at close to instantaneous speeds without paying the prohibitive gas fees.
Speed and cost are not the only reasons why zero knowledge rollups are interesting. They maintain the validity of the security model of Ethereum since all off-chain transactions can be mathematically validated by the network. This makes sure that scaling is not at the cost of trust and relevant underpinnings are established to make sure that there are no concessions made to correctness and reliability in the applications. As a developer, the flexibility of creating high-throughput apps without having to rewrite basic smart contracts is simply colossal and has an empowering effect on the fairy tale of experimentation in places where network congestion was the enemy.
Promoting Adoption: Across Applications
In real life it is seen that the practical application of zero knowledge rollups has many applications in various industries. Decentralized finance has the advantage of lower transaction cost and shorter settlement times, allowing more complex trading strategies and increased participation. NFT markets will be able to serve the international demand without making it unaffordable. Verification can be performed by identity systems and decentralized systems of governance protocols, without overloading the mainnet, and this increases efficiency and privacy is maintained. The scalability of the technology has made it not to be limited to a specific form of application but rather a general-purpose scaling engine.
To the users and investors, predictability and reliability is important. The zero knowledge rollups are able to reduce congestion and equalize execution costs to allow networks to grow naturally. The platforms are more capable of dealing with spikes in activity and participants are assured that they will go through with the transactions smoothly. This scalability and security mix are more appealing to both retail and institutional users and enhance the long-term outlook of the ecosystem.
Strategic Recommendations to the Future of Ethereum
The introduction of zero knowledge rollups is not just a technical upgrade, it is an indication of a structural change in how Ethereum is designed. Scaling is no more of a secondary consideration or a layer. Rather, it is a part of the network architecture, which makes Ethereum scalable to satisfy the needs of a decentralized global, high-volume user base. The network will be able to implement zk-proofs in its scaling plan, which will ensure security and allow it to sustain unprecedented throughput.
Besides, zero knowledge rollups are complementary to other scaling techniques, like Layer-1 optimizations and other Layer 2 frameworks, and give developers and users a versatile ecosystem. It is a modular design that enables Ethereum to support a broad spectrum of application requirements and maintain compatibility and security. Institutional finance, identity management, and decentralized governance are only some of the ways in which technology would enable the future where Ethereum can be used as the layer of mass adoption and innovation.
Conclusion
The security versus decentralization versus scalability paradox has always defined the Ethereum evolution, and zero knowledge rollups represent a breakthrough in terms of offering high-performance execution without compromising the main pledges of the network. The ability to summarize transactions into verifiable proofs lowers transaction costs, increases transaction speed, and enables more sophisticated applications to be used effectively.
On top of technical developments, there are strategic implications of the adoption of zero knowledge rollups to the Ethereum ecosystem. It improves user experience, helps to increase participation, and provides the opportunity to both retail and institutional actors to interact with the network in a confident manner. These rollups will become one of the pillars of Ethereum infrastructure, as more of them become available, and the future of an Ethereum where scalability, efficiency, and trust all work together in harmony is achieved.
Zero knowledge rollups are a game changer, both to the developers and to the investors and users. They show that the principles that make blockchain technology transformative can be reached on a mass-scale level without jeopardizing them. This technology can make Ethereum be on the forefront of the next stage of decentralized innovation by facilitating faster and less expensive and secure transactions.
Explore trending topics on Tumblr. See all of the GIFs, fan art, and general conversation about the internet’s favorite things.
Why Ripple and XRP Were Never Allowed to Scale Until Now: Pundit Claims
Stern Drew claims Ripple and XRP were intentionally unable to scale until ZK-proofs and blockchain identity matured.
He connected his theory with remarks from David Schwartz and Brad Garlinghouse.
Drew says native ZK-proofs on XRPL unlock true global scaling, enabling decentralized settlement and privacy-preserving compliance.
Crypto analyst and commentator Stern Drew has ignited fresh debate in…
