To be clear, I’m not advocating for online age verification. I’m very much against it in any form. I’m just curious from a technical standpoint if it’s possible somehow to construct an accurate age verification system that doesn’t compromise a user’s privacy? i.e., it doesn’t expose the person’s identity to anyone nor leaves behind a paper trail that can be traced to that person?

  • Nighed@feddit.ukEnglish
    7·
    23 hours ago

    The government knows who you are. They know your age, your address and know you exist (probably).

    You go to a site that requires ages verification. You say:please verify me with the government portal. You go to that portal to get a temporary id code to give to the site. The website says to the gov portal give me the name and age of the user with this temp ID. You approve that access. Portal sends age (or an is over 16/18/21 etc flag) to the site.

    • Gov portal doesn’t need to know who the site is.
    • You don’t provide a unique ID to the website, just a temporary one.
    • as if codes are temporary, you must have access to the id/login now, not just at some point
    • Site only gets the data you approve/it requested,.not everything.

    The process can do with some streamlining, but should work in practice?

    • AtHeartEngineer@lemmy.worldEnglish
      2·
      7 hours ago

      Ya you could definitely do this way too. There is a standard that google came up with called private state tokens that would allow you to do this in a pretty clean way, if you were cool with using your governments portal.

      Essentially you would login to the govt portal, they would issue you some limited set of tokens (let’s say 5) that would expire after 30 days. You would go to an age restricted website and sign up and that would “burn” a token.

      You could use ZK on top of this to make sure that the same email address or some other “nullifier” piece of information was used, to prevent an 18 yo kid from selling their tokens to 17 yos.