this post was submitted on 30 Nov 2024
128 points (99.2% liked)

Programming

17672 readers
52 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities [email protected]

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
128
How could digitial age verification be possibly implemented with privacy in mind? (programming.dev)
submitted 3 weeks ago by [email protected] to c/[email protected]
84 comments fedilink hide all child comments
 

Many might've seen the Australian ban of social media for <16 y.o with no idea of how to implement it. There have been mentions of "double blind age verification", but I can't find any information on it.

Out of curiosity, how would you implement this with privacy in mind if you really had to?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 16 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

If the governments would get their shit together, we could have something like age assertion with the eid chips in our IDs. Imagine that. The important thing is that website.com just asks the government "is this user an adult?" And the government replies "yes". No information besides the relevant one is provided, and it's through a trusted authority.

Yeah, not gonna happen, just like using the keys in my Personalausweis to send encrypted mail.

[–] [email protected] 11 points 3 weeks ago (1 children)

The system would have to be built so that the government can't connect the user to the website, as you don't want the government to build profiles on website usage by person. Though the bigger challenge here is trust - even a technically perfect system could be circumvented by the operators.

A good example for this were the COVID tracking apps. The approach was built so that as little information was leaked as possible.

[–] [email protected] 5 points 3 weeks ago (1 children)

Could have a system where a government site cryptographically signs a birth year plus random token provided by the site you want to use.

Step 1: access site
Step 2: site sends random token
Step 3: user's browser sends token plus user authentication information
Step 4: gov site replies with a string containing birth year, token, and signature
Step 5: send that string to the other site where it uses the government's public key to verify the signature, showing the birth year is attested by the government

No need to have any direct connection with the user's identity and the site or been the gov and site.

[–] [email protected] 2 points 2 weeks ago* (last edited 2 weeks ago)

Unless the government buys the generated tokens from those websites. That's like the entire problem