It is one thing to show ID. It is an other thing to show ID and have the details stored in a database in perpetuity by companies who don’t have huge budgets for data privacy and security.
Zero-knowledge methods for verifying age are possible but there is almost no political will or interest in them. Sites would get a “yes” or “no” as to whether someone is of age, and no other information.
they could, but a law enforcement agent looking for a suspect will send a lot of subpoenas to every porn site. When a porn site says "we wipe that data instead of storing it," the law enforcement agent will say "what do you mean you wipe KYC and identity verification trails once you get them? Are you letting sanctioned people use your site and covering your tracks?"
Similar thing happened to Valve; people were trading gun skins, and regulators fined them for not having AML/KYC controls because the state argued "the business didn't do enough to stop money laundering."
This trickles out to porn companies (and the vendors that use them for identity verification), and implies that they need to store this data to prove that they didn't delete it to help terrorists.
It is possible to design a system where there are three parties, you, the site R that is requesting you prove your age, and a site D that you are willing to show documentation that will prove your age, with these properties:
1. There is no direct communication between R and D related to your proof of age. You will receive a message from R, send a message to D, receive a message from D, and send a message to R.
2. R gets no information other than (1) your age information, (2) what site D checked your documents, (3) the timestamps of when you exchanged messages with them.
3. The site D just gets (1) the documents you provide to prove your age, (2) a binary blob that you generate that is for all practical purposes random to anyone other than you [1], and (3) the timestamps of when you exchanged messages with them.
If someone compromises D all they get is copies of your documents (assuming D kept them) and those for all practical purposes random blobs (if they kept them), and timestamps. They don't get the identity of R, the site you were verifying your age to.
If someone compromises both R and D, they might try to match up timestamps to try to figure out who people really are. If D is busy enough and you add some delays in your message sending it should be possible to make this risk negligible.
[1] The blob is some data you receive from R, transformed by a random permutation chosen by you. To anyone who does not know the random permutation it is indistinguishable from random.
Yes. It is possible to implement zero-knowledge age verification securely. There are just exponentially more ways to do it insecurely, and we can assume that by default this is what will happen.
California is trying out something like this with their digital drivers license.
Basically, if you only want to verify age, you open the app in age verification mode. It will display your picture and a qr code but not your address and other sensitive info typically present on a drivers license. The participating* alcohol vendor then scans the qr code which only contains data like "over 21" and some sort of verification that the qr code isn't forged. I'm a bit hazy on how this last bit works but it really all pivots on how this bit is implemented. Could be good for privacy or a total nightmare.
*there are only 3 locations participating in this test phase, afaik
It would be helpful to be able to digitally verify different types of identity. Where I live, how old I am, my real name, my nationality, etc. Give the user control over what information is being verified.
1. There's a provider that already has your data (it could be the government, a bank, a phone carrier etc). If more than one provider is supported, there's a list of trusted providers somewhere.
2. Whenever a website needs an age check, it asks you to authenticate with one of the trusted providers. The provider gets a challenge (a random string).
3. If you authenticate successfully, the provider uses their public key to provide a cryptographic signature of the challenge. This signed challenge is then transmitted back to the website.
In a more advanced version of this system, the website also provides a boolean expression, like `country_of_residence not in forbidden_countries && (age > 21 || (age > 18 && country_of_residence != "us"))`, and providers promise not to return successful responses for users who don't fulfill the expression criteria.
These days when you buy alcohol there's a good chance that data is being stored. A lot of restaurants and stores that sell alcohol scan or swipe cards as part of the purchase now.
I wonder if merely paying with your credit card leaves a monetizable paper trail.
Does anyone know if Mastercard gets any data relating to whats actually being purchased? Or does the store get a globally unique ID to associate with every purchase made with a specific card?