| > In my zk group scheme, you do get one token for each epoch. (could be 30 days) It's simply suggested that you wait as long as possible between joining the group on your main account before minting your token on the anon account. I'm not sure this is the same thing. What I was suggesting is that the token you get doesn't depend on the site you're using it on at all. All you do is ask the government for a token and they give you one and you can use it anywhere you want for 30 days and then it expires and you ask for more. If the tokens are unique to you then you'd have to request a bunch of them because you don't want to use the same one twice on two different sites. If everybody had the same one then that wouldn't matter because the token can't identify any particular user. > Although in your case of "give every user the same token" makes the users anonymous to everyone except the issuer. The issuer is still able to know to whom they're giving them. But this is solved by making the token entirely generic. The problem we have is that Bob wants to visit an adult site without associating that with his social security number. If all Bob does is request the generic token which is the same for everyone and asserts that anybody who has it is an adult, the issuer knows that Bob requested it, but not if Bob has a kink or is buying a beer or is just requesting a token on the off chance he might need one later or is applying for a job at a casino or is hiring for a job at a casino, since this system is so simple the way you verify the token is by requesting it yourself and comparing the one the user submitted to see if it's the same one. It's literally just a single secret password for everyone that the government changes once a month and only gives out to adults. > As for mitigating people sharing their tokens, of course that's always a fear but I think mitigation strategies would be unique to each application's use case. It's not clear how you're supposed to mitigate it in this case. Suppose Bob hates this system and wants to destroy it because it blocks adults without a valid ID from accessing lawful content, e.g. because they're from another country. So Bob hooks up his own valid ID to a server via Tor and configures it to sign any request for age verification from anyone. Now there two possibilities. One, the system can find out who Bob is and shut him down, which proves that it doesn't protect your anonymity, is a massive invasion of privacy, and must be destroyed. Two, there is actually no way to identify Bob, and then the system has been destroyed by Bob. |
And perhaps you do randomized (risk-based) audits where you actually have to call the government to check in - but in general, physical ID also has the same high-level problem of some baseline of forgeries, and the name of the game is just making it expensive, not making it impossible.
One example of “make it expensive” would be to require unique device IDs to be registered, eg you bring in your iPhone (or Yubikey or whatever) and the DMV verified it’s not actually a non-certified device. This rests on keys being expensive to extract from the Secure Enclave.
Edit to add: lest folks get sidetracked on the requirement for a private company and device, you can also have a baseline in-person flow where you go to the DMV, and they physically verify you, and then hand you a short-lived token that you can then send to whoever wants to verify you. For example, you're signing up with an age-sensitive site, applying for benefits, etc. -- it's non-trivial, but with a bit of infra and UX it could be made usable. The point is that once you have that token, it's pseudonymous, and e.g. PornHub can't figure out your real ID from it, nor can the government tell where the token was submitted.