[Mashimo]

Mhh, but then the Danish Agency for Digitisation will see that the 18 year old does a lot of age request on all day and night long. And block his account. And then he can't use his own banking, health, postal apps.

High risk, low reward.

If he throttles request to stay under a threshold, if the agency knows about it service they could use it and see which account does age requests at the same time.

[snackbroken]

Ah, so it does leak your identity through the timing side channel. In other words, your anonymity is only dependent on the govt not coordinating with service providers to de-anonymize users. I assumed the 2fa app just held cryptographic keys and did some 0kp magic to show that the cert belongs to a government-attested adult. Phoning home all the time makes it trivial for the government to abuse people's privacy; they can just compel service providers to provide logs of logins.

[Mashimo]

Well right now THAT service does not even exist. The SSO exist, the anonymous age verification was an idea from another user here. Instead of sending (face)data to a private 3rd party.

[snackbroken]

My general point is that you can have anonymity or you can prevent ID spoofing, but the two are mutually exclusive.