Hacker News new | ask | show | jobs
by coppsilgold 35 days ago
As far as I know no currently proposed age verification method does this in practice.

The only way to implement truly privacy preserving age verification is through zero knowledge proofs (or blind signatures) but what that would allow is undetectable token forging.
1 comments
YourDadVPN 35 days ago
The EU's proposed system uses ZK proof. You get a PGP signed message from "someone" who knows your identity (government or private agency) then store it on your phone to pass to websites that need your age. It does have an obvious flaw in that whoever you give the token to has no proof it's actually yours.

https://ageverification.dev/av-doc-technical-specification/d...

link
palata 35 days ago
> It does have an obvious flaw in that whoever you give the token to has no proof it's actually yours.

Which isn't necessarily a flaw, depends on the threat model. For actual age verification that we care about (e.g. make it harder for kids to access social media), it may be good enough.

link
coppsilgold 34 days ago
This is not sufficient. Do they give you a blind signature?

Because what you described does not preserve your anonymity if the government and the service collude.

link