[quotemstr]

There are multiple approaches. One, which the Europeans use, hardware-locks the token. Each age attestation is unlinkable, but the cryptographic credentials you need to make the attestation aren't portable. Of course, this model requires a big statist apparatus that does implementation certification, but it does achieve the narrow goal of unlinkable, privacy-preserving age attestation that doesn't instantly decay to mass copying.

Other approaches are possible. I'm particularly keen on ones that treat attestations as anonymous digital currency and use cryptographic penalties like slashing to discourage copying post-hoc instead of relying on EU-style implementation certification.

There's a huge literature on the subject I don't want to reproduce here. The point is that yes, we do have the technology to do attestation without sacrificing privacy, which makes all the calls for non-privacy-preserving attestation awfully curious.

[Aurornis]

> One, which the Europeans use, hardware-locks the token.

I'm surprised anyone considers this viable.

It would limit access to those sites to a limited set of acceptable devices and operating systems.

I couldn't use my laptop, desktop, or a jailbroken phone.

[Magnusmaster]

Exactly. And the funny thing is that the EU Age Verification App seems to be vulnerable to relay attacks anyway.

[Terr_]

> as anonymous digital currency and use cryptographic penalties like slashing

Or make it so that tokens cannot be tested except by spending/burning them, which would significantly reduce (but not eliminate) a black market because it would be hard for any buyers to trust any sellers.

The best outcome here is going to rest on getting people to agree that "good enough" is the best outcome. We want a system that gets the broad social results (e.g. less brain-rot in the kids) without being so impossibly strict and overbuilt that it leads to an even-worse problem (e.g. authoritarian hellhole tools.)

[jszymborski]

I'm not familiar with this, but what your describing sounds similar to the hardware DRM keys used for protecting 4K streams from being downloaded from Netflix.

If so, this stuff is already broken, and imagine it would be pretty simple to apply the same principles here.

I'm probably wrong on this though I'm out of my depth