this post was submitted on 30 Nov 2024
119 points (99.2% liked)

Programming

17565 readers
347 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities [email protected]

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
119
How could digitial age verification be possibly implemented with privacy in mind? (programming.dev)
submitted 3 days ago by [email protected] to c/[email protected]
82 comments fedilink hide all child comments
 

Many might've seen the Australian ban of social media for <16 y.o with no idea of how to implement it. There have been mentions of "double blind age verification", but I can't find any information on it.

Out of curiosity, how would you implement this with privacy in mind if you really had to?

you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 5 points 1 day ago* (last edited 1 day ago) (1 children)

Who has age authority? A state agency or service. Like the state issues an ID with age.

Preferable, we want the user to interact with a website, that website request age authentication, but not the website to talk to the government, but through the user.

Thus, something/somewhat like

  1. State agency issues a certificate to the user
  2. User assigns a password to encrypt the user certificate
  3. User connects to random website A
  4. Random website A creates an age verification request signed to only be resolveable by state agency but sends it to the user
  5. User sends the request to a state service with their user certificate for authentication
  6. State agency confirms-signs the response
  7. User passes the responds along to the random website A

There may be alternative, simpler, or less verbose/complicated alternatives. But I'm sure it would be possible, and I think it lays out how "double-blind"(?) could work.

The random website A does not know the identity or age of the user - only to the degree they requested to verify - and the state agency knows only of a request, not its origin or application - to the degree the request and user pass-along includes.

[โ€“] [email protected] 2 points 1 day ago

I never realised it was that simple to do. Thanks a lot to answer the OP question. I had the same for longer than I wish to admit given how easy the answer was!