Comment on Is it completely impossible to do age verification without compromising privacy?
Nighed@feddit.uk 2 days ago
The government knows who you are. They know your age, your address and know you exist (probably).
You go to a site that requires ages verification. You say:please verify me with the government portal. You go to that portal to get a temporary id code to give to the site. The website says to the gov portal give me the name and age of the user with this temp ID. You approve that access. Portal sends age (or an issue over 16/18/21 etc flag) to the site.
Gov portal doesn’t need to know who the site is You don’t provide a unique ID to the website, just a temporary one. Site only gets the data you approve.
The process can do with some streamlining, busy should work in practice?
AtHeartEngineer@lemmy.world 1 day ago
Ya you could definitely do this way too. There is a standard that google came up with called private state tokens that would allow you to do this in a pretty clean way, if you were cool with using your governments portal.
Essentially you would login to the govt portal, they would issue you some limited set of tokens (let’s say 5) that would expire after 30 days. You would go to an age restricted website and sign up and that would “burn” a token.
You could use ZK on top of this to make sure that the same email address or some other “nullifier” piece of information was used, to prevent an 18 yo kid from selling their tokens to 17 yos.