Zero-knowledge proofs still require that third party but only once, to issue it initially. Then the user can issue their own proofs locally
Comment on Is it completely impossible to do age verification without compromising privacy?
billwashere@lemmy.world 1 month agoTechnically this works EXCEPT the required third party. Either it’s the government and you have to trust them with information of knowing everything that required age verification or its separate company that can and would sell your data to data brokers. Being free and NOT the government seems mutually exclusive.
Natanael@infosec.pub 1 month ago
billwashere@lemmy.world 1 month ago
So it’s like generating a CA and then signing your own certs.
Natanael@infosec.pub 1 month ago
More like getting a TLS domain cert from a CA both sides recognize, but yeah
Knock_Knock_Lemmy_In@lemmy.world 1 month ago
You can use a government issued certificate to generate your own age proofs without their involvement.
groet@feddit.org 1 month ago
The verifier does not have the information which sites you use. That’s the point of the setup. All communication goes through you, never the site to the verifier directly. You only pass cryptographic values between them that does not include identifiable information (neither about you to the website, nor about the website to the verifier). The verifier knows who you are, the website knows that you are old enough. Nothing else.
billwashere@lemmy.world 1 month ago
Oh I missed that separation before. Ok my bad.