Zero-knowledge proofs still require that third party but only once, to issue it initially. Then the user can issue their own proofs locally
Comment on Is it completely impossible to do age verification without compromising privacy?
billwashere@lemmy.world 8 hours agoTechnically this works EXCEPT the required third party. Either it’s the government and you have to trust them with information of knowing everything that required age verification or its separate company that can and would sell your data to data brokers. Being free and NOT the government seems mutually exclusive.
Natanael@infosec.pub 5 hours ago
billwashere@lemmy.world 5 hours ago
So it’s like generating a CA and then signing your own certs.
Natanael@infosec.pub 1 hour ago
More like getting a TLS domain cert from a CA both sides recognize, but yeah
Knock_Knock_Lemmy_In@lemmy.world 4 hours ago
You can use a government issued certificate to generate your own age proofs without their involvement.
groet@feddit.org 8 hours ago
The verifier does not have the information which sites you use. That’s the point of the setup. All communication goes through you, never the site to the verifier directly. You only pass cryptographic values between them that does not include identifiable information (neither about you to the website, nor about the website to the verifier). The verifier knows who you are, the website knows that you are old enough. Nothing else.
billwashere@lemmy.world 8 hours ago
Oh I missed that separation before. Ok my bad.