Comment on Is it completely impossible to do age verification without compromising privacy?
Natanael@infosec.pub 6 days ago
Correct, as a cryptography nerd I can assure you that you MUST at minimum have a trusted verifier which met you in person at some point (such as whatever office you get your physical ID card at) and they have to have your information.
And then you’re trusting both Secure Element hardware and fancy cryptography where both must be flawless in order to protect the end user’s side of it, all while the end user now carries much more personal information with them than before
Knock_Knock_Lemmy_In@lemmy.world 6 days ago
The verifier does not know what exactly you are proving, when you are proving it or to whom.
The service provided by the verifier is equivalent to a stamp on a piece of paper.
Natanael@infosec.pub 6 days ago
Bad terminology choice, I meant the cert issuer. Need to revise the language later. I was thinking of it in terms of who verifies your IRL identity. The issuer can only issue the cert after you met them and they checked your documentation, etc
Knock_Knock_Lemmy_In@lemmy.world 6 days ago
In any system there has to be some source of truth to base the data on. Otherwise people can claim anything .