I’m not against age restrictions, but letting every site brew their own method is a really bad idea. I’m not going to upload my legal ID to every random site; that’s a recipe for identity theft, and it’s a really bad idea to teach people that that’s normal or acceptable.
And age guessing through facial recognition is incredibly unreliable. My 16 year old son has already been accepted as 18+ somewhere. I had a full moustache at 14. Others are blessed with a babyface well into their 30s.
The only right way to do this, is if governments provide their citizens with an eID that any site can ask “is this person 18+?” and get an accurate answer without any other identifiable info. And if you don’t want the government to know what sites you visit, have sites route the request through a proxy.
But instead everybody’s got to cobble together their own improvised system that we just have to trust blindly is not going to sell our data.
And if you don’t want the government to know what sites you visit, have sites route the request through a proxy.
Actually, no on the fly communication with the issuer is required for selective disclose.
You just need a signed document with individually salted hashes of different properties and you can create a zero knowledge proof non-interactively. Zero knowledge meaning that truely nothing but the disclosed property (age > 18, County == DE, or whatever) is communicated to anyone.
Theres a lot of other cool stuff that can be done with zero knowledge digital identity wallets. You could for example hash your pubkey together with the service providers pk and disclose that as a per service ID, but not reveal your pk. This allows linkability within one service (as a login method for example) while preventing cross service linkability.
I’m not against age restrictions, but letting every site brew their own method is a really bad idea. I’m not going to upload my legal ID to every random site; that’s a recipe for identity theft, and it’s a really bad idea to teach people that that’s normal or acceptable.
And age guessing through facial recognition is incredibly unreliable. My 16 year old son has already been accepted as 18+ somewhere. I had a full moustache at 14. Others are blessed with a babyface well into their 30s.
The only right way to do this, is if governments provide their citizens with an eID that any site can ask “is this person 18+?” and get an accurate answer without any other identifiable info. And if you don’t want the government to know what sites you visit, have sites route the request through a proxy.
But instead everybody’s got to cobble together their own improvised system that we just have to trust blindly is not going to sell our data.
Actually, no on the fly communication with the issuer is required for selective disclose. You just need a signed document with individually salted hashes of different properties and you can create a zero knowledge proof non-interactively. Zero knowledge meaning that truely nothing but the disclosed property (age > 18, County == DE, or whatever) is communicated to anyone.
Theres a lot of other cool stuff that can be done with zero knowledge digital identity wallets. You could for example hash your pubkey together with the service providers pk and disclose that as a per service ID, but not reveal your pk. This allows linkability within one service (as a login method for example) while preventing cross service linkability.