Many might’ve seen the Australian ban of social media for <16 y.o with no idea of how to implement it. There have been mentions of “double blind age verification”, but I can’t find any information on it.

Out of curiosity, how would you implement this with privacy in mind if you really had to?

  • letsgo@lemm.ee
    link
    fedilink
    English
    arrow-up
    13
    ·
    22 days ago

    Not a cryptographic expert by any means but maybe something like this would work. This’d be implemented in common places people shop: supermarkets for instance. You’d go up to customer service and show your ID for visual confirmation only; no records can be created. In return the service rep would give you a list of randomised GUIDs against which the only permissible record can be “has been taken”. Each time you need to prove your age you’d feed in one of those GUIDs.

      • litchralee@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        4
        ·
        edit-2
        22 days ago

        Sadly, this type of scheme suffers from: 1) repudiation, and 2) transferability. An ideal system would be non-repudiable, meaning that when a GUID is used, it is unmistakably an action that could only be undertaken by the age-verified person. But a GUID cannot guarantee that, since it’s easy enough for an adult to start selling their valid GUIDs online to the highest bidder en-masse. And being a simple string, it can easily and confidentially be transferred to the buyer, so that no one but those two would know that the transaction actually took place, or which GUID was passed along.

        As a general rule, when complex questions arise which might possibly be solved by encryption, it’s fairly safe to assume that expert cryptographers have already looked at the problem and that no easy or obvious solution exists. That’s not to say that cryptographers must never be questioned, but that the field is complicated enough that incomplete answers abound.

        IMO, the other comments have it right: there does not exist a general solution to validate age without also compromising anonymity or revealing one’s identity to someone. And that alone is already a privacy compromise.

        • JeremyHuntQW12@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          22 days ago

          You upload identity to a site and it gives you a date stamped token which confirms your age.

          Then when that token is uploaded to an SM site, it verfies the identity of the giver with the site that gives the token. The identity is a hash generated by the token site and contained in both the token and a namespace at the token site, so only the token site knows the real identity. Once the token has been confirmed, the namespace is re-used.

          So you can’t really sell the token, because its linked back to the identity you uploaded to the token site. You need to be logged in to the token site.

    • LordCrom@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      22 days ago

      To be certain the list isn’t being handed out willy nilly, your id must be scanned, that will be kept for auditing purposes. If only 10 guids can be given at a time, this is the only way, plus it identifies ids used too often.

      And I can guarantee any powers that bee will turn this into a service like stupid id.me where you create an account for guid access