Many might’ve seen the Australian ban of social media for <16 y.o with no idea of how to implement it. There have been mentions of “double blind age verification”, but I can’t find any information on it.

Out of curiosity, how would you implement this with privacy in mind if you really had to?

  • litchralee@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    22 days ago

    Sadly, this type of scheme suffers from: 1) repudiation, and 2) transferability. An ideal system would be non-repudiable, meaning that when a GUID is used, it is unmistakably an action that could only be undertaken by the age-verified person. But a GUID cannot guarantee that, since it’s easy enough for an adult to start selling their valid GUIDs online to the highest bidder en-masse. And being a simple string, it can easily and confidentially be transferred to the buyer, so that no one but those two would know that the transaction actually took place, or which GUID was passed along.

    As a general rule, when complex questions arise which might possibly be solved by encryption, it’s fairly safe to assume that expert cryptographers have already looked at the problem and that no easy or obvious solution exists. That’s not to say that cryptographers must never be questioned, but that the field is complicated enough that incomplete answers abound.

    IMO, the other comments have it right: there does not exist a general solution to validate age without also compromising anonymity or revealing one’s identity to someone. And that alone is already a privacy compromise.

    • JeremyHuntQW12@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      22 days ago

      You upload identity to a site and it gives you a date stamped token which confirms your age.

      Then when that token is uploaded to an SM site, it verfies the identity of the giver with the site that gives the token. The identity is a hash generated by the token site and contained in both the token and a namespace at the token site, so only the token site knows the real identity. Once the token has been confirmed, the namespace is re-used.

      So you can’t really sell the token, because its linked back to the identity you uploaded to the token site. You need to be logged in to the token site.