To be clear, I’m not advocating for online age verification. I’m very much against it in any form. I’m just curious from a technical standpoint if it’s possible somehow to construct an accurate age verification system that doesn’t compromise a user’s privacy? i.e., it doesn’t expose the person’s identity to anyone nor leaves behind a paper trail that can be traced to that person?
Correct, as a cryptography nerd I can assure you that you MUST at minimum have a trusted verifier which met you in person at some point (such as whatever office you get your physical ID card at) and they have to have your information.
And then you’re trusting both Secure Element hardware and fancy cryptography where both must be flawless in order to protect the end user’s side of it, all while the end user now carries much more personal information with them than before
The verifier does not know what exactly you are proving, when you are proving it or to whom.
The service provided by the verifier is equivalent to a stamp on a piece of paper.
Bad terminology choice, I meant the cert issuer. Need to revise the language later. I was thinking of it in terms of who verifies your IRL identity. The issuer can only issue the cert after you met them and they checked your documentation, etc
In any system there has to be some source of truth to base the data on. Otherwise people can claim anything .