M
@usernomnomnom @pluralistic @jwcph
That sounds a bit like the direction the EU seems to want to take with this: with an e-ID that lives on your smartphone. I don't know the details, but it feels less anonymous to me. I really want the system to only share the fact that the user is over a certain age limit. A hardware token sounds like it will be reused and therefore traceable.
I'm not entirely convinced by this. I think it is possible, but the government has to provide the age verification service. The argument assumes there will be several independent IDPs:
The most insurmountable of these obstacles is getting set up with an IDP in the first place – that is, proving who you are to some agency, but only one such agency
but what if there's only one, and it's the government's own e-ID system? They already know who you are, and there is inherently only one.
So if a porn site wants to know if you're >18, they redirect you with that question to the e-ID site, where you login, and the e-ID site sends back that you are or aren't over 18.
The privacy hole there is that the government will know which porn sites you visit, but I think that can be solved with an anonymising proxy. The porn site knows your porn, your age and the proxy, but not you. The proxy only knows the porn site and the government. The government knows who you are and that a site wanted to know your age, but not which site.
The one remaining privacy hole is if you somehow get access to transaction timestamps from all three to compare. If they store those, which I'm not sure they should, but even if, it should take a warrant for the government to get access to that, and it should be impossible for anyone else.
If someone can shoot holes in this, please do. But if this works, the only way anonymous age verification can work, is if the government provides it. No government has any business demanding age verification without providing the means to do so.