To be clear, I’m not advocating for online age verification. I’m very much against it in any form. I’m just curious from a technical standpoint if it’s possible somehow to construct an accurate age verification system that doesn’t compromise a user’s privacy? i.e., it doesn’t expose the person’s identity to anyone nor leaves behind a paper trail that can be traced to that person?
Here’s my idea: Bob gives Alice a token, assigning her an unique random number n. Alice goes to Grace and tells her, “Somebody assigned me number n, can you verify that I’m allowed?” Grace then writes: “User n is allowed, signed Grace”. Alice then takes this letter and shows it to Bob. Bob now knows that Alice is allowed, but nothing else. Grace only knows that somebody wanted to know that Alice is allowed, not who that somebody is.
Of note here: This system does nothing to protect against an allowed user helping a not allowed user to gain access, but I don’t think it’s possible to protect against traitorous users.
That could very well work, yes; but I think that would require Bob verifying Grace’s signature, and that would require trusting that Grace didn’t make a unique signature that she only used for Alice, and making a note of who verified it.
There might be a way to verify those signatures with public keys in a way that didn’t require Bob to tell Grace that he was verifying the signature, which is still rattling around in my brain.
Bob would have to know and trust Grace beforehand. Grace could be the IRS, for example. The idea here being to have somebody who already knows your age vouch for your age.
That’s not about Bob trusting Grace specifically (that’s a premise of the entire operation), it’s about trusting that the letter Alice handed Bob was actually signed by Grace.
Well, if Grace is already well known, then her public key should be available.
That…seems so obvious, now that you say it.
The problem is that it leaves a paper trail.
Grace also knows what number n got verified, and the identity of the user n. Later, the website can ask the age-verifying service who user n actually was. It requires that the age-verifying service cooperates with the website, though, but this could be mandated by law, which would create a single point of (privacy) failure.
PS: i love your writing style. It’s so simple and clear :)
Cryptography is a really complicated subject. You managed to express it very easily understandable.
Yeah, that is a problem.
And thanks for the compliment.
This is called a nonce.
Which as a Brit is a really bad name for anything used to access porn.
We could change it to being called a Mountbatten-Windsor but that’s a much lengthier way to say the same thing.