Many might’ve seen the Australian ban of social media for <16 y.o with no idea of how to implement it. There have been mentions of “double blind age verification”, but I can’t find any information on it.

Out of curiosity, how would you implement this with privacy in mind if you really had to?

  • Kissaki@programming.dev
    link
    fedilink
    English
    arrow-up
    5
    ·
    edit-2
    18 days ago

    Who has age authority? A state agency or service. Like the state issues an ID with age.

    Preferable, we want the user to interact with a website, that website request age authentication, but not the website to talk to the government, but through the user.

    Thus, something/somewhat like

    1. State agency issues a certificate to the user
    2. User assigns a password to encrypt the user certificate
    3. User connects to random website A
    4. Random website A creates an age verification request signed to only be resolveable by state agency but sends it to the user
    5. User sends the request to a state service with their user certificate for authentication
    6. State agency confirms-signs the response
    7. User passes the responds along to the random website A

    There may be alternative, simpler, or less verbose/complicated alternatives. But I’m sure it would be possible, and I think it lays out how “double-blind”(?) could work.

    The random website A does not know the identity or age of the user - only to the degree they requested to verify - and the state agency knows only of a request, not its origin or application - to the degree the request and user pass-along includes.

    • robinm@programming.dev
      link
      fedilink
      arrow-up
      2
      ·
      18 days ago

      I never realised it was that simple to do. Thanks a lot to answer the OP question. I had the same for longer than I wish to admit given how easy the answer was!