To be clear, I’m not advocating for online age verification. I’m very much against it in any form. I’m just curious from a technical standpoint if it’s possible somehow to construct an accurate age verification system that doesn’t compromise a user’s privacy? i.e., it doesn’t expose the person’s identity to anyone nor leaves behind a paper trail that can be traced to that person?

  • SorteKanin@feddit.dk
    0·
    6 months ago

    In principle it should be possible to do a zero-knowledge proof.

    This means that the website asking for age verification asks a yes/no question like “Is this user 18+?” and the age verification service (like a digital ID provided by the government or whatever) answers “yes” or “no” accordingly, but without telling anything else about the user. Also, the verification service should ideally not know who asked for the age verification.

    So the site you want to visit only knows the thing they need to know: Whether you are 18+ or not. Nothing else. And the age verification service only knows somebody asked for age verification and provided the answer, but do not know which site you visited.

    This is all possible, but I don’t have high hopes this is the intended implementation of any government seeking age verification, so don’t get your hopes up.

  • IninewCrow@lemmy.caEnglish
    0·
    6 months ago

    The problem is not the system or the idea of age verification

    The problem is that no one on earth can be trusted with that level of monitoring, control and power.

  • Modern_medicine_isnt@lemmy.world
    0·
    6 months ago

    Nope, you always need a middle man to do the verification. That middle man has too much information.

    Also, if you could solve for the middle man, there is no way to know the user belongs to the ID. It can easily be stolen.

    • dickalan@lemmy.world
      01·
      6 months ago

      I figured you were wrong so I asked an AI and it confirmed what the people below you were saying, you really do seem to be talking straight out of your ass

      Yes, it is technically possible to build an accurate, high-confidence age-verification system that does not compromise privacy in the traditional sense (i.e., no central database of IDs, no name/address/DOB stored by the site, no paper trail that can be subpoenaed or leaked). The core tool that makes this feasible is zero-knowledge proofs (ZKPs), specifically age-based ZK proofs.

      How a privacy-preserving age check actually works in 2025

      1. User proves age to a trusted credential issuer once
        • Government digital ID (e.g., EU eIDAS wallet, some U.S. mobile driver’s licenses, Yoti, ID.me, etc.)
        • The issuer cryptographically signs a statement like “This private key belongs to someone born before 2007-11-27” without ever revealing the exact birthdate. User generates a zero-knowledge proof
        • Using their phone or browser, they create a proof that says:
          “I have a valid credential signed by [Trusted Issuer] that confirms I am 18+ (or 21+).”
        • Nothing else is revealed: no name, no exact age, no birthdate, no issuer identity if you want to go fully anonymous. Website verifies the proof in <1 second
        • The site checks the cryptographic signature and that the policy (“18+”) is satisfied.
        • It learns literally nothing else about the person.

      Real-world implementations that already exist or are in late-stage pilots (November 2025):

      • Worldcoin’s World ID “age 18+” orb-verified credential + ZK proof
      • Polygon ID / zkBridge systems used by some adult sites
      • SpruceID + Ethereum Attestation Service kits
      • Gitcoin Passport + ZK age attestations
      • Proof-of-Humanity + age minimum circuits
      • Yoti + ZK prototype (demoed 2024–2025)

      Remaining practical hurdles (why it’s not universal yet)

      • User has to have a compatible digital credential in the first place (adoption still <30% in most countries)
      • Friction: first-time setup takes 2–10 minutes instead of 3 seconds
      • Most adult sites don’t want to pay the (tiny) gas/verification fee or integrate the SDKs
      • Regulatory gray zone in some jurisdictions that still mandate “know your customer” records

      Bottom line
      Technically: Yes, 100% possible today with zero-knowledge age proofs.
      Practically: It exists, works, and is slowly rolling out, but the porn industry and most social platforms still prefer cheap/frictionless (but privacy-invasive) methods or just do nothing.

      So the top reply in your screenshot (“you always need a middle man with too much information”) is outdated — cryptography has already solved the “middle man” problem. The real blocker now is deployment inertia, not theory.

  • Nighed@feddit.ukEnglish
    0·
    6 months ago

    The government knows who you are. They know your age, your address and know you exist (probably).

    You go to a site that requires ages verification. You say:please verify me with the government portal. You go to that portal to get a temporary id code to give to the site. The website says to the gov portal give me the name and age of the user with this temp ID. You approve that access. Portal sends age (or an is over 16/18/21 etc flag) to the site.

    • Gov portal doesn’t need to know who the site is.
    • You don’t provide a unique ID to the website, just a temporary one.
    • as if codes are temporary, you must have access to the id/login now, not just at some point
    • Site only gets the data you approve/it requested,.not everything.

    The process can do with some streamlining, but should work in practice?