Comment by giantg2

1 year ago

Yeah, so the government can track you, and really anyone who gains access to the signature and trust chain can track you. The trust anchor also has to verify your identity to verify your age in order to issue the PEM file.

So to answer my original question - no, you can't anonymously verify age. Someone has to verify your identity (a central authority in my comment, which in your system is a trust anchor) and your signature can be tracked back to you (as a fearure).

2 comments

giantg2

Reply
Edmond  1 year ago

I missed your concern about pure anonymity in the whole process, the answer is NO.

You can't have such a system that is totally anonymous, it is private but not anonymous. This means it is largely anonymous but for instance law enforcement might be able to track you down...I happen to think this is a good balance though I am sure not every one agrees.

  • giantg2  1 year ago

    It's not just law enforcement though. With the way the laws are today, you could have the trusted entity selling that data if they're partnered with some consumers. If you save the cert usage (on the consumer side) you could eventually utilize it if the trusted entity changes hands, policies change, etc. The government is also a potential malicious actor depending on which government and how you want to define malicious.

    Of course there are other issues in the chain concerning anonymity, like ISPs.