Comment by t-writescode
16 hours ago
A more appropriate route to that is to create incentives and grants for companies to be created that can accomplish this age verification infrastructure (ideally with its own privacy guarantees, etc), and make a declaration such as “in 5 years, you will be expected to validate and track the age group of all users on your platform. We have created grants to help create technology companies and a platform that will help to implement and privatize this service”.
That way you get both:
* companies that can provide the service (yay capitalism, middlemen and jobs!)
* compliance with the new laws that help to stratify users so that < 18 and > 18 users are identified and segregated.
Or do it like the EU is doing with the EU Digital Identity Wallet, which has been tested in pilot programs since 2023, and which is expected to start being deployed to the general public next year.
Briefly, your government would give you a signed digital copy of your government ID document. This copy would be cryptographically bound to secure hardware you own, typically your smartphone. I'll assume a smartphone for the rest of this.
When you want to reveal some fact from your ID to a site, such as "my ID says that my birthday is at least 18 years in the past", your device and the site use a zero knowledge proof (ZKP) protocol to prove to the site that this is true for the signed digital ID that is bound to your device. Nothing else from or about your digital ID is conveyed to the site.
Once this is out it should be pretty easy for sites to implement age checks for EU users.
The EU system is all open source and they've got a reference implementation on Github somewhere.
Google has also recently released in open source library at https://github.com/google/longfellow-zk for building such systems.
The main thing to ensure privacy with these kind of systems is making it so that the entity that issues the digital ID to your device is an entity that you don't mind proving your ID to with your physical government ID. Ideal would be for this to be handled by the same government agency that issues the physical ID.
Second best would be entities like banks that you already trust with your ID.
[delayed]
Yeah, that should have been part of the bill.