Comment by immibis

6 months ago

Either the certificate is the same every time and therefore it's an identifier.

Or the certificate isn't the same every time and therefore you can generate a whole bunch of them and give them out for $2 apiece.

Or the certificate isn't the same every time and also isn't anonymous so they can trace who's doing that.

You don't have to reuse the same certificate for several requests. You can get a new one for every request, for every person who is asked to verify their age and pays you $2, and if they're actually anonymous, there's no way to know you did this. Is a rate limit part of the proposal? Can I only sign up to one adult service per week?

Unless you meant the requester's real identity, in which case... we're back to not anonymous.

6 comments

immibis

Reply
whatevertrevor  6 months ago

I address all of that in my comment? I'm not sure if you even read it at this point.

  • immibis  6 months ago

    No, you didn't?

    • whatevertrevor  6 months ago

      I did, except for this bit that you added in an edit:

      > You don't have to reuse the same certificate for several requests. You can get a new one for every request, for every person who is asked to verify their age and pays you $2, and if they're actually anonymous, there's no way to know you did this. Is a rate limit part of the proposal? Can I only sign up to one adult service per week?

      This is trivially easy to detect at the attestation service. If someone is trying to repeatedly (and programmatically) use the same personal ID to generate attestations for different request IDs in a short time frame, you can throttle them, flag them, revoke their cert, whatever.

      3 replies →