Comment by PunchyHamster
14 days ago
No need for separate company. Banks know your age. I'd imagine CC companies know or at very least can get age data from the banks they trade.
So it would be
1. Site let's you pick your "age provider"
2. You log to you bank/govt site
3. They only get age as response.
Even easier with CC, shops could just send payment request with minimal age, if it doesn't pass, no sell
> Banks know your age
They also know who you are. This rules them out of a privacy-forward age verification system.
Can't it be implemented such that the banks give out the age information without knowing the ID of the person on the platform?
Yes, browser can do that. A browser starts with GET and gets new HTTP 1xx or 3xx response with “Age-Verification: required <age>” header. Browser calls your AVP (defined once in preferences) and gets short-lived certificate of age (expires in 30 seconds), then passes it to website in “Age: <age> <certificate>” header. The website uses known public keys to verify “at least certain age” claim in certificate. AVP public keys can be published in some registry and cached by websites.
Then, at a minimum, the platform knows where you bank. But in any case you're trusting the platform and bank to not collude to violate your privacy. They both have strong incentives to collect that info.
> Banks know your age
Why are we pretending Facebook and X don’t?
Start with liability. The age gates will erect themselves.