Comment by amelius
14 days ago
Can't it be implemented such that the banks give out the age information without knowing the ID of the person on the platform?
14 days ago
Can't it be implemented such that the banks give out the age information without knowing the ID of the person on the platform?
Yes, browser can do that. A browser starts with GET and gets new HTTP 1xx or 3xx response with “Age-Verification: required <age>” header. Browser calls your AVP (defined once in preferences) and gets short-lived certificate of age (expires in 30 seconds), then passes it to website in “Age: <age> <certificate>” header. The website uses known public keys to verify “at least certain age” claim in certificate. AVP public keys can be published in some registry and cached by websites.
Then, at a minimum, the platform knows where you bank. But in any case you're trusting the platform and bank to not collude to violate your privacy. They both have strong incentives to collect that info.