You forgot one (the sane one, which is coming soon anyway):
Using a government issued eID system. The EU is going to rollout eID in a way that a site can just ask “is this person > age xy?”. The answer is cryptographically secure in the sense that this person really is this age, but no other information about you has to be known by the site owner.
Which is the actual correct way to do it.
I don’t understand why all the sites go crazy with flawed age verification schemes right now, instead of waiting a until the eID rollout is done.
EDIT:
I forgot to mention that it’s only the correct way if the implementation doesn’t give away to your government on which sites you browse…
Which I believe is correctly done in the upcoming EU eID but I could be wrong about it.
What I don't understand about this approach is if it's truly completely privacy preserving what stops me from making a service where anyone can use my ID to verify? If the site owner really learns nothing about me except for my age then they can't tell that it's the same id being used for every account. And if the government truly knows nothing about the sites I verify on they can't tell that I'm misusing the id either. So someone must know more then you are letting on.
One possible solution idea I just had is having the option of registered providers (such as Discord). They would have a public key, and the user has a private key associated to their eID. They could be mingled in such a way to create a unique identifier, which would be stored by the provider (and ofc the scheme would be such that the provider can verify that the mingled identifier, was created from a valid private key and their public key).
This would in total make sure that only one account can be created with the private key, while exposing no information about the private key aka user to the provider. I am fairly certain that should work with our cryptographic tools. It would ofc put the trust on the user not to share their eID private key, but that is needed anyway. Either you manage it or it gets managed (and you lose some degree of privacy).
The hole is closed with per-site pseudonyms. Your wallet generates a unique cryptographic key pair for each site so same person + same site = same pseudonym, same person + different sites = different, unlinkable pseudonyms.
"The actual correct way" is an overstatement that misses jfaganel99's point. There are always tradeoffs. EUDI is no exception. It sacrifices full anonymity to prevent credential sharing so the site can't learn your identity, but it can recognize you across visits and build a behavioral profile under your pseudonym.
Sites need to deal with Australia, which punted all responsibility to the platforms and provided no real assistance (like say the government half of the eID system that manages all the keys and metadata)
There are also alternatives that can be good enough, such as the Swedish BankId system, which is managed by a private company owned by many banks. They provide authentication and a chain of trust for the great majority of the population on about all websites (government, healthcare, banking and other commercial services) and is also used to validate online payments (3D Secure will launch the BankId app).
While it's not without faults (services do not always support alternative authentication which may support foreigners having the right to live in the country), it has been quite reliable for so many years.
So just to say, you can have successful alternatives to a government controlled system as many actors may decide it is quite valuable to develop and maintain such a system and that it aligns with their interest, and then have it become a de-facto standard.
Its like it is evolving in front of our eyes! Eventually they might get somewhere that meets all the requirements, natural selection governed by lawsuits.
You forgot one (the sane one, which is coming soon anyway):
Using a government issued eID system. The EU is going to rollout eID in a way that a site can just ask “is this person > age xy?”. The answer is cryptographically secure in the sense that this person really is this age, but no other information about you has to be known by the site owner.
Which is the actual correct way to do it.
I don’t understand why all the sites go crazy with flawed age verification schemes right now, instead of waiting a until the eID rollout is done.
EDIT: I forgot to mention that it’s only the correct way if the implementation doesn’t give away to your government on which sites you browse… Which I believe is correctly done in the upcoming EU eID but I could be wrong about it.
What I don't understand about this approach is if it's truly completely privacy preserving what stops me from making a service where anyone can use my ID to verify? If the site owner really learns nothing about me except for my age then they can't tell that it's the same id being used for every account. And if the government truly knows nothing about the sites I verify on they can't tell that I'm misusing the id either. So someone must know more then you are letting on.
One possible solution idea I just had is having the option of registered providers (such as Discord). They would have a public key, and the user has a private key associated to their eID. They could be mingled in such a way to create a unique identifier, which would be stored by the provider (and ofc the scheme would be such that the provider can verify that the mingled identifier, was created from a valid private key and their public key).
This would in total make sure that only one account can be created with the private key, while exposing no information about the private key aka user to the provider. I am fairly certain that should work with our cryptographic tools. It would ofc put the trust on the user not to share their eID private key, but that is needed anyway. Either you manage it or it gets managed (and you lose some degree of privacy).
The hole is closed with per-site pseudonyms. Your wallet generates a unique cryptographic key pair for each site so same person + same site = same pseudonym, same person + different sites = different, unlinkable pseudonyms.
"The actual correct way" is an overstatement that misses jfaganel99's point. There are always tradeoffs. EUDI is no exception. It sacrifices full anonymity to prevent credential sharing so the site can't learn your identity, but it can recognize you across visits and build a behavioral profile under your pseudonym.
1 reply →
presumably you'd just use unique one time codes derived from the eID
9 replies →
Sites need to deal with Australia, which punted all responsibility to the platforms and provided no real assistance (like say the government half of the eID system that manages all the keys and metadata)
> Sites need to deal with Australia
Do they? The UK’s population is more than double of Australia’s and some websites (e.g. imgur) are outright blocking the UK.
4 replies →
There are also alternatives that can be good enough, such as the Swedish BankId system, which is managed by a private company owned by many banks. They provide authentication and a chain of trust for the great majority of the population on about all websites (government, healthcare, banking and other commercial services) and is also used to validate online payments (3D Secure will launch the BankId app).
While it's not without faults (services do not always support alternative authentication which may support foreigners having the right to live in the country), it has been quite reliable for so many years.
So just to say, you can have successful alternatives to a government controlled system as many actors may decide it is quite valuable to develop and maintain such a system and that it aligns with their interest, and then have it become a de-facto standard.
How does that prevent the ID service from discovering which services you use it for?
"Papers, please" is the fastest and slipperiest slope to authoritarianism. Europeans are ironically blasé.
Its like it is evolving in front of our eyes! Eventually they might get somewhere that meets all the requirements, natural selection governed by lawsuits.
This comment is so LLM-generated.