← Back to context

Comment by Cthulhu_

12 days ago

Actually there is, various age verification systems exist where the party asking for it does not need to process their ID, like the Dutch iDIN (https://www.idin.nl/en/) that works not unlike a digital payment - the bank knows your identity and age, just like they know your account balance, and can sign off on that kind of thing just like a payment.

I hope this becomes more widespread / standardized; the precursor for iDIN is iDEAL which is for payments, that's being expanded and rebranded as Wero across Europe at the moment (https://en.wikipedia.org/wiki/Wero_(payment)), in part to reduce dependency on American payment processors.

6 comments

Cthulhu_

Reply
devman0  12 days ago

The privacy issue has two facets, when I show ID to get in to a club or buy alcohol, the entire interaction is transient, the merchant isn't keeping that information and the issuer of the credential doesn't know that happened (i.e. the government).

Just allowing a service provider to receive a third party attestation that you "allowed" still allows the third party to track what you are doing even if the provider can't. That's still unacceptable from a privacy standpoint, I don't want the government, or agents thereof, knowing all the places I've had to show ID.

  • manuelmoreale  12 days ago

    > Just allowing a service provider to receive a third party attestation that you "allowed" still allows the third party to track what you are doing even if the provider can't. That's still unacceptable from a privacy standpoint, I don't want the government, or agents thereof, knowing all the places I've had to show ID.

    Isn't this solvable by allowing you to be the middle man? A service asks you to prove your age, you ask the government for a digital token that proves your age (and the only thing the government knows is that you have asked for a token) and you then deliver that to the service and they only know the government has certified that you are above a certain age.

    The service gets a binary answer to their question. The government only knows you have asked for a token. Wouldn't a setup like that solve the issue you're talking about?

manuelmoreale  12 days ago

We have a similar system in Italy so the age verification process itself doesn't personally concerns me that much since the verification process is done by the government itself and they obviously already have my information.

I'm personally more interested in the intuition people have when it comes to squaring rejecting age verification online while also accepting it in a multitude of other situations (both online and offline)

  • ongy  12 days ago

    My main issue is trust.

    In real world scenarios, I can observe them while they handle my ID. And systematic abuse(e.g. some video that gets stored and shows it clearly) would be a violation taken serious

    With online providers it's barely news worthy if they abuse the data they get.

    I'm not against age verification (at least not strongly), but I'd want it in a 2 party 0 trust way. I.e. one party signs a jwt like thing only containing one bit, the other validates it without ever contacting the issuer about the specific token.

    So one knows the identity, one knows the usage But they are never related

    • manuelmoreale  12 days ago

      > So one knows the identity, one knows the usage But they are never related

      I could be wrong but I think this is how the system we have in place in Italy works. And I agree that it's how it should work.