← Back to context

Comment by Seattle3503

3 days ago

It seems like the solution is to provide an age verification mechanism with robust privacy protections. That way when we offer a solution that works for all of their states concerns, if they disagree with the privacy preserving approach we force them to say outright "I want to keep a record of every website you visit."

5 comments

Seattle3503

Reply
summm  2 days ago

Unfortunately not. They will use even the most privacy preserving protocol to push remote attestation of end devices. Which in itself is a stepping stone making their next steps much easier.

  • Seattle3503  2 days ago

    Why would they say that is necessary?

    • summm  2 days ago

      They actually already do in the EUDI wallet reference implementation. There, as this is part of a more general ID system, they probably want to avoid that people duplicate or export IDs. In case of a privacy preserving age check, the fear could be that a copied private key could be enough to generate unlimited age proofs, indistinguishable from the original app instance. In another thread someone gave an even lazier argument: the eudi wallet requires hw backed keys by law regardless, and the laziest implementation would be device attestation...

      1 reply →

meowface  2 days ago

I don't understand how such a thing could be possible. Privacy is inherently gone, even if the third party doesn't learn your real name.