Comment by gruez
21 hours ago
>Modern versions of this technique allow one to associate metadata (like a proof of age exceeding a threshold) in such a way that the verifier can't even correlate repeated requests across users.
If it's unlinkable, what's preventing someone from setting up a site that hands out anonymous tokens for anyone to use?
Using cryptographic signatures from approved signers, like a government
No, I'm meant me, using my 18+ ID to generate a bunch of tokens that can't be linked back to me, and then giving it to random < 18 year olds for the lulz.
There are multiple approaches. One, which the Europeans use, hardware-locks the token. Each age attestation is unlinkable, but the cryptographic credentials you need to make the attestation aren't portable. Of course, this model requires a big statist apparatus that does implementation certification, but it does achieve the narrow goal of unlinkable, privacy-preserving age attestation that doesn't instantly decay to mass copying.
Other approaches are possible. I'm particularly keen on ones that treat attestations as anonymous digital currency and use cryptographic penalties like slashing to discourage copying post-hoc instead of relying on EU-style implementation certification.
There's a huge literature on the subject I don't want to reproduce here. The point is that yes, we do have the technology to do attestation without sacrificing privacy, which makes all the calls for non-privacy-preserving attestation awfully curious.
6 replies →
The verification service would tie the token to the IP address/geolocation. It would also throttle the number of identifications, or expire old ones.
Yes, that can eventually be worked around, but not really that different than doing the verification today on someone else's device.
5 replies →
What's to stop you, using your 18+ ID from buying crates of alcohol and giving it to random < 18 year olds for the lulz?
3 replies →
Yes, this breaks the whole scheme. Anyone promoting it as a solution is delusional. There's a triangle of "robust", "private", and "practical" and you can only pick two. This one omits robust. The various mitigations people might suggest in response will have to sacrifice one of the other dimensions.