undefined | Better HN

0 pointsMayeulC2y ago0 comments

Not necessarily.

1. 18+website tells the browser age verification is needed, gives a random token

2. Browser signs a verification request with the local ID card (or a key temporality allowed to do so), forwards it to government server

3. Government server sees the request with random token, signs both, answer the browser

4. Browser forwards signed attestation to 18+website.

The government server only sees the random token. The website only has the attestation. There are other things that can be nitpicked against, but not this. For instance, can we require local ID cards? What about foreign visitors? Possibly an attestation from their passport? And of course, browsers sit in the middle and see everything.

However, this could be a useful mechanism to have. For age verification, nationality check, or even identity check on official websites. And if we have this, it's bound to be abused in some ways (Facebook could require an ID check).

0 comments

3 comments · 2 top-level

philwelch2y ago· 1 in thread

I agree that you could design the system this way. But do you actually expect governments to do that?

AnthonyMouse2y ago

Also worth noting that if the system is designed in this way then anyone can set up a "pretend I'm 21" service which will sign anybody's token using a random adult's ID because it can't be traced back to them.

Conversely, that system is not secure if the site conspires with the government, because the government could record the signature (or the token) and then compare it to the one the site has to violate the anonymity of a legitimate user. There are forms of encryption that prevent this (the user does a cryptographic operation on their own device that munges the data so the site can still verify the signature but can't tell which one it was), but now you need the government to implement that system -- and update it if any vulnerability is found -- and do a coordinated update of all the sites in the world with the new protocol that patches whatever vulnerability is found -- and do this rapidly and competently because in the meantime the system would have to be taken offline to avoid it being actively exploited.

Do Not Attempt. Failure inevitable.

PawgerZ2y ago

> And of course, browsers sit in the middle and see everything

Google is loving this, I bet.

j / k navigate · click thread line to collapse