undefined | Better HN

0 pointsAurornis1y ago0 comments

> California’s digital id has a way of verifying age without revealing anything else about your identity called “TruAge”

I'm not familiar with the system, but I assume it would necessarily have to reveal the sites you're verifying with to the State of California.

So it's less of a big deal, as long as you're okay with sending a record to the government about what site you're visiting every time you want to sign up somewhere or re-verify your age.

I'm sure someone in the comments will propose some cryptographic solution where neither party knows anything other than the fact that someone, somewhere, possesses a token associated with a person over the age of 18. If you think this is viable, you're not thinking like a kid trying to get around this system, nor a blackhat trying to take advantage of it: Many people would immediately set up a service that handed out age verification tokens in exchange for viewing some ads (the file sharing site model) if there were no limits and nobody could trace it back to the source. Any ID verification system must necessarily have some party able to verify the person to avoid abuse like this.

0 comments

whimsicalism1y ago

> TruAge encrypts your data points and then protects them even further by creating anonymous tokens. These anonymous tokens cannot be traced back to you without legal authorization from a court-issued subpoena

Yes, I think you are right. There is probably a way to make a fully anonymous scheme.

AurornisOP1y ago

> There is probably a way to make a fully anonymous scheme.

A fully anonymous scheme would be ripe for abuse: People would immediately take their keys and set up websites that exchanged age verification tokens for watching ads. Kids would visit these websites, watch an ad for 60 seconds, and get a fully anonymous age verification token in exchange.

Identity verification systems only work if everyone involved has some incentive to protect their identity. If the identity means nothing and nothing can be traced back to you, the tokens will be generated for next to nothing and handed out freely.

The idea is DOA.

rustcleaner1y ago

>legal authorization from a court-issued subpoena

No good technological solutions which min-max on maximizing user sovereignty and privacy will allow the possibility of [GREENTEXT].

j / k navigate · click thread line to collapse