Mastodawn

I have recently been asked by @panoptykon if it was possible to create an online age verification system that would not be a privacy nightmare.

I replied that yes, under certain assumptions, this is possible. And provided a rough sketch of such a system.

But privacy is not the only issue with systems like that:
https://rys.io/en/178.html

#Privacy #AgeVerification #Web

Privacy of online age verification

I have recently been asked by the Panoptykon Foundation if it was possible to create an online age verification system that would not be a privacy nightmare. I replied that yes, under certain assumpti

Songs on the Security of Networks

Show thread

christian mock

@rysiek Specifically for the "above the age of X" question I'd like to see a way to have a long-lived attestation without needing to go to the eID provider for each request -- after all, they don't need to know at which times I like to browse porn. That of course gets difficult because then I could just use my older brother's attestation for illegal hornyness...

Show thread

Michał "rysiek" Woźniak · 🇺🇦Apr 25

@cm yeah, long-term-ish attestation is definitely one way to improve the privacy of the system.

Another way is for the trusted app to randomly ask for age verification at random intervals, to create noise such that the e-ID service cannot easily tell which requests were chaff and which were actually related to any actual visit.

There are many ways this could be improved. Again, the point was to show that a system like this is, technically, possible.