top | item 47024068

(no title)

randerson | 14 days ago

Don't forget teenagers can be extremely skilled technically. Plus they have a lot of time!

But you're on the right track.

I think of a solution like:

1. Browser does one-time age verification through 3rd party service, without disclosing any details about which sites you'll access.

2. Browser stores your age, signed by that service.

3. When a site requests it the browser passes that signed age over. The site simply has to check if it has a valid signature by a trusted authority's public key.

The browser could even use Palantir in this example - but they would never get any data about what users are accessing.

discuss

uyzstvqs|14 days ago

It'd be best to create a standard for this using wallet apps. You can obtain an age certificate from any trusted provider (decentralized chain-of-trust similar to TLS CAs), which you can then load into any wallet app of your choice on any OS, and use it with any online service which supports the standard. This should use anonymous, unlinkable(!) proofs, with the only certified data being `is_over_age`.

Though I'd prefer the way proposed by Mark Camilleri Gambin (EU politician). Have parents enable Child Mode during device setup, then expose `isMinor = true` to all websites and apps, require a parental control PIN to disable. This is a much better and cleaner solution. Requiring age verification of all adults gets it backwards.

Hoodedcrow|11 days ago

Wouldn't the age verification provider then be able to retain logs of what exact credentials it signed and for whom? And if the certificates are identical for every user, couldn't everyone change the presented certificate for the universal correct one?

Second one is a lot more sensible.

subscribed|13 days ago

Ummm, i don't think teenagers on average can be extremely skilled.

Unless you think of some extreme outliers. Most of these I met can't READ and follow the step by step procedure.