upvote

points

by rswail3 hours ago |
comments
upvoteby mr_mitm3 hours ago|
next
[-]
The german gov id supports that. They have a PKI and the id is a smart card with a cert and private key on it [0]. It lets you answer the question "are you over 18" with a zero knowledge proof. I guess it only proves you have in your possession a valid id AND know the PIN to it, but that should be fine. France apparently has this, too, according to the article.

[0] https://www.personalausweisportal.de/Webs/PA/EN/government/t..., https://www.bsi.bund.de/EN/Themen/Oeffentliche-Verwaltung/El...

reply
upvoteby pimterry3 hours ago|
prev|
next
[-]
This has been widely discussed, and initial implementations exist: the EU digital wallets are doing exactly this. https://ec.europa.eu/digital-building-blocks/sites/spaces/EU....

In theory, every EU state will have to support this soon so users can use it to verify age privately online. Still work to do to roll this out for real, but the technological part is very much already happening and I think the rollout plan is committed.

reply
upvoteby codedokode2 hours ago|
prev|
next
[-]
No. You seem to not understand how government works. It will never be anonymized so it's an awful idea, you basically suggest to link accounts to a passport.
reply
upvoteby qnpnpmqppnp2 hours ago|
prev|
next
[-]
> Both the request and the response can be appropriately anonymized so that the government doesn't know the site, and the site doesn't know the person's identity.

Yes that's how it's done in France for instance, and generally how it's being discussed in the EU.

reply
upvoteby mcv3 hours ago|
prev|
next
[-]
Exactly. Governments that really care about age verification should provide the tools to do so. They have the means to do so without violating privacy. Something like the Dutch DigiD service (the one they're about to sell to the US despite literally everybody opposing that) would be a great basis for this; just add an age verification service to it. They already know who you are in the most legal sense possible.
reply
upvoteby thrance3 hours ago|
prev|
next
[-]
> There should be a standardized government ID service/API

Most European country already have one, some are still testing theirs. They're required by the EU to make one accessible to their citizens by the end of this year, in the context of the eID project [0].

[0] https://commission.europa.eu/topics/digital-economy-and-soci...

reply
upvoteby pembrook3 hours ago|
prev|
[-]
> if the government ID service has appropriate 2FA and security.

You're kidding right?

reply
upvoteby drysine3 hours ago|
parent|
next
[-]
Why?

In Russia we have gosuslugi.ru (state services), which nowadays requires 2FA and hasn't been compromised in any major way so far.

Among other things they provide a way for a third party to use it as identification service and a user chooses which data about himself he wants to share. No anonymity, though, and I don't see how it can be implemented so that the verification provider doesn't know which service is requiring age verification.

reply
upvoteby pembrook2 hours ago|
parent|
[-]
You seriously think Russia's state services are not compromised by intelligence?

Also, yea, no anonymity is the problem. Why would you want your government to be able to track every single website you've ever visited -- especially considering we're talking about an autocratic regime?

I'm astonished at the naivety on display on a community called "Hacker news."

reply
upvoteby drysine46 minutes ago|
parent|
[-]
>You seriously think Russia's state services are not compromised by intelligence?

The state services are required to assist intelligence and law enforcement in lawful investigations, the intelligence don't need to compromise anything.

>Why would you want your government to be able to track every single website you've ever visited

I don't want anyone to track every single website I visited.

>considering we're talking about an autocratic regime

Glad you see the EU for what it is.

The problem is that verifying age requires disclosing your identity and the fact that you use a certain service. Whoever is the provider of such verification, it learns too much about you.

Is the state the worse choice for that than a commercial entity that has fewer resources to secure itself against hacking and might even sell the data itself?

I would rather not have age verification at all and glad there is no such thing in Russia (yet?).

reply
upvoteby Hikikomori3 hours ago|
parent|
prev|
[-]
These already exist in several eu countries. Imagine that there are governments that is not America and that actually work.
reply
upvoteby pembrook2 hours ago|
parent|
[-]
Just this year, France government ID system hacked: https://www.biometricupdate.com/202604/french-govt-confirms-...
reply
upvoteby rvnx2 hours ago|
parent|
[-]
"hacked", such a shame what happened in the background; it was a teenager who saw some url like "view_my_id_documents?id=1234" and just incremented the number, and could download the documents of other people (did on dozens of millions).

.

reply