To be clear, I’m not advocating for online age verification. I’m very much against it in any form. I’m just curious from a technical standpoint if it’s possible somehow to construct an accurate age verification system that doesn’t compromise a user’s privacy? i.e., it doesn’t expose the person’s identity to anyone nor leaves behind a paper trail that can be traced to that person?
Yes. There are many solutions.
Maybe the absolutely easiest to implement is just a signed message from an authority (gov.). You click a button on the website that requires verification, get a new tab to a gov. site with no identifiers from the site redirecting you and get a message you copy. The copied message is then pasted in to the site requiring verification. The site can then verify the message at their servers.
Hey benign and honorable govt!
Please tell the website “kill-your-govt .net” that I am old enough to join the revolution!!!
Kthxbai
edit: if this was pasted in both directions AND we trust that there is no identifying information in either ‘secret’ message, might work. Normies will not like the ctrl-c/ctrl-v workflow though.
That still creates a chain that can be followed. If the site you’re trying to enter is ever compromised, there will be record of your government code and whatever tracking is used to verify that you have entered your code.
I would be happy if the government was not involved in my online activities at all but I guess that ship is about to sail.
See also: timing attacks