Well there are technical solutions for this: blind signatures.

I could generate my own key, have the government blind sign it upon verifying my identity, and then use my key to prove I'm an adult citizen, without anyone (even the signing government) know which key is mine.

Any veryfying entity just need to know the government public key and check it signed my key.

▲

Aurornis 4 hours ago | parent | next [-]

The ID check laws are about matching an identity to a user account.

If the identity check was blind it wouldn't actually be an identity check. It would be "this person has access to an adult identity".

If there is truly no logging or centralization, there is no limit on how many times a single ID could be used.

So all it takes is one of those adult blind signatures to be leaked online and all the kids use it to verify their accounts. It's a blind process, so there's no way to see if it's happening.

Even if there was a block list, you would get older siblings doing it for all of their younger siblings' friends because there is no consequence. Or kids stealing their parents' signature and using it for all of their friends.

▲

Galanwe an hour ago | parent [-]

I don't quite get your point. The signer is blind to what it signs, but that does not mean there is no identity per se.

A signed key is still unique.

- You can still check that user 1 and user 2 don't use the same key.

- You can still issue a challenge to the user every 10 days to make sure he has indeed access to his key and not just borrowed it.

- You can still enforce TPM use of said keys, so that they cannot be extracted or distributed online, but require a physical ID card.

- You can still do whatever revocation system you want for the cases when a key is stolen or lost.

Really the "blind" nature of the signature changes nothing to what you would normally do with a PKI.

	▲	Aurornis an hour ago \| parent [-]
		You're only describing a half-blind system. If the site you send your information to gets a uniquely identifying piece of information, that's not blind to your identity. > - You can still check that user 1 and user 2 don't use the same key. The systems described elsewhere in the thread give people a set of signatures that can't be traced back to their source.

▲

halls-940 5 hours ago | parent | prev [-]

I was thinking the same thing. Why don't we just get a key from the government?

	▲	Galanwe 5 hours ago \| parent [-]
		> Why don't we just get a key from the government? Because one could argue that the government could keep track of the keys they give away. That is where blind signing is interesting. The government can sign _your_ key without knowing it.