> "Let’s say I downloaded the app, proved that I am over 18, then my nephew can take my phone, unlock my app and use it to prove he is over 18."

While I appreciate the zero-knowledge proofs is considered, how the hell did no one in charge of the app design think of this? It's is literally the first question I asked when I first heard about this app. You go to the app in a store to buy alcohol, you're asked to verify your age, but that's not what you're doing. Your simply showing the store that you have a phone, with and app, which was configured by some over 18 (maybe).

Honestly I don't think it's possible to verify that you're over 18 without also providing something like a photo ID (and even that is error prone).

You can probably do something online, where the website or app does some back channel communication to a server that verifies a token. Even that is going to have issues. You could add a "List of sites that has verified your age" option where you can revoke the verification, in case your nephew borrows your phone.

They are going to implement this and it will be "good enough", but I don't see this being 100% secure or correct.

▲

Sweepi 3 days ago | parent | next [-]

Just like anyone can take anyone's credit card and go shopping - but in contrast Phones are (or at least can be) much more secure.

▲

mrweasel 3 days ago | parent [-]

That's not what you're competing with. Your competing with a drivers license with a photo (not a great photo) and some countries have pretty easily faked drivers licenses, but others have drivers licenses in hard plastic with holographic features.

The credit card doesn't work as age verification.

▲

sofixa 3 days ago | parent | next [-]

We're talking about the EU here, where the standard form of ID is an ID card with very strict requirements, including multiple secure features and an NFC chip with the photo and some other information.

	▲	atanasi 2 days ago \| parent [-]
		My bank in Finland allows activating the bank's app remotely. They verify the NFC chip of the ID card in addition to photos and other factors.

▲

klausa 3 days ago | parent | prev [-]

You're competing with photos of a drivers license.

▲

mrweasel 3 days ago | parent [-]

Not sure if you're joking or not, but Denmark have had people show an edited screenshot of the drivers license app, to get into clubs or buy alcohol.

I think they "fixed" it. I think it has some effect now that only works if you tilt the phone.

▲

klausa 3 days ago | parent | next [-]

You're competing with that for "I want to make sure the person standing in front of me is of legal drinking age" use-case, but for the remote KYC/age-verification usecases, you're competing with a photo of the document and/or a selfie.

Maybe bundling these under the same system is a mistake and they should be separate systems with different considerations; it would certainly help with arguments about it online ;P

▲

Mashimo 3 days ago | parent | prev [-]

Bouncer love it, when someone says "oh sorry, I forgot my ID, can you let me in anyway?" they just tell them to download the app :)

▲

mrweasel 3 days ago | parent [-]

I don't know about other countries, but here it requires your passport or actual drivers license, and a 12 or 24 hour wait, to actually activate the drivers license app.

	▲	Mashimo 3 days ago \| parent [-]
		Mhh, maybe it was the Sundhedskortet app? But that does not have a photo. To be honest I just overhead the bouncer talking about them liking the app. Maybe I misheard it.

▲

Mashimo 3 days ago | parent | prev | next [-]

How does the nephew unlock the phone and app?

▲

mrweasel 3 days ago | parent [-]

If it's just a PIN, and the PIN is his aunts birthday, it might not be much of a challenge. We also have to consider the cases where the adult is complicit, in these cases the app is even less secure than photo ID (for store purchases, not necessarily online).

	▲	subscribed 3 days ago \| parent [-]
		If adult is "complicit" they can purchase the stuff for the kid anyway. Why is that even a scenario to discuss?

▲

rounce 3 days ago | parent | prev [-]

[dead]