It would be possible to implement age verification in a way that would somewhat work and that would be to use the correct crypto on an government issued ID card. Crypto where the OS (or a website) can ask the card: "Is the holder of that card over X years old y/n?" and the card would just answer with a binary yes no question without exposing any other data while still checking the government signature.

Obviously that won't stop motivated teens from taking their parents ID cards or similar mechanisms. Thst means any system that likes to prevent that needs to additionally ensure the identity of the card holder. And then you create a privacy nightmare.

So my proposal would be to accept that nothing is ever perfect and just use the card and ensure that system works as well as it could.

Of course "card " is a standin for all manner of hardware that can do it, including phones.

▲ anticrymactic 2 days ago | parent | next [-]

> Crypto where the OS (or a website) can ask the card: "Is the holder of that card over X years old y/n?" and the card would just answer with a binary yes no question without exposing any other data while still checking the government signature.

This is the same as "What's the card holders age" by simply binary searching for it. A better way would be:

1. Have the card define the countries age access levels. (Example in Germany: >=16 [Beer/Wine], >=18 everything else)

2. The app can only ask: "Is [BEER] allowed for the card holder y/n?

This makes it immediately cross-legislative and protects the exposed data from meta analysis.

Edit: This would allow for self exclusion too. Make it possible for individuals to give up access to gambling/alcohol/tabacco/porn nationally.

	▲	atoav 2 days ago \| parent [-]
		I don't think this belongs on the card to be honest. Otherwide each legislative adjustment would require population-scale updates. This can go into the reader of anybody who e.g. sells beer to pick your example: `1. Reader knows beer >= 18 because reader is in Germany 2. Reader asks card to verify >= 18 3. etc.` This keeps the many cards simple and safe, while the locale is set to the thing that is both easier to police, to update and to support (far less people sell beer than buy it). Self exclusion would still be possible if there is a standard for it.

▲ Cthulhu_ 2 days ago | parent | prev [-]

in the Netherlands we have a better system called iDIN; it works like doing an online payment (iDeal / WERO):

* Website asks for age verification * User is redirected to their bank * Bank asks the user to log in - username/password, 2fa, bank app (whose login is behind the device's security and a secondary verification like PIN code or biometrics) * Bank tells the requester that the user is 18+, no more

This leverages a trusted party (your bank, which is subject to heavy IT security regulation and audits) and you need to show ID to open an account anyway), secrets only you know (and your kids can't easily take), phone security systems, etc. Does not require uploading ID to a 3rd party, does not require changing how IDs work, etc.

	▲	rcxdude 2 days ago \| parent \| next [-]
		This still gives your bank a pretty good idea of what websites you are visiting though. It should not need to know this with modern cryptography.
	▲	atoav 2 days ago \| parent \| prev [-]
		There are people without bank account. It isn't a big part of the population (estimated to be 0.02% or about 16.000 people in Germany), but I still feel on principle this is a basal governmental function that should remain governmental and not tied to other services that can be denied to you for various reasons. This or you make having a bank account a guaranteed human right. I am fine with both.