this post was submitted on 21 Jun 2025
27 points (96.6% liked)

Ask Lemmy

32695 readers
2261 users here now

A Fediverse community for open-ended, thought provoking questions

Rules: (interactive)

1) Be nice and; have funDoxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them

2) All posts must end with a '?'This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?

3) No spamPlease do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.

4) NSFW is okay, within reasonJust remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either !asklemmyafterdark@lemmy.world or !asklemmynsfw@lemmynsfw.com. NSFW comments should be restricted to posts tagged [NSFW].

5) This is not a support community.
It is not a place for 'how do I?', type questions. If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email info@lemmy.world. For other questions check our partnered communities list, or use the search function.

6) No US Politics.
Please don't post about current US Politics. If you need to do this, try !politicaldiscussion@lemmy.world or !askusa@discuss.online

Reminder: The terms of service apply here too.

Partnered Communities:

Tech Support

No Stupid Questions

You Should Know

Reddit

Jokes

Ask Ouija

Logo design credit goes to: tubbadu

founded 2 years ago
MODERATORS
Bluetreefrog@lemmy.world
TheSaneWriter@lemm.ee
TheSaneWriter@lemmy.thesanewriter.com
Asudox@lemmy.world
lemmy_bot@lemmy.world
beefbaby182@lemmy.world
ModeratorCan@lemmy.world
neidu3@sh.itjust.works
asudox@lemmy.asudox.dev
candyman337@lemmy.world
candyman337@sh.itjust.works
27
Theoretical Private Age Confirmation -- Possible? (lemmy.today)
submitted 13 hours ago* (last edited 10 hours ago) by lemmyknow@lemmy.today to c/asklemmy@lemmy.world
29 comments fedilink hide all child comments
 

Hello,

I was gonna post this on Ask Lemmy, but then I thought maybe Technology would be a better fit for the theme. But then I saw it's mostly news, so I thought perhaps Ask Lemmy would indeed be a better fit. If this is not the case, please point me to the right direction.

As a heads-up, I am not 'Murican, and never been to 'Murica, so keep that in mind.

Seeing the recent news with France trying to age-restrict pornographic material online, I was wondering and have sort of an idea, that I wonder if it is actually doable and actually good.

Hear me out: the gobermint likely already has your data, right? At least stuff like name, date of birth, etc. The gobirment could have a private and secure service, which websites and services could use to confirm certain requirements.

For instance: A website wants to confirm if you're over 18. The website essentially asks the official gob. service, "is this user at least 18 years of age?". The official gob. service essentially has to answer "yes, your requirements are met" or "no, your requirements are not met", without giving away information on a person. The user gets prompted, being told what information is being required and whether they wish to share that. The official service wouldn't know where the request is coming from, but the original website requesting the information generates and shows a temporary code, which is not related to the website at all and is sent to the gob. service, so that the user can confirm it is indeed the website they were using that is requesting this, and not a hijack of some kind. The gob. service, if allowed by the user, sends out this confirmation to the original website, without the gob. service knowing the website and without the website knowing the user's info. The website then knows whether their requirements are met and can then act accordingly, such as by not allowing someone to access adult material if they do not meet the age requirement.

Does this make sense? Is it doable? Could it be a potential private and secure way of confirming user information without either party having access to the other's information? Obviously, the idea could be worked on and polished, but as a starting point.

Edit: so, what I'm gathering from comments here:

  1. Som'o'y'all didn't get it (no, you don't got to log in to your porn tube of choice with an official gob. account)
  2. This cannot be done
  3. This could be done
  4. This is already a thing being worked on
you are viewing a single comment's thread
view the rest of the comments
[–] Zwuzelmaus@feddit.org 5 points 11 hours ago* (last edited 11 hours ago) (4 children)

The official service wouldn't know where the request is coming from

No, not doable.

Such an info service can only be either serious or not. Think about it.

If they try to do it the serious way, then the official source of information must know, and keep a log about, who is asking. And the user must get the opportunity to read this log, who has asked about them. Maybe they must even get the chance to approve or deny every single one of these requests.

If they don't try to do it the serious way, then their service will never be meaningful/sufficient in such countries where age verification is mandatory.

[–] smiletolerantly@awful.systems 1 points 10 hours ago (2 children)

Not sure. How about this (simplified):

  • USER visits porn site
  • PORN site encrypts random nonce + "is this user 18?" with GOV pubkey
  • PORN forwards that to USER
  • USER forwards that to GOV, together with something authenticating themselves (need to have GOV account)
  • GOV knows user is requesting, but not what for
  • GOV checks: is user 18?, concats answer with random nonce from PORN, hashes that with known algo, signs the entire thing with its private signing key
  • GOV returns that to USER
  • USER forwards that to PORN
  • PORN is able to verify that whoever made the request to visit PORN is verified as older than 18 by singing key holder / GOV, by checking certificate chain, and gets freshness guarantee from random nonce
  • but PORN does not know anything about the user

There's probably glaring issues with this, this is just from the top of my head to solve the problem of "GOV should know nothing".

[–] Natanael@infosec.pub 4 points 9 hours ago

What you want is cryptographic Zero-knowledge proofs, not regular encryption. See anonymous credentials protocols.

And it does require every verifying entity to trust the issuer (each user could collect attestations from multiple issuers, to prove different things to different verifiers)

Another issue is the risk of deanonymization by verifiers simply asking for more proof of many different properties, until you can be identified anyway

[–] Zwuzelmaus@feddit.org 3 points 9 hours ago* (last edited 9 hours ago) (1 children)

Much too complicated for no benefit.

You had achieved the same with a certificate given to the user, signed (electronically) by GOV stating the user's age.

The problems are, as far as I can see: 1. this means the user must do all the work, and 2. maybe somebody, somewhere does not like to trust GOV, and 3. no "info service" can make money for nothing from it.

[–] smiletolerantly@awful.systems 1 points 9 hours ago

While that's true from a technical perspective...

How/where do you keep the certificate? If you either need an app for it, or need to manually install it on your device, most users would probably be out. The benefit of my suggestion is that you need absolutely nothing except a way to authenticate with GOV.

  1. is a Problem with all of these, that's for sure.

I fjnt get the part about the info service tbh

load more comments (1 replies)