Comment by oblio - Hacker Neue

oblio Dec 10, 2025 parent

It could be designed to be anonymous.

Government runs authentication service that has your personal details.

User creates account on platform Y, platform Y asks government service if your age is >18, service says y/n. Platform never finds out your personal details.

OAuth for age verification.

swiftcoder Dec 10, 2025

The government still knows your identity in this scenario, so it's a pretty limited form of anonymity (i.e. only suitable for activities the government isn't hostile to)

oblio OP Dec 10, 2025

I know Americans don't want to hear this, but once the government turns hostile, internet anonymity won't save you, just like how guns won't save you (hello propaganda and a large and very active brainwashed minority that also has guns).

The only thing saving you from a hostile government is a well educated populace that really wants democracy and is willing to fight for it (through constant activism, peaceful & other types of protests). This is where many democracies are failing now. No amount of technology or rules can replace large amounts of constantly vigilant eyes that understand how democracy is subverted.

I would rather optimize for not giving companies too much power and end up with a Kafkaesque patchwork of corporate abuses and regulatory captures.

tim-- Dec 10, 2025

Can't you just put a middle man on there then? Get a non-profit organisation like Mozilla to ask the govt. on behalf of the user.

The organisation asks the govt, and gives back a signed token.

The the only thing the government knows is that an age verification was requested. Once verification has been done once for one site, it can be used for future verifications.

swiftcoder Dec 11, 2025

The middle man in this scenario can mask the URL that is requesting age verification, but what's to stop the government compelling traffic logs from the middle man?

trinix912 Dec 11, 2025

Nothing more than what prevents them from getting logs from your ISP about the sites you visit after verification. In ideal countries they need a court order for that, in less ideal ones they just scoop up the logs preemptively.

iknowstuff Dec 10, 2025

The government then knows all the services you use. No bueno.

There are better ways to do this including zk proofs, but you gotta work against people mass reselling them. Could do some rate limited tokens minted from a proof maybe.

osn9363739 Dec 10, 2025

Let's be real. Unless you're putting in the effort, the government already knows. Especially so on the sites listed in this ban.

iknowstuff Dec 11, 2025

To an extent I agree, except consider that governments of smaller countries probably don’t currently have the means to know, but they with such a system it would be served on a silver platter. Additionally, it could be leveraged as a means of censorship system restricting access to undesirable content

padjo Dec 10, 2025

Some concerns: - government gets a list of every website that requests your age - every website has to register with the government to initiate age verification checks

Which pretty much puts an end to any notion of an open internet. But maybe a system I prefer to one where a bunch of random startups have my age verification biometrics .

Froztnova Dec 10, 2025

Would zero knowledge proofs work here? I'm not enough of a cryptography nerd so I don't know if it would be a practical use-case.

tim-- Dec 11, 2025

> Would zero knowledge proofs work here?

Yes, but that would then require more infrastructure. For example, Australia does not have a national ID card - or a national proof of age card (each state, however, does implement a Proof of Age card, eg https://www.nsw.gov.au/driving-boating-and-transport/driver-...).

So, what is your zero knowledge based on? Who is the signer?

Under the Identity Verification Services Act 2023 we have IDMatch (https://www.idmatch.gov.au/). This whole setup can simply be extended to have third parties act as an intermediary between the government and the party attempting to get proof of age. Similar to AusPost's DigitaliD (https://www.digitalid.com/personal). But let's not have that company owned by the Government :)

It's pretty cooked that we are asking the social media companies to go ahead and prove to the eSaftey commissioner that they have measures in place to stop kids from getting access to social websites, yet they have to use unreliable measures like selfies to do it. The companies can't win here. This won't be the last you hear of this. https://youtu.be/YTwBStZIawY?t=306

This item has no comments currently.

Preferences

Keyboard Shortcuts

Story Lists

Navigation

Miscellaneous