3/3/2026 at 11:46:37 AM
I've been really enjoying all these articles proposing solutions to anonymous age verification, mainly because most of them are written as if this has never been implemented in the real world. German IDs support age verification that just returns a yes/no response to the question "is this user above the age of 18," and not a single service in the entire country supports it.Anonymous age verification isn't a technical problem to be solved, as it's already been solved, it's a societal problem in that either the companies or the politicians pushing for age verification don't want to support it.
by lachiflippi
3/3/2026 at 1:50:52 PM
This is immensely counter-intuitive to many Americans. They wrongly assume that digital IDs are some Biblical apocalyptic level invasion of privacy, when every state ID database is already 1) linked to Federal ones, and 2) full of the same data on your driver's license anyway.I've tried to explain this to people, that a digital ID done well is better than the fraud-enabling 1960's hodgepodge in use that has served fraudsters better than citizens for 30 years. They set their teeth and refuse based on use of the word "digital" in the title alone.
It will take generational change for the US to get something as banal as a digital ID already in use in dozens of countries, for no other reason than mindless panic over misunderstanding everything about digital ID systems, how IDs even work, and how governments work.
by 3RTB297
3/3/2026 at 2:25:03 PM
Oh, that's not the half of it. In my own country, digital ID adoption was a political hot topic for a long time after the Orthodox Church realized that the new chips contain 12-digit long IDs that might contain the sequence 666. This despite everyone in the country having a legal ID with a number code that can also happen to contain this same sequence - but somehow the mere possibility of this happening in the digital IDs sparked a huge outrage and made politicians avoid the topic for quite a while.by tsimionescu
3/3/2026 at 4:13:45 PM
[flagged]by AnthonyMouse
3/3/2026 at 2:46:22 PM
I agree that there's a lack of awareness of what happens in other countries with ID, but I think it is also a different situation in the US.States in the US in a lot of ways are more comparable to countries in the EU. It's not exactly like that but in many ways it is. So it would be like requiring an EU ID on top of a national ID.
I also don't think privacy per se is the real issue of concern, it's concern about consolidation of federalized power. Privacy is one criterion by which you judge the extent to which power has been consolidated or can be consolidated.
The question isn't "can this be federalized safely in theory", it's "is it necessary to federalize this" or "what is the worse possible outcome of this if abused?"
As we are seeing recently, whatever can be abused in terms of consolidated power will be eventually, given enough time.
I guess discussions of whether or not you can have cryptographic verification with anonymity kind of miss the point at some level. It's good to be mindful of in case we go down the dystopian surveillance route, but it ignores the bigger picture issues about freedom of speech, government control over access (cryptographic guarantees of credential verfication don't guarantee issuance of the id appropriately, nor do they guarantee that the card will be issued with that cryptographic system implemented in good faith), and so forth.
by derbOac
3/3/2026 at 3:57:38 PM
> German IDs support age verification that just returns a yes/no response to the question "is this user above the age of 18,"If the only thing that came out of the ID was those letters then you wouldn't need the ID, you could just type "yes" or "no" when the site asks you if you're over 18. So it's presumably not doing that, instead it's providing some kind of signature.
And then the privacy implied by "just returns a yes/no response" isn't actually there, because it's actually returning more than that. Does the response have a fixed signature which is unique to the ID, therefore able to be correlated across sites? Does the ID have a unique public keypair that it uses to sign, with the same problem? If someone extracts the key from one ID, or just hooks it up to a computer, can they now set up a service to anonymously sign for everyone in the world? If they can't anonymously sign for everyone, can't the same mechanism used to identify them also be used to identify anyone else?
"Someone attempted to do this but no one uses it" is no proof that their attempt was any good or addressed the concerns people have about doing this.
by AnthonyMouse
3/3/2026 at 4:32:06 PM
My understanding is that the responses are signed, but in a way that prevents linking signatures across vendors, so the same card being used for verification on different sites could not be linked, while the same card being used multiple times for the same vendor could.As I'm not an expert on the crypto underlying the protocol, feel free to check the eIDAS standard for more info (the documents are in English, even if the link is not): https://www.bsi.bund.de/EN/Themen/Unternehmen-und-Organisati...
by lachiflippi
3/3/2026 at 4:56:35 PM
A cursory look implies they're using group signatures:https://en.wikipedia.org/wiki/Group_signature
Which allow the group manager (presumably the government, or anyone who compromises them) to identify who signed something.
If using the same card multiple times with the same site allows the site to correlate them then that obviously also allows the site to link two accounts you intended to be separate, or two sites to set themselves up as the same "vendor" and thereby correlate your accounts between them.
by AnthonyMouse
3/3/2026 at 10:13:26 PM
ZKPs are mentioned in the technical specs but no implementation yet. Would go for lack of standardisation / lack of harware support for these protocols as the explanation but who knows..by chucklenorris
3/3/2026 at 3:30:46 PM
The argument is that the mechanisms in use in the German IDs (and others like them) rely on trusted parties and/or trusted hardware, and therefore don't adequately assure anonymity. And this is in fact true; the trusted parties are among the ones you might want to hide the information from.Trust is bad in security. It's not complicated to understand this.
by Hizonner
3/3/2026 at 1:20:23 PM
I wish all governments would just run identity services and mandate usages that return anonymous attestations. Age being the most obvious attestation but something like residence status could also be useful.Something as simple as a JWT with claims (and random uuid id) would work
by nijave
3/3/2026 at 1:45:32 PM
It can't be quite that simple because you have a couple additional problems to solve - (effectively restating bits of the article poorly and partially)1. You don't want these to be replayable (give your JWT to someone else to use) so they need to be bounded in some ways (eg intended website, time, proof it came from you and not someone else).
2. You don't want the government to know which website you're going to, nor allow the government and the website to collaborate to deanonymize you (or have the government force a website to turn over the list of tokens they got). So the government can't just hand you a uuid that the website could hand back to them to deanonymize.
The SD JWT and related specs solve for these, which is how mDL and other digital IDs can preserve privacy in this situation.
by hirsin
3/3/2026 at 3:07:07 PM
> You don't want these to be replayable (give your JWT to someone else to use) so they need to be bounded in some ways (eg intended website, time, proof it came from you and not someone else).But these are the things that make it non-anonymous, because then instead of one token that says "is over 18" that you get once and keep forever, everyone constantly has to request zillions of tokens. Which opens up a timing attack, because then the issuer and site can collude to see that every time notbob69 signs into the website, Bob Smith requested a token, and over really quite a small number of logins to the site, that correlation becomes uniquely identifying.
Meanwhile we don't need to solve it this way, because the much better solution is to have the site provide a header that says "this content is only for adults" than to have the user provide the site with anything, and then let the user's device do what it will with that information, i.e. not show the content if the user is a minor.
by AnthonyMouse
3/3/2026 at 3:09:39 PM
Which is why you separate the credential issuance from the credential use, per the standard mentioned.by hirsin
3/3/2026 at 3:16:23 PM
The cryptography provides nothing to establish that this separation is actually being maintained and there is plenty of evidence (e.g. Snowden) of governments doing exactly the opposite while publicly claiming the contrary.On top of that, it's a timing attack, so all you need is the logs from both of them. Government gets breached and the logs published, all the sites learn who you are. Government becomes corrupt/authoritarian, seizes logs from sites openly or in secret (and can use the ones from e.g. Cloudflare without the site itself even knowing about it), retroactively identifies people.
by AnthonyMouse
3/3/2026 at 5:32:29 PM
I'd review the setup here. You're missing the critical distinction that the cryptography supports - separating entirely (in time and space) the issuance of the cred to the user and the use of that cred with a website.Unless you're getting the device logs from the users device (in which case... All of this is moot) there is no timing attack. Six months ago you got your mobile drivers license. And then today you used it to validate your age to a website anonymously. What's the timing attack there.
by hirsin
3/3/2026 at 6:16:51 PM
If the driver's license can generate new anonymous tokens itself then anyone can hook up a driver's license to a computer and set up a service to sign for everybody. If it can't, whenever you want to prove your age to a service you need to get a new token from a third party, and then there is a timing correlation because you're asking for the token right before you use the service.The article proposes a hypothetical solution where you get some finite number of tokens at once, but then the obvious problem is, what happens when you run out? First, it brings back the timing correlation when you ask for more just before you use one, and the number of times you have to correlate in order to be unique is so small it could still be a problem. Second, there are legitimate reasons to use an arbitrarily large number of tokens (e.g. building a search index of the web, content filters that want to scan the contents of links), but "finite number of tokens" was the thing preventing someone from setting up the service to provide tokens to anyone.
by AnthonyMouse
3/4/2026 at 12:46:38 AM
Blocking said search indexes is probably a good thing.I'm thinking perhaps a system where you feed it a credential, a small program runs and maintains a pool of tokens that has some reasonably finite lifespan. The server that issues the tokens restricts the number of uses of the credential. Timing attacks are impossible because your token requests are normally not associated with your uses of the tokens.
And when you use a token the site gives back a session key, further access just replays the session key (so long as it's HTTPS the key is encrypted, hard to do a replay attack) up to whatever time and rate limits the website permits.
by LorenPechtel
3/4/2026 at 7:44:40 AM
> Blocking said search indexes is probably a good thing.I feel like "we should ban all search engines" is going to be pretty unpopular.
> And when you use a token the site gives back a session key
And then you have a session key, until you don't, because you signed out of that account to sign into another one, or signed into it on a different browser or device etc.
> The server that issues the tokens restricts the number of uses of the credential.
Suppose I have a device on my home or corporate network that scans email links. It's only trying to filter malware and scams, but if a link goes to an adult content barrier then it needs tokens so it can scan the contents of the link to make sure there isn't malware behind the adult content barrier.
If I only have a finite number of tokens then the malware spammer can just send messages with more links than I have tokens until I run out, then start sending links to malware that bypass the scanner because it's out of tokens.
by AnthonyMouse
3/4/2026 at 10:20:43 PM
Search engines should not be using website search capabilities. That's putting an undue load on the systems. A board I'm involved with recently had to block search for guests because we were getting bombarded with guest searches that looked like some bot was taking a web query and tossing it around to a bunch of sites. Many of them not even in English.by LorenPechtel
3/3/2026 at 7:04:27 PM
The government can already do this with the ISP. I dont think government should be part of the average person's threat model.by AuthAuth
3/4/2026 at 8:01:12 AM
> The government can already do this with the ISP.This is what VPNs or public libraries are for.
> I dont think government should be part of the average person's threat model.
Tell that to the people in places with governments that are a threat to the average person.
"It can't happen here" is a dangerous hubris.
On top of that, do notice that there is more than one government. What happens when Salt Typhoon comes for this stuff?
by AnthonyMouse
3/4/2026 at 12:34:07 AM
If the government can access it all too often bad actors can also access it. And all too often government and bad actors are one in the same.by LorenPechtel
3/3/2026 at 3:02:29 PM
But one overlooked advantage of manually copying JWTs is that the user doesn't have to blindly trust they're not hiding extra information. They can be decoded by the user to see there's only what should be there.by Izkata
3/3/2026 at 12:17:00 PM
I remember reading in tech magazines about the "foss" acheivement which went on to become Aadhar. Remember this was prior to 2007 I think.The idea was your id would be an autehnticator of sorts. You need to verify yourself, the website asks Aadhar if the person is genuine, the website returns binary yes no. Same for you, is gender male? Or ages above 18?
They would not return any other data.
In the end, it became just another "formality" and tool for politicians and to flex muscles.
People ended up taking photocopies of your card "just in case" and "that's the norm" even when it was said that's a bad idea.
People still do Aadhar kyc but it is in hands of politicians now and the bureaucracy.
by 2Gkashmiri
3/3/2026 at 1:41:17 PM
The problem with these "yes/no" systems is that they also involve the websites you visit calling up a centralized party and asking if you're old enough. This is fine if the websites aren't interested (or if you really trust your government with your web browsing history), but gets unfortunate if you don't want to share that information.by matthewdgreen
3/3/2026 at 2:49:14 PM
The age verification system is being developed with an EU-wide standard. It's supposed to become part of the EU digital wallet initiative.The trick with age verification is to do it in a way that doesn't allow tracking by the service itself (i.e. returning the same token/signature every time) or from the government (shouldn't see what sites you use when). That has pretty much been solved now, though.
by jeroenhd
3/3/2026 at 1:59:41 PM
I just recently used my ID to register for a lottery website using the AusweissApp the first setup was a bit annoying, but once you are registered its actually easy to use and apparently you don't even need a phone you can use a card reader on your PC as wellby dabber21
3/3/2026 at 2:12:41 PM
>Anonymous age verificationAnonymity from whom? Does the German government doesn't know that Gunter Shmidt has just verified his age to the site GreatBDSMPartiesInBerlinForDragQueens.com ? Even if they obtain the logs from the site?
by ReptileMan
3/3/2026 at 2:37:25 PM
afaik it comes directly from your ID's card chip, there is an App inbetween that temporarily stores that data so it can be submitted to the service you are registering toby dabber21
3/3/2026 at 3:10:47 PM
So the app could phone home if it so desires?by ReptileMan
3/3/2026 at 1:39:07 PM
It's also gateway to push more. Once APIs are in place and databases are full, what's another "check" or a bit of info to add ?Surely the safety of children is worth it right ?
by PunchyHamster
3/3/2026 at 1:51:09 PM
If it is the case that German IDs supporting selective disclosure aren't seeing adoption for services then it needs to looked at what the friction is or even just because it's optional. It doesn't necessarily have to be an ulterior motive. It'd be easy to be called out as conspiratorial otherwise.Right now with age assurance laws and online services there has been no singular approach beside falling back to use of government ID that any country has required. Each country has just said 'here are the minimum criteria, choose what you want' and left it up to services to comply.
So what have services chosen? The least friction and cheapest existing solution to be compliant. For most services that's been using readily available facial scanning services and government IDs as fallback. Not all of them of course but it's so scattered that it makes it difficult for a person to know what they'll need for one service vs another (and perhaps even avoid use of a service if their approach doesn't align with the person's values).
Without mandating better minimum privacy criteria governments can just point to the fact they're not preventing such tech from being used and leave it at that. But solutions also need to be affordable to adopt for a wide range of sites/services and have good support (interfaces, etc) around them to catch on so it's not just entirely whether tech exists per se.
by chocmake
3/3/2026 at 5:21:47 PM
[dead]by squeefers
