

I’d have imagined something along these lines:
- USER visits porn site
- PORN site encrypts random nonce + “is this user 18?” with GOV pubkey
- PORN forwards that to USER
- USER forwards that to GOV, together with something authenticating themselves (need to have GOV account)
- GOV knows user is requesting, but not what for
- GOV checks: is user 18?, concats answer with random nonce from PORN, hashes that with known algo, signs the entire thing with its private signing key
- GOV returns that to USER
- USER forwards that to PORN
- PORN is able to verify that whoever made the request to visit PORN is verified as older than 18 by singing key holder / GOV, by checking certificate chain, and gets freshness guarantee from random nonce
- but PORN does not know anything about the user (besides whether they are an adult or not)
There’s probably glaring issues with this, this is just from the top of my head to solve the problem of “GOV should know nothing”.
Thanks for sharing that link! Interesting post and interesting blog in general!
Yes, any version of age control which would realistically get passed will be bad. This:
is absolutely true. The fact that those privacy preserving approaches exist but aren’t used is all the proof I personally need of this.