Anonymous age verification isn't a technical problem to be solved, as it's already been solved, it's a societal problem in that either the companies or the politicians pushing for age verification don't want to support it.
The trick with age verification is to do it in a way that doesn't allow tracking by the service itself (i.e. returning the same token/signature every time) or from the government (shouldn't see what sites you use when). That has pretty much been solved now, though.
Something as simple as a JWT with claims (and random uuid id) would work
1. You don't want these to be replayable (give your JWT to someone else to use) so they need to be bounded in some ways (eg intended website, time, proof it came from you and not someone else).
2. You don't want the government to know which website you're going to, nor allow the government and the website to collaborate to deanonymize you (or have the government force a website to turn over the list of tokens they got). So the government can't just hand you a uuid that the website could hand back to them to deanonymize.
The SD JWT and related specs solve for these, which is how mDL and other digital IDs can preserve privacy in this situation.
I've tried to explain this to people, that a digital ID done well is better than the fraud-enabling 1960's hodgepodge in use that has served fraudsters better than citizens for 30 years. They set their teeth and refuse based on use of the word "digital" in the title alone.
It will take generational change for the US to get something as banal as a digital ID already in use in dozens of countries, for no other reason than mindless panic over misunderstanding everything about digital ID systems, how IDs even work, and how governments work.
States in the US in a lot of ways are more comparable to countries in the EU. It's not exactly like that but in many ways it is. So it would be like requiring an EU ID on top of a national ID.
I also don't think privacy per se is the real issue of concern, it's concern about consolidation of federalized power. Privacy is one criterion by which you judge the extent to which power has been consolidated or can be consolidated.
The question isn't "can this be federalized safely in theory", it's "is it necessary to federalize this" or "what is the worse possible outcome of this if abused?"
As we are seeing recently, whatever can be abused in terms of consolidated power will be eventually, given enough time.
Surely the safety of children is worth it right ?
Right now with age assurance laws and online services there has been no singular approach beside falling back to use of government ID that any country has required. Each country has just said 'here are the minimum criteria, choose what you want' and left it up to services to comply.
So what have services chosen? The least friction and cheapest existing solution to be compliant. For most services that's been using readily available facial scanning services and government IDs as fallback. Not all of them of course but it's so scattered that it makes it difficult for a person to know what they'll need for one service vs another (and perhaps even avoid use of a service if their approach doesn't align with the person's values).
Without mandating better minimum privacy criteria governments can just point to the fact they're not preventing such tech from being used and leave it at that. But solutions also need to be affordable to adopt for a wide range of sites/services and have good support (interfaces, etc) around them to catch on so it's not just entirely whether tech exists per se.
Anonymity from whom? Does the German government doesn't know that Gunter Shmidt has just verified his age to the site GreatBDSMPartiesInBerlinForDragQueens.com ? Even if they obtain the logs from the site?
The idea was your id would be an autehnticator of sorts. You need to verify yourself, the website asks Aadhar if the person is genuine, the website returns binary yes no. Same for you, is gender male? Or ages above 18?
They would not return any other data.
In the end, it became just another "formality" and tool for politicians and to flex muscles.
People ended up taking photocopies of your card "just in case" and "that's the norm" even when it was said that's a bad idea.
People still do Aadhar kyc but it is in hands of politicians now and the bureaucracy.
If anyone implemented this privacy preservation scheme, would all the laws flip to say "yeah we really did mean it govt id tied to your post".
The key issue however is trust. The underlying protocols may support zero-knowledge proofs. But as a user I'm unlikely to be able to inspect those underlying protocols. I need to be able to see exactly what information I'm allowing the Issuer to see. Otherwise a "correct" anonymous scheme is indistinguishable from a "bad" scheme whereby the Issue sees both my full ID and details of the Resource I wish to access. Assuming a small set of centralized Issuers, they are in a position of great power if they can see exactly who is trying to access exactly what at all times. That's the question of trust - trust in the Issuer and in the implementation, not the underlying math.
For more information check the out technology behind it: https://www.eid.admin.ch/en/technology
The data is of such form that the phone then can pass challenges of type "are you of at least x years old" without giving out any other information.
And the user cannot share that data with other users because their phone will not let them.
From what I understand the issuer signs a credential and then the user on their local device generates unique proofs based on the signature each time, preventing verifiers from colluding/tracking the original signature across services. It also seems to be designed with safeguards against the issuer.
Info based on credentials can be selectively disclosed like whether you're over 18 or whether you have above a certain threshold in an account without disclosing the underlying data.
Obviously if the type of services you use need literal PII then they can still tie activity to a real-world identity but for services only requiring age assurance being able to prove you're over 18 without providing the actual age or other identifiers is better than solutions being actively used.
Let me explain the simple solutions:
Don't let phone manufacturers lock the bootloader on phones. Let the device owner lock it themselves with a password if they want to. Someone will make a kid-friendly OS if there is market demand and tech-savvy parents can install that and lock the bootloader.
What about the non-tech-savvy parents?
Don't restrict people from sideloading apps. Let the user set a password-based app installation lock if they want to. It should be a toggle in the phone's settings. Someone will make kid-friendly apps if there is demand. This lets average parents control what apps get installed or uninstalled on their kid's phone.
But what about apps or online services that adults also use?
Apps and online services can add a password-protected toggle in their user account settings that enables child mode. Let the user set the password and toggle it themselves. Parents can take their child's phone and toggle this.
----
Notice how easy these things are to implement? All of these features could be implemented in less than a week. But instead of doing this, they want to implement much more complicated schemes where the gov and corps control all the toggles, and you control none. Why is it like that? Surely there are no ulterior motives, right?
One must be a realist. If there is no profit motive, it won't happen. Ever.
One profit motive is "the government has regulations, I will be fined if I don't do this".
Another is "my competitors do it, and people buy their stuff because of it".
All the technical solutions are easy. And you're right, it's not about age verification, it's about profits.
The same way cars are regulated to have air bags, couches be made from non flammable materials, and so on.
Human nature has been the same forever. It will never, ever change. Ever. Profit drives all.
The central question the post attempts to answer is "The problem for today is: how do we live in a world with routine age-verification and human identification, without completely abandoning our privacy?"
My rephrase is an attempt to surface that, compared to the dry and academic title that will get overlooked. I think this is a very important topic these days where we are rapidly ceding are privacy to at best, confused and at worst, malicious regulations.
> These techniques are described in a great paper whose title I’ve stolen for this section.