←back to thread

Show HN: Anonymous Age Verification

(gist.github.com)
70 points jwally | 7 comments | 31 Aug 25 17:14 UTC | HN request time: 0.64s | source | bottom

So I'm not an expert in this area, but here's an attempt at cost effective, anonymous, age verification flow that probably covers ~70% of use cases in the United States.

The basic premise is to leverage your bank (who already has had to perform KYC on you to open an account) to attest to your age for age-restricted merchant sites (pornhub, gambling, etc) without sharing any more information than necessary.

Flow works like this:

1) You go to gambling.com

2) They request you to verify your age

3) You choose "Bank Verification"

4) You trigger a WebAuthn Credential Creation flow

5) gambling.com gives you a string to copy

-------------

6) You log into your bank

7) You go to bank.com/age-verify

8) You paste in the string you were given

9) The bank verifies it/you and creates a signed payload with your age-claims (over_18: true, over_21: false)

10) You copy this and go back to gambling.com

---------------

11) You paste the string back into gambling.com

12) You perform WebAuthn Auth flow

13) gambling.com verifies everything (signatures, webauthn, etc)

14) gambling.com sets a session-cookie and _STRONGLY_ encourages you to create an account (with a pass key). This will prevent you from having to verify your age every time you visit gambling.com

The mechanics might feel off, but it feels like this in the neighborhood of a way to perform anonymous age verification.

This is virtually free, and requires extremely light infra. Banks can be incentivized with small payments, or offer it because everyone else does and don't want to get left behind.

1. greatgib ◴[01 Sep 25 07:09 UTC] No.45090258[source]
Indeed, you are a not an expert, and you are doing the same as reinventing your own broken crypto. Please do not!

This has the appearance of anonymous when it is not.

First, the moment that a value, being it a nonce, a random value or whatever will be common on both side, there is no anonymity anymore.

Then, there is timing attack, where visiting a website, you then need to go to your bank. And the bank will sign at a specific time for a specific timeframe.

Then, the need to manually "copy" the signature. I guess you don't see what size, difficult characters this has to have, but totally impracticable. So in the end people would use that to pretend that it is possible with anonymity skipping that step.

Then, if the bank doesn't know the website where you went, gambling.com will know what is your bank.

And in a lot of countries, age limit might be different for some activities, like gambling allowed at 21, porn at 18, or even rules would not be the same by countries. So again, you will be leaking the country and potentially you will have to leak to the bank the activity that is intended.

And what do you do when banking app force you to have a certified Apple or Google spying approved phone? Bank already have too much power and responsibility and easily abuse of it, so it would be better to not give them even more.

So again, please refrain of inventing stupid solution like that, that can give the wrong impression to the bad persons that it is possible, justifying laws and co, when it is not possible without costing hardly on our privacy!

replies(2): >>45090414 #>>45090502 #
2. captainmuon ◴[01 Sep 25 07:37 UTC] No.45090414[source]
No, please do invent your own crypto, just don't deploy it! Coming up with schemes and then seeing where they fail is the best way to learn the intricacies. I think more of us 'lowly developers' should be familiar with the common pitfalls.

That the bank is aware of your identity is not neccessarily a flaw, but a boundary condition of the protocol. Assuming a trusted intermediary, how can we.... I think a solution here is not purely technical, but also social. How about establishing a trusted intermediary that can check your identity, but for sure does not do anything malicious with the information? Maybe there is a strong taboo against disclosing the information, like with the confidentiality of confession.

There is another flaw in the proposed scheme, how do you make sure that people don't just take the signature from another person? This one is pretty tricky to solve.

I have been thinking about similar "proof of attribute" protocols for a while, since they have interesting use cases outside of age verification. You could verify that a person on HN is really an Apple employee, without Apple being able to identify that user. Or on a dating site, you could verify that the user is a certain gender, in a certain age bracket, and the account is tied to a social media account in good standing (not a throwaway account), without having the link explicit somewhere (and thus leakable).

replies(1): >>45090626 #
3. jwally ◴[01 Sep 25 07:49 UTC] No.45090502[source]
A little more aggressive than maybe necessary, but I do appreciate the sentiment. Truly.

My goal here is to try and point out that there is a solution that can be rolled out in under 6 months by leveraging existing kyc infrastructure.

IT DOES NOT HAVE TO BE THIS!

Can this be beefed up to make credential resale impractical, while still preserving anonymity in the face of collusion while still being legitimate enough to rely on as evidence that someone is over 18? Absolutely! Will it be perfect? No.

As a Texan, my rights are being eroded daily, bit by bit (pardon the pun). Its dog shit that my kids have to live in a world where my government is effectively legislating morality and enforcing it on technicalities by DDOSing the legal system. But this IS the world I live in.

My other options are what? Vote, move, or use TOR?

If you're so clever, help. Improve it. Create something better but don't sit back and shit on a first draft of something that is trying (admittedly poorly) to put a speed bump in front of our freight train to the Republic of Gilead.

replies(1): >>45093822 #
4. jwally ◴[01 Sep 25 08:08 UTC] No.45090626[source]
This is constructive criticism. Thank you!

I completely missed that I could hand the merchant string to a friend with a bank account and have them sign it. Pretty obvious in retrospect!

Its not perfect, but maybe reasonable enough to prevent resale by using a salted hash of the users ip.

Wrt hash linking, theres chaums blind signature thing which looks solid. It feels like a cheap enough, private enough, and reliable enough solution is that can be rolled out in under 6 months is in this neighborhood; maybe this provides something to trigger someone who can do it to do it.

replies(1): >>45103268 #
5. greatgib ◴[01 Sep 25 16:00 UTC] No.45093822[source]

   My goal here is to try and point out that there is a solution that can be rolled out in under 6 months by leveraging existing kyc infrastructure.
You complain of the erosion of privacy, and yet your goal is to give the oppressors tools to justify their actions. Especially tools that you know are far from perfect to achieve the anonymity goal. I'm sure that you don't have bad intentions, but what is happening after is that persons less take savy will take your work as an example that "it is possible" and that technologists are bullshiting them when saying that it is not possible without eroding anonymity. They will not look further than that. Look we can do laws because it is not impossible if we want.

If you look well in UK, this is what is happening, the country trying to give the legislator a reality check, but too late.

replies(1): >>45103315 #
6. jwally ◴[02 Sep 25 14:03 UTC] No.45103268{3}[source]
Also, mulling over it; I would bet pornhub and chase.com both use google-ad trackers and 200 other ad networks. The issues my mvp create require chainalysis and a warrant. Maybe big picture, not so bad.
7. jwally ◴[02 Sep 25 14:07 UTC] No.45103315{3}[source]
Better to go down with the titanic than leave your cabin with your hair disheveled! And what will the survivors say if you show up in the life boat with the same formal attire you had on the night before!?!