←back to thread

Show HN: Anonymous Age Verification

(gist.github.com)
70 points jwally | 3 comments | 31 Aug 25 17:14 UTC | HN request time: 0.001s | source

So I'm not an expert in this area, but here's an attempt at cost effective, anonymous, age verification flow that probably covers ~70% of use cases in the United States.

The basic premise is to leverage your bank (who already has had to perform KYC on you to open an account) to attest to your age for age-restricted merchant sites (pornhub, gambling, etc) without sharing any more information than necessary.

Flow works like this:

1) You go to gambling.com

2) They request you to verify your age

3) You choose "Bank Verification"

4) You trigger a WebAuthn Credential Creation flow

5) gambling.com gives you a string to copy

-------------

6) You log into your bank

7) You go to bank.com/age-verify

8) You paste in the string you were given

9) The bank verifies it/you and creates a signed payload with your age-claims (over_18: true, over_21: false)

10) You copy this and go back to gambling.com

---------------

11) You paste the string back into gambling.com

12) You perform WebAuthn Auth flow

13) gambling.com verifies everything (signatures, webauthn, etc)

14) gambling.com sets a session-cookie and _STRONGLY_ encourages you to create an account (with a pass key). This will prevent you from having to verify your age every time you visit gambling.com

The mechanics might feel off, but it feels like this in the neighborhood of a way to perform anonymous age verification.

This is virtually free, and requires extremely light infra. Banks can be incentivized with small payments, or offer it because everyone else does and don't want to get left behind.

Show context
greatgib ◴[01 Sep 25 07:09 UTC] No.45090258[source]
Indeed, you are a not an expert, and you are doing the same as reinventing your own broken crypto. Please do not!

This has the appearance of anonymous when it is not.

First, the moment that a value, being it a nonce, a random value or whatever will be common on both side, there is no anonymity anymore.

Then, there is timing attack, where visiting a website, you then need to go to your bank. And the bank will sign at a specific time for a specific timeframe.

Then, the need to manually "copy" the signature. I guess you don't see what size, difficult characters this has to have, but totally impracticable. So in the end people would use that to pretend that it is possible with anonymity skipping that step.

Then, if the bank doesn't know the website where you went, gambling.com will know what is your bank.

And in a lot of countries, age limit might be different for some activities, like gambling allowed at 21, porn at 18, or even rules would not be the same by countries. So again, you will be leaking the country and potentially you will have to leak to the bank the activity that is intended.

And what do you do when banking app force you to have a certified Apple or Google spying approved phone? Bank already have too much power and responsibility and easily abuse of it, so it would be better to not give them even more.

So again, please refrain of inventing stupid solution like that, that can give the wrong impression to the bad persons that it is possible, justifying laws and co, when it is not possible without costing hardly on our privacy!

replies(2): >>45090414 #>>45090502 #
1. captainmuon ◴[01 Sep 25 07:37 UTC] No.45090414[source]
No, please do invent your own crypto, just don't deploy it! Coming up with schemes and then seeing where they fail is the best way to learn the intricacies. I think more of us 'lowly developers' should be familiar with the common pitfalls.

That the bank is aware of your identity is not neccessarily a flaw, but a boundary condition of the protocol. Assuming a trusted intermediary, how can we.... I think a solution here is not purely technical, but also social. How about establishing a trusted intermediary that can check your identity, but for sure does not do anything malicious with the information? Maybe there is a strong taboo against disclosing the information, like with the confidentiality of confession.

There is another flaw in the proposed scheme, how do you make sure that people don't just take the signature from another person? This one is pretty tricky to solve.

I have been thinking about similar "proof of attribute" protocols for a while, since they have interesting use cases outside of age verification. You could verify that a person on HN is really an Apple employee, without Apple being able to identify that user. Or on a dating site, you could verify that the user is a certain gender, in a certain age bracket, and the account is tied to a social media account in good standing (not a throwaway account), without having the link explicit somewhere (and thus leakable).

replies(1): >>45090626 #
2. jwally ◴[01 Sep 25 08:08 UTC] No.45090626[source]
This is constructive criticism. Thank you!

I completely missed that I could hand the merchant string to a friend with a bank account and have them sign it. Pretty obvious in retrospect!

Its not perfect, but maybe reasonable enough to prevent resale by using a salted hash of the users ip.

Wrt hash linking, theres chaums blind signature thing which looks solid. It feels like a cheap enough, private enough, and reliable enough solution is that can be rolled out in under 6 months is in this neighborhood; maybe this provides something to trigger someone who can do it to do it.

replies(1): >>45103268 #
3. jwally ◴[02 Sep 25 14:03 UTC] No.45103268[source]
Also, mulling over it; I would bet pornhub and chase.com both use google-ad trackers and 200 other ad networks. The issues my mvp create require chainalysis and a warrant. Maybe big picture, not so bad.