←back to thread

Show HN: Anonymous Age Verification

(gist.github.com)
70 points jwally | 3 comments | 31 Aug 25 17:14 UTC | HN request time: 0.001s | source

So I'm not an expert in this area, but here's an attempt at cost effective, anonymous, age verification flow that probably covers ~70% of use cases in the United States.

The basic premise is to leverage your bank (who already has had to perform KYC on you to open an account) to attest to your age for age-restricted merchant sites (pornhub, gambling, etc) without sharing any more information than necessary.

Flow works like this:

1) You go to gambling.com

2) They request you to verify your age

3) You choose "Bank Verification"

4) You trigger a WebAuthn Credential Creation flow

5) gambling.com gives you a string to copy

-------------

6) You log into your bank

7) You go to bank.com/age-verify

8) You paste in the string you were given

9) The bank verifies it/you and creates a signed payload with your age-claims (over_18: true, over_21: false)

10) You copy this and go back to gambling.com

---------------

11) You paste the string back into gambling.com

12) You perform WebAuthn Auth flow

13) gambling.com verifies everything (signatures, webauthn, etc)

14) gambling.com sets a session-cookie and _STRONGLY_ encourages you to create an account (with a pass key). This will prevent you from having to verify your age every time you visit gambling.com

The mechanics might feel off, but it feels like this in the neighborhood of a way to perform anonymous age verification.

This is virtually free, and requires extremely light infra. Banks can be incentivized with small payments, or offer it because everyone else does and don't want to get left behind.

Show context
drhodes ◴[31 Aug 25 19:18 UTC] No.45086168[source]
Just an FYI: In the US, 5.6 million households are unbanked.

https://www.fdic.gov/news/press-releases/2024/fdic-survey-fi...

replies(3): >>45086520 #>>45086744 #>>45090854 #
oncallthrow ◴[31 Aug 25 20:23 UTC] No.45086744[source]
Okay, and those 5.6 million probably aren't accessing sites that require age verification. Not every solution needs to work for 100% of people.
replies(3): >>45086807 #>>45087110 #>>45094615 #
blahaj ◴[31 Aug 25 20:30 UTC] No.45086807[source]
> and those 5.6 million probably aren't accessing sites that require age verification.

Why would you presume that?

> Not every solution needs to work for 100% of people.

A solution that censors large amounts of speech and culture from millions of people is clearly either insufficient or, if it is deemed sufficient, authoritarian.

replies(2): >>45087631 #>>45088196 #
jwally ◴[31 Aug 25 22:21 UTC] No.45087631{3}[source]
Any incremental advance is better than nothing where our rights are getting eroded faster than we can contact the ACLU to start investigating whether or not we have a case. The American Right have figured out that they can DDOS the legal system with all kinds of bullshit laws that they know won't stick, but it will take everyone 10x the time and effort that they spent spewing it out.

We can't back and wait for the perfect solution that covers all corner cases and makes everyone happy and has the perfect UX. We have to fight now while we still have something to fight for.

replies(1): >>45087716 #
nickthegreek ◴[31 Aug 25 22:37 UTC] No.45087716{4}[source]
If the system is that I have to prove my id or age for averag network connections, then the system has already failed me. The only system I am behind is a flag that some devices can send if enabled that lets the receiving party know the user is underage. Completely optional (controllable by device owner/guardian) but if received, that party must behave in a way that acknowledges that fact. It is not a perfect system, but it retains the freedoms and anonymity of the user.
replies(1): >>45102215 #
1. jwally ◴[02 Sep 25 12:28 UTC] No.45102215{5}[source]
I'm sorry. The system has already failed me. Short of moving or becoming king of Texas; what should I do? Practical advice is welcomed!
replies(1): >>45106124 #
2. nickthegreek ◴[02 Sep 25 17:21 UTC] No.45106124[source]
vpn, use different sites that dont make you give a govt id.
replies(1): >>45107265 #
3. jwally ◴[02 Sep 25 18:40 UTC] No.45107265[source]
How's that going for China?