To be clear, I’m not advocating for online age verification. I’m very much against it in any form. I’m just curious from a technical standpoint if it’s possible somehow to construct an accurate age verification system that doesn’t compromise a user’s privacy? i.e., it doesn’t expose the person’s identity to anyone nor leaves behind a paper trail that can be traced to that person?
That could very well work, yes; but I think that would require Bob verifying Grace’s signature, and that would require trusting that Grace didn’t make a unique signature that she only used for Alice, and making a note of who verified it.
There might be a way to verify those signatures with public keys in a way that didn’t require Bob to tell Grace that he was verifying the signature, which is still rattling around in my brain.
Bob would have to know and trust Grace beforehand. Grace could be the IRS, for example. The idea here being to have somebody who already knows your age vouch for your age.
That’s not about Bob trusting Grace specifically (that’s a premise of the entire operation), it’s about trusting that the letter Alice handed Bob was actually signed by Grace.
Well, if Grace is already well known, then her public key should be available.
That…seems so obvious, now that you say it.