Hello,
I was gonna post this on Ask Lemmy, but then I thought maybe Technology would be a better fit for the theme. But then I saw it's mostly news, so I thought perhaps Ask Lemmy would indeed be a better fit. If this is not the case, please point me to the right direction.
As a heads-up, I am not 'Murican, and never been to 'Murica, so keep that in mind.
Seeing the recent news with France trying to age-restrict pornographic material online, I was wondering and have sort of an idea, that I wonder if it is actually doable and actually good.
Hear me out: the gobermint likely already has your data, right? At least stuff like name, date of birth, etc. The gobirment could have a private and secure service, which websites and services could use to confirm certain requirements.
For instance: A website wants to confirm if you're over 18. The website essentially asks the official gob. service, "is this user at least 18 years of age?". The official gob. service essentially has to answer "yes, your requirements are met" or "no, your requirements are not met", without giving away information on a person. The user gets prompted, being told what information is being required and whether they wish to share that. The official service wouldn't know where the request is coming from, but the original website requesting the information generates and shows a temporary code, which is not related to the website at all and is sent to the gob. service, so that the user can confirm it is indeed the website they were using that is requesting this, and not a hijack of some kind. The gob. service, if allowed by the user, sends out this confirmation to the original website, without the gob. service knowing the website and without the website knowing the user's info. The website then knows whether their requirements are met and can then act accordingly, such as by not allowing someone to access adult material if they do not meet the age requirement.
Does this make sense? Is it doable? Could it be a potential private and secure way of confirming user information without either party having access to the other's information? Obviously, the idea could be worked on and polished, but as a starting point.
Edit: so, what I'm gathering from comments here:
- Som'o'y'all didn't get it (no, you don't got to log in to your porn tube of choice with an official gob. account)
- This cannot be done
- This could be done
- This is already a thing being worked on
This can work, but with cryptography instead of the porn site connecting to a government service.
The swiss government wanted to introduce electronic id a few years back which was a complete clusterfuck, every party would get all your private data even if they just needed 'older than 18', it was supposed to be implemented by various private companies that then sell it to the individual states, not really with gov oversight, so you have like 20 companies all with all the data, each of which could be hacked at any point etc.
we forced a public vote on it in 2021 and rejected it with 65%.
the use cases are pretty valid, like online pharmacies, ordering booze online, though of course you never know what they would require it for in the future.
so now it's 2025 and a new proposal, this time much more privacy focused, developed by the government, open source, seems like they did listen to a lot of the criticism.
this blogpost goes into a bit of details on why unlinkability matters and that one-time-pads are one potential solution. And the whitepaper with more detail.
i saw a presentation from the digital society on it earlier this year and from what i remember, you get a set of keys (and can create new ones if you run out) from which you can create derived keys that only contain relevant information. The other party can verify this directly, without a gov service. And since you use a new key each time, the porn site also cant crossreference with your booze site that you're the same person, that kind of stuff. It all sounded pretty reasonable and like it would adress your points.