The EU is rolling out the EUDI system this year where citizens can verify their age (>16, >18, >21) without revealing any personal information. This is a solved problem over there.
The EU is rolling out the EUDI system this year where citizens can verify their age (>16, >18, >21) without revealing any personal information. This is a solved problem over there.
EUDI has had various criticism with its approach for not supporting unlinkability (with the same attestation used across verifiers they can be traced to the same user).
There are some long Github threads in the official repo along with a PDF[1] of cryptographer's feedback about the privacy issues. Also covered in this[2] article.
This is unlike BBS+ which supports unlinkability and which was even recommended by GSMA Europe to such address downsides. In the Github discussions there seems to be pushback by those officially involved that claim BBS+ isn't compatible with EUDI[3] and there seems to be some plateauing of any progress advancing it.
[1] https://github.com/eu-digital-identity-wallet/eudi-doc-archi...
[2] https://news.dyne.org/the-problems-of-european-digital-ident...
[3] https://github.com/eu-digital-identity-wallet/eudi-doc-archi...
According to the EU Identity Wallet's documentation, the EU's planned system requires highly invasive age verification to obtain 30 single use, easily trackable tokens that expire after 3 months. It also bans jailbreaking/rooting your device, and requires GooglePlay Services/IOS equivalent be installed to "prevent tampering". You have to blindly trust that the tokens will not be tracked, which is a total no-go for privacy.
These massive privacy issues have all been raised on their Github, and the team behind the wallet have been ignoring them.
Doesn't the act of notifying >16 today and >18 tomorrow leak birthdates?
Not unless you actually meant 16<x<18 today and >18 tomorrow.
You can be 30 and verify >16 today and >18 tomorrow, obviously without being 18.
which is nothing in comparison to leaking all of personal information
you can also introduce some jitter like changing age range only once a week/month/year for everyone
Birthday, zip code and gender is enough to uniquely identify most Americans.
Well don't reveal your birthday then. Wait 5 days to confirm >18.
If you run into a liquor store yelling "Im finally 18, here's proof." that's on you?
If you want privacy you need to fuzz the transition. Many platforms support that today. Or you can create a separate account when you graduate.
But also, knowing someone's birthday without trying it to other information greatly reduces the risk of harm.