this post was submitted on 05 Apr 2026
607 points (99.3% liked)

Technology

83502 readers
2865 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
607
Group Pushing Age Verification Requirements for AI Turns Out to Be Sneakily Backed by OpenAI (gizmodo.com)
submitted 1 day ago by themachinestops@lemmy.dbzer0.com to c/technology@lemmy.world
48 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[โ€“] mrmaplebar@fedia.io 2 points 17 hours ago (1 children)

I kind of disagree. How can you be certain a person in is a certain age without determining who that person is?

The local AI concept is flawed, as is anything that relies on trusting the user.

If you want to be certain that someone is over 18 at some point you need a government ID or birth certificate, and at that point you know a hell of a lot more about them than their age.

This is identity verification.

[โ€“] NateNate60@lemmy.world 2 points 12 hours ago

In general, we accept that the Government already knows who you are, how old you are, and where you live. That's already a given. The purpose of a zero-knowledge age verification scheme is to allow a third party (not the Government) to be confident that a person is an adult, without being given any additional information or being able to deduce any additional information from what they're given. So essentially, they get only 1 bit of information: whether the user is an adult (true/false). In practice, a perfect system is not possible, since the fact that you receive a response also means you get the answer to related questions, like whether the user possesses a Government-issued ID (obviously "true" if they can successfully complete the verification).

So, here's how such a scheme might work. There are many possible implementations.

In the United States, we have (optional) digital ID cards. These are added to one's digital wallet in a similar manner to payment cards and can be used for things like buying alcohol, getting through airport security, and driving. This digital infrastructure can be re-used.

  1. An organisation which wants to perform digital identity verification generates a cryptographic key pair and registers the public key with a Government server ahead of time. The public key is published to a Government-run public keyserver.
  2. A website who wants to verify a user's age sends a verification request to a Government server, digitally signed with their private key. The server responds with a request ID, which is a random, but unique, string of characters.
  3. The website provides this string to the user. The user copies the string.
  4. The user opens their digital wallet, selects their ID card, and then opens the age verification feature. The user pastes the request ID into their digital wallet, which fetches information about the request from the Government server. Because the request which the request ID is associated with was signed using the organisation's private key, the Government can tell the user who initiated the request.
  5. The user is asked to confirm/deny the age verification request. If the user confirms the request, then a biometric will be required to access their private key (these are stored in the device's keystore), sign the approval response, and then sent that response to the Government server. The Government server checks that the signature is valid and tied to the key associated with that ID before marking the verification request as completed.
  6. After confirming, the user returns to the website and clicks a button which says "I've completed the verification." The website then queries the request ID with the Government server (again, signing the request with their private key). The Government server responds with "completed" if the user has accepted the request, or "not completed" if the user has either not yet accepted the request or denied it.