zlacker

[return to "EU age verification app not planning desktop support"]
1. jwally+GE[view] [source] 2025-09-24 15:18:25
>>sschue+(OP)
Here's my crack at a good-enough solution for the U.S. It doesn't have a ton of granularity - but the concept is shovel ready now, dirt cheap, and privacy preserving.

Video Demo: https://www.youtube.com/watch?v=MmcUJ5u65Q0

Actual Demo: https://app.hornpub.click

How it works:

1) Go to app.horpub.click

2) Create an ephemeral passkey

3) Extract its public-key and id (this binds the credential you're creating to your device)

4) The user copies this data to their bank's Age-Verification-Section

5) The bank creates an object that it signs with an attestation of the user's age (KYC) and their pass-key-public-key

6) The user copies this back to app.hornpub.click

7) The passkey is verified on the server, the bank's signature is verified by the server, some other meta-data is verified to make sure nothing weird is happening.

8) The user's age has been verified by their bank without the bank knowing who is asking for verification

* This method is more private than anything requiring sharing your photo-id online

* This method doesn't trigger GLBA or GDPR (user copies data themselves)

* This method is free to the merchant (hornpub)

◧◩
2. Someon+TG[view] [source] 2025-09-24 15:28:20
>>jwally+GE
What's crazy to me is why they didn't go for that kind of implementation. This works well, ensures privacy, can be audited easily, and doesn't need a f*cking app on my phone.
◧◩◪
3. f_devd+MN[view] [source] 2025-09-24 15:56:36
>>Someon+TG
If you read the guidelines they actually want to implement a double-blind approach with ZKPs, which imo is significantly better than a challenge-response pub key system in term of privacy.

If you're not familiar this would mean the verifier doesn't learns anything except a statement about attributes (age, license, etc); and the EU doesn't learn what attributes have been tried to verify or by who.

◧◩◪◨
4. jwally+zW[view] [source] 2025-09-24 16:32:39
>>f_devd+MN
Not asking to troll or be a jerk. Promise.

What would need to happen in the United States to implement a reliable ZKP age verification system - and how long would it take to roll it out?

Asking because it feels like the Titanic has sunk, and we're eschewing a floating door because the coast guard has regulation conformant life rafts that would work better.

[go to top]