Can I prove I’m over age, on the Internet?

Yes. Provided I share my name, date of birth, driver’s license, and inside leg measurement with every .com, .click, and their 1443 Harrys.

I’d prefer not to share those.

Can I privately prove I’m over age, on the Internet?

Maybe, eventually.

Let’s say I’m a visitor to your website. A law requires you to block access to under 16s, an “I am over 16” checkbox isn’t up to snuff. I want to

satisfy you that this visitor (me) is over 16
not reveal personal details to you (or third parties)
not allow you (or third parties) to track my visits across time or sites
not burden you as a hobbyist or community with compliance costs or hassle

There are protocols and cryptographies that may achieve these goals, subject to messy real world caveats.

Privacy Pass

Privacy Pass is a protocol for anonymous user authentication. As a visitor to your website I can present tokens that I satisfied a check, e.g. I solved a challenge, I’m on a particular make/model of device, I’m a paying subscriber. The tokens are blinded then cryptographically signed by an an attestor. You can verify they’re valid, but they aren’t linkable - you don’t know who used which tokens and the attestor can’t tell where or when a token was used.

CloudFlare created Privacy Pass in order to block website scrapers and other bots without using CAPTCHAs or user tracking. IETF Privacy Pass working group are working to standardise it as an RFC. Kagi, a paid search engine, offers Privacy Pass for Kagi so subscribers can still search anonymously, without being logged in.

No established age assurance providers offer Privacy Pass yet (that I found). If they did I would still need to provide personal information to them. It would be better than the status quo, but it wouldn’t meet most of the goals. Privacy Pass could be used as a way to decouple websites from particular assurance providers.

Zero-knowledge Proof

Suppose a visitor to your website could prove

They possess a passport
The passport is issued and signed by a government
The passport states the subject is over 16 years old

You don’t learn their name, age, nationality or any other detail. This is called a Zero-knowledge proof, because you (the verifier) gain zero information beyond that yes/no answer. No third party attestors are involved, the visitor is their own attestor and ZKP maths promises that if they attempt to lie then the proof won’t verify. Passports (and some biometric ID cards) contain an NFC chip with an electronic copy of your details, cryptographically signed by the issuing government. A suitable smartphone app can read these details and create a zero-knowledge proof that the signature is valid, and some fact about the details (over 16) is true.

At least 2 ZKP age passport based assurance systems are operating or under development. Each has limitations and some aspects you may consider deal breakers.

Google Longfellow ZK (libZK)

Longfellow ZK is software library by Google to generate zero-knowledge proofs, particularly from biometric identity documents such as passports. I believe it forms part of Google Wallet ID Pass, which allows an Android phone to scan a passport plus a video selfie and store the details. In the UK it works for verifying age to buy a Railcard online.

Google Wallet ID Pass is currently limited to UK and US passports. It requires an Android phone signed into your Google Account, which must be an @gmail.com account. As a Google Workspace user I’m unable to try it.

Longfellow ZK is open source and may be usable outside the Google ecosystem. To my knowledge no one has attempted so. Google have submitted Longfellow ZK draft specs to IETF.

Self

Self is a blockchain/cryptocurrency startup, developed from ZKPassport - an early prototype of zero-knowledge proofs for passport attributes. They promise “nobody, even the developers of the protocol, has access to users’ private information.” They have an Android and iOS app to scan a passport or other biometric chip ID. Your details do leave your phone during scanning, the ZKP has to be generated on a server because the process requires more CPU/RAM than a smartphone has. Self says the process runs in a Trusted Execution Environment (TEE), so they can’t view the content.

When I scanned my passport using the Android app I wasn’t prompted to take a selfie or perform a “liveness” check. Currently all or most of Self’s listed customers/partners are cryptocurrency related. Their homepage says “Google uses Self’s proof of human in its products”, but the linked self case study doesn’t provide much to back that up. To me it only says Self is running their TEEs on Google Cloud, not that any Google product relies on Self for functionality.

Limitations and caveats

Zero-knowledge proofs are bleeding edge cryptography under active development. That makes them harder to implement, harder to maintain, and generally riskier than established cryptography.

Any efforts by Apple, Google, et al are likely to be tied to their platforms. This would deepen lock-in of existing users and further lock out other platforms (e.g. Linux, BSD, postmarketOS).

As a zero-knowledge proof of a passport that I had access to that passport at some time. It doesn’t necessarily prove it’s my passport, or my only passport, or that I still have access. Additional checks such as a video selfie may be necessary, these seem much harder to do in a privacy preserving way. Revocation of ZKPs need to be supported, incase a passport is lost or stolen.

Even if I could use a passport derived ZKP, many people would still be excluded. Many people don’t have a passport or other government issued ID, or a smartphone. Many would struggle to use it. Many might justifiably distrust on grounds of complexity, fragility, immaturity, lack of standards, risk, or other factors.

In this post I’ve deliberately avoided discussing desirability of age assurance on the Internet, or whether requiring website operators to act as enforcers is a good mechanism. However those exist and I do have thoughts. Future posts are on those topics are likely.

I’m not a cryptographer. I may be misunderstanding or poorly describing the properties of zero-knowledge proofs and their application.

Other contenders and mentions

A grab bag of things that might bare fruit in the future.

Apple Digital ID also involves scanning a passport with an iPhone. It’s currently limited to US passports and US Apple accounts. I think it’s currently only for in-person ID checks. Apple also have Private Access Tokens an implementation of Privacy Pass for Apple devices that attests requests came from an Apple device/user. The two are not related as far as I can tell, but they could in principal be combined to achieve privacy preserving age assurance. Such a system would be tied to Apple’s ecosystem, as Private Access Tokens already are.

GNU Taler is a Free Software digital cash system, and quick to point out not a blockchain. There are Taler wallet apps for Android, iOS, webExtensions and others. A paper proposes Zero-Knowledge Age Restriction for GNU Taler.

euCONSENT AgeAware aims to create a standard for websites and age assurance services. They promise an AgeAware App to store anonymised tokens from age check providers. They say the token supplied via their anonymising service is a zero knowledge proof. They also say they’ll tally usage and operate as a marketplace for websites to choose and pay providers.

French law requires age assurance for porn sites with at least one method double-blinded.