I did, except for this bit that you added in an edit:
> You don't have to reuse the same certificate for several requests. You can get a new one for every request, for every person who is asked to verify their age and pays you $2, and if they're actually anonymous, there's no way to know you did this. Is a rate limit part of the proposal? Can I only sign up to one adult service per week?
This is trivially easy to detect at the attestation service. If someone is trying to repeatedly (and programmatically) use the same personal ID to generate attestations for different request IDs in a short time frame, you can throttle them, flag them, revoke their cert, whatever.
alt Hacker News
I did, except for this bit that you added in an edit:
> You don't have to reuse the same certificate for several requests. You can get a new one for every request, for every person who is asked to verify their age and pays you $2, and if they're actually anonymous, there's no way to know you did this. Is a rate limit part of the proposal? Can I only sign up to one adult service per week?
This is trivially easy to detect at the attestation service. If someone is trying to repeatedly (and programmatically) use the same personal ID to generate attestations for different request IDs in a short time frame, you can throttle them, flag them, revoke their cert, whatever.