The way identity wallets work:

The government issues an eID to your wallet. The ID is signed by the government and linked to the device to prevent transferring the credential. A public/private key-pair is generated by the secure enclave in your phone, the public key along with proof of possession of the private key is included in the request for the government eID. The government signs individual attributes combined with the public key with the government private key. The government certificate containing the public key is, well, public.

One of the attributes is ‘over_18’ (In the EU eID scheme countries can add other over_XX attributes if they want, but over_18 is mandatory).

When a website wants to requests attributes, in this case the over_18 attribute, they send a request to the user’s wallet app, including a challenge. The wallet sends back a package including the government-signed attribute, which contains the device public key and the over_18 attribute plus a response to the challenge (proving the credential didn’t get transferred).

The website only sees the ‘over_18’ attribute, which is backed by the government signature. They don’t see any other attributes (the wallet app shows in advance which attributes you are sharing). The government never sees which website wants to know if you’re 18+.

Of course this is all a bit simplified, check OIDC4VCI and OIDC4VP for details.

The only real issue is the wallet app and device binding. Because a compromised device could allow credentials to be transferred some form of attestation of device and wallet app is required. In practice this means no rooted/jailbroken phones.

>Could you be more specific as to what you're imagining?

sure, i'll put my favorite two. though you'll find much more detailed and thought-out versions of these (and others) in the dozens of other giant threads on the same topic.

- buy a card with a UUID from anywhere that sells alcohol/tobacco that is valid for some period of time. most people are comfortable with flashing their ID at the clerk. the UUID card is non-identifying.

- websites issue content tags, browsers consume them, you enter your age into the OS during setup.

you generate a random number and send it to website you want to visit.

Website you want to visit generates a one-time private/public key for the purpose of this login attempt, hashes your random number, and sends the hash back to you.

You connect to the government auth platform, auth yourself to your government, and ask them to sign the hash you received.

You pass the signed hash as well as the original random number to the website you wanted to access (the original random number is used by the website to store the one-time key they generated for you). They can see it is signed by the government. They can see it is made with the hash they provided.

You get access to whatever content you wanted. The website doesn't know who you are. The government doesn't know where you logged in. Sure, it won't hold up against collusion between website and government, but nothing would.

the principles explained above are slight adaptations of PKCE authentication.

That's because you're treating AV as a system that must be 100% correct immediately. This isn't banking or an election.

As soon as you loosen off the requirements to "reasonable effort", you can start looking at account age, facial features, social attestation, and include retrospective tools to revisit someone's verification if they get in and start acting like a child. Heuristically messy but far from impossible to demand a stronger form of verification if their original might have been borderline.

The goal is broad coverage, not complete. Screening doesn't have to get 100% to have an effect.

Sure here's one example of decentralizing it -- it's going to be overly simple just as a toy example to show how easy it could be:

Whenever you want to prove your adult you go to "am I an adult.gov" and you use your credit card or whatever to prove you are an adult. At which point you get a 1-time 5-digit code that is UNIVERSAL TO EVERY SINGLE HUMAN and good for 1 hour (everybody who uses the site gets the same code that hour).

Then when you want to look at porn or something, you use this code. Boom simple and done.

There are even much better much more private techniques that use cryptography, and AI is happy to explain these graduate-degree level topics to you at your own pace.

Of course there are situations where people steal things, and use deep-fakes, etc, but those exist in every model.

Using existing parental controls parents could set their kids age and that could be used for the age controls. Could the parents let the kids around the age gate? Sure but they could do that even if a government ID and camera was required. This actually might be more effective than a lot of these systems because other adults could not let the kids use their IDs

Perfect is the enemy of the good, right? I mean a page header or some other simple means to identify "adult" vs not is good for most cases? Just thinking about it.. obviously it can be bypassed but is there a good enough?

just do what they did in Leisure suit Larry, ask some skill testing questions that only someone older than 18 would know. Give them a short time to answer so they can't look it up.

Make unrestricted devices like alcohol: you need ID to buy (but the box containing the device you’re sold is indistinguishable from any other, so the device may have a UUID but it can’t be traced to your ID); kids caught with unrestricted devices in school have them confiscated; maybe fine parents, but I think discouragement and banning in schools is enough. Kids can have restricted devices, distinguished from unrestricted by appearance in a way that’s hard to fake.

Cryptographically blinded age verification with a government signed digital ID

Info-minimized oidc handshakes with certified identity providers could verify age-category of a user with no other information shared.

Consider "log in with apple" as it is today. Depending on what you share, a relying website might not even get your name or email.

If you don't think a checkbox saying "I am 13 or older" is adequate, with all the behavioral tracking available to say Meta, they can tell well enough. OpenAI talks about this too: https://openai.com/index/our-approach-to-age-prediction/

Knowing who someone is in general is different from having a photo of their face or government ID confirmation.

This is a classic case for one time ZKPs. Sure, you can't get around attestation, but the party that needs to verify that you meet age criteria doesn't need to know your age or other private information.

I presume you're concerned by the attesting party's knowledge of both the signature and identify information. Yes, in principle these can be linked, but in practice, it may be difficult or made very difficult, and today, very little of our online activity is really anonymous anyway. It is generally not too difficult to infer identity based on the content someone generates and the bread crumbs they leave behind.

Of course, if the intent is to use age verification as a wedge to monitor everyone, then it will be difficult politically to secure the protections needed to prevent that sort of data fusion.