Private Age Assurance for ATP

Hi everyone,

Dave here, I introduced myself six months ago after the recording of the indiesky moderation call had stopped.

I am looking for feedback on https://attps.social/ a tool I built that leverages self and atp. It currently only attests whether a person is 18 or above.

It comes with a playground where mock passports can be used to test this out, I had friends have issues with scanning their NFC chip (one person had to try it 10x times for it to work).

Self is free, audited, open-source but comes with a lot of terrible cryptocurrency language due to the nature of the project.

Im open to any type of feedback!

Welcome! I’ve just been talking to a few people about verification patterns in various ways and am going to do a write up of some patterns here.

@kjetil.kjernsmo.net is looking at doing proof of Norwegian and might find this interesting.

And this is Self https://self.xyz/

And this is the code GitHub - attpslabs/age-assurance: privacy first age assurance for the atmosphere

Very interesting! Haven’t had time to try it yet but I will.

Hi!

Yeah, this is very interesting! So, I’ve been slowly coding up some stuff to use Verifiable Credentials in various forms onto AT Proto, but I get constantly sidetracked.

VC-based age verification can be done using proofs that are generally available in wallets here and there. However, in the EUDI wallets, you are constrained by that the proofs you specifically need are available. Often, you can find a above 18 proof, sometimes you can find a above 15 proof, but there is as of now no usable ZKP, so you can’t just get a proof for if a person is say between 13 and 18 (there seems to be some work on that though), you have to get the birthday and compute from that, which IMHO reveals too much. So, your ZKP is certainly welcome in that respect.

Also note that you have OpenAge. To me, that seems to be a Big Tech-driven openwashing effort to exploit a moral panic to further cement Meta’s control over our identities, but I am willing to be convinced otherwise.

My problem is that it is so hard to debate whether age gating is such a bright idea. I mean, it is clearly use cases for it, but it does not seem societies are able to discuss the fundamentals.

I think it is a terrible idea that governments direct their power towards its own citizens, instead of against Big Tech, where they should be doing. I wrote a blog about this.

Given the lack of critical reflection in public debates, we need to proceed very delicately. I fear a strong pushback from Gen Alpha once they come of age, and I fear that Big Tech will be able to capture their discontent about age gating so that it actually becomes a strong force away from new social technologies that could be good for them.

Gen Z has possibly been the least rebellious generation of youth in human history and as a Gen X parent, I often wonder what we did to deserve that… Youth are supposed to be rebellious, and it is extremely important that Gen Alpha’s rebellion is directed towards those who abuse them, Big Tech. If we’re not careful, I can easily imagine that their rebellion will be directed towards those who made the age gate. Because, they’d be right to.

So, that’s really my main concern when working on this. I believe that VCs can be done to be really helpful. It can really be protective, it can really strengthen the individual, and it can play a role in helping parents and kids get together and navigate the complex world together, which is what we really need, rather than the naive technosolutionist approach of age gating. Age assurance can be used both for good and for bad in this.

Therefore, I’m trying to steer clear of the narrow age assurance use case, to take a broader perspective on how VCs can help. But then, I have almost no resources to be working on it, so I first need to get to the point where I do.

I had a quick look and I believe Self.xyz can not support age-range verification.

If you must verify an age range you could potentially do two step verification where one attestation check whether their age is X or younger and a separate attestation to check whether their age is Y or older and use that to identify whether the user fits in the given age group.

*however, you would not know when the user is aging out of this age group so there seems to be flaws in this.

We must continue to advocate for privacy first solutions that protect peoples information and prevent companies big and small from creating honeypots of databases that can be hacked.

Zero-knowledge proofs are already used by the EU digital identity wallet as a solution for such cases: Security and Privacy - EU Digital Identity Wallet -