Theoretically, it’s possible for the user to authenticate their age without either the site or service knowing the user’s identity. Quick and dirty example:
There’s a thing called a ring signature that allows one to prove that one of a large number of people digitally signed something. Let’s say a million people all have private keys whose corresponding public keys are registered to a database after they flashed their state ID at a post office or something to prove they are ≥18 years of age. So, John Smith uses his private key plus all 1 million public keys to sign a statement that he sends to a server saying he’s ≥18. The server then takes all 1 million public keys plus the signed message John provided and verifies that his signature is among the 1 million but cannot calculate which exact public key belongs to John. The verification process requires all 1 million public keys as input; you cannot, for example, try an omit each public key one-by-one to see which causes the verification process to fail.
Currently, there is ongoing research on how to make compact ring signatures since they can be very large the more public keys are involved.
That said, even if you had scalable compact ring signature technology, I’d be more worried about advertiser deänonymization efforts once a user has logged in that check browser canvas size, IP address, user agent, font availability, etc. See https://coveryourtracks.eff.org/
Also, ring signatures for age verification don’t actually verify age, just that someone proved their age at some point in the past to the owner of the public key database; just like an adult can log into YouTube on behalf of their children and let the children go to town, John could give anyone access to his private key regardless of age.
Theoretically, it’s possible for the user to authenticate their age without either the site or service knowing the user’s identity. Quick and dirty example:
There’s a thing called a ring signature that allows one to prove that one of a large number of people digitally signed something. Let’s say a million people all have private keys whose corresponding public keys are registered to a database after they flashed their state ID at a post office or something to prove they are ≥18 years of age. So, John Smith uses his private key plus all 1 million public keys to sign a statement that he sends to a server saying he’s ≥18. The server then takes all 1 million public keys plus the signed message John provided and verifies that his signature is among the 1 million but cannot calculate which exact public key belongs to John. The verification process requires all 1 million public keys as input; you cannot, for example, try an omit each public key one-by-one to see which causes the verification process to fail.
Currently, there is ongoing research on how to make compact ring signatures since they can be very large the more public keys are involved.
https://en.wikipedia.org/wiki/Ring_signature
That said, even if you had scalable compact ring signature technology, I’d be more worried about advertiser deänonymization efforts once a user has logged in that check browser canvas size, IP address, user agent, font availability, etc. See https://coveryourtracks.eff.org/
Also, ring signatures for age verification don’t actually verify age, just that someone proved their age at some point in the past to the owner of the public key database; just like an adult can log into YouTube on behalf of their children and let the children go to town, John could give anyone access to his private key regardless of age.