undefined | Better HN

0 pointsretrocog14d ago0 comments

IMHO, this is the exact instinct and there's a way to verify identity, location, and age without even having to share those directly.

0 comments

soco14d ago

Switzerland just voted recently to officially implement Selective Disclosure JWT, which does exactly all that. Social network registration can ask "are you 18?" and run with that - and only that. Or the club entrance. Or whatever, because it's all controlled by yourself in your app.

retrocogOP13d ago

That seems like a good idea. The question is how the JWT is generated. A standard one would be more akin to a traditional crypto keypair. That is a "signal" key insomuch as it tells us who controls an account. It can't tell us the owner is the controller and that is the current weakness of crypto right now. To know the owner, we need another type of keypair to go alongside the traditional kind. That would be a "tone key" and is generated by a refreshing seed derived from the entropy of long-running, unfakeable conversations. The same way a friend might recognize us as being ourselves.

soco13d ago

But you don't need to prove to all others that you are yourself, do you? You are only asked whether you're 18, the bouncer doesn't care about your name. So you can still hold the phone (like last summer the ID) of someone else and fake their answer.

j / k navigate · click thread line to collapse

0 comments

soco14d ago

retrocogOP13d ago

soco13d ago

j / k navigate · click thread line to collapse