TechLich

I thought so too. I seem to remember it almost being a selling point. Like: "Your adventures are being used to improve maps and train AI systems for the future of humanity! Yay!"

But I had a look at their old pages from 2017-2020ish in the Wayback machine and there's no mention of it. In fact, their privacy policies seemed to try to make it very clear that they don't sell or share user data except where needed to deliver the service or in anonymised aggregate to third parties (48 people went to your business while playing Pokemon!).

There's some mention of using it to advertise but none of them mention using it to build an advanced geo-spacial dataset for AI. Unless I'm missing something or reading it wrong?

Might be a Mandela effect.

Security yes, privacy not especially.

PGP lets you encrypt the messages and sign them to digitally prove you sent them.

It doesn't help with the problem here which is that the metadata of who you are (the IP used to log into the webmail and the email address of the sender) and who you're talking to (the email of the recipient) and when (timestamps etc.) were able to be leaked.

In fact, depending on the implementation, PGP could be considered slightly worse for privacy because you'd have the added identity proof of the message having a signature that only you could create with your private key (although that's encrypted, it's a stronger identity proof than the sender email address). It also generally leaks the recipients' key IDs too (although that's configurable) PGP is great for accountability, message confidentiality and non-repudiation. Not so much for privacy. For that you'd need other systems.

I don't think we got rid of it on purpose. I think it was mostly that imported printing presses only had Latin characters by default. Printers also added a bunch of stupid spelling that we're stuck with (like the "b" in doubt or debt, the "s" in island) because most books were in Latin and they wanted to make it look similar to the Latin word to be more legible.

Weird, I read that almost easier than normal text

Ah misread that it was card, not a service. That mostly works and is the same kind of thing as the other crypto solutions.

Though a bad actor could still set up a service with a legit card that provides government signed anonymous "yes" responses on demand.

I worry that the response will be to require an account and a full ID from it. Social media sites saying "we need to verify your identity to ensure you're an adult human and to combat bots. Scan your id card..."

Still one of the better technical solutions here though.

The difference is one is physical and requires interaction with a human: "Hey uncle Bob, buy me beer?" Vs. The other one is technical and just requires them to do a Google search and click a button without interacting with anyone.

The first one has a higher barrier for entry and at least involves some form of adult supervision. The second one makes it not much different to the classic "what is your birthday?" thing.

The difference with the asking an adult to buy alcohol is mostly that, because the whole thing is online, they wouldn't need to ever really interact with an adult.

If the circumvention is as easy as looking up "free age verification" in a search engine, typing a url and clicking a button then it might not be very effective.

If it at least required them to steal dad's id card or get uncle Bob to help or something that's a different story.

I agree, although in this thread I'm mostly interested in the technical puzzle.

How do they deal with the other requirements though? What's stopping someone from setting up a service that uses their yivi account to sign "I'm over 18" for anyone who wants to be over 18?

This is the first perfect solution I've heard!

Granted it's a little slow but it meets all the requirements xD

It would also reveal to the government that the user was accessing 18+ content (though not what that content is if the token is blinded).

It also doesn't stop the easy circumvent of someone who is an adult providing a service for children or others who don't want to auth with the government.

1. The 18+ site provides Child c with a token T and it's blinded to b(T)
2. The child sends b(T) to a malicious service run by a real adult (Mal)
3. Mal sends the token to the AVS to create s(b(T))
4. Mal provides s(b(T)) to the child who gives it to the 18+ site as a legit S(T)

How does this work to protect privacy though? Wouldn't the site need to know who you are to be able to look you up with the government?

Or is it more like an SSO/Oauth callback style thing where you sign into the government and they send the "age bit" digitally signed and your browser gives it back the service? Either way the government would know when you're accessing 18+ material and possibly what specific site you're accessing? Or is there more to it?