We all know “proof of age” or “age verification” is synonymous with mass surveilance, but the words “proof of age” were cleverly choosen so the average person considers it the same as showíng another person a driver’s license. Unecessary or otherwise it’s only a minor inconvenience. And there is no harm to privacy.
So what should we call “proof of age” or “age verification” which is just as punchy, but communicatee the real intent? How can we subvert this attack on our rights by turning these twisted words against themselves?
You have to trust someone.
And I can’t speak for all the implementations around the world. But I can speak for the Danish one. Or at least what the design is intended to be right now.
The Danish verification tokens are single use. Yes they get checked against a database, centrally, but that database doesn’t hold any information about who the token was issued to, just whether it’s a valid token that hasn’t been used before.
So your digital wallet holds a set of single use tokens. You have to log in using MitID (central government system for proving your identify online), then your wallet is issued age proofing tokens which you then hand over to the website to prove your age.
So there are a million ways that COULD be abused, just like there are a million ways your bank could abuse the information it holds about you. In both cases, laws require that neither abuse their privilege.
You have to trust someone. Or live a hermit.