Age Verification in the Web -- Holy Grail to Control Access to Restricted Content

TL;DR

This paper discusses the importance of reliable, privacy-preserving age verification methods for restricting access to harmful content online, analyzing existing solutions and proposing a cryptographic approach using open standards.

Contribution

It introduces a novel age verification method leveraging open standards and cryptography to enhance privacy, security, and user trust without requiring specialized software.

Findings

Analyzed existing age verification solutions and identified their weaknesses.

Proposed a cryptographic approach using Privacy Pass and Tokens for secure verification.

Demonstrated improved privacy and flexibility over current methods.

Abstract

Age verification before accessing restricted content is critical to protecting minors from exposure to harmful material such as pornography, gambling, violence, hateful speech, and substance purchases like alcohol and tobacco. Currently, the absence of reliable age-checking mechanisms allows children extensive access to such adult content, posing significant risks to their worldview and mental development. While regulatory efforts like the European Union's Digital Services Act promote using Digital Wallets or Age Verification Apps, relying solely on government-based solutions raises concerns about data sensitivity and privacy risks. Effective age verification must therefore be trustworthy, user-friendly, privacy-preserving, and offer flexible assurance levels. We analyze currently implemented (UK or Australia) and proposed (UE) solutions from different angles, pointing out the weaknesses and threats, and come up with an alternative. Our proposal addresses these challenges by leveraging open standards - such as Privacy Pass and Privacy Access Tokens - and cryptographic techniques to enable secure, privacy-conscious age verification without requiring specialized software installation. This approach empowers users to select trusted providers from multiple options, reducing the risk of data breaches and ensuring a safer digital environment for minors.