To be clear, I’m not advocating for online age verification. I’m very much against it in any form. I’m just curious from a technical standpoint if it’s possible somehow to construct an accurate age verification system that doesn’t compromise a user’s privacy? i.e., it doesn’t expose the person’s identity to anyone nor leaves behind a paper trail that can be traced to that person?
Yes. There are many solutions.
Maybe the absolutely easiest to implement is just a signed message from an authority (gov.). You click a button on the website that requires verification, get a new tab to a gov. site with no identifiers from the site redirecting you and get a message you copy. The copied message is then pasted in to the site requiring verification. The site can then verify the message at their servers.
This requires you to trust gov that they will not trace where the secret message is pasted.
How about
Middleman anonimizer, pornhub sends the message to a middleman, the middleman puts its own token on the request, sends that to the gov, the gov responds yes/no to the middleman on the authenticity of the message, the middleman forwards the response to pornhub. The gov doesn’t see pornhub, pornhub only gets the yes/no response, the middleman only sees the message with no ID and the response.