Not the guy you were talking to but I wonder, what do you think about privacy preserving age verification?
A site requests your age, this opens a 3rd party oauth or similar login where you can login without the site directly seeing it, you get a request similar to logging in with google and getting the “this site will see your email and real name”, but the request will only contain your age. The third party will cryptographically sign the message containing only the request uuid and your age (or even just >18 or <18) and the site itself can verify that, but nothing more or less.
Not the guy you were talking to but I wonder, what do you think about privacy preserving age verification?
A site requests your age, this opens a 3rd party oauth or similar login where you can login without the site directly seeing it, you get a request similar to logging in with google and getting the “this site will see your email and real name”, but the request will only contain your age. The third party will cryptographically sign the message containing only the request uuid and your age (or even just >18 or <18) and the site itself can verify that, but nothing more or less.