Justin Wolcott JWally

Bank‑Based Anonymous Age Verification (BAV)

A zero‑storage, privacy‑preserving age check that leverages banks’ existing KYC — with the user as the transport layer.

TL;DR

Banks sign an age claim, not an identity. They never learn which site you’re visiting.
Merchants verify a short‑lived token against their own nonce and a one‑time WebAuthn key. No database required.

Age Verification That Actually Protects Privacy

As a father of three, I think a lot about online safety. Kids need protection, but current age verification mandates are creating a dangerous precedent—not because of their goal, but because of how they're being implemented.

Texas SB1181 and similar laws in other states require age verification for adult content. The intention is sound. The execution is problematic.

Today's verification methods are: • Expensive ($0.31–$1.53 per user) • Privacy-invasive (require uploading government IDs) • Easily weaponized (complex compliance makes selective enforcement trivial)

	<!DOCTYPE html>
	<html>
	<head><meta charSet="utf-8"/></head>
	<body><h1>GOODBYE FRAUD!</h1></body>

	<!-- Adding library from NPM via UNPKG -->
	<script type="module" >

	// Pull Library from CDN
	import {XRAY} from 'https://unpkg.com/@keyri/xray/index.mjs';

	// Set default response headers as `const`
	let DEFAULT_HEADERS = {
	"Access-Control-Allow-Origin": "*",
	"Access-Control-Allow-Credentials": true,
	};

	export const handler = async (event) => {

	// N.B. YOU SHOULD MAKE A _REAL_ APPLICATION WITH ERROR CHECKING
	// AND SOLID DEV PRACTICES. THIS IS A PROOF-OF-CONCEPT.