Privacy‑Preserving Age Verification: Ensuring Compliance While Protecting Identity
The world is waking up to the need for stronger protections for minors. Governments are tightening age‑verification rules on social media, gambling, adult content and the sale of alcohol and tobacco. Australia’s new
Social Media Minimum Age bill will ban under‑16s from social‑media platforms by December 2025 and require operators to take “reasonable steps” to verify users’ ages (techcrunch.comesafety.gov.au). France’s
SREN Act compels pornographic websites to deploy double‑anonymity age‑verification systems (twobirds.com). U.S. states from Utah to Georgia have passed laws mandating social‑media age checks and parental consent (en.wikipedia.orgsumsub.com), while Thailand is encouraging nightlife venues to use its biometric
ThaID digital ID to prevent under‑age patrons (biometricupdate.com).
These initiatives share a common tension: they must keep minors out without compromising the privacy and autonomy of adults. Most systems rely on uploading government IDs or handing over personal data, increasing the risk of identity theft and surveillance.
Stealth ID offers a different path—one grounded in anonymity with accountability and sovereignty.
Many regulators and businesses in Thailand are embracing the government’s biometric ThaID digital ID to combat under‑age entry. While effective for Thai citizens, it isn’t practical for foreign visitors or expatriates who lack a Thai national ID. WorldKYC aims to integrate ThaID as part of the onboarding process, then enrich the profile with our own
TrustScore. This way, both locals and foreigners can obtain a single, interoperable credential and businesses can rely on a unified trust‑score across multiple jurisdictions.
Meeting the minimum‑age requirement without oversharing
For most regulated services, the legal requirement is simple: prove that the user is above a specified minimum age, such as 18 or 21. Stealth ID makes this easy. Users select the minimum age they must meet and optionally set an upper bound for niche cases like dating or professional networking sites. A cryptographic proof is generated by a notary and can be shared via a QR code or a Verified Link (VLink). Anyone who scans the QR or opens the link sees a confirmation that the user is over the required age—nothing more. No date of birth is revealed, and the user’s identity remains hidden.In the Web3 world there is currently no practical way to verify the age of the party connecting to you. Traditional financial services impose minimum ages for opening accounts, but blockchains and decentralized platforms do not. Stealth ID addresses this gap by delivering age‑proofs through a verifiable link or QR code that can be used across the digital and decentralized worlds. As always, the credential stays in the custody of the notary node—nobody else stores or sees your underlying ID.
Sometimes more information is useful. For example, a restaurant might offer a birthday special. In that case, the user can consent to share their month and day (along with a photo) via Stealth ID. The merchant sees only the birth date and picture—never the full identification document—so personal data remains protected.
This proof isn’t stored by Stealth ID or the requesting service. It lives in a Notary Node, an independent server that holds the encrypted credential and issues attestations. Multiple notary nodes operate in different jurisdictions (for example, Hong Kong, Australia, Europe and the United States). Members choose which node to register with; each login and credential is tied to a specific notary, preserving sovereign independence. A person cannot use the same login across two nodes, but they can generate different Stealth IDs for different purposes—one for a club and another for a church—compartmentalizing their identity. This distributed architecture gives users control of their data while ensuring that regulators have confidence in the process because each credential is issued within the appropriate legal regime.
Physical or digital verification—your choice
Stealth ID supports both face‑to‑face and remote verification. If you’re at a bar, event or club, present your QR code at the door. A staff member scans it with a smartphone and receives a simple “Yes/No” response plus a small head‑shot so they can confirm the person holding the code matches the credential. This check can also be automated with digital gates that compare the live face with the image contained in the credential, giving venues flexibility while preserving privacy. No personal details beyond the photo are exposed.When a business uses the system, the benefits extend beyond the immediate yes/no answer. Today many venues either glance at an ID (with no record) or keep copies on file—both approaches carry risks. Failing to verify everyone can lead to penalties; storing IDs creates privacy liabilities because the business now holds sensitive documents. With Stealth ID, each scan is documented in the business’s local notary node along with a time stamp and the anonymised credential. Venues can track the number of visits from verified adults and show regulators they are consistently checking IDs, yet they never store the actual ID. Because the scans rely on cryptographic proofs, businesses prove compliance without bearing the burden of data custody.
For online platforms—social networks, e‑commerce or decentralized applications—you can share a VLink. This URL points to the notary’s attestation and can be embedded in sign‑up forms, messaging apps or smart contracts. The link can be anchored on XDC and TON blockchains, making it easy to integrate with Web3 applications without ever putting personally identifiable information on-chain.
Fighting fraud with handle verification
Identity fraud and impersonation aren’t limited to age verification. On messaging platforms like WhatsApp and Telegram, scammers often create fake user IDs, bots or groups to trick people into sharing funds or personal details. TrustScan, built on top of Stealth ID, tackles this problem. Anyone can paste a Telegram or WhatsApp link—or links from X, LinkedIn or Facebook—into TrustScan to see whether it is linked to a verified Stealth ID and view its trust score (worldkyc.com). Owners choose what information to make public (worldkyc.com), and the decentralized zero‑knowledge proof (DZKP) authentication ensures verification without revealing private data.TrustScan isn’t limited to user handles. It can verify bots, mini‑apps and websites too, flagging any instance where malicious code might lurk. This capability helps stamp out large‑scale cons such as “pig butcher” scams—fraud rings that lure victims via messaging platforms and fake web sites. By requiring every actor in the chain to be linked to a verified identity, TrustScan brings accountability to an ecosystem that has been ripe for abuse.
Because notary nodes can be based in multiple jurisdictions, a single Stealth ID can be attested to from several legal frameworks at once. This makes it harder for criminals to spoof identities and helps users trust that the entity on the other end of a chat is who they claim to be. It’s a powerful example of anonymity with accountability and sovereignty in action.
How it works – scan the code
Below is an example of a Stealth ID QR code. Scan it with your smartphone camera to see how the verification response looks. The shield icon inside the code represents WorldKYC’s commitment to safeguarding privacy while delivering trust.
The response you see demonstrates the simplicity of the system. The verifier only learns whether the age requirement is satisfied—not who you are, where you live or what your exact age is—and sees a head‑shot so they can match the credential holder. Nothing beyond that single image is revealed.
The response also includes a small selfie photo of the individual. This allows the person checking the ID to match the face to the holder, preventing credential sharing while still keeping the exact age and other personal details private.
Why regulators should care
Privacy‑preserving age verification isn’t just a convenience; it’s a compliance tool. As the examples from Australia, France, the United States and Thailand show, governments want to stop minors from accessing harmful content and products (techcrunch.com, twobirds.com, en.wikipedia.org, biometricupdate.com). But they also have to comply with data‑protection laws like GDPR. Stealth ID’s approach—minimum‑age proof, optional brackets, notary nodes across jurisdictions, blockchain compatibility and handle verification—offers a balanced solution.Law enforcement benefits as well. By using Stealth ID at entry points (physical or digital), an establishment can demonstrate that everyone was checked and was of age, without capturing any private data. Authorities can audit anonymised records to ensure compliance while citizens retain their privacy. This is particularly relevant in sectors like Web3, where no minimum age exists today for opening wallets or interacting with smart contracts. Our decentralized model also addresses concerns about over‑centralisation: rather than a single government‑run ID or a fully self‑custodied on‑chain identity, notary nodes provide distributed custody. Users choose the jurisdiction they trust, and no single authority controls or sees all identities, avoiding the pitfalls of centralised biometric schemes.
Business leaders and policymakers interested in integrating age assurance into their services or exploring cross‑jurisdictional digital identity should reach out. Together we can build a safer online ecosystem that respects users’ privacy while delivering the accountability regulators demand.
#AgeVerification #DigitalIdentity #ZKP #TrustScan #RegTech #Web3
Stay up to date with the exciting development from the Winstant Group on our Telegram and WhatsApp:
https://t.me/Winstant