What prevents the birthdate from being gleaned through a simple binary search? Or, if it's specifically an "over 18 today?" query based on some decentralized timestamp source, what prevents the query from just being repeated every day until the result changes (assuming it returns "under 18" at first)?
Just because someone asks, doesn't mean one must answer.
"Be liberal in what you receive, and strict in what you send."
The protocol would have to specify an authorized inquiry field or use validity by time, using a global consensus (current bitcoin block + challenges that take bitcoin_blocks block production rate on average to solve)
Different 'someone's could conceivably collude to whittle down the result of the search, fingerprinting users via separate means to align the results. Or, less conspiratorially, one could present an apparently-poorly-designed interface where the credential is only valid for the current login session, then wait for a few cycles of the user clearing their browser cookies.
Perhaps a very explicit prompt "This service wants to know if you're > X years old!" might give up the trick, but then users would have to be trained not to click through it within milliseconds, which is never the most viable solution.
What prevents the birthdate from being gleaned through a simple binary search? Or, if it's specifically an "over 18 today?" query based on some decentralized timestamp source, what prevents the query from just being repeated every day until the result changes (assuming it returns "under 18" at first)?