> That doesn't make sense, all IDs are already in a single government database. Kind of by definition in fact, for IDs to be useful they need to be emitted by a central authority with associated security and revokability guarantees.

Yes and those databases are decently protected. However for an "app" someone will do a web 4.0 or 6.0 bridge to access these databases. Maybe even vibe code it. That's what I'm worried about.

▲

sofixa 5 days ago | parent [-]

Hence the second paragraph in my comment. The app is client side and reads the physical ID.

▲

nottorp 5 days ago | parent [-]

Hmm how is it zero knowledge when you can be tracked to a single installation of an app? I thought zero knowledge means they ask a "trusted" 3rd party, i.e. the government. And that says yes/no, without passing any ID details on.

▲

torben-friis 4 days ago | parent [-]

Zero knowledge as in the state provides a certificate without directly interacting with the third party website, and the third party does not get personal information beyond "this access is by a certified adult", with no explicit or implicit information about which adult.

▲

nottorp 4 days ago | parent [-]

Yep, that's a good idea, but it also means the app on your phone has to talk to the state. Probably through a web 7.0 RESTLESS api. And even though the 3rd party web site doesn't get your identity, the state's database does.

It's the RESTLESS api being hacked I worry about.

	▲	sofixa 4 days ago \| parent [-]
		No. The app checks your physical ID you have, and provides a certificate that you give the third party you're proving yourself to. The app knows you requested proof, but not what for. The third party knows you're proven to be 18+, but knows nothing else.