| ▲ | internet101010 3 hours ago | |||||||
The third-party list on page 12 is not small. The real-time api architecture creates a live, per-query link between a specific user event and every broker in the chain. Batch transfers or delta shares would break that linkage. Zero-knowledge proofs (also mentioned in the study) can prove age without handing anyone a name, document, or photo. There's no reason Aristotle or Veratad should see who the underlying requestor is. Yoti should receive the verification request, strip the context, make the request - that's it. The fact that it isn't structured that way and they are tagging on additional metadata suggests per-query economics, which creates a direct incentive to route more verifications through more parties, exactly backwards from data minimization. I'm not going to call it a rev share, but the architecture is consistent with one. | ||||||||
| ▲ | rockskon 2 hours ago | parent [-] | |||||||
While I agree with your claim that it is likely the number of third parties info is being routed to is likely related to per-query economics, I want to note that ZKP are not magic. They tend to either be worthless at preventing fraud or require so much additional context as to question how much privacy is really being preserved. While ZKP is more useful in limiting how much info is provided and, depending on implementation letting you make sure of the full scope of information acquired....if it literally only validates age then there's nothing other than logistics preventing a single adult from authenticating the entire world. | ||||||||
| ||||||||