> That doesn't make sense, all IDs are already in a single government database. Kind of by definition in fact, for IDs to be useful they need to be emitted by a central authority with associated security and revokability guarantees.
replyYes and those databases are decently protected. However for an "app" someone will do a web 4.0 or 6.0 bridge to access these databases. Maybe even vibe code it. That's what I'm worried about.
Hence the second paragraph in my comment. The app is client side and reads the physical ID.
replyHmm how is it zero knowledge when you can be tracked to a single installation of an app? I thought zero knowledge means they ask a "trusted" 3rd party, i.e. the government. And that says yes/no, without passing any ID details on.
replyZero knowledge as in the state provides a certificate without directly interacting with the third party website, and the third party does not get personal information beyond "this access is by a certified adult", with no explicit or implicit information about which adult.
replyYep, that's a good idea, but it also means the app on your phone has to talk to the state. Probably through a web 7.0 RESTLESS api. And even though the 3rd party web site doesn't get your identity, the state's database does.
replyIt's the RESTLESS api being hacked I worry about.
No.
replyThe app checks your physical ID you have, and provides a certificate that you give the third party you're proving yourself to. The app knows you requested proof, but not what for. The third party knows you're proven to be 18+, but knows nothing else.