Hence the second paragraph in my comment. The app is client side and reads the physical ID.
replyHmm how is it zero knowledge when you can be tracked to a single installation of an app? I thought zero knowledge means they ask a "trusted" 3rd party, i.e. the government. And that says yes/no, without passing any ID details on.
replyZero knowledge as in the state provides a certificate without directly interacting with the third party website, and the third party does not get personal information beyond "this access is by a certified adult", with no explicit or implicit information about which adult.
replyYep, that's a good idea, but it also means the app on your phone has to talk to the state. Probably through a web 7.0 RESTLESS api. And even though the 3rd party web site doesn't get your identity, the state's database does.
replyIt's the RESTLESS api being hacked I worry about.
No.
replyThe app checks your physical ID you have, and provides a certificate that you give the third party you're proving yourself to. The app knows you requested proof, but not what for. The third party knows you're proven to be 18+, but knows nothing else.