Hacker News

Favorites Setup
Comment by doginasuit | original | Opening up 'Zero-Knowledge Proof' technology to promote privacy in age assurance
[−]doginasuit · 2026-07-02 Thu 00:33 UTC · link
Zero-knowledge seems to be a bit of an oversell here. It is more like you break the knowledge up and only share the relevant parts with each party. And the facilitator (Google) arguably has access to the most information out of any of the parties involved.
[−]dgrin91 · 2026-07-02 Thu 00:37 UTC · link
There are true ZKP setups where no one learns anything but the absolute minimum (e.g. is this person over 16, not what is their dob). This is hard to prove though and I don't know if I trust Google to do it
[−]slwvx · 2026-07-02 Thu 00:43 UTC · link
zero-knowledge proofs are a well-known tool in cryptography [1]. All Google is sharing is the library to implement it. Google would not have access to the information any more than they have access to the bank info of people who use Android or Gmail.

[1] https://en.wikipedia.org/wiki/Zero-knowledge_proof

[−]doginasuit · 2026-07-02 Thu 01:03 UTC · link
It's my understanding that they are sharing the library but they will also be involved as a facilitator, at least to the extent that people use their identity wallet service. It also seems like they will have access to who you are sharing information with, which seems like the most valuable information for a company in their position, with nothing but a pinky promise that it will not be tracked. Let me know if any of that is inaccurate.
[−]_alternator_ · 2026-07-02 Thu 01:55 UTC · link
I don't know the technical details of this ZKP library, but there is no technical reason that I'm aware of that the ID provider would need to know who you are sharing with. Not to say Google didn't build it this way for business reasons.
[−]beepbooptheory · 2026-07-02 Thu 02:51 UTC · link
Here is a good explainer of an ideal implementation of this (maybe). If its this, you would be incorrect.

https://blog.vrypan.net/2026/06/29/260629-whats-wrong-with-e...

[−]ForHackernews · 2026-07-02 Thu 07:54 UTC · link
> any more than they have access to the bank info of people who use Android or Gmail.

...but they do? Google pay gives them your credit card and transaction details; any time your bank sends a statement to your gmail account, Google has that, too.

Am I missing your sarcasm?

[−]wmf · 2026-07-02 Thu 01:18 UTC · link
Ideally the government would be the issuer and the facilitator but the US lacks the state capacity to do this. Maybe it will work that way in Estonia.
[−]miki123211 · 2026-07-02 Thu 05:57 UTC · link
The US is in the weird position of having a class of people (undocumented immigrants) who are often provisionally allowed to live there, known to their state in some capacity, and yet unable to receive some government documents that a permanent resident or citizen would be entitled to.

Europe doesn't really have that status. Either you're known to the government and can receive documents from it, or you're a criminal in hiding, avoiding any and all government offices.

[−]vasco · 2026-07-02 Thu 06:11 UTC · link
No it's not like that in "europe". Plenty of people have been in the limbo state for years in portugal for example until the new government started expediting processes. I had several refugee friends which were in this situation and had local jobs and some forms of id but not others. Like having social security and a tax number but no official ID
[−]EGreg · 2026-07-02 Thu 05:35 UTC · link
Google has pioneered a few technologies where they are the trusted dealer. For example, Private State Tokens.

I have written a paper on how to do age verification in a completely privacy-preserving way, and it doesn’t even need zero-knowledge proofs:

https://magarshak.com/papers/Personal.pdf