Hacker News

Favorites Setup
Comment by rstuart4133 | original | Opening up 'Zero-Knowledge Proof' technology to promote privacy in age assurance
[−]rstuart4133 · 2026-07-02 Thu 07:49 UTC · link
> But if they reveal nothing, isn't it wide open for abuse?

Good point, they do contain more information than "They are over 18". The primary (usually only) thing is who is attesting they are over 18. That might be the government, or a bank.

That's inevitable, because the usual flow is rather like Google's OAuth - the site needing you to prove your age rediects to the provider (Google, or whoever), who asks questions to verify your identity, and then replies with "over 18" or "not over 18".

This can leak other information aside from the site knowing who is verifying your age. For example, done the wrong way, the Google / the government could know what porn sites you like. OAuth, for example leaks that sort of information. But there is no technical reason it has to be that way.

The major barrier to all this isn't whether it's possible to design a protocol that proves your age, having a driver's licence or even an amount in a bank account. It is absolutely possible. It's that to be useful, everyone has to agree on the same protocol. That has so far proved to be near insurmountable.