I know what a zero-knowledge proof is and have read and understood a description of the well-known one relating to proof of age. That is not a sufficient explanation as to how it is applied in practice here — if indeed it is. I’ve seen it claimed elsewhere that it isn’t. But in any case it wouldn’t solve the whole problem of proving whose age it is that’s being established.
Edit to add: Upon preliminary investigation it seems like it uses OAuth in the protocol? But it is claimed that no identifying info is stored “in the app”. Does this mean that the OAuth client_id and any associated public keys are somehow kept secret from the attestation provider when you show it your passport to get the age attestation? Because otherwise it would be personally identifying info. If there’s no identifying info, is it therefore possible if you’re 12 years old to get an older kid to use their ID to get your phone age-attested and then there’s never any possibility it could be traced back to them? I just can’t make sense of it. It seems probable that the privacy claims are an illusion or a lie, but too many people seem to be swallowing them instantly and not noticing that taste.
I doubt it can be both private and secure. And don’t even get me started on workarounds. What if I verify more phones with my id? And sell them to minors, or example. It can get dark pretty quick.
I know what a zero-knowledge proof is and have read and understood a description of the well-known one relating to proof of age. That is not a sufficient explanation as to how it is applied in practice here — if indeed it is. I’ve seen it claimed elsewhere that it isn’t. But in any case it wouldn’t solve the whole problem of proving whose age it is that’s being established.
Edit to add: Upon preliminary investigation it seems like it uses OAuth in the protocol? But it is claimed that no identifying info is stored “in the app”. Does this mean that the OAuth client_id and any associated public keys are somehow kept secret from the attestation provider when you show it your passport to get the age attestation? Because otherwise it would be personally identifying info. If there’s no identifying info, is it therefore possible if you’re 12 years old to get an older kid to use their ID to get your phone age-attested and then there’s never any possibility it could be traced back to them? I just can’t make sense of it. It seems probable that the privacy claims are an illusion or a lie, but too many people seem to be swallowing them instantly and not noticing that taste.
I doubt it can be both private and secure. And don’t even get me started on workarounds. What if I verify more phones with my id? And sell them to minors, or example. It can get dark pretty quick.