alt Hacker News> A properly designed government app
Oof, that's not a great premise to take as a requirement right out of the gate. More counterexamples than examples for that one.
> that uses cryptography to generate a deniable token that can't be cross-correlated but proves your humanity/age
If it's actually deniable/anonymous then how would it work for rate limiting? If you can't correlate their activity then you don't know if the million requests are a million people or one bot with a million connections. If you can correlate their activity then it's not anonymous.
Moreover, it's a false dichotomy that we should be doing either of these things. The better alternative to corporate surveillance isn't government IDs, it's no surveillance.
A site can still choose to have a login system if it wants to. Sites can still rate limit based on IP address or cookies or whatever they use today.
The idea would be to use ZK proofs to demonstrate that "yes, this anonymous request is from a client acting on behalf of an adult human EU citizen" - that's something that is not easy to do today.