That's where trusted computing comes in.
Your proof proves two claims. That the person proving their age is over 18, and that they're using a device and software that hasn't been tampered with. That software requires human presence at every age check.
ZKPs for age assurance are trading off privacy at the expense of software malleability.
Note that this has nothing to do with open source; it's perfectly fine to release the source code for the relevant software. You can even allow for reproducible builds and full auditability if that's what you want.
> Note that this has nothing to do with open source; it's perfectly fine to release the source code for the relevant software. You can even allow for reproducible builds and full auditability if that's what you want
The released code can do all of that, and then nothing still assures me that they didn't implement just a POST <my whole information> to their partner and called it ZKP and pointed at google's repo.
> Note that this has nothing to do with open source; it's perfectly fine to release the source code for the relevant software. You can even allow for reproducible builds and full auditability if that's what you want.
But note that it does have everything to do with software freedom. Being able to read the source is little consolation if you're unable to modify it. And preventing users from using modified software is the entire point of remote attestation.
"Zero-Knowledge Proof" based schemes for this problem is nothing more than a marketing scheme by Google to continue locking down devices and the previously-open web ala WEI, SafetyNet, etc. https://news.ycombinator.com/item?id=48760232