logoalt Hacker News

hoppptoday at 12:11 PM1 replyview on HN

Its not really possible to know.

the system is valid zkp but any of the services in practice can still collect personally identifiable information from their users.

There is also nothing stopping the attestor to collude with the site you want to access, to reveal information about you.


Replies

rcxdudetoday at 2:56 PM

If you are controlling the middle part of the zkp (or at least can validate it), then identification should not be possible through the zkp even if the attestor and and site collude with each other (they could maybe collude based on some other information, like IP address or browser fingerprinting, ofc).

show 1 reply