logoalt Hacker News

rcxdudetoday at 2:56 PM1 replyview on HN

If you are controlling the middle part of the zkp (or at least can validate it), then identification should not be possible through the zkp even if the attestor and and site collude with each other (they could maybe collude based on some other information, like IP address or browser fingerprinting, ofc).


Replies

hoppptoday at 8:25 PM

I think if google provides the attestation and they also provide a client side dependency for the site, then they can collect all the data they want.

Also, nothing stops a site from having a flow like: 1. Please enter your age 2. Verify that it's correct using a proof

The zkp is valid as far as the tech is concerned but the sites can still do whatever they want.