Comment by torben-friis
13 hours ago
Zero knowledge as in the state provides a certificate without directly interacting with the third party website, and the third party does not get personal information beyond "this access is by a certified adult", with no explicit or implicit information about which adult.
Yep, that's a good idea, but it also means the app on your phone has to talk to the state. Probably through a web 7.0 RESTLESS api. And even though the 3rd party web site doesn't get your identity, the state's database does.
It's the RESTLESS api being hacked I worry about.
No.
The app checks your physical ID you have, and provides a certificate that you give the third party you're proving yourself to. The app knows you requested proof, but not what for. The third party knows you're proven to be 18+, but knows nothing else.