Opinion by: Andre Omietanski, General Counsel, and Amal Ibraymi, Legal Counsel at Aztec Labs

What if you could prove you’re over 18, without revealing your birthday, name, or anything else at all? Zero-knowledge proofs (ZKPs) make this hypothetical a reality and solve one of the key challenges online: verifying age without sacrificing privacy. 

The need for better age verification today

We’re witnessing an uptick in laws being proposed restricting minors’ access to social media and the internet, including in Australia, Florida, and China. To protect minors from inappropriate adult content, platform owners and governments often walk a tightrope between inaction and overreach. 

For example, the state of Louisiana in the US recently enacted a law meant to block minors from viewing porn. Sites required users to upload an ID before viewing content. The Free Speech Coalition challenged the law as unconstitutional, making the case that it infringed on First Amendment rights.

The lawsuit was eventually dismissed on procedural grounds. The reaction, however, highlights the dilemma facing policymakers and platforms: how to block minors without violating adults’ rights or creating new privacy risks.

Traditional age verification fails

Current age verification tools are either ineffective or invasive. Self-declaration is meaningless, since users can simply lie about their age. ID-based verification is overly invasive. No one should be required to upload their most sensitive documents, putting themselves at risk of data breaches and identity theft. 

Biometric solutions like fingerprints and face scans are convenient for users but raise important ethical, privacy, and security concerns. Biometric systems are not always accurate and may generate false positives and negatives. The irreversible nature of the data, which can’t be changed like a regular password can, is also less than ideal. 

Other methods, like behavioral tracking and AI-driven verification of browser patterns, are also problematic, using machine learning to analyze user interactions and identify patterns and anomalies, raising concerns of a surveillance culture.

ZKPs as the privacy-preserving solution

Zero-knowledge proofs present a compelling solution. Like a government ID provider, a trusted entity verifies the user’s age and generates a cryptographic proof confirming they are over the required age.

Websites only need to check the proof, not the excess personal data, ensuring privacy while keeping minors at the gates. No centralized data storage is required, alleviating the burden on platforms such as Google, Meta, and WhatsApp and eliminating the risk of data breaches. 

Recent: How zero-knowledge proofs can make AI fairer

Adopting and enforcing ZKPs at scale

ZKPs aren’t a silver bullet. They can be complex to implement. The notion of “don’t trust, verify,” proven by indisputable mathematics, may cause some regulatory skepticism. Policymakers may hesitate to trust cryptographic proofs over visible ID verification. 

There are occasions when companies may need to disclose personal information to authorities, such as during an investigation into financial crimes or government inquiries. This would challenge ZKPs, whose very intention is for platforms not to hold this data in the first place.

ZKPs also struggle with scalability and performance, being somewhat computationally intensive and tricky to program. Efficient implementation techniques are being explored, and breakthroughs, such as the Noir programming language, are making ZKPs more accessible to developers, driving the adoption of secure, privacy-first solutions. 

A safer, smarter future for age verification

Google’s move to adopt ZKPs for age verification is a promising signal that mainstream platforms are beginning to embrace privacy-preserving technologies. But to fully realize the potential of ZKPs, we need more than isolated solutions locked into proprietary ecosystems. 

Crypto-native wallets can go further. Open-source and permissionless blockchain-based systems offer interoperability, composability, and programmable identity. With a single proof, users can access a range of services across the open web — no need to start from scratch every time, or trust a single provider (Google) with their credentials.

ZKPs flip the script on online identity — proving what matters, without exposing anything else. They protect user privacy, help platforms stay compliant, and block minors from restricted content, all without creating new honeypots of sensitive data.

Google’s adoption of ZKPs shows mainstream momentum is building. But to truly transform digital identity, we must embrace crypto-native, decentralized systems that give users control over what they share and who they are online.

In an era defined by surveillance, ZKPs offer a better path forward — one that’s secure, private, and built for the future.

Opinion by: Andre Omietanski, General Counsel, and Amal Ibraymi, Legal Counsel at Aztec Labs.

This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts, and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.