I’m only arguing that such a magic bullet is possible. Every objection this article raises seems like it is a straw man criticism – they’re imagining potential flaws in a zkp system of their own design. Take this one:

What ZKPs don’t do is mitigate verifier abuse or limit their requests, such as over-asking for information they don’t need

If the only info available is y/n “I am a minor,” then this isn’t possible.

or limiting the number of times they request your age over time.

well… we could just limit this! The user’s browser needs to cooperate for this anyway, so the user would obviously need to consent to each of these.

Look, I agree that this shouldn’t be necessary in the first place. And the EFF is right to raise the concern that ZKP has to be done right if it’s going to be done at all. But I’m disappointed that this is resulting in misinformation about ZKPs.

For the record, it’s possible to implement age verification with zero-knowledge proofs. IIRC, California has a proposal for this. It’s a myth that surveillance and encryption are compatible, but it’s also a myth that age verification necessitates a loss of privacy or anonymity.