Google’s post says it has open-sourced cryptographic libraries that let a person prove a narrow fact like "I am over 18" without revealing their exact birth date or identity. The basic idea is familiar from zero-knowledge proofs: an issuer such as a government or bank signs a credential once, the user keeps it in a wallet, and later a site verifies a proof derived from that credential without seeing the underlying document. That is a meaningful improvement over today’s common approaches, which often involve uploading an ID, credit card, or selfie to a website or verification vendor.
Most of the serious discussion landed on a sharper distinction: the cryptography is not the same thing as the product or policy. Several commenters who understand the mechanics said a well-designed scheme can keep the issuer out of the request path, so the issuing authority does not automatically learn which site you are visiting. The site still learns which issuers it trusts, and privacy can still be lost through ordinary web metadata like IP address,
browser fingerprinting, login state, or a wallet app that phones home. In other words, the
ZKP piece can be real while the surrounding system is still invasive.
The other big conclusion was that age verification is easy to state and hard to enforce without adding something uglier. If the credential is truly portable and privacy-preserving, it can be proxied or shared. That pushes real-world systems toward hardware binding, secure elements, revocation lists, rate limits,
remote attestation, or other trusted-computing controls. That is where many people see the real danger. They are less worried about the math than about a future where access to ordinary websites depends on approved devices, approved operating systems, or government-backed identity wallets. Several people framed Google’s move as an attempt to shape that inevitable regime toward something less damaging. Others saw it as the thin end of the wedge that normalizes internet access as a permissioned act.
A smaller but persistent thread argued that the whole premise is misplaced. The actual problem is recommendation systems, harassment, addictive product design, and online business models tuned to exploit minors. Age gates do little against that, and they can become a convenient liability shield for large platforms. The more practical alternative raised repeatedly was to push policy to the client side: device profiles, parental controls, and age-rating signals from sites, with the browser or operating system deciding what to show. That approach is easier to bypass, but many saw that as a feature, not a bug, because it preserves a more open web and keeps the final decision closer to parents and users rather than states and platforms.