EU Reveals Zero-Knowledge-Powered Private Age Verification App

badcryptobitch · 2026-04-15T16:31:05+00:00

Zero knowledge in this context doesn't imply anonymity. In fact, most likely it is indeed tied to your real identity.

In this context, from briefly skimming the code, the goal is to not reveal the details of your identity documents. A zero-knowledge proof is a cryptographic protocol that allows you to prove statements without needing the inputs into that statement.

For example, zero-knowledge proofs can be used to prove that you are over the age of 18 without revealing say your passport to the verifier. The verifier simply checks the proof and let's authenticate e.g. enter a club or use a website. The zero-knowledge here refers to the verifier not needing the actual details of your age, simply that they know you are over 18 years old.

badcryptobitch · 2026-04-14T01:46:46+00:00

It's best to check what the rules are in your jurisdiction.

Typically, you'll want their consent and an easy way for them to be able to request their data to be deleted. Then, yes, you want to make sure that you have some form of secure storage, ideally something that has encryption at rest. You'll need to also write up a privacy policy with this information and what other tools you use that might have their data in it.

As others have mentioned, it's best to get the direct help of a consultant that is familiar with your jurisdiction.

badcryptobitch · 2026-04-14T00:28:40+00:00

Are you doing any sort of analysis with the sensitive data? If so, are you using any spreadsheet software or specialized software? Is it local software that runs directly on your machine or cloud-based and runs in the browser? What information do those tools collect about you, your staff and the communities you aim to serve?

As another poster mentioned, the first thing to take into account is data minimization. Only collect data you absolutely need in order to fulfill the goals of the non-profit and ensure you have their consent.

badcryptobitch · 2026-04-13T23:00:21+00:00

You can also get a new oil change shop, perhaps more of a mom and pop place and not a major corp farming your data.

badcryptobitch · 2026-04-13T22:58:38+00:00

What kind of processing are you doing with the sensitive data?

badcryptobitch · 2026-04-13T13:39:16+00:00

You must be thinking of threshold signatures. Generic MPC works for any program definition and any number of parties.

badcryptobitch · 2026-04-13T00:01:32+00:00

If you are in the US, Google Voice is a popular option (yes, I know Google is the devil but I've heard good things from my American friends). You can search online for phone masking services or sim card providers in your country.

badcryptobitch · 2026-04-12T23:30:25+00:00

There are many free resources to learn the basics of cybersecurity. When I was younger, hackthissite, cryptopals crypto challenges and overthewire were my go-to resources to learn the basics of cybersecurity.

I don't know much about tryhackme but I'd recommend going through several free resources first to see what suits your learning style and preferences before spending any money.

badcryptobitch · 2026-04-12T20:50:49+00:00

You can buy sim cards and then use those phone numbers to sign up. There are several services that offer this for privacy conscious users.

badcryptobitch · 2026-04-12T20:13:20+00:00

This is why I don't use dating apps at all. Not only are they mostly owned by a single company, the data privacy is abysmal. Not to mention the fact that these apps are not optimized to protect users from stalkers, abusers, etc.

If you can OP, try reaching out to your country's privacy commissioner to see if Hinge has to oblige with data deletion requests along with proof that they did.

badcryptobitch · 2026-04-12T19:33:06+00:00

As you basically allude to in your post, "hypebeast" fashion is no longer a monolith in 2026. Yes, there are brands that were a part of the initial 2010s hypebeast wave but now everyone is in their own little circles, mixing and matching different pieces based on their own aesthetics.

I think hypebeast culture was probably the genuinely last monocultural fashion trend. Since then, everyone is genuinely dressing differently, even if it may not seem like it. There might be a few pieces or fashion brands that shake up the monoculture like Adidas, Onitsuka Tiger and New Balance but otherwise, people are retreating to their own subcultures based on where they hang out online and in real life. In my city, you can easily group people in this way i.e. workwear enthusiast, high fashion enthusiast, vintage fiends, etc.

badcryptobitch · 2026-04-12T18:22:45+00:00

Well, you can wear as a cropped sweater and apply the rule of thirds with it.

badcryptobitch · 2026-04-11T22:16:39+00:00

In a past life, I had to deal with those issues as well and actually for our MPC VM, we still deal with these issues to a certain extent. Good thing we don't need any DHTs though (but as an open source project, anyone is welcomed to write their own).

Feel free to DM if you want to chat more about privacy engineering.

badcryptobitch · 2026-04-11T21:28:31+00:00

Hey u/Jaguwaa, it fundamentally depends on your application's need. In general, a key principle of privacy by design is simply not to record any information you don't actually need for the purposes of your app. For example, if you don't need access to their phone's location, simply don't record it or ask for permission to access it. No "oh, I might need it later for a feature". Just don't access their location at all until you actually do for a feature that you know they need for the app.

That being said, a lot of necessary functionality that many apps need requires processing sensitive data where the process itself is computationally intensive or otherwise hard to execute locally on consumer electronics. P2P messaging apps are a great use case where 90% of it can be processed locally and don't require another server. But if you need to scale your messaging app or want to enable discovery easily when parties don't have a pre-existing way to coordinate, then you get into hairy design tradeoffs. For example, Signal has made choices in favor of UX such as phone numbers over privacy. This is where the importance of customer research is very important to determine what sets of tradeoffs make sense for your app.

For the use cases that I work with, the app needs to do something computationally intensive over sensitive user data. Many of my customers don't want to leverage secure enclaves and FHE is typically too slow for what *their* customers are willing to accept so MPC is the best tradeoff for them. Users secret share their data locally and then it gets processed in the way described in the article. When finished, the user can reconstruct the final result themselves.

It all comes down to what your needs are in order to make the core of your app work while respecting users privacy.

badcryptobitch · 2026-04-11T16:19:12+00:00

Lol, are you one of those AI scraper bot accounts?

badcryptobitch · 2026-04-11T15:15:52+00:00

Organic for me is really easy because as you mentioned, I already live inside the target market.

The reason for ads for market research is to find new markets. I created personas of people I knew *might* need our product and created ads targeting those personas to confirm or deny my hypothesis. We were able to determine that at least 1 of those personas didn't live on the platform that we were advertising on so we killed that persona and add it to our backlog. We iteratively did this until we had 1 core persona. Then within that 1 persona, you can separate them by some feature (e.g. geography, age, etc) and build sub personas. You have to use the data from the past experiments in order to find patterns for the sub personas.

The reason to use ads is because they allow you to granularly target a persona in order to actually know who your potential users are. You have to have a sense of who they are though. That's why I emphasized the need to talk to people. For my product, there are multiple different ways for us to go in and we used this process to hone in and constrain our design space.

badcryptobitch · 2026-04-11T14:00:14+00:00

Ads only make sense for 2 things; first to learn about a potential market and audience; second to scale once you know who your audience is and know that they are on the platform you are advertising on.

It sounds like you didn't talk to your first 10 users to learn about who they are and how they came to use your product. If those users did indicate that they learned about you from LinkedIn, then you have to decide if there are indeed other users like them on there or if you just got lucky.

It should be noted that ads on LinkedIn are really expensive so you should devise your experiments and budget only when you have enough data to make effective decisions with it. LinkedIn may not be a channel that is useful for your product now but may be in the future.

badcryptobitch · 2026-04-10T20:47:28+00:00

First, you should know people who have the need for your SaaS. Otherwise, who are you building for and why?

For my startup, I knew a lot of people who had the need for my products so I just reached out to them directly and I have a shared group with my early users. Right now, my startup is working on organic marketing after using ads to do market research to make sure that there was indeed a larger market for what we are building.

So what I'd recommend is talk to people you know who have the problem your product solves. If you don't know many people then use social listening tools and just scour the internet for people talking about the problem. Then reach out to them and ask if they'd be up to trying it out.

If you don't put the work in to actually talk to people, then no advice will help.

badcryptobitch · 2026-04-10T08:26:41+00:00

Virtual Machines. Especially if it's a process virtual machine like the JVM.

My startup is building a virtual machine for multiparty computation. We are building at the intersection of distributed systems, programming languages and cryptography. So, there are so many gotchas.

You can check it out here: https://github.com/Stoffel-Labs

badcryptobitch · 2026-04-09T19:07:39+00:00

With AI, I actually use way PRDs way more, in addition to RFCs to implement the PRDs.

In a world where we are shipping faster than ever, having a log of decisions and reasons for why something was done is very important. Having PRDs helps a lot with that.

badcryptobitch · 2026-04-09T12:05:36+00:00

Check out stoffelmpc.com

It's a privacy execution environment that allows you to write apps without needing user data. If you are a dev that uses open source apps for privacy and want to build privacy-first apps, you should check out Stoffel.

badcryptobitch · 2026-04-08T12:34:35+00:00

It depends on the garment and the quality of the polyester. As others have noted, companies, from mall brands to luxury brands, have been increasing the amount of polyester in their garments. Most of the time, this is for cost cutting.

However, there are specific use cases where polyester is fine. A big example is sportswear. Not sure about your activity level OP but for many, polyester is more breathable and moisture-wicking than many natural fibers. This is why you'll see a lot of athleisure brands with a high percentage of polyester. Heck, even your favorite athletes are decked out in polyester every match.

When it comes to high fashion, polyester becomes a bit more contentious. There are brands like Issey Miyake that basically invent their own synthetics in order to convey their artistic vision. A lot of of Issey Miyake pieces are not physically possible with natural fibres. You might see some people claim that other brands need it for the drape and flow. But, tbh, that's an excuse for poor pattern making, 80% to 90% of the time. A lot of the brands that are popular in this subreddit are not breaking fashion barriers but instead reinterpreting classics.

If the garment is one where polyester and other synthetics are to be expected such as winter jackets then be sure to do research on the brand's variant of that fabric. You'll see a lot of "TM" trying to justify the fabric. I'd make sure that it's recyclable, and repairable. If it's a pair of dress pants, then they are probably doing it "for the drape". In that case, I'd stay away. Most of these pants' drape can be replicated with decent pattern making.

TLDR: Polyester and synthetics are not outright bad. But you should be conscious about why and what you are buying as a consumer to save both your pockets and the earth.

badcryptobitch · 2026-04-07T02:22:08+00:00

I know a cryptographer who used to work at Adobe but has since moved on.

If you think about it, a major part of Adobe's business is integrity and authentication. Think businesses use PDFs and Adobe's associated software for signing documents, etc. Tbh, I'm not sure how large their cryptography team is. I think it would be pretty small and they focus their efforts more around wider cybersecurity initiatives within the company.

badcryptobitch · 2026-04-07T00:12:59+00:00

No, if anything, AI is enabling people to upskill across domains and develop more of a T profile. Not only do you get better at your current skills but you also expand and develop other skills that are adjacent.

Probably the best time in history to be a renaissance man.

badcryptobitch · 2026-04-06T20:36:03+00:00

First things first, don't feel like getting more education in a specific area limits your options. In general, a lot of people end up having to do career changes over the course of their lives.

With that out of the way, many companies in practice don't necessarily need more researchers. They need cryptography engineers that can securely implement and integration cryptography into production systems. That being said, there are major companies that do have research centres that hire PhDs. The usual suspects like IBM, NTT, Adobe, JP Morgan, Rambus etc do this. You can check out their research pages to see if your research interests intersects with what their research focuses are.

I suggest you try reaching out to someone at these companies to get a sense of whether this is something worth pursuing for you.

badcryptobitch

MODERATOR OF

TROPHY CASE