Privacy Without Surveillance: Age Verification, Done Right with Zero-Knowledge Proofs

TL;DR:

Most age verification systems silently track users every time they prove their age - creating hidden surveillance via "phone-home" callbacks and cross-site identifiers. With AesirX CMP v2.0.0, we are launching a better way: age and country verification using zero-knowledge proofs and wallet-based credentials with no tracking, no cross-site IDs, and no per-use costs. Privacy and legal compliance can coexist - and we’ve proven it at scale.

Two weeks ago, I wrote about the hidden surveillance layer forming behind most age-verification systems: every time you prove you’re “over 18,” the credential issuer can be quietly pinged; every check becomes a breadcrumb linking identity, behavior, and context.

That’s not safety - it’s surveillance by design.

Tomorrow, we will provide a better way.

With AesirX CMP v2.0.0, WordPress sites (≈43% of the internet) can verify age and country with zero-knowledge proofs (ZKPs). No “phone-home” calls to credential issuers, no cross-site IDs, no profiling.

What’s Changed in the Last Two Weeks - And Why It Matters Now

Since my last article, the regulatory tide has shifted from forewarning to active enforcement:

• UK: Ofcom has issued its first enforcement notices under the Online Safety Act, moving from guidance to penalties.
• France: Arcom has begun blocking adult sites lacking approved age verification.
• Texas: The Attorney General’s office sent formal enforcement letters to platforms failing to comply with HB 1181.
• Denmark: The national ID app for online age checks has entered pilot testing, with public rollout slated for 2026.

These are no longer “upcoming” rules - they are live obligations. Non-compliance is no longer hypothetical; it’s a legal and financial risk today.

This launch is our counter-example: proof you can meet the law without building a tracking infrastructure.

With enforcement now real and immediate, the debate shifts from whether to verify to how to do it without turning compliance into surveillance. These enforcement actions don’t just demand compliance - they demand it now. The challenge is meeting those legal requirements without building systems that quietly track users for years. That’s exactly where privacy-preserving ID verification changes the equation.

Why ID Verification Exists - And Why It’s Not Going Away

Age and identity checks aren’t arbitrary hurdles. They exist to meet legal and societal obligations:

• Protecting minors from adult content, gambling, and unsafe communities.
• Preventing fraud in financial transactions and online marketplaces.
• Enforcing jurisdictional rules for restricted goods, services, or media.
• Supporting accountability when harm or criminal activity occurs.

These goals are legitimate - and they’re only becoming more important as online interactions replace in-person checks.

The problem is that most digital implementations have copied the wrong model: instead of mimicking a bouncer glancing at your ID without taking a copy, they log, store, and cross-reference every interaction. In doing so, they turn safety infrastructure into a persistent surveillance layer.

Once you separate the necessity of verification from the harm of surveillance, the core design flaw becomes obvious.

We can meet these aims with proofs, not profiles.

The Core Problem We’re Solving

Most current age or ID verification systems copy a flawed architecture that bakes surveillance into the process. Two design failures stand out:

1. Issuer Observability (“Phone Home”) - Every time you verify, the system pings the credential issuer. That silent callback creates a time-stamped usage log, building a hidden dossier of where and when you prove your identity. Over days, weeks, or years, this becomes a map of your online behavior.
   
   
2. Linkability Across Sites - Many systems reuse the same persistent identifier across multiple services. This makes it trivial to correlate activity from different platforms into a single behavioral profile.

Individually, each flaw undermines privacy. Together, they turn legal compliance into a de facto tracking network - one that harms individuals, erodes trust for platforms, and exposes regulators to backlash for enabling surveillance-by-design.

Our launch delivers exactly that: a live, working solution that proves privacy-preserving verification can be done at internet scale.

What Ships Tomorrow - and How It Works

With AesirX CMP v2.0.0, any WordPress site can enforce Age & Country Verification using zero-knowledge proofs - without tracking, profiling, or “phone-home” surveillance. At launch, three credential sources are supported:

• Concordium ID & Wallet - unlinkability + no issuer observability, by design.
• Google Wallet - via Digital Credentials API / OpenID4VP.
• Mobile Driver’s Licenses (mDL) - supported through Google Wallet.

The Privacy-First Verification Flow:

1. The user selects a supported wallet and consents to verify.
2. The wallet generates a zero-knowledge proof of the required condition (e.g., “≥18” or “allowed country”).
3. The site receives only a binary yes/no result and a context-bound pseudonym (e.g., unique to this domain/session) - never the user’s name, date of birth, or any persistent identifier.

With Concordium, there’s no issuer callback, no usage log, and no cross-site identifier. If auditability is required, you can anchor a hash commitment - never raw personal data - on-chain.

This is verification as it should be: lawful, privacy-preserving, and built to scale without creating a surveillance layer.

Privacy and Accountability in the Same Design

A fair question often follows: “If it’s truly private, how do you deal with abuse or illegal activity?”

The answer is built into Concordium’s architecture: lawful accountability without routine surveillance.

• No exposure in normal use - Verification events remain anonymous and unlinkable during everyday operation.
• Court-order unmasking only - If a serious legal case arises (e.g., child exploitation, major fraud), a governed process allows a court to request correlation between a specific verification event and the issuing authority.
• No unilateral access - Neither AesirX nor Concordium can identify a user on their own; it requires due process under applicable law.

This design protects children and vulnerable groups from harm without creating a mass-surveillance infrastructure - proving that privacy and accountability can, and must, coexist.

This balance between privacy and lawful accountability sets the foundation for what comes next - extending the same protections to every wallet type and every verification scenario.

Where We’re Going Next: CuK for Universal Unlinkability

Tomorrow’s release already delivers full unlinkability with Concordium ID and broad compatibility via Google Wallet and mDL.

The next leap is CuK - Contextual Uniqueness Key. Built in partnership with Concordium, CuK is a client-side, per-session, per-domain pseudonym. This means sites and wallets never need to trust a central service. It:

• Breaks cross-site linkability at the root
• Eliminates “phone-home” calls for all wallet types
• Preserves lawful accountability without exposing personal data

Once finalized, CuK will extend these same privacy guarantees to:

• Apple Wallet
• EUDI Wallets (EU digital identity framework)
• mDL Wallets (beyond Google integration)
• National eID Wallets (e.g., VNeID in Vietnam)
• Emerging credential sources as standards evolve

Bottom line: Regardless of wallet or credential issuer, the verification outcome will always be the same - unlinkable proof, zero issuer observability, and accountability only under due process.

This is how we make privacy-preserving verification wallet-agnostic - and close the gap between compliance and true user protection, once and for all.

CuK ensures that unlinkable, phone-home-free verification isn’t limited to one niche use case. Once universal, it can protect privacy across every context where eligibility needs to be proven.

Why this matters beyond age checks

The same flawed architecture now driving age-gating is quietly being repurposed across other domains:

• Social media access and youth protections
• Online gambling & gaming eligibility
• Fintech/DeFi onboarding (KYC-lite access controls)
• Health and wellness services with sensitive eligibility
• Cross-border content compliance

If we solve the architecture once - using Zero-Knowledge Proofs (ZKPs) and the Contextual Uniqueness Key (CuK) - we prevent surveillance-grade infrastructure from being embedded in every new compliance requirement.

These safeguards are not speculative. They already deliver tangible benefits: businesses can comply without invasive tracking, platforms can meet legal mandates without retaining unnecessary data, regulators can uphold the law without endorsing surveillance, and individuals keep their privacy intact.

Which is why the decisions we make now, and the systems we choose to deploy, will define whether the internet of the next decade protects freedom - or quietly erodes it.

Use Case: Age-Gated Access Without Surveillance or Per-Use Fees

Client Profile: A leading European online wine retailer
Regulatory Challenge: Age-verification laws required the retailer to ensure customers were over 18 before purchase. Their previous method relied on a national ID system (e.g., MitID + Centralized Solution Provider in Denmark), which introduced three critical issues:

• Cost: €0.07–€0.13 per verification (typical range), creating a significant recurring expense for high-traffic sites.
• Privacy Risk: Every verification “phoned home” to the issuer, generating a cross-service behavioral log.
• Compliance Exposure: Centralized logging risked GDPR violations by enabling long-term user tracking.

Solution with AesirX CMP 2.0.0 (Concordium ID + ZKP):

• Privacy-Preserving Verification: Age is confirmed using zero-knowledge proofs, revealing only “Yes” or “No.”
• No Personal Data Shared: No names, dates of birth, or raw identifiers are exposed to third parties.
• Local Processing: All checks happen client-side - no issuer callbacks, no surveillance logs.
• Zero Per-Use Costs: Eliminates the per-verification fee structure entirely.
• Unlinkable Sessions: Each visit generates a unique pseudonym, preventing cross-site correlation.

Outcome:

• Fully compliant with EU and national age-gating requirements.
• Eliminated the cost of per-use verifications - critical for high-volume operations.
• Strengthened trust with privacy-conscious customers by removing unnecessary data collection.

While this example highlights regulated alcohol sales, the same architecture is ready today for other industries with eligibility-based access. Here’s who stands to gain from day one.

Who benefits on day one

When privacy-first verification ships, it delivers immediate wins for every stakeholder:

• Retailers of regulated goods - Enforce age restrictions lawfully, without tracking or storing customer identities (no phone-home, unlinkable verification).
• Media & content platforms - Gate mature content responsibly, without building covert dossiers on viewers.
• Financial and regulated services - Meet access-control mandates while minimizing data retention, reducing audit risk, and protecting customer trust.
• Policymakers & regulators - Gain a working, live blueprint that proves privacy and lawful accountability can coexist in production.

This isn’t just about compliance - it’s about showing the world that regulation and rights don’t have to be in conflict, if the architecture is designed right from the start.

What this answers from two weeks ago

In my last article, I asked a simple but urgent question: Can we verify identity without turning it into a tracking tool?

This release delivers the answer:

• No issuer observability - No “phone home,” meaning the issuer cannot silently log where or when you verify.
• No cross-site correlation - Unlinkable proofs ensure your verification on one service cannot be tied to activity on another.
• Preserved due-process accountability - Lawful unmasking is only possible under a valid court order for serious harms.
• A wallet-agnostic path forward - With CuK (Contextual Uniqueness Key), these guarantees can apply to any credential source.

Two weeks ago, these outcomes were hypothetical. Tomorrow, they’re live in production - and the model is ready to scale. The next step is ensuring it becomes the baseline, not the exception, for how verification is done online.

The Internet We Keep Will Be the One We Build Now

Compliance should never come at the cost of turning the internet into a surveillance machine.

With AesirX CMP v2.0.0, we’ve shown it’s possible to protect children, uphold privacy, and maintain trust - at internet scale.

Launching tomorrow:

• WordPress site owners can enable Age & Country Verification in minutes.
• Policymakers and regulators can review a live, privacy-first model that’s ready to inform standards and guidance.
• Ecosystem partners interested in pilots beyond WordPress (e.g., CMS/framework adapters, wallet collaborations or enterprises) can contact us to explore next steps.

If we align now on unlinkable, phone-home-free verification as the baseline, we can stop building surveillance into every new compliance law - before it’s too late.

Learn more at https://aesirx.io.

Ronni K. Gothard Christiansen
Technical Privacy Engineer & CEO, AesirX.io