Vitalik Buterin Declares Pluralistic ZK Digital IDs as the Ultimate Privacy Shield—Here’s Why

Zero-knowledge proofs just got a heavyweight endorsement. Ethereum co-founder Vitalik Buterin calls pluralistic ZK digital IDs the 'best realistic solution' to safeguard privacy in an era of surveillance capitalism.

Why this matters now

As governments and corporations tighten data grip, ZK IDs let users prove credentials without revealing sensitive info—cutting through bureaucracy like a hot knife through institutional butter.

The finance angle

Wall Street will hate this: imagine verifying your millionaire status without exposing your wallet. Hedge funds can't front-run what they can't see. (Cue the private equity tantrums.)

The bottom line

Buterin's stamp of approval signals a tipping point. Privacy tech isn't just for cypherpunks anymore—it's the armor we'll need to survive Web3's gold rush.

ZK wrapped IDs solve ‘a lot of important problems’

Buterin concedes that “ZK-wrapping solves a lot of important problems.” Apart from ZKIDs, all options to authenticate a user’s identity on any application require the user to reveal their entire legal ID. According to Buterin:

“This is a gross violation of the common computer-security principle of least privilege: a process should only get the least authority and information required to accomplish its task.”

For instance, if an app requires a user to prove their age, the application should not be able to access any other data in the legal ID. Therefore, ZKIDs provide a crucial and previously unavailable avenue to preserving privacy, Buterin said.

Risks associated with ZK proof wrapped IDs

The designs of current ZK-identity platforms come with constraints—they allow users to create only one ID for each application. Firstly, the one-per-person ID limit means that ZK IDs do not guarantee pseudonymity, Buterin said. He explained:

“In the real world, pseudonymity generally requires having multiple accounts: one for your “regular identity” and others for any pseudonymous identities.”

Teenagers and many others already practice having multiple accounts, calling them fake and real Instagram accounts. Buterin wrote:

“…under one-per-person ID, even if ZK-wrapped, we risk coming closer to a world where all of your activity must de facto be under a single public identity.”

The single ID constraint for each application means that the “practical level of pseudonimity” offered by ZK wrapped IDs is lower. This is because, currently, services like Google accounts allow users to create up to five accounts.

Secondly, users can be coerced by governments or companies to reveal their identities on one or more applications, thus nullifying privacy preservation. For instance, an employer can ask a potential recruit to reveal their full ID on one or more social media platforms as a condition of employment.

Therefore, Buterin said that ZK does not “eliminate the possibility” that a person’s identity could be revealed under coercion.

Lastly, ZK proof wrapped IDs also come with non-privacy risks like errors.

In extraordinary or edge cases, all forms of IDs often fall short. For instance, biometric IDs may not work for users whose features have been damaged or warped by injury. Biometric IDs could also be potentially spoofed by replicas. Additionally, government IDs do not include stateless persons or those who have yet to acquire such documents. Therefore, Buterin wrote:

“These edge cases are most harmful in the case of systems that try to maintain a one-per-person property, and they have nothing to do with privacy; hence, ZK does not help.”

Pluralistic identities are the solution, Buterin said

Buterin defined pluralistic identity as “an identity regime where this is no single dominant issuing authority, whether that’s a person, or an institution, or a platform.” According to Buterin, pluralistic IDs can be explicit or implicit.

In explicit pluralistic identity or ‘social-graph-based identity,’ a user has to prove a certain feature, like their age, or that they’re human, through attestations from others in the community, who are also each verified through the same process. Explicit pluralistic ID systems can allow users to have one or more pseudonyms, with each pseudonym having its own online presence and history, Buterin claimed.

On the other hand, in an implicit pluralistic identity system, a user can provide any ID—government IDs or social media IDs—for verification. According to Buterin, implicit pluralistic identity systems reduce the possibility of a user being coerced to reveal their entire identity.

Furthermore, pluralistic ID systems are “naturally more error tolerant,” allowing people who are generally excluded, like those without the right documents, to prove their identities.

Buterin warned, however, that these benefits disappear and the system effectively turns into a one-per-person ID system when “any one FORM of ID gets close to 100% market share, and it becomes realistic to demand it as a sole login option.”