The older cousin case doesn’t scale. True ZKP could be fully automated to dispense verification tokens from a website to every visitor. If the proofs are truly zero knowledge there is no way to discover who is giving millions of kids their ID.

When we hear about “zero knowledge” ID checks in real proposals they’re not actually zero knowledge altogether. They have built in limits or authorities to prevent these obvious attacks, like requiring them to interact with government servers and then pinky promising that those government servers won’t log your requests.