←back to thread

Show HN: Changefly ID + Anonymized Identity and Age Verification

(www.changefly.com)
20 points davidandgoli4th | 4 comments | 21 Aug 25 19:22 UTC | HN request time: 0.805s | source

Hey HN! I’m Lukas Dickie the founder of Changefly and I’m truly excited to share with you our latest release of Changefly ID with Anonymized Identity & Age Verification.

By putting privacy first and using a novel approach to account protection, Changefly ID offers a path to a safer, more secure, and less-intrusive internet for everyone:

- Changefly ID for anonymous authentication + ANONYMIZED identity & age verification for services that are required to verify minimum age

- Zero-knowledge proofs, secure multi-party computation, temporary unique identifiers

- Protects against bot attacks, bot scraping, identity theft, phishing, credential stuffing, online tracking, and other evolving threats

Changefly ID + Anonymized Identity & Age Verification is like showing a bartender a “Yes, I’m over 21” hologram badge instead of handing them your driver’s license with your name, address, and birthdate. They get what they need—but none of what they shouldn’t have.

We’re just getting started and I’d love to hear what you think, what you’d like to see next, and any feedback you have.

https://changefly.com

1. DiabloD3 ◴[22 Aug 25 01:36 UTC] No.44980199[source]
Kind of wild you're willing involving yourself with the PII footgun.

There is no acceptable amount of PII a business should hold unless required to by the government for extremely limited industries (ie, banking or medicine or the act of employment).

Every single government that is requiring age verification is not also legally indemnifying companies that are performing this. Every single company that is trying to provide this will be hung out to dry when this blows up in their face: the company will be heavily fined under the existing laws in that country.

In many countries, banks that have to follow KYC or similar laws or hospitals that have to follow HIPPA or similar laws are given at least some form of partial legal indemnification as long as they can prove they were following the law. This is why they almost uniquely keep getting away with it with a slap on the wrist when they inevitably fuck up.

This will never be offered to companies like yours. You are taking on, essentially, infinite legal risk to make a quick buck.

If your legal council is telling you they can defend you from this, I suggest finding new legal council. IANAL, IANYL, but proceed very carefully. This is not a technological problem, this is a legal problem, and you cannot solve this with technology.

replies(1): >>44990833 #
2. davidandgoli4th ◴[22 Aug 25 22:46 UTC] No.44990833[source]
Hey DiabloD3, I completely understand your concerns and you bring up a lot of curious points! My name is Lukas Dickie and I'm the founder of Changefly. You can verify this by looking up our business registration with Washington State or contacting Troy Foster at Perkins Coie (https://perkinscoie.com/professionals/troy-foster). I have a long track record of working with governments and companies around the world.

For identity verification, Stripe is our current data processor and undergoes annual audits. Your identity is first verified by Stripe, secondly reprocessed for privacy on Changefly, then immediately deleted.

I encourage you to check out the links below to learn how the Changefly ID authentication process works and how Changefly is truly changing the game for privacy and security:

Changefly Anonymous Authentication FAQ: https://www.changefly.com/security

Changefly ID white paper: https://www.changefly.com/our-research

Changefly US Patent 12,301,546 B2: https://patents.google.com/patent/US12301546B2/en

replies(1): >>44993406 #
3. DiabloD3 ◴[23 Aug 25 05:21 UTC] No.44993406[source]
So, I'm not sure what legal regime you're pitching this for, but my reading of, for example, the UK's new tyrannical law... if merely having your identity verified by having your credit card in your hand via KYC laws, then there wouldn't have been a problem.

They want visual proof for future prosecution.

Any company that attempts to provide services to verify identification in a way that complies with government laws is a future collaborator and also a future PII leak. They will throw you under the bus for leaking PII, and the people will throw you under the bus for collaborating.

Are you sure you want to be in that position?

replies(1): >>45006310 #
4. davidandgoli4th ◴[24 Aug 25 18:06 UTC] No.45006310{3}[source]
The UK's data protection laws, enforced by the Information Commissioner's Office (ICO), require platforms to use "data protection by design". This means minimizing personal data collected for age assurance:

You are not required to save your ID under the UK's new age verification laws; instead, platforms must use age assurance methods that confirm your age without collecting or storing your personal data, such as facial estimation or digital identity wallets. The focus is on privacy-preserving tools that provide only a "yes" or "no" response to an age threshold, adhering to data protection principles and minimizing the collection of personal information.

- Changefly ID is the core technology for anonymous authentication (https://www.changefly.com/our-research). Changefly ID requires zero PII.

- Optionally, if a service requires identity / age verification, we just released Anonymous Identity & Age Verification for Changefly ID (https://www.changefly.com/blog/2025/08/anonymized-identity-a...).

- You can verify your identity for free: https://www.changefly.com/account/verify

- Developers can verify Changefly ID’s and/or age requirement checks with our open API: https://www.changefly.com/developer