I'm a little confused here from the explanation and examples - how is this anonymous exactly? The examples require that you pass their 'changefly user id' and ip address. Both of these are fairly unique identifiers (especially when combined). The mention in the developer documentation that you may prompt them for the user's changefly PIN in the case of an IP address mismatch implies that you are storing the user's IP in some form or another - so basically users are having to trust that you aren't storing information about these 'changefly connections'. This is just one further hop from having the government provide this service themselves, since if they really wanted to, what is stopping them from coming to you and saying 'I want a list of all websites that user at X ip address did age verification on'?
Hey VoidWhisperer, you've raised some excellent and valid points without knowing the underlying technology. It's understandable how the need to pass a an IP address could seem contradictory to the idea of anonymity. IP addresses are required to communicate on the internet whether at home, work, or on the go. Nobody can change that without changing the entire structure of the internet.
Your Changefly ID is anonymous and end-to-end encrypted. Changefly does not know who you are, who you are connecting with, or what your IP address is as we do not log IP addresses.
I encourage you to read more below to learn how the Changefly ID authentication process works and how Changefly is truly changing the game for privacy and security:
The linked article seems purposely vague so much so that I'm wondering if you're a scam. It just has some privacy keywords like "zero knowledge proofs", but it doesn't really explain what's going on. Diving deep into your privacy policy, to know how it works - shows you use third party for the initial verification?
>For example, our Third-Party Providers may verify your government ID when you register for Changefly Anonymized Identity Protection[1]
Hey vorejdajo, I completely understand your questioning if this is a scam (Changefly actually blocks scammers). My name is Lukas Dickie and I'm the founder of Changefly. You can verify this by looking up our business registration with Washington State or contacting Troy Foster at Perkins Coie (https://perkinscoie.com/professionals/troy-foster). I have a long track record of working with governments and companies around the world.
For identity verification, Stripe is our current data processor and undergoes annual audits. Your identity is first verified by Stripe, secondly reprocessed for privacy on Changefly, then immediately deleted.
I encourage you to check out the links below to learn how the Changefly ID authentication process works and how Changefly is truly changing the game for privacy and security:
>For identity verification, Stripe is our current data processor and undergoes annual audits. Your identity is first verified by Stripe, secondly reprocessed for privacy on Changefly, then immediately deleted.
This important information is not in your FAQ or your white paper. Not even a mention of identity verfication. Transparency is crucial, if you want trust.
Nevertheless, Am I not parting more of my data by giving Govt id to another third party(stripe) rather than just my email?
Hi vorejdajo, thanks for the feedback. We've been in private mode, and recently launched access to the general public. Additional info will be added to our website and Developer API guide.
"Nevertheless, Am I not parting more of my data by giving Govt id to another third party(stripe) rather than just my email?"
- Identity verification is OPTIONAL for Changefly ID. We chose to work with Stripe for government ID verifications because we can guarantee that after the verification and anonymization, your PII is verifiably deleted.
- Regarding using your email for logins and identity verification, that is no longer feasible in this day and age due to phishing, credential stuffing, account takeovers, scams, and the list goes on.
I know Cardano has something similar (not sure how it's anonymized but it operates on the need-to-know basis) called Veridian[1][2]. And, of course, there are identity platforms from Ethereum[3].
Hey xvilka, you are correct! There are thousands of identity verification companies around the world. The difference is we use Changefly ID.
I encourage you to check out the links below to learn how the Changefly ID authentication process works and how Changefly is truly changing the game for privacy and security:
Can you elaborate without me having to install an app. What does "verifying [sic] their identity anonymously" actually entail. I think that's what most of us want to know, and that's what is not adequately explained anywhere on your site.
How is this any different from outsourcing attestation to a third-party?
Considering most regulations require the party reliant on validating the data to store the source or proof, it seems like the only plausible mass-deployment of this approach would be US state-based ID systems specifically for drinking/anonymous patrons. That excludes driving, gambling, restricted entertainment, medicine etc.
Countries wouldn’t adopt it nationally or federally, they’d copy it.
Maybe online games or communities that want to keep age of users above a set amount? I don’t see them paying for this though.
Hey apimade, you brought up some great questions and I'll answer as best I can:
"How is this any different from outsourcing attestation to a third-party?"
There are thousands of identity verification companies around the world. The difference is we use Changefly ID.
"Considering most regulations require the party reliant on validating the data to store the source or proof, it seems like the only plausible mass-deployment of this approach would be US state-based ID systems specifically for drinking/anonymous patrons. That excludes driving, gambling, restricted entertainment, medicine etc."
A growing number of services around the world are requiring identity (are you a real person, or age verification). Changefly ID + Anonymized Identity and Age Verification processes government ID's from over 100 countries.
"Countries wouldn’t adopt it nationally or federally, they’d copy it."
I encourage you to check out the links below to learn how the Changefly ID authentication process works and how Changefly is truly changing the game for privacy and security:
This is definitely the future: non-governmental entities compete for business, users KYC and self-identify with one or more of them, and they take the legal risk via insurance policies if children slip through. Then third-party sites trust the third-party vendors, who approve users without passing the PII.
Sure, the third-party identity vault companies could be hacked, but I would prefer one of those over a million various sites of dubious quality taking my PII themselves.
Hi monero, I encourage you to check out the links below to learn how the Changefly ID authentication process works and how Changefly is truly changing the game for privacy and security:
While a zk-proof solution for IDs is sorely needed, I too am wondering how the initial setup works.
Just have a simple video on the homepage like https://heyblue.com showing someone new to the product start using it. Montage with a few examples would be nice.
Hey thanks pilingual. We recently released this to the general public. We'll roll out a simple video and screen shots soon. Here is the two-step enrollment process for users that need to verify their identity:
1. User gets their Changefly ID through the Changefly app (free)
Hi ranger_danger, thank you for your comment. I encourage you to check out the links below to learn how Changefly ID works and how Changefly is truly changing the game for privacy and security:
Kind of wild you're willing involving yourself with the PII footgun.
There is no acceptable amount of PII a business should hold unless required to by the government for extremely limited industries (ie, banking or medicine or the act of employment).
Every single government that is requiring age verification is not also legally indemnifying companies that are performing this. Every single company that is trying to provide this will be hung out to dry when this blows up in their face: the company will be heavily fined under the existing laws in that country.
In many countries, banks that have to follow KYC or similar laws or hospitals that have to follow HIPPA or similar laws are given at least some form of partial legal indemnification as long as they can prove they were following the law. This is why they almost uniquely keep getting away with it with a slap on the wrist when they inevitably fuck up.
This will never be offered to companies like yours. You are taking on, essentially, infinite legal risk to make a quick buck.
If your legal council is telling you they can defend you from this, I suggest finding new legal council. IANAL, IANYL, but proceed very carefully. This is not a technological problem, this is a legal problem, and you cannot solve this with technology.
Hey DiabloD3, I completely understand your concerns and you bring up a lot of curious points! My name is Lukas Dickie and I'm the founder of Changefly. You can verify this by looking up our business registration with Washington State or contacting Troy Foster at Perkins Coie (https://perkinscoie.com/professionals/troy-foster). I have a long track record of working with governments and companies around the world.
For identity verification, Stripe is our current data processor and undergoes annual audits. Your identity is first verified by Stripe, secondly reprocessed for privacy on Changefly, then immediately deleted.
I encourage you to check out the links below to learn how the Changefly ID authentication process works and how Changefly is truly changing the game for privacy and security:
So, I'm not sure what legal regime you're pitching this for, but my reading of, for example, the UK's new tyrannical law... if merely having your identity verified by having your credit card in your hand via KYC laws, then there wouldn't have been a problem.
They want visual proof for future prosecution.
Any company that attempts to provide services to verify identification in a way that complies with government laws is a future collaborator and also a future PII leak. They will throw you under the bus for leaking PII, and the people will throw you under the bus for collaborating.
The UK's data protection laws, enforced by the Information Commissioner's Office (ICO), require platforms to use "data protection by design". This means minimizing personal data collected for age assurance:
You are not required to save your ID under the UK's new age verification laws; instead, platforms must use age assurance methods that confirm your age without collecting or storing your personal data, such as facial estimation or digital identity wallets. The focus is on privacy-preserving tools that provide only a "yes" or "no" response to an age threshold, adhering to data protection principles and minimizing the collection of personal information.
This is definitely something that is needed. But I don't know if you're doing the privacy bit right and I can trust you. What I'd like to see next is a technical paper where you explain all your claims.
You're in the trust business. You haven't earned it yet.
If you can't really do the privacy bit with 100% absolute guaranteed certainty using technical means, you could also do a third party audit you daily. Yep, daily. That would be fine by me too.
"You're in the trust business. You haven't earned it yet."
Spot on, Coeur! My sentiments exactly. My name is Lukas Dickie and I'm the founder of Changefly. You can verify this by looking up our business registration with Washington State or contacting Troy Foster at Perkins Coie (https://perkinscoie.com/professionals/troy-foster). I have a long track record of working with governments and companies around the world.
For identity verification, Stripe is our current data processor and undergoes annual audits. Your identity is first verified by Stripe, secondly reprocessed for privacy on Changefly, then immediately deleted.
I encourage you to check out the links below to learn how the Changefly ID authentication process works and how Changefly is truly changing the game for privacy and security:
Seems to require an app. Which instantly gives ChangeFly my PII. Nope.
Anonymized identity requires some entity to certify that a given token proves what it says it does. That is an awesome power, and given the abuse of that power by private companies who have gained it in the past, I'm not going to give it to ChangeFly, whoever they are.
Which begs the question of who we DO trust enough to do provide this service. Perhaps our banks?
Hey foxylad, I hear your frustration. Did you know everything you do on your phone and computer is through an app?
My name is Lukas Dickie and I'm the founder of Changefly. You can verify this by looking up our business registration with Washington State or contacting Troy Foster at Perkins Coie (https://perkinscoie.com/professionals/troy-foster). I have a long track record of working with governments and companies around the world.
For identity verification, Stripe is our current data processor and undergoes annual audits. Your identity is first verified by Stripe, secondly reprocessed for privacy on Changefly, then immediately deleted.
I encourage you to check out the links below to learn how the Changefly ID works and how Changefly is truly changing the game for privacy and security:
I'm a little confused here from the explanation and examples - how is this anonymous exactly? The examples require that you pass their 'changefly user id' and ip address. Both of these are fairly unique identifiers (especially when combined). The mention in the developer documentation that you may prompt them for the user's changefly PIN in the case of an IP address mismatch implies that you are storing the user's IP in some form or another - so basically users are having to trust that you aren't storing information about these 'changefly connections'. This is just one further hop from having the government provide this service themselves, since if they really wanted to, what is stopping them from coming to you and saying 'I want a list of all websites that user at X ip address did age verification on'?
Hey VoidWhisperer, you've raised some excellent and valid points without knowing the underlying technology. It's understandable how the need to pass a an IP address could seem contradictory to the idea of anonymity. IP addresses are required to communicate on the internet whether at home, work, or on the go. Nobody can change that without changing the entire structure of the internet.
Your Changefly ID is anonymous and end-to-end encrypted. Changefly does not know who you are, who you are connecting with, or what your IP address is as we do not log IP addresses.
I encourage you to read more below to learn how the Changefly ID authentication process works and how Changefly is truly changing the game for privacy and security:
Changefly Anonymous Authentication FAQ: https://www.changefly.com/security
Changefly ID white paper: https://www.changefly.com/our-research
Changefly US Patent 12,301,546 B2 https://patents.google.com/patent/US12301546B2/en
The linked article seems purposely vague so much so that I'm wondering if you're a scam. It just has some privacy keywords like "zero knowledge proofs", but it doesn't really explain what's going on. Diving deep into your privacy policy, to know how it works - shows you use third party for the initial verification?
>For example, our Third-Party Providers may verify your government ID when you register for Changefly Anonymized Identity Protection[1]
[1]: https://www.changefly.com/policies/privacy-policy
Hey vorejdajo, I completely understand your questioning if this is a scam (Changefly actually blocks scammers). My name is Lukas Dickie and I'm the founder of Changefly. You can verify this by looking up our business registration with Washington State or contacting Troy Foster at Perkins Coie (https://perkinscoie.com/professionals/troy-foster). I have a long track record of working with governments and companies around the world.
For identity verification, Stripe is our current data processor and undergoes annual audits. Your identity is first verified by Stripe, secondly reprocessed for privacy on Changefly, then immediately deleted.
I encourage you to check out the links below to learn how the Changefly ID authentication process works and how Changefly is truly changing the game for privacy and security:
Changefly Anonymous Authentication FAQ: https://www.changefly.com/security
Changefly ID white paper: https://www.changefly.com/our-research
Changefly US Patent 12,301,546 B2: https://patents.google.com/patent/US12301546B2/en
>For identity verification, Stripe is our current data processor and undergoes annual audits. Your identity is first verified by Stripe, secondly reprocessed for privacy on Changefly, then immediately deleted.
This important information is not in your FAQ or your white paper. Not even a mention of identity verfication. Transparency is crucial, if you want trust.
Nevertheless, Am I not parting more of my data by giving Govt id to another third party(stripe) rather than just my email?
Hi vorejdajo, thanks for the feedback. We've been in private mode, and recently launched access to the general public. Additional info will be added to our website and Developer API guide.
"Nevertheless, Am I not parting more of my data by giving Govt id to another third party(stripe) rather than just my email?"
- Identity verification is OPTIONAL for Changefly ID. We chose to work with Stripe for government ID verifications because we can guarantee that after the verification and anonymization, your PII is verifiably deleted.
- Regarding using your email for logins and identity verification, that is no longer feasible in this day and age due to phishing, credential stuffing, account takeovers, scams, and the list goes on.
I know Cardano has something similar (not sure how it's anonymized but it operates on the need-to-know basis) called Veridian[1][2]. And, of course, there are identity platforms from Ethereum[3].
[1] https://www.veridian.id/
[2] https://cardanofoundation.org/blog/veridian-digital-identity...
[3] https://ethereum.org/en/decentralized-identity/
Hey xvilka, you are correct! There are thousands of identity verification companies around the world. The difference is we use Changefly ID.
I encourage you to check out the links below to learn how the Changefly ID authentication process works and how Changefly is truly changing the game for privacy and security:
Changefly Anonymous Authentication FAQ: https://www.changefly.com/security
Changefly ID white paper: https://www.changefly.com/our-research
Changefly US Patent 12,301,546 B2: https://patents.google.com/patent/US12301546B2/en
What is the enrolment process for users that want to prove an attribute or credential?
Great question, commandersaki. Here is the two-step enrollment process for users that want to prove an attribute or credential:
1. User gets their Changefly ID through the Changefly app (free)
2. User verifies their identity anonymously (https://www.changefly.com/account/verify)
For developers:
https://www.changefly.com/developer
Can you elaborate without me having to install an app. What does "verifying [sic] their identity anonymously" actually entail. I think that's what most of us want to know, and that's what is not adequately explained anywhere on your site.
Sure no problem:
- Changefly ID is the core technology for anonymous authentication (https://www.changefly.com/our-research). Changefly ID requires zero PII.
- Optionally, if a service requires identity / age verification, we just released Anonymous Identity & Age Verification for Changefly ID (https://www.changefly.com/blog/2025/08/anonymized-identity-a...).
- You can verify your identity for free: https://www.changefly.com/account/verify
- Developers can verify Changefly ID’s and/or age requirement checks with our open API: https://www.changefly.com/developer
How is this any different from outsourcing attestation to a third-party?
Considering most regulations require the party reliant on validating the data to store the source or proof, it seems like the only plausible mass-deployment of this approach would be US state-based ID systems specifically for drinking/anonymous patrons. That excludes driving, gambling, restricted entertainment, medicine etc.
Countries wouldn’t adopt it nationally or federally, they’d copy it.
Maybe online games or communities that want to keep age of users above a set amount? I don’t see them paying for this though.
Am I missing something?
Hey apimade, you brought up some great questions and I'll answer as best I can:
"How is this any different from outsourcing attestation to a third-party?"
There are thousands of identity verification companies around the world. The difference is we use Changefly ID.
"Considering most regulations require the party reliant on validating the data to store the source or proof, it seems like the only plausible mass-deployment of this approach would be US state-based ID systems specifically for drinking/anonymous patrons. That excludes driving, gambling, restricted entertainment, medicine etc."
A growing number of services around the world are requiring identity (are you a real person, or age verification). Changefly ID + Anonymized Identity and Age Verification processes government ID's from over 100 countries.
"Countries wouldn’t adopt it nationally or federally, they’d copy it."
I encourage you to check out the links below to learn how the Changefly ID authentication process works and how Changefly is truly changing the game for privacy and security:
Changefly Anonymous Authentication FAQ: https://www.changefly.com/security
Changefly ID white paper: https://www.changefly.com/our-research
Changefly US Patent 12,301,546 B2: https://patents.google.com/patent/US12301546B2/en
This is definitely the future: non-governmental entities compete for business, users KYC and self-identify with one or more of them, and they take the legal risk via insurance policies if children slip through. Then third-party sites trust the third-party vendors, who approve users without passing the PII.
Sure, the third-party identity vault companies could be hacked, but I would prefer one of those over a million various sites of dubious quality taking my PII themselves.
Hi monero, I encourage you to check out the links below to learn how the Changefly ID authentication process works and how Changefly is truly changing the game for privacy and security:
Changefly Anonymous Authentication FAQ: https://www.changefly.com/security
Changefly ID white paper: https://www.changefly.com/our-research
Changefly US Patent 12,301,546 B2: https://patents.google.com/patent/US12301546B2/en
While a zk-proof solution for IDs is sorely needed, I too am wondering how the initial setup works.
Just have a simple video on the homepage like https://heyblue.com showing someone new to the product start using it. Montage with a few examples would be nice.
The app screenshots could be improved.
Edit: clarity
Hey thanks pilingual. We recently released this to the general public. We'll roll out a simple video and screen shots soon. Here is the two-step enrollment process for users that need to verify their identity:
1. User gets their Changefly ID through the Changefly app (free)
2. User verifies their identity anonymously (https://www.changefly.com/account/verify)
For developers:
https://www.changefly.com/developer
I would not consider identity/age verification to offer a path to a "less-intrusive internet".
Hi ranger_danger, thank you for your comment. I encourage you to check out the links below to learn how Changefly ID works and how Changefly is truly changing the game for privacy and security:
Changefly Anonymous Authentication FAQ: https://www.changefly.com/security
Changefly ID white paper: https://www.changefly.com/our-research
Changefly US Patent 12,301,546 B2: https://patents.google.com/patent/US12301546B2/en
Kind of wild you're willing involving yourself with the PII footgun.
There is no acceptable amount of PII a business should hold unless required to by the government for extremely limited industries (ie, banking or medicine or the act of employment).
Every single government that is requiring age verification is not also legally indemnifying companies that are performing this. Every single company that is trying to provide this will be hung out to dry when this blows up in their face: the company will be heavily fined under the existing laws in that country.
In many countries, banks that have to follow KYC or similar laws or hospitals that have to follow HIPPA or similar laws are given at least some form of partial legal indemnification as long as they can prove they were following the law. This is why they almost uniquely keep getting away with it with a slap on the wrist when they inevitably fuck up.
This will never be offered to companies like yours. You are taking on, essentially, infinite legal risk to make a quick buck.
If your legal council is telling you they can defend you from this, I suggest finding new legal council. IANAL, IANYL, but proceed very carefully. This is not a technological problem, this is a legal problem, and you cannot solve this with technology.
Hey DiabloD3, I completely understand your concerns and you bring up a lot of curious points! My name is Lukas Dickie and I'm the founder of Changefly. You can verify this by looking up our business registration with Washington State or contacting Troy Foster at Perkins Coie (https://perkinscoie.com/professionals/troy-foster). I have a long track record of working with governments and companies around the world.
For identity verification, Stripe is our current data processor and undergoes annual audits. Your identity is first verified by Stripe, secondly reprocessed for privacy on Changefly, then immediately deleted.
I encourage you to check out the links below to learn how the Changefly ID authentication process works and how Changefly is truly changing the game for privacy and security:
Changefly Anonymous Authentication FAQ: https://www.changefly.com/security
Changefly ID white paper: https://www.changefly.com/our-research
Changefly US Patent 12,301,546 B2: https://patents.google.com/patent/US12301546B2/en
So, I'm not sure what legal regime you're pitching this for, but my reading of, for example, the UK's new tyrannical law... if merely having your identity verified by having your credit card in your hand via KYC laws, then there wouldn't have been a problem.
They want visual proof for future prosecution.
Any company that attempts to provide services to verify identification in a way that complies with government laws is a future collaborator and also a future PII leak. They will throw you under the bus for leaking PII, and the people will throw you under the bus for collaborating.
Are you sure you want to be in that position?
The UK's data protection laws, enforced by the Information Commissioner's Office (ICO), require platforms to use "data protection by design". This means minimizing personal data collected for age assurance:
You are not required to save your ID under the UK's new age verification laws; instead, platforms must use age assurance methods that confirm your age without collecting or storing your personal data, such as facial estimation or digital identity wallets. The focus is on privacy-preserving tools that provide only a "yes" or "no" response to an age threshold, adhering to data protection principles and minimizing the collection of personal information.
- Changefly ID is the core technology for anonymous authentication (https://www.changefly.com/our-research). Changefly ID requires zero PII.
- Optionally, if a service requires identity / age verification, we just released Anonymous Identity & Age Verification for Changefly ID (https://www.changefly.com/blog/2025/08/anonymized-identity-a...).
- You can verify your identity for free: https://www.changefly.com/account/verify
- Developers can verify Changefly ID’s and/or age requirement checks with our open API: https://www.changefly.com/developer
This is definitely something that is needed. But I don't know if you're doing the privacy bit right and I can trust you. What I'd like to see next is a technical paper where you explain all your claims.
You're in the trust business. You haven't earned it yet.
If you can't really do the privacy bit with 100% absolute guaranteed certainty using technical means, you could also do a third party audit you daily. Yep, daily. That would be fine by me too.
"You're in the trust business. You haven't earned it yet."
Spot on, Coeur! My sentiments exactly. My name is Lukas Dickie and I'm the founder of Changefly. You can verify this by looking up our business registration with Washington State or contacting Troy Foster at Perkins Coie (https://perkinscoie.com/professionals/troy-foster). I have a long track record of working with governments and companies around the world.
For identity verification, Stripe is our current data processor and undergoes annual audits. Your identity is first verified by Stripe, secondly reprocessed for privacy on Changefly, then immediately deleted.
I encourage you to check out the links below to learn how the Changefly ID authentication process works and how Changefly is truly changing the game for privacy and security:
Changefly Anonymous Authentication FAQ: https://www.changefly.com/security
Changefly ID white paper: https://www.changefly.com/our-research
Changefly US Patent 12,301,546 B2: https://patents.google.com/patent/US12301546B2/en
Seems to require an app. Which instantly gives ChangeFly my PII. Nope.
Anonymized identity requires some entity to certify that a given token proves what it says it does. That is an awesome power, and given the abuse of that power by private companies who have gained it in the past, I'm not going to give it to ChangeFly, whoever they are.
Which begs the question of who we DO trust enough to do provide this service. Perhaps our banks?
Hey foxylad, I hear your frustration. Did you know everything you do on your phone and computer is through an app?
My name is Lukas Dickie and I'm the founder of Changefly. You can verify this by looking up our business registration with Washington State or contacting Troy Foster at Perkins Coie (https://perkinscoie.com/professionals/troy-foster). I have a long track record of working with governments and companies around the world.
For identity verification, Stripe is our current data processor and undergoes annual audits. Your identity is first verified by Stripe, secondly reprocessed for privacy on Changefly, then immediately deleted.
I encourage you to check out the links below to learn how the Changefly ID works and how Changefly is truly changing the game for privacy and security:
Changefly Anonymous Authentication FAQ: https://www.changefly.com/security
Changefly ID white paper: https://www.changefly.com/our-research
Changefly US Patent 12,301,546 B2: https://patents.google.com/patent/US12301546B2/en