Stop Being the Product: Prove More, Share Less

Who remembers the first time they went “online”? Dialing on to this thing called the world-wide-web. The famous sound of dialing, the fact that you could not use your home phone line at the same time. Crazy times! Who knew back then what this thing would turn into, how it would basically change everything we knew. I definitely did not, I was just a young kid that was fascinated by all that was possible back then. There was no more limit for my curiosity. From gaming with random people online, to MSN, forums, illegally downloading software and later music. What a world.

Besides that the possibilities, and influence, of the world-wide-web absolutely exploded, it was also the start of something else. The new oil, the new gold, as some would refer to it aka: Data.

The start of your data profile

It was probably the first time that humans would leave behind a trace of data without even knowing they did. I mean, before that, every data point that could be linked back to you personally would have been something you would willingly, physically, fill out with your own name etc.

Not only that, the amount of times you would leave your name/address and other data behind also exploded. Little did we know, that slowly but surely, we were giving away the most valuable thing we had.

It all started during the so-called Web1 era, where the internet looked and felt pretty harmless still. You dial in, a page loads, and somewhere a server writes down the time, your IP, the page name. Google Search boxes quietly keep what you asked on file. A small cookie keeps your cart alive so you don’t have to start over. Helpful. Innocent even. It felt like the web was taking notes to be useful, not to remember you.

Forums and newsletters added a little more. A username here, an email there. None of us thought those tiny notes could be stitched into a pattern of who we are.

Then Web2 hit and the vibe flipped. We stopped being anonymous browsers and started bringing ourselves. Real names. Birthdays. Schools. Jobs. Photos. Friends. The internet stopped being a place you visited and moved into your pocket, documenting every move we made. The like button seemed harmless under a post and then you saw it again on a news site, a shop, your gym’s website. Same button, same company, now quietly learning when a page shows up on your screen, even if you never tap it.

Single sign-on felt like magic because one login worked everywhere. It also meant more of your activity got tied to one identity. Free apps were the cherry on top. No price tag at download, the bill came due in permissions you clicked through without reading. Location, contacts, camera. Yes, yes, yes, because the app was fun and your friends were already there.

The Wake Up Call: Cambridge Analytica

Slowly but surely though we started to learn that whenever an app or service was free, we would give up our privacy in order to use it. The Cambridge Analytica scandal woke up a lot of people and Facebook went from beloved platform to being very hated.

Cambridge Analytica used A harmless-looking personality quiz on Facebook to scoop up data not just from people who took it, but from their friends too, thanks to the platform’s old “friend permissions.” That dataset was then passed to a political consulting firm and fed into voter targeting and influence work. Facebook later said the number of people whose data may have been shared was as high as 87 million.

It was very clear all of a sudden. Data collected for one purpose can be reused for another, quietly, at internet speed. When the story broke, the world finally connected the dots between “free” products and the invisible trade in personal information. The fallout was real. Facebook paid a record $5 billion penalty in the United States and agreed to sweeping privacy controls. The UK regulator ran a multi-year investigation into political data use and forced a hard rethink of how parties and platforms handle people’s information.  

I remember watching this live from a cafe in Toronto and was flabbergasted by the lack of knowledge from the Congress members on what this thing called Facebook actually does. The questions they asked, my mouth dropped open multiple times. A lot of the Congress Members were very senior people, completely missing what was happening on the internet and with technology all together.

This is also one of the reasons why AI and the speed of current innovation is so challenging for governments, simply because they are too slow to grasp and understand it. In 2018, when it felt like the whole world was already actively using Facebook, Instagram and more, these (very influential and important) people asked questions that the average 15-year old (with an account) could answer. There are two big risks because of this:

- Not enough regulation, or not the right regulation and AI will have a negative effect on society
- Too much regulation, which will halt innovation and stop us from receiving all the possible benefits (some say the AI EU act is a great example of “too much”..).

You can already tell, it’s a verrrrry challenging and a very fine line…

Ok back to data. Because, as every article, I like to point out challenges but not without also giving a solution. That is what this article is about.

So, did anything change?

Not really..

Cookie popups. Nobody cares, everybody clicks. Not because they love tracking but because they want the page to load. The bright button wins. “Manage settings” is too much work 99/100 times. We pretend this is consent. It is not.

Terms of Service and Privacy Policies. Two long documents that say “take it or leave it.” We scroll, we tap “I agree,” we move on. That does not mean we are informed. It is a forced trade. If the only way to participate in modern life is to accept rules you cannot read, the game is not in our favor.

Random apps asking for precise location. Why does a flashlight need GPS? Why does a note-taking app want contacts? Say yes once and it becomes the default forever. Background updates do the rest. You forget about it, the app does not. The pattern is always the same. Ask for more than is needed because one day it might be useful.

And while all this happens we create more and more data. Health data from watches. Sports data from trackers. Eye tracking in headsets. Face ID to unlock phones and pay for things. Voice prints. Driving behavior in connected cars. Your TV, your fridge, your doorbell. None of this is theoretical. It is the daily exhaust of normal life. Each new surface makes the map of you sharper.

That is the current state. Consent as a pop-up. Rules nobody reads. Permissions that over-reach. An ever-growing pile of sensitive signals tied back to the same person.

This will probably only get worse, so what can we do to improve?

Privacy technology is important. Although, technology alone is not enough (more on that later). But I am not saying that Zero-Knowledge technology is a silver bullet, or the one piece of innovation that will solve all above challenges. Definitely not. It still is great technology though and something that should be implemented more and more.

Introducing Zero-Knowledge Proof Technology

Zero-knowledge lets you prove a fact without showing the data behind it. Think “yes, this is true,” without handing over the file. You keep your details. The other side gets certainty.

The easiest example to explain it, that I have heard, is as follows:

You want to get into a bar. The bouncer needs to know you are over 18. Currently, you hand your passport or ID to the bouncer, which contains a lot of other (very personal) information besides your birthdate. Why?

With zero-knowledge you walk up with a digital card in your wallet that was issued by a trusted party. Your phone creates a tiny cryptographic proof that says “age is over 18” and nothing else. The bouncer’s scanner checks the proof in a split second. If it is valid, the light goes green. No birthdate shown. No photo copied. No new database of your night out.

That is the whole idea. Prove the one fact that matters and keep the rest to yourself. Same door. Same rule. Less exposure. Same pattern works anywhere you need to prove one thing without handing over everything.

A bit more technical

Zero-knowledge proofs are a protocol between two roles.
• Prover. The person or system that knows a secret, also called the witness.
• Verifier. The party that needs confidence the statement is true.
• Statement. The claim being proved, for example “this date of birth implies age ≥ 18.”
• Proof. A short, checkable string that convinces the verifier without revealing the witness.

Three core properties keep the system honest.
• Completeness. If the statement is true and you build the proof correctly, the verifier will accept it.
• Soundness. If the statement is false, faking a passing proof is essentially impossible.
• Zero-knowledge. The verifier learns nothing beyond “true” or “false.”

How it works under the hood, at a high level.
1. You turn the check you want to run into a set of constraints, like a digital puzzle. For example, “take the hidden birthdate, compute the age, compare to 18.”
2. You commit to your secret using math one-way functions, often with hashes or special commitments. Think sealed envelope with a tamper-proof seal.
3. You generate a proof that the hidden data satisfies the constraints (aka the earlier example: “take the hidden birthdate, compute the age, compare to 18.”.
4. The verifier checks the proof using public information. No access to your secret is required.

Why ZK Proofs are needed

This might seem like a small thing, but it could help a lot with preventing things like identity theft (which actually happened to that, I’ll explain).

Today we still upload passports to open accounts, move money, verify identity. Banks, fintechs, exchanges, or buy-now-pay-later companies. Those documents do not live in a vault. They live in vendor clouds, backups, test environments, and log files. Security is strong at these companies, but not perfect.

Look at Australian telecom company Optus who leaked data for almost 10 million people, including passport and driver’s licence numbers. Government ministers called it one of the country’s worst breaches. People had to replace documents, lock credit, deal with fallout they never asked for. 

Or what about UnitedHealth’s Change Healthcare breach in 2024. A ransomware attack knocked out claims processing and, more importantly, opened the door to a massive data leak. UnitedHealth and federal regulators now put the impact around 192.7 million people, making it the largest healthcare data breach in US history. Names, insurance IDs, diagnoses, treatment details, Social Security numbers..

I can go on… Marriott’s Starwood database is another crazy one. The 2019 breach exposed 339 million records worldwide and included 5.25 million unencrypted passport numbers.

Zoom out and you see why this hurts. Identity theft is not a niche problem. The FTC logged more than 1.1 million identity theft reports in 2024, with overall fraud losses climbing to over 12.5 billion dollars.

And yes, it is unnecessary exposure. Most of those flows only needed a single fact:
- Are you you.
- Are you old enough.
- Are you allowed to transact in this market.

We handed over entire passports to answer a yes or a no, and the copies sat on servers that never forget.

It actually happened to me personally. Years ago I noticed that my health insurance was taking money from my bank account I had no idea why. When I logged into my insurance portal I saw a bunch of invoices from a psychologist in Brabant somewhere (I lived in Amsterdam at the time). When I started calling the insurance company and the investigation started, they figured out someone (somehow) was using my “Citizen Service Number”. Luckily I could prove that it wasn’t me and received the money back, but what a hassle it was..

So preventing all this identity theft because of safer technology will already help a lot of people. But there is more. Some possible use cases for ZK tech:

1. Ticket drops without bots or phone numbers: Your favorite artist opens a presale. Right now it is phone numbers, captchas, and still a swarm of bots. With ZK you show two sleeves at checkout: “human once” and “member of this fan club.” The queue lets you in. No database of phone numbers. No face scans. Fewer bots.

2. Renting without the paperwork parade: An agency wants pay slips, bank statements, sometimes even a tax return. You prove “income above X” and “no sanctions flags” and stop there. Landlord gets what they need to say yes. Your full financial life stays off their server.
   

3. Kid-safe social without birthdates on file: A teen wants a social account. Today the platform nudges for a birthdate and quietly keeps it forever. With ZK the app only learns “under 16” or “over 18” and flips the right defaults. Privacy by default for kids, no stored DOBs for anyone.
   

4. Health perks without leaking your life: Your insurer runs a steps challenge. Right now they want raw health data or a third-party app in your pocket. With ZK your phone proves “weekly steps ≥ 70k” and nothing else. You get the perk. They never see when, where, or how.

Closing thoughts

We have been handing over whole files to answer yes-or-no questions. That made sense in paper world. In software it is unnecessary risk. Zero-knowledge lets us keep the outcome and drop the exposure. But, ZK is great technology but does not solve it all. What I miss a lot of times is that people complain about privacy and how bad Meta (Facebook) is, but don’t make different personal decisions. Are not ready to make sacrifices, maybe paying 1 of 2 euros a month for a social media platform so they don’t have to sell your data or using a private, decentralized, version of ChatGPT instead of flocking to OpenAI.

I personally am very aware of all this data that I give to big tech. I deliberately make decisions for and against sharing. I think that’s a start. I am not saying we have to stop using all social, all AI tools, but at least being aware of what you want to (and not want to) share is, in my humble opinion, a great start.

PS... If you’re enjoying my articles, will you take 6 seconds and refer this to a friend? It goes a long way in helping me grow the newsletter (and help more people understand our current technology shift). Much appreciated!

PS 2... and if you are really loving it and want to buy me some coffee to support. Feel free! 😉 

^{Who am I and why you should be here:}

^{Over the years, I’ve navigated industries like advertising, music, sports, and gaming, always chasing what’s next and figuring out how to make it work for brands, businesses, and myself. From strategizing for global companies to experimenting with the latest tech, I’ve been on a constant journey of learning and sharing.}

^{This newsletter is where I’ll bring all of that together—my raw thoughts, ideas, and emotions about AI, blockchain, gaming, Gen Z & Alpha, and life in general. No perfection, just me being as real as it gets.}

^{Every week (or whenever inspiration hits), I’ll share what’s on my mind: whether it’s deep dives into tech, rants about the state of the world, or random experiments that I got myself into. The goal? To keep it valuable, human, and worth your time.}