[Hizonner]

Their critical error is that there's a single, central authority that certifies that a person with a given set of biometrics exists. They didn't bite off the hard, but necessary, part where you figure out how walk an attestation graph and come up with a confidence level.

And they only do irisis.

And they're doing the ZK at the wrong point in the chain. Publishing the actual, raw, unhashed biometrics wouldn't be a problem as long as they didn't tie them to anything but a key. And that future-proofs you.