> We could potentially do ID checks that only show exactly what the receiver needs to know and nothing else.
replyA stronger statement: we know how to build zero-knowledge proofs over government-issued identification, cf. https://zkpassport.id/
The services that use these proofs then need to implement that only one device can be logged in with a given identity at a time, plus some basic rate limiting on logins, and the problem is solved.
Thank you - this gets way too few attention especially among tech folks. People act like uploading your government ID to random online services was the only solution to this problem, which is really just a red herring.
replyUploading IDs is the only solution we will get unless the people who care about privacy come up with something better.
replyYes this is what I'm thinking about!
replyThe challenge here though is to prove to the user, especially without forcing the user to go into technical details, that it is indeed private and isn't giving away details.
The user needs to be able to sandbox an app like that and have full control of its communications.
deleted
reply