upvote

points

by nottorp1 days ago |
comments
upvoteby GoblinSlayer2 hours ago|
next
[-]
Do you care about it when running a smartphone full of NSA backdoors, CIA backdoors, Google backdoors, Apple backdoors, Baidu backdoors, Chrome backdoors and official reCAPTCHA backdoors and google analytics backdoors?
reply
upvoteby sofixa1 days ago|
prev|
[-]
> In my opinion, it just means there is a single government database to hack to get copies of all IDs...

That doesn't make sense, all IDs are already in a single government database. Kind of by definition in fact, for IDs to be useful they need to be emitted by a central authority with associated security and revokability guarantees.

The implementations I've seen rely on an app reading your physical ID and its NFC chip, comparing that with a selfie to ensure it's the same person, and being able to provide anonymous proof you are of age based on that, or proof that you are indeed who you say you are.

reply
upvoteby nottorp1 days ago|
parent|
[-]
> That doesn't make sense, all IDs are already in a single government database. Kind of by definition in fact, for IDs to be useful they need to be emitted by a central authority with associated security and revokability guarantees.

Yes and those databases are decently protected. However for an "app" someone will do a web 4.0 or 6.0 bridge to access these databases. Maybe even vibe code it. That's what I'm worried about.

reply
upvoteby sofixa1 days ago|
parent|
[-]
Hence the second paragraph in my comment. The app is client side and reads the physical ID.
reply
upvoteby nottorp1 days ago|
parent|
[-]
Hmm how is it zero knowledge when you can be tracked to a single installation of an app? I thought zero knowledge means they ask a "trusted" 3rd party, i.e. the government. And that says yes/no, without passing any ID details on.
reply
upvoteby torben-friis10 hours ago|
parent|
[-]
Zero knowledge as in the state provides a certificate without directly interacting with the third party website, and the third party does not get personal information beyond "this access is by a certified adult", with no explicit or implicit information about which adult.
reply
upvoteby nottorp3 hours ago|
parent|
[-]
Yep, that's a good idea, but it also means the app on your phone has to talk to the state. Probably through a web 7.0 RESTLESS api. And even though the 3rd party web site doesn't get your identity, the state's database does.

It's the RESTLESS api being hacked I worry about.

reply
upvoteby sofixa2 hours ago|
parent|
[-]
No.

The app checks your physical ID you have, and provides a certificate that you give the third party you're proving yourself to. The app knows you requested proof, but not what for. The third party knows you're proven to be 18+, but knows nothing else.

reply