I post lots about digital identity cards and how they can fail, and I get lots of responses from people who believe the marketing material – variously from governments, or for zero knowledge protocols, or for some other kind of snake oil – regarding how they can exchange official identity credentials for tokens that can be used to prove “I am older than 18” to porn sites and so forth.
If you have responded thusly, this is for you:
Let’s ignore the possibility that the site you may be submitting such a token to could be entirely fake and may be caching the credential you submit so that a third party could use it, possibly selling it onwards on some kind of black market. Perhaps your solution guards against that, or perhaps it does not.
Ignoring the above, I recommend you go read this paper:
https://www.cs.columbia.edu/~smb/papers/age-verify.pdf
…which will help defang some of the “silver bullet technology will solve this problem” arguments that you will encounter in the wild.
You should probably also go and do some research into the Tor Project — for whom anonymity is essentially a business proposition — and read some of the papers about how it is deemed to fail to deliver anonymity: notably timing attacks, various forms of information leakage, correlation attacks or even active attacks via third parties adding infrastructure to Tor and then surveilling it.
There are a whole pile of ways for a very large system which is supposed to provide anonymity, to be “gamed” in order to weaken that anonymity.
You might also want to read some of the papers about how DNS anonymity fails, including some of my research on that matter:
- https://www.ndss-symposium.org/ndss-paper/auto-draft-124/
- https://blog.apnic.net/2021/09/28/dohot-better-security-privacy-and-integrity-via-load-balanced-dns-over-https-over-tor/
- https://github.com/alecmuffett/dohot/blob/master/papers/no-port-53-who-dis-paper-3.1.pdf
The PDF in particular will be useful for discussing DNS correlation attacks and how to defend against them.
Once you’ve got that background, you can continue reading about “linked data” and deanonymisation/re-identification of data sets by intersecting multiple data sources. This has been a matter of considerable political debate regarding rights protected by the data protection act
Now…
With all of the understanding you have gained by reading all of this stuff, consider for yourself two things:
- Whether a digital ID card will not merely obviate all of the above problems but also protect your anonymity when in the very next browser field you probably will be asked for credit card payment information?
- Whether the government might have unstated reasons to mandate the use digital ID cards everywhere, thereby inserting themselves between you and everything you do online?
Frequently Erroneous Arguments
- “the government is the source of truth regarding your birthday” — if that were correct, it would mean that they are in a position to change your birthday.
- “the government is the source of truth regarding your gender” – oh really? Which schema did the user opt into?
- “governments will not accept self-asserted data” – every time you fill out a tax return you are making self-asserted assertions; they have to get the original data from somewhere, and that is you.
Leave a Reply