alt Hacker Newsthis is already how the EU infrastructure for digital ID works, basically. Using public/private keys on your national id, the government functions as a root authority that you (and other trusted verifiers downstream) can identify you with and commercial platforms only get a yes/no when you want to identify yourself but have no access to any data.
South Korea also has had various versions of this even going back to ~2004 I think.
Replies
int_19h • today at 9:22 AM
It's nice that the platforms don't get access to data, but does the government gets information about who is trying to access what?
Semaphor • today at 6:19 AM
Do all EU countries have that? I know our (German) ID works that way, using the FOSS AusweisApp, but I hadn’t heard of it being EU-wide (it should be, though).
➕ show 2 replies
Yes, it has been possible for a long time to provide anonymous attestations. But somehow, they also always seem to require that you have something like Google play services running for you to ask for the attestation in the first place. And with PKI, even though they could do with just the public key, they somehow also always insist on generating the keys for you (so they have the private key as well).