| I understand what you are saying, and I agree that this is a risk that we will have to be very aware of. Right now we are aware of the majority of the websites/institutions that use IRMA, so we can keep track of who ask what attributes for which reasons, and advise them on it. As IRMA usage grows this will probably become unfeasible; but we are planning to see if we can build a button in the IRMA app that, when a website asks for too much information, you can use to send a report to the Authoriteit Persoonsgegevens (AP) or ourselves. In addition I would like to point out that this: > I don't want to ID myself every time I sign up for some hobbyforum or whatever. is now against the law (GDPR) - or at least the point you are I think trying to make: websites may request only personal data that is relevant and necessary for their purposes. Most parties seem to want to abide by this law, and perhaps it is just me, but it seems that consumers are slowly becoming more and more aware of the necessity and importance of privacy. > There used to be a saying "On the internet nobody knows if you're a dog". That has since long stopped being true. Nowadays many websites have a very clear idea of who you are, even without IRMA, by tracking you across the internet. Probably many of the website you know already exactly know your name and interests, by using Google Analytics or Facebook trackers - unless you take steps to prevent that from happening, which the vast majority of people don't. The difference with learning who you are by requesting IRMA attributes is that then the website would receive personal data about you that it knows it can trust (in as far as it trusts the issuer who signed the attributes). That is, it becomes more difficult or even impossible to lie about your identity. That could indeed become a problem that we will have to try to prevent from happening as much as we can. |