[GTP]

In The Netherlands, they are implementing a thing which gives the same advantages (i.e. disclose some attributes about yourself without disclosing unneeded data), but uses different technologies. It's called IRMA, you can find an overview here [1]. It can be combined with other applications to do cool stuff, e.g. with PostGuard [2] you can use identity-based encryption to be able to send an encrypted email to someone, but without the need to know their public key in advance, nor having to authenticate it. The drawback is that you have to trust a central server and a third party identity provider.

[1] https://irma.app/ [2] https://postguard.eu/

[GekkePrutser]

I'm from the Netherlands but I don't like IRMA. I respect what they're trying to do but they're lowering the barrier.

Right now most platforms don't do ID validation because users hate sharing their details. By making it more privacy-safe more platforms will do it because the barrier is lower. I really hate that, I think the internet should remain anonymous. So I can pick whatever nick and even have multiple.

[KMag]

I'm a little surprised we haven't seen governments try offering identity-based encryption as a way to head off encryption that's harder for them to wire-tap.

For the unfamiliar, with identity-based encryption, the recipient's public key is a function of the key authority's public key and some "identity", such as a national ID number or email address. Their private key is a one-way function of their identity and the key authority's private key. So, the recipient needs to ask the key authority one time to generate their private key for them, but there's only one public key to distribute. For the whole system, the sender can calculate the recipient's public key. The private key isn't even necessarily calculated before the sender has sent their message! It's very convenient and flexible!

Of course, the downside is that the private key is deterministic and can always be re-generated by the key authority, so it's fundamentally vulnerable to attack by the key authority. Also, some of the underlying math is less well studied than standard ECDHE/DHE/RSA, so we're less confident about vulnerabilities lurking just under the surface.

[catiopatio]

From the website:

> With IRMA it is easy to log in and make yourself known, by disclosing only relevant attributes of yourself. For instance, in order to watch a certain movie online, you prove that you are older than 16, and nothing else.

That’s not “cool stuff”.

[GTP]

PostGuard is, as for many users it's way easier than PGP (no key management issues, plus some special case handled better). As I mentioned, the drawback is trust in a central server and an identity provider.

[bmn__]

You present the conclusion only. Please share the train of thoughts that made you arrive at it, because it is not obvious.

[Aeolun]

It’s not cool that content would be restricted to people that can prove they are older than 16. It requires very little imagination to see how this could be extended to restrict content to people that have a yellow star on their clothes.

[kergonath]

This does not follow, in the same way that the existence of the police does not imply a slide towards a police state. The slippery slope fallacy is a fallacy.

Besides, at least around here they already ask for an ID if you look young enough, for some movies. This is not enabled by new technologies.