Hacker News new | ask | show | jobs
by vlovich123 901 days ago
You’re thinking about AV as it’s been rolled out in the past few years in places. But the mDL / mobile passports don’t require that - it’s a signed record that a certain government agency signs. It can be something like signing what kind of vehicles you can operate but also can be just an anonymous age verification check. The standards body for this was explicitly thinking about privacy-preserving mechanisms to do AV (I know because I attended some meetings and observed the discussions they were having).
1 comments
creer 900 days ago
In practice, how do these system expect the kids (much more technically savvy than their parents, and with a motive) not to get their hands on their parents'? (As you know, kids often get access to credit cards without parents knowledge.)
link
vlovich123 900 days ago
Biometrics identification required to release the record (eg the Secure Enclave in iOS could sign it)

You can believe that a standard committee of very smart people (technical and regulatory) was thinking about all these problems so saying “what about X” isn’t helpful when X is an obvious concern.

A sufficiently advanced attacker could probably figure something out (especially with these 3p apps which are bound to have security flaws), but it will be out of reach for most people (these apps will hopefully be discontinued once the OS wallets integration is complete - they should only be used for pilot programs and if they’re not they will be stopped once they become a known vector of identity theft).

The harder problem is attestation for >13 services since kids that age may not have digital devices and government ID but that’s a government policy problem to figure out.

link
creer 900 days ago
> You can believe that a standard committee of very smart people (technical and regulatory) was thinking about all these problems so saying “what about X” isn’t helpful when X is an obvious concern.

Really? Doesn't HN show on a monthly basis that no, exactly nothing directly follows from that premise? Typically the committee has completely different incentives and directions from, well, half the planet's wants?

At that stage though, mine was just a question. I was curious.

> they will be stopped once they become a known vector of identity theft

Okay. I'll agree to disagree. See US Social Security Numbers, cell phone numbers, credit card system...

link