|
|
|
|
|
|
by plingbang
573 days ago
|
|
|
> It's tricky, though. What else can you do? I had an idea about amost-privacy-preserving system by involving government ID and blind signatures: 1. The service passes a random string to the user.
2. The user authenticates to their government and asks the government to sign it.
3. The government applies a blind signature which basically says "this user/citizen hasn't registered an account in the last 60 minutes".
4. The government records the timestamp.
5. The user passes the signature back to the service. Upsides: * Bypassing this would be orders of magnitude more expensive than phone numbers.
* Almost private Downsides: * Won't happen. Remote HW attestation is likely to win :(
* The service knows your citizenship * The gov knows when and how often you register.
* Any gov can always bypass the limits for themselves. I think it may be also possible to extend it so that the government attests that you have only one account on the service but without being able to find which account is yours. |
|
|