[AstralStorm]

Nah, if you run your own identity service, you're supposed to be able to issue any number of unverified identities yourself.

The problem there is that others do not play at all with these, plus actual trust has to be somehow solved.

Typical solutions to trust in DID involve either a big central service, a government approved signature... Or theoretically a distributed web of trust but that bit is under development.

[brabel]

For ephemeral DIDs to be useful they need to be recognized by the authorities that issue "credentials" based on them. For example, if a website/app requires proof-of-age (you know, like the UK now) you could use a DID for whom a credential showing something like "this is a person who is over 18 years old" was issued by the Birth Registry Authority (or whatever they call you in your country), and the website/app could then check the signature of the credential and be sure it was signed by the right authority. As the owner of a "main" DID, you could request many DIDs (and issue "credentials" based on those), presumably one for each website/app, to evade tracking.

If there was another mechanism to prove age, for example, if everyone had their Date Of Birth on a blockchain or something like that, it could be possible to not rely on a single Authority, but to my knowledge that wouldn't be acceptable in any country of the world... only the government is recognized as an "issuer" of Birth Certificates and names, and I think that's how it has to be... that makes it possible for the government to find out which apps you're using, unfortunately. But there may be ways around that... I believe the whole Verifiable Credentials Working Group uses Verifiable Presentations for this, see https://hub.ebsi.eu/vc-framework/ebsi-w3c-vc-vp