[tzs]

Systems like the EU's digital identity wallet use hardware-based security. The private keys are generated by the secure element in your smartphone or something equivalent on a smart card, and any operations that need the keys during a verification are done in that secure element.

[dvdkon]

IIRC the new EU spec doesn't actually require using "secure elements" that could limit the user, only says they should be used if present. It shouldn't be hard to find some device where the hardware isn't present or is insecure to extract the keys from.

Or people could just proxy requests to the device, even with a reasonable rate limit in place, one donor could provide access for over a dozen people each day.

[raxxorraxor]

Nobody is using the EU wallet and perhaps trusting it is a mistake.