[voxic11]

What I don't understand about this approach is if it's truly completely privacy preserving what stops me from making a service where anyone can use my ID to verify? If the site owner really learns nothing about me except for my age then they can't tell that it's the same id being used for every account. And if the government truly knows nothing about the sites I verify on they can't tell that I'm misusing the id either. So someone must know more then you are letting on.

[name_taken_duh]

One possible solution idea I just had is having the option of registered providers (such as Discord). They would have a public key, and the user has a private key associated to their eID. They could be mingled in such a way to create a unique identifier, which would be stored by the provider (and ofc the scheme would be such that the provider can verify that the mingled identifier, was created from a valid private key and their public key).

This would in total make sure that only one account can be created with the private key, while exposing no information about the private key aka user to the provider. I am fairly certain that should work with our cryptographic tools. It would ofc put the trust on the user not to share their eID private key, but that is needed anyway. Either you manage it or it gets managed (and you lose some degree of privacy).

[iepathos]

The hole is closed with per-site pseudonyms. Your wallet generates a unique cryptographic key pair for each site so same person + same site = same pseudonym, same person + different sites = different, unlinkable pseudonyms.

"The actual correct way" is an overstatement that misses jfaganel99's point. There are always tradeoffs. EUDI is no exception. It sacrifices full anonymity to prevent credential sharing so the site can't learn your identity, but it can recognize you across visits and build a behavioral profile under your pseudonym.

[adjfasn47573]

Ok but we were talking about users on discord who have to verify their age. I was under the impression that

> it can recognize you across visits and build a behavioral profile under your pseudonym

is the default Discord experience for users with an account, long before age verification entered the chat.

[taminka]

presumably you'd just use unique one time codes derived from the eID

[voxic11]

I fail to see how that solves the problem? That's what I'm saying my service would provide. Unless the eID has some kind of client side rate limiting built in I can generate as many of them as I want. And assuming they are completely privacy preserving no one can tell they were all generated by the same ID.

[petu]

https://github.com/eu-digital-identity-wallet/av-doc-technic...

> Since Proof of Age Attestations are designed for single use, the system must support the issuance of attestations in batches. It is recommended that each batch consist of thirty (30) attestations.

It sounds like application would request batch of time-limited proofs from government server. Proofs gets burned after single use. Whether or not you've used any, app just requests another batch at a set interval (e.g. 30 once a month). So you're rate limited on the backend.

Edit: seems like issuing proofs is not limited to the government, e.g. banks you're client of also can supply you with proofs? (if they want to partake for some reason). I guess that would multiply numbers of proof available to you.

[voxic11]

Ok I have been convinced this is a technically feasible solution that could preserve privacy while reasonably limiting misuse. That said I'm worried that the document you linked does not require relying parties implement the zero knowledge proof approach. It only requires that they implement the attestation bearer token approach which is much weaker and allows the government to unmask an account by simply asking the relying party which attestation token was submitted to verify the account.

> Relying Party SHALL implement the protocols specified in Annex A for Proof of Age attestation presentation.

> A Relying Party SHOULD implement the Zero-Knowledge Proof verification mechanism specified in Annex A

[ongy]

You could do some scheme that hashes a site specific identifier with an identifier on the smart element of the id.

If that ever repeats, the same I'd was used twice. At the same time, the site ID would act as salt to prevent simple matching between services.

[hparadiz]

People do, in fact, have multiple profiles. For very valid reasons.

[voxic11]

the solution to this seems to be to issue multiple "IDs". So essentially the government mints you a batch of like 30 "IDs" and you can use each of those once per service to verify an account (30 verified accounts per service). That allows for the use case of needing to verify multiple accounts without allowing you to verify unlimited accounts (and therefor run into the large scale misuse issue I pointed out).

If you need to verify even more accounts the government can have some annoying process for you to request another batch of IDs.

[hparadiz]

This is a solved problem in the authentication space. Short lived tokens backed by short lived keys.

A token is generated that has a timestamp and is signed by a private key with payload.

The public key is available through a public api. You throw out any token older than 30 seconds.

Unlimited IDs.

That's basically what you want.