Comment by overfeed

Comment by overfeed 3 days ago

Besides making yourself party to a criminal conspiracy, I suspect it would be partly the same reason you won't sell/rent your real-world identity to other people today; an illegal immigrant may be willing to rent it from you right now.

Mostly, it will because online identifies will be a market for lemons: there will be so many fake/expired/revoked identities being sold that the value of each one will be worth pennies, and that's not commensurate with the risk of someone commiting crimes and linking it to your government-registered identity.

palata 3 days ago

> the same reason you won't sell/rent your real-world identity to other people today

If you sell your real-world identity to other people today, and they get arrested, then the police will know your identity (obviously). How does that work with a privacy-preserving scheme? If you sell your anonymous token that says that you are a human to a machine and the machine gets arrested, then the police won't be able to know who you are, right? That was the whole point of the privacy-preserving token.

I'm genuinely interested, I don't understand how it can work technically and be privacy-preserving.

Reply View 6 replies

cakealert 3 days ago

It would appear most of the people commenting on the subject don't even understand it.
With privacy preserving cryptography the tokens are standalone and have no ties to the identity that spawned them.
No enforcement for abuse is possible.

Reply View | 5 replies
- overfeed 2 days ago
  
  > With privacy preserving cryptography the tokens are standalone and have no ties to the identity that spawned them.
  I suspect there will be different levels of attestations from the anonymous ("this is an adult"), to semi-anonymous ("this person was born in 20YY and resides in administrative region XYZ") to the compete record ("This is John Quincy Smith III born on YYYY-MM-DD with ID doc number ABC123"). Somewhere in between the extremes is an pseudonymous token that's strongly tied to a single identity with non-repudiation.
  Anonymous identities that can be easily churned out on demand by end-users have zero antibot utility
  
  Reply View | 2 replies
  
  cakealert 2 days ago
  
  The latter attestation will be completely useless for privacy.
  
  Reply View | 1 reply
  
  overfeed 13 hours ago
  
  100% agree, but it will be necessary for any non-repudiation use cases, like signing contracts remotely. There is no one size fits all approach for online identity management.
  
  Reply View | 0 replies
- palata 3 days ago
  
  Right, that's my feeling as well
  
  Reply View | 1 reply
  
  overfeed 2 days ago
  
  While it's the privacy advocate's ideal, the politics reality is very few governments will deploy "privacy preserving" cryptography that gets in the way of LE investigations[1]. The best you can hope for is some escrowed service that requires a warrant to unmask the identity for any given token, so privacy is preserved in most cases, and against most parties except law enforcement when there's a valid warrant.
  1. They can do it overtly in thr design of the system, or covertly via side-channels, logging, or leaking bits in ways that are hard for an outsider to investigate without access to the complete source code and or/system outputs, such as not-quite-random pseudo-randoms.
  
  Reply View | 0 replies

coolcoder613 3 days ago

> Mostly, it will because online identifies will be a market for lemons: there will be so many fake/expired/revoked identities being sold that the value of each one will be worth pennies, and that's not commensurate with the risk of someone commiting crimes and linking it to your government-registered identity. That would be trivially solved by using same verification mechanisms they would be used with.

Reply View 0 replies