You can use a custom domain that you own with gmail. But of course domains aren't that great either as they are only somewhat decentralized and it's still pretty easy to lose your domain.
When I've looked into these cases it often seems that there are additional issues at play like harassment/stalking of ex's. So the prosecutor is thinking they can get an easy plea deal on the "real" case by piling on additional charges.
What I don't understand about this approach is if it's truly completely privacy preserving what stops me from making a service where anyone can use my ID to verify? If the site owner really learns nothing about me except for my age then they can't tell that it's the same id being used for every account. And if the government truly knows nothing about the sites I verify on they can't tell that I'm misusing the id either. So someone must know more then you are letting on.
One possible solution idea I just had is having the option of registered providers (such as Discord). They would have a public key, and the user has a private key associated to their eID. They could be mingled in such a way to create a unique identifier, which would be stored by the provider (and ofc the scheme would be such that the provider can verify that the mingled identifier, was created from a valid private key and their public key).
This would in total make sure that only one account can be created with the private key, while exposing no information about the private key aka user to the provider. I am fairly certain that should work with our cryptographic tools. It would ofc put the trust on the user not to share their eID private key, but that is needed anyway. Either you manage it or it gets managed (and you lose some degree of privacy).
The hole is closed with per-site pseudonyms. Your wallet generates a unique cryptographic key pair for each site so same person + same site = same pseudonym, same person + different sites = different, unlinkable pseudonyms.
"The actual correct way" is an overstatement that misses jfaganel99's point. There are always tradeoffs. EUDI is no exception. It sacrifices full anonymity to prevent credential sharing so the site can't learn your identity, but it can recognize you across visits and build a behavioral profile under your pseudonym.
I fail to see how that solves the problem? That's what I'm saying my service would provide. Unless the eID has some kind of client side rate limiting built in I can generate as many of them as I want. And assuming they are completely privacy preserving no one can tell they were all generated by the same ID.
> Since Proof of Age Attestations are designed for single use, the system must support the issuance of attestations in batches. It is recommended that each batch consist of thirty (30) attestations.
It sounds like application would request batch of time-limited proofs from government server. Proofs gets burned after single use. Whether or not you've used any, app just requests another batch at a set interval (e.g. 30 once a month). So you're rate limited on the backend.
Edit: seems like issuing proofs is not limited to the government, e.g. banks you're client of also can supply you with proofs? (if they want to partake for some reason). I guess that would multiply numbers of proof available to you.
Ok I have been convinced this is a technically feasible solution that could preserve privacy while reasonably limiting misuse. That said I'm worried that the document you linked does not require relying parties implement the zero knowledge proof approach. It only requires that they implement the attestation bearer token approach which is much weaker and allows the government to unmask an account by simply asking the relying party which attestation token was submitted to verify the account.
> Relying Party SHALL implement the protocols specified in Annex A for Proof of Age attestation presentation.
> A Relying Party SHOULD implement the Zero-Knowledge Proof verification mechanism specified in Annex A
the solution to this seems to be to issue multiple "IDs". So essentially the government mints you a batch of like 30 "IDs" and you can use each of those once per service to verify an account (30 verified accounts per service). That allows for the use case of needing to verify multiple accounts without allowing you to verify unlimited accounts (and therefor run into the large scale misuse issue I pointed out).
If you need to verify even more accounts the government can have some annoying process for you to request another batch of IDs.
Characters are copyrightable, its a similar situation to song compositions vs song masters. There is the copyright of the original picture/song master but separately there is the copyright of the song composition/character. Making your own work derived from the same character or song composition is still a derivative work even if it doesn't directly copy the song master/original picture.
I think it just means each starlink satellite has multiple star trackers. Probably pointed in different directions so that if one is blinded by the sun the others can still see the stars.
Wouldn't it be easier to make those things illegal and then prosecute them instead of the lie? For prosecuting a lie you need to prove 2 things, the thing lied about and the lie itself, so it seems like a more difficult prosecution for no reason. Also how does every other country in the world manage to not have these questions?
> Also how does every other country in the world manage to not have these questions?
You sure about that? Many other countries have what would be considered odd questions on their forms.
Also, saying "every other country" is a mighty wide brush. There are a whole lot of countries where the rule of law doesn't come first and they can simply do what they want if they suspect you of anything regardless if they have a law or not.
This is what happens when a legal system and a political system is taken over by specialists with little to no other skills.
Instead of politics being about setting policy to work toward desire outcomes, politics becomes about ensuring the viability of future political processes. Instead of the legal system being about defining crime, establishing punishment and carrying out said punishments it becomes about ensnaring others in legal "gotcha" moments like lying on a form. Society is not safer because of the outlawed nature of lying on a form. Society is not better off because someone is convicted of lying on a form. The individuals who participate in the prosecution are better off because it gives them an opportunity to advance their career.
You can make it technologically impossible, but they can also come and arrest you just for using such technology. So its not really a technical problem, its a social/political one.
I don't understand this take. There is no real way in which a private person can make law enforcement "more expensive". The government can always find means as long as it is supported by a sufficiently big fraction of its people.
Sure, they won't go out and arrest all one million, but from an individual perspective it's basically security by obscurity.
Once that's the case, otherwise legal activities (e.g. protesting, or making political statements) run the risk of making you a target. Law enforcement can then punish you for your legal activity by selectively enforcing this other law.
The resulting situation is one where everyone knows to some extent "you better shut up if you know what's good for you", and puts a chilling effect on otherwise legal forms of civic engagement.
You might point out that there are already laws on the books that let them do this, but I'm sure they wouldn't mind another.
Privacy-conscious apps and communications tools need to be developed, and we need to build the consensus that privacy is important.
edit: Anyone know why Briar doesn't have the feature for known contacts to be a "courier" for other contacts?
Background: Briar is the encrypted messaging app that works over tor, local wifi and bluetooth. If Alice sends a message to Charles but she isn't connected, the app will hold it until it detects Alice and Charles are in proximity.
My desired feature: If Bob is a verified contact with both Alice and Charles, Briar should be able to hand the message from Alice to Bob, and then deliver it to Charles.
Its an interesting line of thought, but people are generally able to contextualize interactions. The classic one is that regularly being violent in video games does not translate to violence in other contexts.
1. When you speak of context, note that a game is play (“as-if”), while for many people interacting with chatbots is presumably life (“is”). Humans can occasionally seem to be pretty awful to each other in playful context, but be still friends.
2. If somebody came up with a game in which your experience of murdering a human mimics reality as successfully as a modern LLM chatbot mimics interacting with a human, I think that game might be somewhat more controversial than GTA V or Call of Duty.
reply