undefined | Better HN

0 pointsAurornis1d ago0 comments

> The website only sees the ‘over_18’ attribute, which is backed by the government signature

Not true. The device's public key is also sent, which functions as a stable device identifier.

We've spent years trying to get away from stable tracking IDs and fingerprinting. Returning to a system where devices are sending a stable ID to a website to prove ownership is a step backward.

There are proposed mitigations like issuing multiple sets of credentials or rotating them, but we're not going to get an infinite number of keypairs for every website or session in the secure enclave in practice.

Another reason why these proposals aren't getting much uptake is that they aren't addressing what the lawmakers are pursuing: They don't want anonymous authorization tied to the device. They want IDs tied to accounts and a way to discourage people from sharing IDs. In the anonymous systems it only takes one person a few minutes to put an over-18 identity into a device and there's no way to determine if someone is abusing the system by stealing IDs or if someone's 18 year old brother is setting up all of their younger brothers' phones for $5 each.

The situation gets stickier when you acknowledge that it's not possible to limit all of these websites to only mobile phone devices with secure enclaves that are not jailbroken. Once you open a door to desktop devices and other OSes accessing these sites, you open the door to replaying and proxying attacks, where someone will produce those `over_18` attestations on-demand for you, possibly for a minimal price. This brings us back to the public stable identifier to discourage fraud, which means governments won't be happy to issue as many keypairs as we want, which means we're back to semi-stable fingerprints.

0 comments

9 comments · 2 top-level

Aaargh203181d ago· 6 in thread

> Not true. The device's public key is also sent, which functions as a stable device identifier.

This is covered by allowing for single-use credentials. IIRC the EU personal IDs will use this. Basically, the wallet requests a batch of single-use eIDs that all use different device key-pairs. Each credential is only used for one request and then deleted. The wallet will automatically request new credentials in batches when they run out. The old key-pairs are deleted along with the credential so you don’t run out of space in the secure enclave.

> Another reason why these proposals aren't getting much uptake

I’m not sure what you mean by not much uptake, EU countries are required to issue and accept them for official business by the end of 2026

pseudalopex1d ago

> This is covered by allowing for single-use credentials.

They said There are proposed mitigations like issuing multiple sets of credentials or rotating them, but we're not going to get an infinite number of keypairs for every website or session in the secure enclave in practice.

> Basically, the wallet requests a batch of single-use eIDs that all use different device key-pairs.

The comments you replied to omitted mass surveillance. But the article and 1st comment included it. The government would know what wallet requested each single use identifier.

tremon11h ago

> The government would know what wallet requested each single use identifier

Which only means that the government knows how many tokens each citizen consumes on average. They don't know where each identifier was used nor the exact timestamp unless each website communicates this to the government, and such a backchannel does not exist in the spec.

1 more reply

jcgl1d ago

> This is covered by allowing for single-use credentials. IIRC the EU personal IDs will use this. Basically, the wallet requests a batch of single-use eIDs that all use different device key-pairs. Each credential is only used for one request and then deleted.

But this then means that the issuers and the verifiers can trivially collude to deanonymize holders/users.

inigyou15h ago

The government will, of course, log all issued public keys and who they belong to.

donmcronald1d ago

> The wallet will automatically request new credentials in batches when they run out.

Is that an ongoing cost that I’ll pay for via taxes? It doesn’t matter how anonymized all the schemes are. The government needs to give permission by signing attributes. It will be abused to gate everything we can do.

I wouldn’t be surprised if everything is gated behind attestation fairly quickly. Then our “secure” devices will attest against us if we do anything that isn’t a government approved activity.

Hopefully they never manage to hijack our network protocols. Imagine something like SNI, but it’s an attestation that traffic originated from a secure device that’ll participate in the scheme you described. Then your ISP can drop non-compliant traffic and you can only engage in government approved activity.

The answer to these proposals should be “no”.

inigyou15h ago

Whatever the system is taxes will pay for it and the inherent cost will not be very high, but it'll be contracted to a greedy money-wasting government contracting firm like Oracle, as always happens.

IX-1031d ago· 1 in thread

There are schemes where you don't need key pairs for each user (assuming the government has some way of authenticating users). Private State Tokens use blinded tokens for this.

It doesn't prevent tokens from being stolen or sold, but the token issuer only accepts each token once and can limit the rate that tokens are issued and control how fast they expire, giving decent control over how practical using stolen or sold tokens are.

Nevermark14h ago

And giving the token issuer the ability to cutoff user access unilaterally.

There is verification. And then there is continuous control. The later is even more problematic.

j / k navigate · click thread line to collapse

0 comments

9 comments · 2 top-level

Aaargh203181d ago· 6 in thread

> Not true. The device's public key is also sent, which functions as a stable device identifier.

> Another reason why these proposals aren't getting much uptake

I’m not sure what you mean by not much uptake, EU countries are required to issue and accept them for official business by the end of 2026

pseudalopex1d ago

> This is covered by allowing for single-use credentials.

> Basically, the wallet requests a batch of single-use eIDs that all use different device key-pairs.

The comments you replied to omitted mass surveillance. But the article and 1st comment included it. The government would know what wallet requested each single use identifier.

tremon11h ago

> The government would know what wallet requested each single use identifier

1 more reply

jcgl1d ago

But this then means that the issuers and the verifiers can trivially collude to deanonymize holders/users.

inigyou15h ago

The government will, of course, log all issued public keys and who they belong to.

donmcronald1d ago

> The wallet will automatically request new credentials in batches when they run out.

The answer to these proposals should be “no”.

inigyou15h ago

Whatever the system is taxes will pay for it and the inherent cost will not be very high, but it'll be contracted to a greedy money-wasting government contracting firm like Oracle, as always happens.

IX-1031d ago· 1 in thread

There are schemes where you don't need key pairs for each user (assuming the government has some way of authenticating users). Private State Tokens use blinded tokens for this.

Nevermark14h ago

And giving the token issuer the ability to cutoff user access unilaterally.

There is verification. And then there is continuous control. The later is even more problematic.

j / k navigate · click thread line to collapse