Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The EU is rolling out the EUDI system this year where citizens can verify their age (>16, >18, >21) without revealing any personal information. This is a solved problem over there.
 help



EUDI has had various criticism with its approach for not supporting unlinkability (with the same attestation used across verifiers they can be traced to the same user).

There are some long Github threads in the official repo along with a PDF[1] of cryptographer's feedback about the privacy issues. Also covered in this[2] article.

This is unlike BBS+ which supports unlinkability and which was even recommended by GSMA Europe to such address downsides. In the Github discussions there seems to be pushback by those officially involved that claim BBS+ isn't compatible with EUDI[3] and there seems to be some plateauing of any progress advancing it.

[1] https://github.com/eu-digital-identity-wallet/eudi-doc-archi...

[2] https://news.dyne.org/the-problems-of-european-digital-ident...

[3] https://github.com/eu-digital-identity-wallet/eudi-doc-archi...

reply


According to the EU Identity Wallet's documentation, the EU's planned system requires highly invasive age verification to obtain 30 single use, easily trackable tokens that expire after 3 months. It also bans jailbreaking/rooting your device, and requires GooglePlay Services/IOS equivalent be installed to "prevent tampering". You have to blindly trust that the tokens will not be tracked, which is a total no-go for privacy.

These massive privacy issues have all been raised on their Github, and the team behind the wallet have been ignoring them.

reply


Yikes. I fully expect non-sabotaged computers to become illegal in the coming decades

reply


Doesn't the act of notifying >16 today and >18 tomorrow leak birthdates?

reply


If you want privacy you need to fuzz the transition. Many platforms support that today. Or you can create a separate account when you graduate.

But also, knowing someone's birthday without trying it to other information greatly reduces the risk of harm.

reply


Not unless you actually meant 16<x<18 today and >18 tomorrow.

You can be 30 and verify >16 today and >18 tomorrow, obviously without being 18.

reply


which is nothing in comparison to leaking all of personal information

you can also introduce some jitter like changing age range only once a week/month/year for everyone

reply


Birthday, zip code and gender is enough to uniquely identify most Americans.

reply


Well don't reveal your birthday then. Wait 5 days to confirm >18.

If you run into a liquor store yelling "Im finally 18, here's proof." that's on you?

reply


Of course you can still break the law. People are complaining that it's now illegal to do what you suggested

1 it requires DOB

2 it requires DOB to be accurate

reply


Will this work without Google/Apple services shown down my throat?

reply




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: