If something like this was in widespread use it would have much more impact since countries would see whole swathes of the internet immediately go dark when they make stupid laws.
Wouldn't work with somewhere like China, but the UK might still be capable of being shamed.
I wouldn't put it passed them to require the digital ID to access the internet passed curfew.
How is someone supposed to benefit from a thing whose only function is to reduce the friction against forcing them to correlate their otherwise-independent activity against their will?
The wallet uses Digital Verification Services (DVS) to poll APIs in front of the data the government already holds on you. These services check details you enter against that data and return cryptographic signatures for each. The wallet puts these together as IDs in a bespoke way, depending on what you need to prove. You can have any number of variations of ID and none of them are centralized.
Some of these signed proofs can be disclosed using Zero Knowledge Proofs (a cryptographic means of demonstrating something without demonstrating anything else) which would actually make it harder to 'correlate' you in the way you describe.
Another thing to bear in mind, the ID is backed up by the Data (Use and Access) Act 2025 which reinforces data protection laws and actually wards against the use you describe.
There's a lot of misinformation flying around about this proposal, but the design itself doesn't match the negative characterizations. It's surprisingly good and weighted to the citizen.
That's a password manager or authenticator app. You don't need a government to do anything to have that.
> Some of these signed proofs can be disclosed using Zero Knowledge Proofs (a cryptographic means of demonstrating something without demonstrating anything else) which would actually make it harder to 'correlate' you in the way you describe.
People always bring this up as a theory, but most of the ZK systems don't actually do this, e.g. they give you a bitstring that "doesn't identify you" but they know who you are when they give it to you, and you're meant to present it to a third party who could collude with the service who does know who you are to map it back to you.
In other words, the ZK proof is an attempt to bamboozle people with complicated math rather than something that really works.
The only way to actually prevent this is to make the data the user presents to the second service indistinguishable for all users meeting the qualification, i.e. if you're over 18 then you get a secret, everyone over 18 gets the same secret, and then the second service just gets the secret and compares it, and you rotate it with some interval which is at least a week. (You can't rotate it continuously or you get timing attacks; even once a week is giving up a non-trivial amount of entropy because you can narrow down the user to the people who have requested the token in the last week and repeat the process every week that person uses it to keep winnowing it down.)
But the proposals don't ever seem to do that, most of them don't even use ZK proofs or don't use them properly.
> Another thing to bear in mind, the ID is backed up by the Data (Use and Access) Act 2025 which reinforces data protection laws and actually wards against the use you describe.
You can't fix this by making it illegal because you don't have a mechanism to identify when they're doing it. You give them data that could identify you and then whether they use it for that happens behind closed doors.
Then you get all of the chilling effects even if they're not (currently) doing it because with no way for people to corroborate, people have to assume that they are. And on top of that, you've now deployed a system that ties everyone's activity to their identity and then it's just the stroke of a pen before they're doing it openly, or it comes out that they're doing it illegally but nobody does anything to stop it a la Snowden.
Too reductive. Password managers and authenticators don't give you any means of passing your official data in an authoritative way.
> The only way to actually prevent this is to make the data the user presents to the second service indistinguishable for all users meeting the qualification
Where ZKPs are used (eg for proof of age over 18) you're describing exactly what the proposal seems to expect.
> You can't fix this by making it illegal because you don't have a mechanism to identify when they're doing it. You give them data that could identify you and then whether they use it for that happens behind closed doors.
The system provides for an auditing service to ensure this doesn't happen without user consent.