How is someone supposed to benefit from a thing whose only function is to reduce the friction against forcing them to correlate their otherwise-independent activity against their will?
For governmental services, I use it for things like logging into health care services. Where I've used it for checking my prescriptions, and communicating with my doctor. If I had kids I would have used it for contact with the school. An other governmental use is tax filling and tax returns which comes around every year, and this is just scratching the surface.
When it comes to non governmental usage, it is mostly bank and bank adjacent usage. I do use it to log into my different banks, my stock broker, and insurance providers.
The solution we have in Norway, is not perfect and one of the persistent problems, are that not everyone can get one, and since it is used a lot by the government, not having it, makes you a bit of a second class citizen. I do believe that they are finally doing something about that, and that the system will be redone a bit next year, so even if the banks don't like you. You will be able to get one.
You and the provider may have different ideas about where that line is drawn.
And doesn't address many of the other problems (eg accuracy)
The wallet uses Digital Verification Services (DVS) to poll APIs in front of the data the government already holds on you. These services check details you enter against that data and return cryptographic signatures for each. The wallet puts these together as IDs in a bespoke way, depending on what you need to prove. You can have any number of variations of ID and none of them are centralized.
Some of these signed proofs can be disclosed using Zero Knowledge Proofs (a cryptographic means of demonstrating something without demonstrating anything else) which would actually make it harder to 'correlate' you in the way you describe.
Another thing to bear in mind, the ID is backed up by the Data (Use and Access) Act 2025 which reinforces data protection laws and actually wards against the use you describe.
There's a lot of misinformation flying around about this proposal, but the design itself doesn't match the negative characterizations. It's surprisingly good and weighted to the citizen.
That's a password manager or authenticator app. You don't need a government to do anything to have that.
> Some of these signed proofs can be disclosed using Zero Knowledge Proofs (a cryptographic means of demonstrating something without demonstrating anything else) which would actually make it harder to 'correlate' you in the way you describe.
People always bring this up as a theory, but most of the ZK systems don't actually do this, e.g. they give you a bitstring that "doesn't identify you" but they know who you are when they give it to you, and you're meant to present it to a third party who could collude with the service who does know who you are to map it back to you.
In other words, the ZK proof is an attempt to bamboozle people with complicated math rather than something that really works.
The only way to actually prevent this is to make the data the user presents to the second service indistinguishable for all users meeting the qualification, i.e. if you're over 18 then you get a secret, everyone over 18 gets the same secret, and then the second service just gets the secret and compares it, and you rotate it with some interval which is at least a week. (You can't rotate it continuously or you get timing attacks; even once a week is giving up a non-trivial amount of entropy because you can narrow down the user to the people who have requested the token in the last week and repeat the process every week that person uses it to keep winnowing it down.)
But the proposals don't ever seem to do that, most of them don't even use ZK proofs or don't use them properly.
> Another thing to bear in mind, the ID is backed up by the Data (Use and Access) Act 2025 which reinforces data protection laws and actually wards against the use you describe.
You can't fix this by making it illegal because you don't have a mechanism to identify when they're doing it. You give them data that could identify you and then whether they use it for that happens behind closed doors.
Then you get all of the chilling effects even if they're not (currently) doing it because with no way for people to corroborate, people have to assume that they are. And on top of that, you've now deployed a system that ties everyone's activity to their identity and then it's just the stroke of a pen before they're doing it openly, or it comes out that they're doing it illegally but nobody does anything to stop it a la Snowden.
Specifically, our system [1] is available as open source [2] and work is underway to implement it in the EU age verification app [3]. I understand that this thread is about the UK and not the EU, and I make no claims about the UK. The system is not theory, but it is already shipping in Google Wallet [4] and in the Open Wallet Foundation multipaz system [5].
[1] https://eprint.iacr.org/2024/2010
[2] https://github.com/google/longfellow-zk
[3] https://ageverification.dev/av-doc-technical-specification/d...
[4] https://blog.google/products/google-pay/google-wallet-age-id...
Too reductive. Password managers and authenticators don't give you any means of passing your official data in an authoritative way.
> The only way to actually prevent this is to make the data the user presents to the second service indistinguishable for all users meeting the qualification
Where ZKPs are used (eg for proof of age over 18) you're describing exactly what the proposal seems to expect.
> You can't fix this by making it illegal because you don't have a mechanism to identify when they're doing it. You give them data that could identify you and then whether they use it for that happens behind closed doors.
The system provides for an auditing service to ensure this doesn't happen without user consent.
The desire to pass "official data" from someone outside of the entity you're directly interacting with is the design flaw. Stop having that.
> Where ZKPs are used (eg for proof of age over 18) you're describing exactly what the proposal seems to expect.
I suspect that it isn't, because the only systems that actually work in terms of privacy correspondingly can't provide you with any way to identify someone if they're anonymously providing proof of age to anyone who asks, and then it would only take one person to set up a service to do that for everyone. Whereas if you can catch someone who does that you've just proven that the privacy protections aren't real.
> The system provides for an auditing service to ensure this doesn't happen without user consent.
You're suggesting that someone is going to audit something that happens inside of every private company. That's either going to be a box-checking exercise with zero effectiveness or a massively expensive ordeal that only compounds the problem by expanding access to include a set of government auditors -- or both.
The only way three people can keep a secret is if two of them are dead. If you don't want corporations to have your private information, you can't give it to them and then try to stuff the cat back into the bag. You have to prevent them from having it to begin with.
Laws requiring them to collect it are the opposite of that.