Eugen RochkoRE: https://post.lurk.org/@shibacomputer/116827981116605348
This is the future those who push for age verification want for us.
Anders Lund@Gargron In denmark, Datastyrelsen (the state office caring for data) released an "altID" app, which can be used as an ID, IRL or online. After creation, data stays on your device, and what clients get is an age or identity verification, and you get to choose what to share. They failed to make it open source, but given it does what the say it does, it at least better than scanning passports etc, I believe. It is derived from an EU model afaik. And I was able to install it on my google-free /e/os fairphone. FWIW.
Solitha@anderslund Maybe I'm thinking way too far into this, but it seems to me that any data given that verifies you, is a form of ID that can be stolen. Your "altID" is still ID.
@anderslund What I'm trying to say (probably not well, it's hard to put into words) is that having your altID leaked/stolen doesn't feel functionally different to me than, say, this passport leak.
It's an ID masking your ID, but still has the whole value of any set of credentials.
Of course, as you said, physical possession of the device... which is also true of any credentials.
@solitha @Gargron I'd say that the ID solution we use in Denmark to identify to banks, public authorities and also private companies in some cases - MitID ("MyID") has had few issues. It is a 2FA soultion, where the 2nd factor is either an app or a physical device. AltID is less secure, but also provides less information to clients.
@anderslund I guess I'm just feeling like there are no good answers. Any security created by humans can be broken by humans.
And we've arrived in this world where one's individual identity is so valuable... and yet, third parties who mishandle that information are slapped on the wrist. Meanwhile, that data has slipped any containment.
There is so much more money behind stealing the data than there is in protecting it. We're steadily losing the battle.