ZKPs are often advanced as a technical remedy, promising privacy-preserving attestations of age or eligibility. Yet their deployment in practice exposes both conceptual and practical limits.

cross-posted from: https://lemmy.zip/post/52481309

ZKPs are often advanced as a technical remedy, promising privacy-preserving attestations of age or eligibility. Yet their deployment in practice exposes both conceptual and practical limits.

  • vapeloki@lemmy.world
    7·
    15 hours ago

    We already have zero knowledge proof in Germany, but nearly no one uses it.

    Our ID cards have an embedded private key.

    The theoretical flow is (very simplified of course)

    1. Webseite sends challenge to a locally running app
    2. App request the ID card (NFC, you can use your mobile phone as a reader)
    3. Reader asks for pin
    4. Requested information from website are show (for example pseudonym id, full data, age verification onlz, so older 18 or older 21)
    5. You acknowledge this
    6. Signed message with requested information is send back to server
    7. Server verifies signature with official key servers of the federal authority for our ID cards.

    Works, secure and save.

    But, because of privacy concerns, many users did not activate this feature and, besides some government websites, nobody essentially accepts it.

    Also, it is hard to explain that, despite the fact that your ID card acting as the private key, your signature is anonymous if you don’t explicitly allow the websites to see your data

    • Kissaki@programming.dev
      2·
      6 hours ago

      It’s new to me that it’s NFC. I was under the impression I need to buy a reader device to make use of digital auth or signature stuff.

      • vapeloki@lemmy.world
        1·
        54 minutes ago

        It was always NFC. But using your mobile as a reader is about 6 years old now. Und only because the whole client app is open source and somebody contributed it