The way identity wallets work:

The government issues an eID to your wallet. The ID is signed by the government and linked to the device to prevent transferring the credential. A public/private key-pair is generated by the secure enclave in your phone, the public key along with proof of possession of the private key is included in the request for the government eID. The government signs individual attributes combined with the public key with the government private key. The government certificate containing the public key is, well, public.

One of the attributes is ‘over_18’ (In the EU eID scheme countries can add other over_XX attributes if they want, but over_18 is mandatory).

When a website wants to requests attributes, in this case the over_18 attribute, they send a request to the user’s wallet app, including a challenge. The wallet sends back a package including the government-signed attribute, which contains the device public key and the over_18 attribute plus a response to the challenge (proving the credential didn’t get transferred).

The website only sees the ‘over_18’ attribute, which is backed by the government signature. They don’t see any other attributes (the wallet app shows in advance which attributes you are sharing). The government never sees which website wants to know if you’re 18+.

Of course this is all a bit simplified, check OIDC4VCI and OIDC4VP for details.

The only real issue is the wallet app and device binding. Because a compromised device could allow credentials to be transferred some form of attestation of device and wallet app is required. In practice this means no rooted/jailbroken phones.

> The website only sees the ‘over_18’ attribute, which is backed by the government signature

Not true. The device's public key is also sent, which functions as a stable device identifier.

We've spent years trying to get away from stable tracking IDs and fingerprinting. Returning to a system where devices are sending a stable ID to a website to prove ownership is a step backward.

There are proposed mitigations like issuing multiple sets of credentials or rotating them, but we're not going to get an infinite number of keypairs for every website or session in the secure enclave in practice.

Another reason why these proposals aren't getting much uptake is that they aren't addressing what the lawmakers are pursuing: They don't want anonymous authorization tied to the device. They want IDs tied to accounts and a way to discourage people from sharing IDs. In the anonymous systems it only takes one person a few minutes to put an over-18 identity into a device and there's no way to determine if someone is abusing the system by stealing IDs or if someone's 18 year old brother is setting up all of their younger brothers' phones for $5 each.

The situation gets stickier when you acknowledge that it's not possible to limit all of these websites to only mobile phone devices with secure enclaves that are not jailbroken. Once you open a door to desktop devices and other OSes accessing these sites, you open the door to replaying and proxying attacks, where someone will produce those `over_18` attestations on-demand for you, possibly for a minimal price. This brings us back to the public stable identifier to discourage fraud, which means governments won't be happy to issue as many keypairs as we want, which means we're back to semi-stable fingerprints.

> In practice this means no rooted/jailbroken phones.

Personally - this is less acceptable to me than just having the site collect my image/id.

I'd support just putting the id in a dedicated device (ex - gov issues smart key) or just accepting that sometimes people will share id info (just like... physical ids).

It doesn't even close all the doors to transferring ids - since I can still just hand someone a phone (just like... physical ids).

> The only real issue is the wallet app and device binding. Because a compromised device could allow credentials to be transferred some form of attestation of device and wallet app is required. In practice this means no rooted/jailbroken phones.

Yeah, and no Linux PCs, no custom builds of web browsers (which would effectively become open source in theory only)—basically the end of any kind of open platform. I would much rather just scan my ID!

The ID is signed by the government and linked to the device to prevent transferring the credential. A public/private key-pair is generated by the secure enclave in your phone, the public key along with proof of possession of the private key is included in the request for the government eID.

IMO, there are two other issues that need to be solved. The major one is that there should be some way to do attestation of devices that are not Google-certified Android or iOS. If this does not happen, the smartphone duopoly is permanently entrenched and not a fair/free market anymore. There is no way to use a smartphone without basically losing your privacy to Google/Apple and given the increasing importance of online services it's becoming increasingly impossible to live without a smartphone.

It was very disheartening that the EU reference implementation was rolled out with only Play Integrity and Apple's counterpart. IMO, this should have been solved before the reference implementation was rolled out to member countries, because many of them won't bother to go beyond that [1]. It is also completely counterproductive when it comes to EU tech sovereignty. There is a group of pioneers that are growing the sovereign ecosystems and then you cut them off.

The second, perhaps lesser, problem is that the security story is not super strong, because most Android phones do not even have a secure enclave (outside Pixel and Samsung flagships/A5x, there are very few). Instead they rely on TrustZone etc. which are regularly targeted by side-channel attacks, etc. Ironically, GrapheneOS is cut off from most of these systems (because Google Play Integrity), while it actually requires a secure enclave and is more secure than... well I guess every other smartphone.

[1] There is some hope, e.g. the developers of the Dutch identity wallet acknowledge the issue and are open to supporting alternative systems.

If you are referring to EUID (not fully sure as you said EU eID, i dont know if you are referring the estonia of eID like system)

I have to mention that EUID is not private, since there's "provider" element which informs website if you are 18 or not. The flow is:

1) You scan QR code 2) Your EUDI wallet does verification, informs provider to tell you are 18+ 3) Provider informs website you are 18+

The EUID draft doesnt mention tech like ohttp for anonymizing requests. So there's risk of provider keeping track of who you are. So while everybody claims its fully anonymous which is just false. Government could ask website/service for the token or account information then use timestamp or token then combining with "provider" logs, your identity will be exposed.

EUID has another problem which is letting all countries implement system, which is wasteful duplication effort so this probably will be outsourced and to same company to reduce duplication efforts. Then it'll be centralized and they happen be collecting telemetry data for "experience improvements" as everysite out there do.

I haven't even mentioned biggest problems like requiring attestation Apple/Google. While spec doesn't require it, but the likehood country's app requiring it will be very high.

> A public/private key-pair is generated by the secure enclave in your phone

This is completely unacceptable. In practice, this solution means a locked down device, probably controlled by Google or Apple.

The Internet has existed without identity or age verification for more than 30 years, and there is no reason to change that.

Which part of that is avoiding the distopian control?

the very first line, government issued digital id - we have been avoiding that for a very long time

how does this work on an open source operating system?

Couldn't the public key be used as an identifier for tracking?

What about at the device level?

“You must be this tall to ride this ride”

“ you must be 18 to own an iPhone 18+ “

I apologize for the drive-by question, and I appreciate your takes!

How does this work without a phone? I do 99% of my computer work, like now, not on a phone.

Do regular desktop and laptop computers have the same secure enclave feature?

>The government issues an eID to your wallet

So people in dubious legal circumstances are locked out the internet?

There is no real practical difference between ‘attested devices’ and scanning ID…

> which contains the device public key

And there it is.

So now I have to have a mobile phone?