top | item 47124212

(no title)

There are better and there are really really bad ways to do ID checks. In a world that is increasingly overwhelmed by bots I don't see how we can avoid proof-of-humanity and proof-of-adulthood checks in a lot of contexts.

So we should probably get ahead of this debate and push for good ways to do part-of-identity-checks. Because I don't see any good way to avoid them.

We could potentially do ID checks that only show exactly what the receiver needs to know and nothing else.

discuss

semi-extrinsic|6 days ago

> We could potentially do ID checks that only show exactly what the receiver needs to know and nothing else.

A stronger statement: we know how to build zero-knowledge proofs over government-issued identification, cf. https://zkpassport.id/

The services that use these proofs then need to implement that only one device can be logged in with a given identity at a time, plus some basic rate limiting on logins, and the problem is solved.

9dev|6 days ago

Thank you - this gets way too few attention especially among tech folks. People act like uploading your government ID to random online services was the only solution to this problem, which is really just a red herring.

worldsayshi|6 days ago

Yes this is what I'm thinking about!

The challenge here though is to prove to the user, especially without forcing the user to go into technical details, that it is indeed private and isn't giving away details.

The user needs to be able to sandbox an app like that and have full control of its communications.

unknown|6 days ago

[deleted]