this post was submitted on 29 Jul 2025
27 points (100.0% liked)

Privacy

2119 readers
125 users here now

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 2 years ago
MODERATORS
Ategon@programming.dev
danielintempesta@programming.dev
27
Zero Knowledge Proofs Alone Are Not a Digital ID Solution to Protecting User Privacy (www.eff.org)
submitted 1 week ago by Blaze@piefed.zip to c/privacy@programming.dev
2 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] hansolo@lemmy.today 4 points 1 week ago

I've been saying a version of this for years.

Zero Knowledge Proofs are, yes, only half of what's needed. Much like pulling my ID from my wallet, I need to actively consent to offering the service the data I confirm. Preferably (IMO) every time it's requested.

Otherwise what's to stop verification abuse from literally turning into session hijacking? Someone sends me a phishing link and if I have ID auto-submit turned on, an attacker can in a second run my full name and ID contents as attributed to anything.