341
Discord will require a face scan or ID for full access next month
(www.theverge.com)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 09 Feb 2026
341 points (99.1% liked)
Privacy
46046 readers
481 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 6 years ago
MODERATORS
If you have no way to link the signature to the original document, then how do you validate that the signature is coming from a document without repetition / abuse?
How do you ensure there aren't hundreds of signatures used for different accounts all done by the same stolen eID that might be circulating online without the government realizing it?
Can the government revoke the credentials of a specific individual? ...because if they can't then that looks like a big gap that could create a market of ever-growing stolen eIDs (or reusing eIDs from the deceased) ...and if they can revoke, what stops the government from creating a simulation in which they revoke one specific individual and then check what signatures end up being revoked to identify which ones belong to that person? The government can mandate the services to provide them all data they have so it can be analyzed as if they were Issuer, Registry and Verifier, all in one, without separation of powers.
I know there are ways to try and fix this, but those ways have other problems too, which end up forcing the need for a compromise.. there's no algorithm that perfectly provides anonymity and full verifiability with a perfect method of revocation that does not require checks at every user login. For example, with the eIDAS 2.0 system (considered zero-knowledge proof), the government does have knowledge of the "secret serial number" that is used in revocation, so if they collude with the service they can identify people by running some tests on the data.