this post was submitted on 15 Apr 2026
399 points (96.9% liked)
Technology
83831 readers
3624 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I’m sorry, but have you read the technical documentation? The design is intentional created this way to avoid tracking.
You are issued a set of ZKP tokens that you hand back to websites. They cannot correlate these tokens back to you, nor can the operator of the system.
Now they could lie, of course, and violate the design (but being open source that’s a little harder), but if the government wanted to secretly track you, much more precise tools exist for this already.
That's the stupid part, it doesn't matter what it will look like at the beginning. It might be the best written documentation now, they can even implement the app correctly. The thing is, the jump from "people can use the internet" to "in order to access the internet you need to provide your government ID to your smartphone" is a big jump, one that can cost a politician career. The jump from "you need to use version 1.4.412 of the govenment id checker" to "you need to use version 2.0 of the Government Id Checker Plus" is minuscule. That's where you introduce a persistent database of the tokens, somewhere on page 5 of the changelog. And only nerds care about that and nobody listens to them.
It's so fucking easy, Russia did this exact gambit in 2017, Kazakhstan couple of years before.
Ok, so it’s the slippery slope fallacy.
But that slippery slope, which it sounds like you believe us to be on, also applies to phone location tracking, credit cards payments, mobile phone train tickets, smart homes, smart cars, home CCTV etc etc.
Do you leave your phone at home, always pay with cash, don’t use any apps? Most people do these things on the basis that the government doesn’t wantonly have access to what we’ve bought online. Why is age gating so different?
At last a piece of code free of any flaw, any exploit, invulnerable to any known or unknown attack method!
Of course things can break and something might be able to refer back to you, until it gets fixed.
But if your argument is that “the standard is fine, but something might not quite work”, then the same argument applies to your phone’s location tracking, your debit/credit payments etc. The vast majority of us happily use systems on the basis that they are secure, until they’re not, and then things get fixed.
Your argument has to apply evenly.
It's a matter of exposure and attack surface vs rewards for the attacker, and risk in companies are evaluated by the trio: freqency of occurrence, severity of occurrence (how large), severity of the occurrence. Banks can spend a lot because severity quickly gets very high in money.
What's the incentive again for the next gov to properly fund the system? Oh yes: they would have to say "sorry! shit happens! that's all because of the previous admin!!" and maybe throw one guy under the bus.