While great on paper, zero-knowledge-proof based systems unfortunately have a fatal flaw. Due to the fully anonymous nature of verification tokens, implementations must have safeguards in place to prevent users from intercepting them and passing them onto someone else; in practice, this will likely be accomplished by making both the authenticator and the target service mobile apps that rely on device integrity APIs. This would ultimately result in the same accessibility issues that currently plague the banking industry, where it is no longer possible to own a bank account in most countries without an unmodified, up-to-date phone and an Apple or Google account that did not get banned for redeeming a gift card.

Furthermore, if implementers are going to be required to verify users per-session rather than only once during signup, such a measure would end up killing desktop Linux (if not desktop PCs as a whole) by making it impossible for any non-locked-down platform to access the vast majority of the web.

I'm unsure how applicable these risks are here. The proofs appear to be bound to the app, which in turn is bound to the user's face/fingerprint (required to unlock it).

> if you are asked to prove you are over 18, you could provide a simple yes or no response and avoid sharing any other personal details

I can't imagine how that would operate, esp. given we're told this ID will not be a digital ID card you can "show".

It's an app, and data is submitted with a tap to approve. The data is just attribute / proof pairs (eg nationality:British / true), and the bundles assembled from these pairs will differ between use cases. Nightclub proof of age would just need the 'over 18' proof, while opening a bank account would need a photo, name, address, date of birth, nationality etc. In other words, there isn't a single Digital ID. The 'ID' is just a container for a specific use. They can be reused, but they will often be single purpose or generated from the attributes saved in your wallet the moment a service requests your data. The best way to think of this is that it gives you a way to pass on your citizen data with authority, and without having to overshare.

Thanks. I don't see that info on the Govt. explainer web page. https://www.gov.uk/government/publications/digital-id-scheme...

The major problem is that no one trusts government not to abuse it and use it to track everything people do. There will be some proportion of people who trust the current government, but will be paranoid that a future government will abuse it, and there will be a proportion of people that don't trust the current government to not abuse it.

You might be able to get more trust by the government assigning a third party to audit the systems to make sure they are working as advertised, and not being abused, but you would still get people being paranoid that either the third party could be corrupted to pretend that things are okay, or that a future government would just fire them and have the system changed to track everyone anyway.

No matter what you do, you will never convince a subset of people that a system that can potentially be used to track everyone won't be abused in that way. Unfortunately, those people are most likely correct. This is why we can't have nice things :(

For the record, I thing it would be great to be able to have a trusted government issued digital ID for some purposes. I especially think it would be great to have an officially issued digital ID that could be used to sign electronic documents. My partner and I moved home recently, and it was not easy signing and exchanging legal documents electronically.

> You might be able to get more trust by the government assigning a third party to audit the systems to make sure they are working as advertised, and not being abused, but you would still get people being paranoid that either the third party could be corrupted to pretend that things are okay, or that a future government would just fire them and have the system changed to track everyone anyway.

The scheme is one step ahead of you, Auditors are required [1]. Government's role in the scheme is limited to operating the API in front of its departments which are read only and scattered (eg no central database), funding the auditors and trust registry (a Digital Verification Service public key store), and legislating. The verification work will all be done by private sector digital verification services - whichever is associated with the wallet app you've chosen. There were 227 of them last year already working for various services - we all benefit from the sector being brought under a formal regulatory framework.

The tracking you fear doesn't seem to be possible beyond what is already tracked when you open a bank account etc, but this is entirely outside the scope of the wallet's operation. It's been designed specifically to make the kind of abuse you fear impossible, at least in its current format, where government is out of the loop except as a passive reference, and the DV services are legally prevented from retaining any data without your consent. Of course that could alter in future, but as it stands the framework doesn't allow for what everyone fears it does.

[1] https://enablingdigitalidentity.blog.gov.uk/2024/10/24/how-a...

(The Enabling Digital Identity Blog has a comprehensive information about every aspect of the framwework.)