Comment by lachiflippi
5 hours ago
My understanding is that the responses are signed, but in a way that prevents linking signatures across vendors, so the same card being used for verification on different sites could not be linked, while the same card being used multiple times for the same vendor could.
As I'm not an expert on the crypto underlying the protocol, feel free to check the eIDAS standard for more info (the documents are in English, even if the link is not): https://www.bsi.bund.de/EN/Themen/Unternehmen-und-Organisati...
A cursory look implies they're using group signatures:
https://en.wikipedia.org/wiki/Group_signature
Which allow the group manager (presumably the government, or anyone who compromises them) to identify who signed something.
If using the same card multiple times with the same site allows the site to correlate them then that obviously also allows the site to link two accounts you intended to be separate, or two sites to set themselves up as the same "vendor" and thereby correlate your accounts between them.