Comment by notpushkin
15 hours ago
> You could run a modified client that lets you assume any identity you choose
Provided you know the secret key to a government-issued certificate. Making it impossible to copy said certificate is not really a requirement for identity verification.
Some countries fixed it already, see Estonian ir Polish IDs with digital layer (performing signing, authentication, etc), and the devices only acting as untrusted interfaces to these.