← Back to context

Comment by rockskon

1 day ago

So....what exactly would platform detection mechanisms be basing their decisions off of that wouldn't defeat the entire privacy-preserving premise of ZKP?

8 comments

rockskon

Reply
teravor  1 day ago

multiple use of the same token on multiple accounts...?

tying multiple accounts and services together isn't ideal but its inarguably better than tying your real world identity to every single service.

  • rockskon  1 day ago

    Wait - so you're advocating for use of a persistent identifier tied to a person? How is that any different than what advertising networks do right now beyond giving them additional guaranteed information of your age bracket?

    To clarify - it's not cryptographically necessary to present the same token for each and every transaction and serves to categorically defeat the entire privacy guarantee of ZKP.

    It also makes it trivial to associate your ZKP token with your real identity.

    • teravor  1 day ago 

          > use of a persistent identifier

      at the terminus, yes. there is no other way to avoid the homeless problem you listed. by terminus I am referring to where a central authority vouches for unforgability. this does not mean advertisers will have a token they can use (see remote attestation infrastructure).

          > tied to a person

      whether or not the terminus can tie a token to a real world identity will depend on how careless the user was and how much collusion there is between the terminus and the services. at the very least it will impose an investigation cost.

      contrast this with the situation as it currently is (under ideal assumptions) where a central authority verifies your real identity and issues temporary rate limited tokens which are then saved by each service and can at any time be linked to you whenever the central authority can get the service to disclose the database entry. the nullifier will force the central authority to do an investigation about who the nullifier actually belongs to which may actually fail.

      realistically I expect VPNs and Tor to just become more popular in response to such nonsense. I wouldn't be using government issued tokens for anything that isn't trivial to tie to your identity already: such as a personal bank access.

      4 replies →