They don’t need to know the requesting address in order for them to know if it was you the person corresponding to that proof of age, because the information is in the data being exchanged. These kind of verifications don’t depend or rely on IP address or networking, these are credentials that are checked on the application layer.
In fact, they don’t even need to directly communicate with the government for this.
This is equivalent to a registration office for a service asking you provide a paper stamped by the government that certifies your age without the paper actually saying who you are… the service does not need to contact the government if they can trust the stamp in the paper and the government official signature (which in this case is mathematical proof). And even though the service office can’t see your name in the paper, the government knows that the number written in the paper links to you individually, because they can keep record of which particular paper number was issued to which individual, even if your name wasn’t written in the document itself.
So, the government can, at any given time, go to those offices, ask them to hand in the paper corresponding to a particular registration and check the number to see who it belongs to.
The traceability is in the document, not in the manner in which you send it. It does not matter if you send the document to a different country for someone else to send it from a different address, on your behalf (ie. a proxy). If the government can internally cross-reference the registration papers as being the ones linked to your governmental ID, they can know it’s yours regardless of how it reached the offices. So this way they can check if you registered yourself in any particular place they wanna target and what your account is.
Obviously the government knows it’s you. That’s the whole purpose. But they don’t know the site that’s requesting this, if the proxy hides that from them.
They might not know the list of sites you visit right away in the same way they could by contacting your ISP when you are not using a proxy, but that wasn’t my point.
My point is that they can check with a specific site that uses this verification method and see if you have an account on that site, and if you do, which account in particular. And in a way that is much more directly linked to you personally than an IP address (which might be linked to the household/internet access you’re using but that isn’t necessarily under your name).
So in this situation they can indeed know if you use any one particular site that they choose to target, as long as that site is requiring you to provide them with a document, regardless of how many layers of proxies you (or the site) choose to be under.
I’m not sure what you mean by “the site that’s requesting this”, the site does not need to request anything from the government, they just need to have previously agreed on a “secret” mathematical verification method that works for every document. The digital equivalent of a stamp/signature.
But getting that information from the USP or the site would require a warrant. Not to mention that the site doesn’t have to know your real identity either.
And the whole point of this exercise is to ensure that you don’t have to provide any document to the site.
What I mean by the site that’s requesting this, is exactly that: you need to prove to a site that you’re above a certain age. For that, the site redirects you to the proxy that redirects you to the eID site, with a request to confirm that you’re above a certain age.
The site has fulfilled its legal obligation to check your age, but doesn’t have to know your identity, and the government doesn’t have to know what site you’re visiting.
I feel like you’re misunderstanding the scenario we’re discussing.
I feel you are talking about a different thing now. My point was surrounding what you initially said:
The only right way to do this, is if governments provide their citizens with an eID that any site can ask “is this person 18+?” and get an accurate answer without any other identifiable info. And if you don’t want the government to know what sites you visit, have sites route the request through a proxy.
An eID is a digital document. You yourself are proposing that sites should request people to provide a document, one that’s issued by the government to you, personally.
Then later you said that using a proxy prevents the government to know what you visit.
My answer was that if you are providing a government-issued document/file to the service then the government (the issuer) can know if you visit the site just by keeping track of who did they issue each document for and requesting the sites for copies of the documents. Even if the document itself does not say your name. And that’s regardless of how many proxy layers you use, since there’s traceability in the document. This makes you fundamentally less anonymous to the government than before (when you could have indeed used a proxy to prevent this), this makes proxies no longer a good defense.
The service does not know you, but that’s not the point, what you said is that the government can’t know if you visit the site, which is the one thing I disagreed with.
I’m still talking about the same thing, but I understand the nature of our misunderstanding now. You see eID as something you download and can share (but what kind of security would that provide?). I mean an online ID service, similar to the Dutch DigiD. I assume the EU eID is also something similar, although I have no personal experience with that.
An electronic identification (“eID”) is a digital solution for proof of identity of citizens or organizations. They can be used to view to access benefits or services provided by government authorities, banks or other companies, for mobile payments, etc. Apart from online authentication and login, many electronic identity services also give users the option to sign electronic documents with a digital signature.
The online authentication is the important part. The article also talks about physical cards with a chip, but I honestly don’t quite understand how that’s different from a regular chip in a passport.
When I have to access any government service, I get redirected to digID to log in, then redirected to the site I want to visit. This is very similar to other online authorisation schemes, except it’s tied to me official legal identity.
My proposal is to use this not just to log in to government sites, but to use it to provide any legally required online identification, tailored to the highest amount of privacy possible in that situation. So if a site needs to confirm you’re 18+, let that site ask the eID service for just your age, or even just whether you’re 18+ or not, log into the eID system, and the eID system sends confirmation of your age back to the site.
Note that “authentication and login” does not necessarily require network communication with a government service. In fact in Europe the eIDs (eIDAS) are digital documents that use cryptography to authenticate without the need of spending resources in a government-funded public API that could be vulnerable to DDOS attacks and would be requiring reliable internet connections for all digital authentication (which might not always be an online operation). The chips are just a secure way to store the digital document and lock under hardware the actual key, making it much harder for it to be copied/replicated, but they don’t require internet connection for making government-certified digital signatures with them that can be used in authentication, this is the same whether the service itself you are login into is online or offline.
In any case, in your example where actual network communication is used, it would still be possible for the government to track you regardless of proxies, because then they can store a log of the data & messages exchanged in the communication.
They can either ask the sites to authenticate previously with the government for the use of the API (which would make sense to prevent DDOS and other abuse, for example), which would let them know immediately which site you were asking login for, or simply provide a token to the site as result of the user authentication (which is a common practice anyway, most authentication systems work through tokens) and later at any given time in the future ask the sites to provide back which tokens are linked to each account on the site (just like I was saying before with the “documents” example) so the government can map each token with each individual person and know which users of that site correspond to which individuals.
They don’t need to know the requesting address in order for them to know if it was you the person corresponding to that proof of age, because the information is in the data being exchanged. These kind of verifications don’t depend or rely on IP address or networking, these are credentials that are checked on the application layer.
In fact, they don’t even need to directly communicate with the government for this.
This is equivalent to a registration office for a service asking you provide a paper stamped by the government that certifies your age without the paper actually saying who you are… the service does not need to contact the government if they can trust the stamp in the paper and the government official signature (which in this case is mathematical proof). And even though the service office can’t see your name in the paper, the government knows that the number written in the paper links to you individually, because they can keep record of which particular paper number was issued to which individual, even if your name wasn’t written in the document itself.
So, the government can, at any given time, go to those offices, ask them to hand in the paper corresponding to a particular registration and check the number to see who it belongs to.
The traceability is in the document, not in the manner in which you send it. It does not matter if you send the document to a different country for someone else to send it from a different address, on your behalf (ie. a proxy). If the government can internally cross-reference the registration papers as being the ones linked to your governmental ID, they can know it’s yours regardless of how it reached the offices. So this way they can check if you registered yourself in any particular place they wanna target and what your account is.
Obviously the government knows it’s you. That’s the whole purpose. But they don’t know the site that’s requesting this, if the proxy hides that from them.
They might not know the list of sites you visit right away in the same way they could by contacting your ISP when you are not using a proxy, but that wasn’t my point.
My point is that they can check with a specific site that uses this verification method and see if you have an account on that site, and if you do, which account in particular. And in a way that is much more directly linked to you personally than an IP address (which might be linked to the household/internet access you’re using but that isn’t necessarily under your name).
So in this situation they can indeed know if you use any one particular site that they choose to target, as long as that site is requiring you to provide them with a document, regardless of how many layers of proxies you (or the site) choose to be under.
I’m not sure what you mean by “the site that’s requesting this”, the site does not need to request anything from the government, they just need to have previously agreed on a “secret” mathematical verification method that works for every document. The digital equivalent of a stamp/signature.
But getting that information from the USP or the site would require a warrant. Not to mention that the site doesn’t have to know your real identity either.
And the whole point of this exercise is to ensure that you don’t have to provide any document to the site.
What I mean by the site that’s requesting this, is exactly that: you need to prove to a site that you’re above a certain age. For that, the site redirects you to the proxy that redirects you to the eID site, with a request to confirm that you’re above a certain age.
The site has fulfilled its legal obligation to check your age, but doesn’t have to know your identity, and the government doesn’t have to know what site you’re visiting.
I feel like you’re misunderstanding the scenario we’re discussing.
I feel you are talking about a different thing now. My point was surrounding what you initially said:
An eID is a digital document. You yourself are proposing that sites should request people to provide a document, one that’s issued by the government to you, personally. Then later you said that using a proxy prevents the government to know what you visit.
My answer was that if you are providing a government-issued document/file to the service then the government (the issuer) can know if you visit the site just by keeping track of who did they issue each document for and requesting the sites for copies of the documents. Even if the document itself does not say your name. And that’s regardless of how many proxy layers you use, since there’s traceability in the document. This makes you fundamentally less anonymous to the government than before (when you could have indeed used a proxy to prevent this), this makes proxies no longer a good defense.
The service does not know you, but that’s not the point, what you said is that the government can’t know if you visit the site, which is the one thing I disagreed with.
I’m still talking about the same thing, but I understand the nature of our misunderstanding now. You see eID as something you download and can share (but what kind of security would that provide?). I mean an online ID service, similar to the Dutch DigiD. I assume the EU eID is also something similar, although I have no personal experience with that.
The first paragraph on Wikipedia contains a good description of what I’m talking about: https://en.wikipedia.org/wiki/Electronic_identification
The online authentication is the important part. The article also talks about physical cards with a chip, but I honestly don’t quite understand how that’s different from a regular chip in a passport.
When I have to access any government service, I get redirected to digID to log in, then redirected to the site I want to visit. This is very similar to other online authorisation schemes, except it’s tied to me official legal identity.
My proposal is to use this not just to log in to government sites, but to use it to provide any legally required online identification, tailored to the highest amount of privacy possible in that situation. So if a site needs to confirm you’re 18+, let that site ask the eID service for just your age, or even just whether you’re 18+ or not, log into the eID system, and the eID system sends confirmation of your age back to the site.
Oh, I see the misunderstadning.
Note that “authentication and login” does not necessarily require network communication with a government service. In fact in Europe the eIDs (eIDAS) are digital documents that use cryptography to authenticate without the need of spending resources in a government-funded public API that could be vulnerable to DDOS attacks and would be requiring reliable internet connections for all digital authentication (which might not always be an online operation). The chips are just a secure way to store the digital document and lock under hardware the actual key, making it much harder for it to be copied/replicated, but they don’t require internet connection for making government-certified digital signatures with them that can be used in authentication, this is the same whether the service itself you are login into is online or offline.
In any case, in your example where actual network communication is used, it would still be possible for the government to track you regardless of proxies, because then they can store a log of the data & messages exchanged in the communication.
They can either ask the sites to authenticate previously with the government for the use of the API (which would make sense to prevent DDOS and other abuse, for example), which would let them know immediately which site you were asking login for, or simply provide a token to the site as result of the user authentication (which is a common practice anyway, most authentication systems work through tokens) and later at any given time in the future ask the sites to provide back which tokens are linked to each account on the site (just like I was saying before with the “documents” example) so the government can map each token with each individual person and know which users of that site correspond to which individuals.