The co-founder of Ethereum, Vitalik Buterin, believes that digital identification systems to a person, despite the use of zero knowledge tests (ZK proofs), include risks to privacy. ZK Proof Ending IDS offered by World ID (formerly WorldCoin) using biometric data and ZK evidence gained ground, recently crossing 10 million users.
Consequently, in his blog on Saturday, Buterin suggested “pluralist identity” as the “best realistic solution” to fully preserve intimacy.
IDs wrapped in ZK evidence use ZK evidence to establish that a user has a valid ID without revealing any detail of his identifier, thus promising confidentiality. However, Buterin argued that the digital IDs wrapped in ZK still have gaps that could compromise confidentiality.
ZK wrapped IDs solve “many important problems”
Buterin concedes that “ZK packaging is solving many important problems”. In addition to Zkids, all the options to authenticate the identity of a user on any application requires that the user reveals the entirety of their legal identifier. According to Buterin:
“This is a blatant violation of the common principle of computer security of the slightest privilege: a process should only obtain the authority and the information necessary to accomplish its task.”
For example, if an application requires that a user proves their age, the application should not be able to access other data in the legal ID. Therefore, the Zkids provide a crucial avenue and previously unavailable to preserve privacy, said Buterin.
Risks associated with IDs wrapped in ZK evidence
The conceptions of current ZK identity platforms are delivered with constraints – they allow users to create a single ID for each application. First, the identification limit for one per person means that ZK identifiers do not guarantee pseudonymat, said Buterin. He explained:
“In the real world, pseudonymat generally requires having several accounts: one for your” regular identity “and others for any pseudonym identity.”
Adolescents and many others already practice having several accounts, calling them for false and real Instagram accounts. Buterin wrote:
“… under an identity document to one per person, even if it is wrapped in ZK, we risk getting closer to a world where all your activity must de facto under a single public identity.”
The unique ID constraint for each application means that the “practical pseudonimity level” offered by the ZK wrapped IDs is lower. Indeed, services and Google Accounts allow users to create up to five accounts.
Second, users can be forced by governments or companies to reveal their identity on one or more applications, thus canceling the preservation of privacy. For example, an employer can ask a potential recruit to reveal his full identity card on one or more social media platforms as a job condition.
Consequently, Buterin said that ZK does not eliminate the possibility that a person’s identity can be revealed under stress.
Finally, ZK Proof enveloped IDs are also delivered with non -private risks such as errors.
In extraordinary or on -board cases, all forms of identification often fail. For example, biometric IDs may not work for users whose features have been damaged or deformed by an injury. Biometric IDs could also be potentially usurped by aftershocks. In addition, government identity documents do not include statelessness or those that have not yet acquired such documents. Therefore, Buterin wrote:
“These peak cases are the most harmful in the case of systems that try to maintain property to a person, and they have nothing to do with privacy; So ZK does not help. “
Pluralist identities are the solution, said Buterin
Buterin defined pluralist identity as “an identity regime where it is not a dominant issuing authority, whether it is a person, an institution or a platform”. According to Buterin, pluralist IDs can be explicit or implicit.
In explicit pluralist identity or “identity based on social graph”, a user must prove a certain characteristic, like his age, or that they are human, by certificates from other members of the community, who are also verified by the same process. Explicit pluralist identification systems can allow users to have one or more pseudonyms, each pseudonym having its own online presence and historical, said Buterine.
On the other hand, in an implicit pluralist identity system, a user can provide any ID – government ID or social media identifiers – for verification. According to Buterin, implicit pluralist identity systems reduce the possibility that a user is forced to reveal his entire identity.
In addition, pluralist identification systems are “naturally more tolerant to errors”, allowing people who are generally excluded, such as those without good documents, to prove their identity.
Buterin, however, warned that these advantages disappear and that the system is effectively transformed into a person’s identification system when “any form of identification obtains almost 100% market share, and it becomes realistic to require it as a single connection option”.
