This is related to my previous suggestion of an email-verify-url IdentityType.
No matter how secure a badge identity is made, it's only as secure as the identity of the badges with which it is shared together. Suppose someone has one badge that reveals their identity on the evidence page, and has another badge with secured identity. If they publish them in the same collection on a displayer that validates their email, then everyone knows that the secure badge belongs to the same email address as the non secure one.
I don't see how this can be prevented with any technical solutions, as it's more of a usage issue I guess, but at least there should be a note of warning for this, and a recommendation to displayers and issuers to warn their users, as it might not be obvious to a badge recipient.
timothyfcook
commented
7 years ago
This is related to my previous suggestion of an email-verify-url IdentityType. No matter how secure a badge identity is made, it's only as secure as the identity of the badges with which it is shared together. Suppose someone has one badge that reveals their identity on the evidence page, and has another badge with secured identity. If they publish them in the same collection on a displayer that validates their email, then everyone knows that the secure badge belongs to the same email address as the non secure one.
I don't see how this can be prevented with any technical solutions, as it's more of a usage issue I guess, but at least there should be a note of warning for this, and a recommendation to displayers and issuers to warn their users, as it might not be obvious to a badge recipient.