Services that anonymize verifiable credentials/profiles could be integrated with (loosely decoupled though) either the browser or credential repository. Browsers may be interested in providing their own anonymizer services where they could present something like a "anonymize this profile" checkbox in the UI (or the credential repository could request it in its response). Then the browser's anonymizer service would:
Be sent the profile
It would verify any proofs/signatures
It would remove any well-known correlatable IDs and proofs/signatures
It would append a receipt of verification with the authors of previous proofs/signatures included
It would add its own proof/signature
It would return the "anonymized profile"
For any attributes that are themselves correlatable this would do nothing, but other IDs could be anonymized. Browsers may be interested in providing this service as either merely value add for users or for information (in aggregate) collection -- which may be a privacy concern that could be potentially mitigated via an option.
Recipients (verifiers) would need to verify the anonymizer's proof/signature and trust the anonymizer service's assertion that it checked the other proofs/signatures -- and then need to trust the authors of the anonymizer-checked proofs/signatures that are available in the receipt.
The anonymizer service could be similar to the push service provided by browsers today.
Services that anonymize verifiable credentials/profiles could be integrated with (loosely decoupled though) either the browser or credential repository. Browsers may be interested in providing their own anonymizer services where they could present something like a "anonymize this profile" checkbox in the UI (or the credential repository could request it in its response). Then the browser's anonymizer service would:
For any attributes that are themselves correlatable this would do nothing, but other IDs could be anonymized. Browsers may be interested in providing this service as either merely value add for users or for information (in aggregate) collection -- which may be a privacy concern that could be potentially mitigated via an option.
Recipients (verifiers) would need to verify the anonymizer's proof/signature and trust the anonymizer service's assertion that it checked the other proofs/signatures -- and then need to trust the authors of the anonymizer-checked proofs/signatures that are available in the receipt.
The anonymizer service could be similar to the push service provided by browsers today.