Wind4Greg
commented
5 months ago Hi @jyasskin, @dlongley also suggested trying to find ways that wallet software could alert a holder to potential risks. I'm a bit concerned about giving a false sense of security, since even if we obtain a measure of confidence from the crytographic and JSON-LD/VC processing artifacts there are still "linkage attacks" based on the revealed statements in a VC. See section 5.2.4 Linkage via Holder Selective Reveal. I cited:
SoK: Managing risks of linkage attacks on data privacy. J. Powar; A. R. Beresford. Proceedings on Privacy Enhancing Technologies. 2023. URL: https://petsymposium.org/popets/2023/popets-2023-0043.php
Which is a very recent study that also surveys 94 public cases of re-identification. They don't offer a general solution, but a framework for analysis. So maybe we can come up with a two fold approach: (a) try to come up with some computational measures such as the EFF's browser fingerprinting analysis Cover Your Tracks, (b) provide guidance to users about "linkage attacks", i.e., how little information is sometimes needed to uniquely identify an individual.
That said I'm not sure all this additional information/advice would go into this document versus some type of higher level document on VCs and privacy. Thoughts?
https://www.w3.org/TR/vc-di-bbs/#privacy-considerations discusses some ways that an issuer could make decisions that would compromise holders' privacy. For example, they could
mandatoryPointersIt would be nice if the privacy considerations section would explain how individual holders can detect these problems before they send linkable information to verifiers and how holders or researchers could detect these problems at scale in order to put pressure on issuers to do the right thing. Technical measures to prevent the mistakes would be even better, but are probably too much to hope for.