An unexpected privacy risk of anonymous credentials

February 14, 2012

Anonymous credentials are a privacy enhancing technology that allow you to prove certain properties about yourself, without revealing your full identity. Examples are showing your age, your gender, whether you are a member of a certain group, or your nationality, among others. Privacy advocates are advocating the widespread use of such technology. However, if a worldwide infrastructure for anonymous credentials would exist, this would actually create a funny privacy problem. Currently many websites ask for personal information that is not strictly necessary to provide their service. Examples are websites that ask for your address or your age, while only your email address is really needed. This practice is strictly speaking illegal, but many websites do it anyway. Users deal with this pragmatically, by entering a fake address or lying about their age.

Unfortunately, with anonymous credentials this is no longer possible. Instead of asking for your age in the normal way, a website can now ask for a credential that will prove your age. If you fail to provide a valid credential, you will not be given access. Given this choice many people will comply, decreasing their privacy instead of increasing it (as was the intention of using anonymous credentials).

Obviously, normal (non-anonymous) credentials suffer from the same problem. It just goes to show that technique by itself will not fully enforce dataminimisation. Vigilant enforcement of existing data protection regulation is also required.

[This interesting issue was raised at an ABC4TRUST Reference Group meeting]

In case you spot any errors on this page, please notify me!
Or, leave a comment.