- From: Jaromil <jaromil@dyne.org>
- Date: Fri, 18 Jul 2025 16:14:27 +0200
- To: public-credentials@w3.org
Dear colleagues, following up on the independent analysis of longfellow-zk I've shared in my previous email here, and on the GDC25 conference in Geneva where an European above-18 pilot was announced to use it, I'm now sharing with you my concerns on privacy issues related to the way zero-knowledge tech is integrated into wallets. https://news.dyne.org/privacy-in-eudi After talking to some policy experts and journalists about the issue I got the impression most of them tend to consider as privacy-preserving any setup somehow sporting the ZK feature. But as most of you probably know, especially those with a cybersecurity background, process isolation is a vital pattern to be applied to any sensitive data until (and during) it is properly anonymized. I've therefore took some time during my holidays to write up the analysis linked above. Knowing that longfellow-zk is used through the Google Play API without any warranties of process isolation then the outcome will be, yes, a privacy shield against a number of threat scenarios involving issuers and verifiers, but no protection against OS manufacturers grabbing all that sensitive data before it is anonymized. I'm interested in your opinions here and will likely further discuss this in calls with Simone Onofri and other colleagues in the W3C SING. Ciao -- jaromil.dyne.org
Received on Friday, 18 July 2025 14:14:34 UTC