logoalt Hacker News

alistairSHtoday at 3:45 PM2 repliesview on HN

ID chip? Is that something everybody in the EU (or whatever region) has? Is it just embedded in your driver license or passport?

[I'm in the US, we're very ID-averse here, weird, but is what it is]


Replies

arrrgtoday at 4:47 PM

ID cards aren’t exactly super standardized inside the EU. German ID cards have a RFID chip which basically contains all the same info that’s printed on the outside (PIN protected).

Smartphones can read that chip and the state as well as private businesses could in principle use this to do age verification – even the super minimal version of age verification that just asks for a certain age threshold and gets a binary response whether that threshold is met. (Which to me if we can achieve it is the perfect solution.)

The infrastructure is there and since 2017 those RFID chips are even actived by default when new ID cards are issued. (The cards are valid for ten years so nearly all ID cards have those active chips.)

The biggest issue currently is a network effect one: hardly anyone is using the chip so people don’t create their initial PIN, creating a UX hurdle for adoption. (If you want to use your ID card chip you have to find your initial PIN somewhere in your documents – if you didn’t throw it away – and then create your proper PIN, you can’t just start using it.)

I can sense usage increasing but exactly because of the poor initial use UX all sorts of private alternate solutions exist that are plain worse from a privacy preserving point of view. For example ones where you film your ID card from both sides (so the hologram is visible) which just suck. (You just share everything … which is just so unnecessary.)

To change this we would need a policy that requires age verification without sharing the birthdate or any other PII.

show 1 reply
Fargrentoday at 5:56 PM

Many (all?) EU countries have a national ID card, and most (all?) IDs has a chip that can be used for secure document signing. I don't know if it can be used by itself for age verification. Maybe it would need to contrast your signature with some sort of DB that can retrieve your age...