EU digital ID wallet can't deliver the privacy properties it claims, critics say
The debate over the EU's digital identity wallet has moved out of the conference room and onto GitHub — and it's getting blunt. A popular issue on the project's repository collects sharp feedback from researchers and privacy advocates who argue the wallet's privacy guarantees are, at best, aspirational. It has been reported that maintainers prefaced the discussion by saying "We read every piece of feedback, and take your input very seriously," but critics say that politeness doesn't change the core technical problem.
Technical flaws: math works, system doesn't
Commenters acknowledge the zero-knowledge primitives themselves — selective disclosure, BBS-like signatures, zk-on-mdoc variants such as "zk-longfellow" — are sound in isolation. But it has been reported that they insist the system-level guarantees people expect do not follow. The ZKP can prove "over 18" without embedding an identity, sure. But the issuer necessarily knows who it issued a credential to, and the relying party necessarily knows which session presented a proof. When those two sides correlate timestamps, per-issuance values, or any reporting back, unlinkability evaporates. This isn't an IP fingerprint side-channel. It's the ledger you create when issuer and verifier can simply compare notes.
Rights, rhetoric and reaction
Critics go further than maths. It has been reported that some commenters claim the wallet, as currently specified, conflicts with the EU Charter of Fundamental Rights — particularly the right to privacy and protection of personal data — and allege the architecture would enable centralized registries of users. Others crank up the rhetoric: repeal the Charter, study DPRK/PRC models, paint the UI red — provocative, and allegedly meant to jolt maintainers into seeing the political stakes. Whether those political arguments will stick in law or public opinion is another matter; what’s not up for debate is that a spec can't legislate trust or prevent collusion by design alone.
What's next?
The practical takeaway is stark: engineering fixes to the spec (even mandatory ZKP presentations) won't magically repair a system whose edge interactions leak identity. The discussion on GitHub is a useful, public airing — and a reminder that privacy is not just cryptography. It's architecture, governance and policy. Can the project rework its assumptions before deployment? Or will the wallet be another example of brilliant primitives failing at the social layer? The clock is ticking, and the stakes are very real.
Comments