this post was submitted on 09 Feb 2026
277 points (98.9% liked)
Privacy
45978 readers
1316 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 6 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I agree that a government that wants privacy can actually do it in a way that ensures privacy. That's also what I was saying.
My point was that this is up to the government, and no amount of "route the request through a proxy" would patch that up, that's not gonna help this case. If the government wants to protect privacy, they can do it without you needing to use proxies, and if the government wants to see what sites you visit using these certificates, they can do it even if you were to use proxies, because this is not something that's tracked in the networking layer, it's in the application layer.
If the proxy is independent, I don't see how the government can know what the requesting site is. They can only see the proxy. I don't mean a standard network proxy of course, but a proxy for the entire request. That's probably the source of our misunderstanding.
They don't need to know the requesting address in order for them to know if it was you the person corresponding to that proof of age, because the information is in the data being exchanged. These kind of verifications don't depend or rely on IP address or networking, these are credentials that are checked on the application layer.
In fact, they don't even need to directly communicate with the government for this.
This is equivalent to a registration office for a service asking you provide a paper stamped by the government that certifies your age without the paper actually saying who you are.. the service does not need to contact the government if they can trust the stamp in the paper and the government official signature (which in this case is mathematical proof). And even though the service office can't see your name in the paper, the government knows that the number written in the paper links to you individually, because they can keep record of which particular paper number was issued to which individual, even if your name wasn't written in the document itself.
So, the government can, at any given time, go to those offices, ask them to hand in the paper corresponding to a particular registration and check the number to see who it belongs to.
The traceability is in the document, not in the manner in which you send it. It does not matter if you send the document to a different country for someone else to send it from a different address, on your behalf (ie. a proxy). If the government can internally cross-reference the registration papers as being the ones linked to your governmental ID, they can know it's yours regardless of how it reached the offices. So this way they can check if you registered yourself in any particular site they wanna target and what your account is.
Obviously the government knows it's you. That's the whole purpose. But they don't know the site that's requesting this, if the proxy hides that from them.
They might not know the list of sites you visit right away in the same way they could by contacting your ISP when you are not using a proxy, but that wasn't my point.
My point is that they can check with a specific site that uses this verification method and see if you have an account on that site, and if you do, which account in particular. And in a way that is much more directly linked to you personally than an IP address (which might be linked to the household/internet access you're using but that isn't necessarily under your name).
So in this situation they can indeed know if you use any one particular site that they choose to target, as long as that site is requiring you to provide them with a document, regardless of how many layers of proxies you (or the site) choose to be under.
I'm not sure what you mean by "the site that’s requesting this", the site does not need to request anything from the government, they just need to have previously agreed on a "secret" mathematical verification method that works for every document. The digital equivalent of a stamp/signature.
But getting that information from the USP or the site would require a warrant. Not to mention that the site doesn't have to know your real identity either.
And the whole point of this exercise is to ensure that you don't have to provide any document to the site.
What I mean by the site that's requesting this, is exactly that: you need to prove to a site that you're above a certain age. For that, the site redirects you to the proxy that redirects you to the eID site, with a request to confirm that you're above a certain age.
The site has fulfilled its legal obligation to check your age, but doesn't have to know your identity, and the government doesn't have to know what site you're visiting.
I feel like you're misunderstanding the scenario we're discussing.