Add region locks to Identity Abuse section

[christianliebel]

This is another potential abuse vector I have been thinking about (think DVD region codes).

---

Preview | Diff

[csarven]

Is this not already covered under Exclusion:

Credentials can contain information that cannot be withheld. Revealing that information might enable discrimination, even if the information revealed is unrelated to the purpose for which the credential is presented.

[martinthomson]

It's subtle, but yes, @csarven is right.

Consider the case where you are asked to offer proof of age, linked to a digital credential. Leaving aside the tracking/surveillance risk associated with some implementations (ahem, Apple), it is generally the case that even a zero-knowledge proof of age will reveal the authority that issued the credential. That often carries a geographical signal, as most authorities in this space are your classic Westphalian governments or their agencies. Even if you aren't physically in that location, that might still be used against you.

DVD region codes are obviously a tool for disempowering users. Very much zero sum. Though because DVDs failed at achieving effective DRM the effect was limited. I agree that this is a valid concern.

[christianliebel]

We could also add that as an example to the paragraph @csarven mentioned (suggestion below), but I think region locks would be worth being their own bullet point. I haven't seen that aspect covered elsewhere in the document.

Credentials can contain information that cannot be withheld. Revealing that information might enable discrimination, even if the information revealed is unrelated to the purpose for which the credential is presented. For example, credentials may carry geographical signals that could be used to implement region locks.

[csarven]

"Geographical signal" may be a bit vague, but I would consider something like "region locks" awfully close to the discussion that we had in #20 , as in issuing authority (for passports) or birthplace.

In #52 we went from specific cases as mentioned in #20 to example fields at one point in that PR:

• People might be denied service or have limited access
  when certain fields, like birthplace or gender,
  when presence or absence of optional fields, like birthplace or gender,
  lead to discrimination or arbitrary rejection of valid credentials.

to further generalising (without example fields) in the accepted PR.

I don't oppose "region locks" FWIW but if we are hopping from a case study to example fields to a general point, I'm not sure if it makes sense to introduce region locks in its current form this way. I would argue that things like passport issuing authority or birthplace are in fact more concrete fields exemplifying "region locks".

[jyasskin]

Issuer Hiding for BBS-Based Anonymous Credentials, 2025 preprint is the paper I remembered in our breakout this morning, but because it appears to allow the verifier to pick an arbitrary set of valid issuers, it would let the verifier explicitly exclude people outside their desired region, and wouldn't help solve this issue.