What’s the example you’re thinking of? I’m sorry if you mentioned it before and I missed it.
We need something harder to fake than a Fake ID, where the QR code doesn’t reveal who you are, so you can’t be tracked beyond the existing ability to track cell phones.
If I understand correctly, you don’t want the QR code to prove that “John Doe, ID #123456789, is vaccinated” and then have the verifier ask to see a separate, pre-existing ID that shows you’re John Doe. Which is how the actual and proposed vaccination passports in Israel and some of the EU work. (Hence I don’t know what example you’re thinking of.)
Instead you want the QR code to prove that “the bearer of this code is vaccinated”. That implies the code must be secret and not trivially shareable between many different people. But copying images and taking screenshots is trivial. So the code must not be a single permanent QR per person, but generated by the application: either frequently replaced (like OTP) or on-demand (challenge-response protocol).
This could work if installing or activating the app required approval from a central database / service. This approach has difficulties I noted before, including proving to the app you’re you, and multiple activations. And it still lets the app owner track you, since the app stays active.
What’s the example you’re thinking of? I’m sorry if you mentioned it before and I missed it.
If I understand correctly, you don’t want the QR code to prove that “John Doe, ID #123456789, is vaccinated” and then have the verifier ask to see a separate, pre-existing ID that shows you’re John Doe. Which is how the actual and proposed vaccination passports in Israel and some of the EU work. (Hence I don’t know what example you’re thinking of.)
Instead you want the QR code to prove that “the bearer of this code is vaccinated”. That implies the code must be secret and not trivially shareable between many different people. But copying images and taking screenshots is trivial. So the code must not be a single permanent QR per person, but generated by the application: either frequently replaced (like OTP) or on-demand (challenge-response protocol).
This could work if installing or activating the app required approval from a central database / service. This approach has difficulties I noted before, including proving to the app you’re you, and multiple activations. And it still lets the app owner track you, since the app stays active.
What approach are you thinking of?