From cd6116ce4d1110ad682ade5ff2cb73b3a94b73f2 Mon Sep 17 00:00:00 2001
From: Manu Sporny
Data associated with [=verifiable credentials=] stored in the
-`credential.credentialSubject` field is susceptible to privacy
-violations when shared with [=verifiers=]. Personally identifying data, such
-as a government-issued identifier, shipping address, and full name, can be
-easily used to determine, track, and correlate an [=entity=]. Even
-information that does not seem personally identifiable, such as the
-combination of a birthdate and a postal code, has very powerful correlation
-and de-anonymizing capabilities.
+`credential.credentialSubject` field is susceptible to privacy violations when
+shared with [=verifiers=]. Personally identifying data, such as a
+government-issued identifier, shipping address, and full name, can be easily
+used to determine, track, and correlate an [=entity=]. Even information that
+does not seem to be personally identifiable, such as the combination of a
+birthdate and a postal code, has very powerful correlation and de-anonymizing
+capabilities.
@@ -5283,6 +5283,17 @@ Personally Identifiable Information
Personally Identifiable Information
transit, as well as encryption or data access control mechanisms to protect
the data in a [=verifiable credential=] while at rest.
+In general, individuals are advised to assume that a [=verifiable credential=], +like most physical credentials, will leak personally identifiable information +when shared. To combat this leakage, the [=verifiable credential=], and the +securing mechanism, need to be specifically designed to avoid correlation. +[=Verifiable credentials=] that are specifically designed to prevent the leakage +of personally identifiable information do exist. Individuals and implementers +are urged to prefer these types of credentials over ones that are not designed +to protect personally identifiable information. +