I generally agree but it depends on the application and the computer purpose / input you will most use.

Like… it doesn’t make much sense to have a CLI/TUI for an image editor… if you start using things like sixel you are essentially building a GUI that runs in a terminal, not a TUI. The same happens with videogames, video players and related entertainment applications.

But like I said, I do generally agree. I’d even argue that when possible, GUIs should just be frontends that ultimately just call the corresponding CLI programs with the appropriate parameters, avoiding duplication.

If you have no way to link the signature to the original document, then how do you validate that the signature is coming from a document without repetition / abuse?

How do you ensure there aren’t hundreds of signatures used for different accounts all done by the same stolen eID that might be circulating online without the government realizing it?

Can the government revoke the credentials of a specific individual? …because if they can’t then that looks like a big gap that could create a market of ever-growing stolen eIDs (or reusing eIDs from the deceased) …and if they can revoke, what stops the government from creating a simulation in which they revoke one specific individual and then check what signatures end up being revoked to identify which ones belong to that person? The government can mandate the services to provide them all data they have so it can be analyzed as if they were Issuer, Registry and Verifier, all in one, without separation of powers.

I know there are ways to try and fix this, but those ways have other problems too, which end up forcing the need for a compromise… there’s no algorithm that perfectly provides anonymity and full verifiability with a perfect method of revocation that does not require checks at every user login. For example, with the eIDAS 2.0 system (considered zero-knowledge proof), the government does have knowledge of the “secret serial number” that is used in revocation, so if they collude with the service they can identify people by running some tests on the data.

That prevents the site from knowing your identity, but I’m not convinced it prevents the government from knowing you visit the site. The government could keep track of which document corresponds to which individual whenever they issue / sign it.

So if the government mandated that each signed proof of “age>18” was stored by the service and mapped to each account (to validate their proof), then the government could request the service to provide them copy of the proof and then cross-check from their end which particular individual is linked to it.