Search papers, labs, and topics across Lattice.
This paper investigates the privacy risks associated with the European Union's upcoming EUDI Wallet, which allows users to store and disclose digital credentials. Through a large-scale survey of users and experts, the authors reveal that approximately 20% of users are prone to oversharing sensitive information, highlighting significant challenges in maintaining privacy. The introduction of a Credential Assistant tool demonstrates a reduction in disclosure mistakes from 15% to 7%, yet it underscores the need for more robust interventions to safeguard sensitive data effectively.
Users are oversharing sensitive identity information at alarming rates, with a staggering 20% revealing their official ID to news websites.
The European Union will introduce the EUDI Wallet by late 2026, which allows users to hold digital credentials (i.e., representations of physical official identity documents) on their devices. This will allow users to securely and privately disclose identity attributes to websites. Although such a system has many benefits, it also introduces risks caused by poor credential disclosure decisions. In this paper, we (i) conduct a large-scale survey on credential disclosure with users and experts and (ii) evaluate the effectiveness and feasibility of our Credential Assistant that displays expert recommendations and user opinions. Our results show that users are likely to overshare (e.g., ~20% of users disclosed their official ID to news websites). This indicates that users struggle to protect their privacy, which will impact the usability of the EUDI Wallet and lead to privacy violations, identity theft, and other abuses of leaked credentials. Finally, we show that our Credential Assistant significantly reduces users' credential disclosure mistakes from ~15% to ~7%. However, it does not fully eliminate poor credential disclosure decisions, indicating that stronger interventions may be necessary, especially for sensitive attributes.
ETH