Files
trust-issues/src/content/stories/state-protects-privacy-and-sees-everything.md
T
Compleet eaf9a614d9
validate / validate (push) Successful in 23s
Publish the first trust story collection
2026-07-14 13:58:14 +01:00

3.0 KiB

title, description, published, editorialOrder, reviewed, author, maintainers, status, featured, homepage, section, draft, tags, trustPattern
title description published editorialOrder reviewed author maintainers status featured homepage section draft tags trustPattern
The state can protect your privacy and still see everything China's national internet identity service reduces the need to hand civil-ID data to platforms by concentrating authentication in a public system. 2026-07-14 13 2026-07-14 Ana
Ana
developing false false Government false
china
internet-identity
privacy
centralisation
claim trusted failure
A government internet number protects citizens by keeping real-name data away from private platforms. Users must trust the unified public service not to correlate, repurpose, compel, leak, or silently expand the authentication record. Data minimisation at each platform can coincide with a more complete view at the centre.

China's national network identity authentication service began operating under final rules on 15 July 2025. A person can obtain an internet number and certificate derived from legal identity information. Participating services can verify the person without receiving their civil identity in plain text.

The privacy benefit is concrete. A platform that needs to confirm real identity need not store another copy of the user's document details. The official rules say participation is voluntary, platforms must retain alternative methods, and unnecessary identity data should not be collected.

The centralisation is equally concrete. Authentication that was previously fragmented among platforms can pass through one state-built service.

Privacy from whom?

"Privacy-preserving" is incomplete without an adversary.

The internet number can improve privacy from private platforms. The platform receives a result rather than the underlying document. It may reduce leaks, overcollection and commercial reuse at that layer.

At the same time, the public service becomes a strategically important observer and dependency. The relevant questions concern logging, correlation, legal access, purpose limitation, deletion and whether voluntary adoption remains genuinely equal once the convenient route becomes normal.

This is not a uniquely Chinese paradox. Identity brokers, mobile operating systems and federated-login providers make the same bargain in different institutional settings: reveal less to many parties by trusting one party more.

Do not average the trust

It is tempting to label the system either a privacy tool or surveillance infrastructure. It can be privacy-improving along one relationship and power-concentrating along another.

A useful audit therefore draws two data flows:

  1. what the relying platform no longer receives;
  2. what the central authentication service can now observe or compel.

The first is the product's benefit. The second is its constitution.

Source