Digital ID, a new way to create and present an ID in Apple Wallet
Mood
skeptical
Sentiment
mixed
Category
tech
Key topics
Digital ID
Apple Wallet
Privacy
Apple has introduced a new feature called Digital ID, allowing users to create and present IDs in Apple Wallet, sparking debate about its implications.
Snapshot generated from the HN discussion
Discussion Activity
Very active discussionFirst comment
19m
Peak period
145
Day 1
Avg / period
53.3
Based on 160 loaded comments
Key moments
- 01Story posted
11/12/2025, 4:40:17 PM
6d ago
Step 01 - 02First comment
11/12/2025, 4:59:02 PM
19m after posting
Step 02 - 03Peak activity
145 comments in Day 1
Hottest window of the conversation
Step 03 - 04Latest activity
11/17/2025, 5:10:00 AM
2d ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
You gotta start somewhere. They started with Driver's Licenses.
This is the big one. I've seen a lot of states where digital drivers licenses are issued, but many retailers are like "lol no, we want the card." It needs to be legally enshrined as identical.
Be watchful for legislation requiring: * us to have our ID on our person at all times. * IDs to be issued in digital format only.
This is the paranoia I don't get. These are not things that are going to happen in the US, precisely because so many people (like yourself) are against it, and it's a democracy and people vote. So putting your drivers license on your iPhone isn't some slippery slope.
Citation needed.
These political values are a strong part of American culture. The distrust of central government and authority has been around since the founding of the country. They belong to the most durable of American values.
If the US still doesn't have a national ID, or require citizens to carry ID's, and there's literally no political movement towards that, what on earth makes you think this will change?
Being able to put a driver's license on your phone is state-level. It's a form of ID we're OK with. It can't be mandatory because not everyone can drive. There's zero slippery slope here. I just want to carry the card I already have to carry when driving or flying, on my phone instead of physically. There's zero downside here.
Is that enough citation for you?
But they never get what they wanted nor what they voted for.
Many brown looking citizens carry their passport so as to not be excessively detained by ICE.
Yes it is. And participating is accepting it.
https://legalclarity.org/can-you-have-a-non-driver-id-and-a-...
https://www.ecfr.gov/current/title-6/chapter-I/part-37/subpa...
So I think the only way to have a government ID card and a separate drivers license is to get a passport card and a state drivers license.
I just carry my driver's license, a credit card, a health insurance card, and an Orca card [1] loose in a pants pocket.
[1] Stored value card for several transit agencies in the Puget Sound region of Washington.
My bank, however, has one of those authenticator doohickies that I need to use when I make big transactions online. Pop my debit card in, enter the pin, and then do a little dance with codes back and forth on their internet banking to authenticate the transaction.
So I am in this annoying situation where my wallet is never where I needed it: either I'm making a payment and I need to go to my car to get my card, or I need my license and my wallet is on my desk where I forgot it last time.
Google Pay and digital wallets have literally freed up one of my jean pockets permanently.
https://support.google.com/wallet/answer/12436402?hl=en
I wonder if passports will come to Google soon as well - that'd open it up nationwide as long as you have a passport.
I would definitely expect Google to follow quickly.
They can hold onto it, and never return it. They can deface it. All of that is a possibilty.
You could argue, a sufficiently locked down phone is a better alternative. If they do something, you'll only lose $$
But they can't potentially look at your banking app, read private notes, messages and emails, operate your home automation, look at your calendar, etc. if all they have is a plastic card.
Only for it's "original" use case - traffic laws enforcement. I don't think any other entity can validate if this piece of plastic is invalidated or not. Also, it's not like information on lost ID gets erased when you get a new one: still has your address, DOB and other info that can be misused.
I once had three valid drivers' licenses, because my wallet was stolen (later returned), and I left my ID at a bar. All three were valid for use at the same time despite being reported lost/stolen - they had identical barcodes, etc.
The point is that you don't have to:
> To present a Digital ID in person, users can double-click the side button or Home button to access Apple Wallet and select Digital ID. From there, they can hold their iPhone or Apple Watch near an identity reader, review the specific information being requested, and use Face ID or Touch ID to authenticate.
"hold … near … review"
If you're (e.g.) buying alcohol, then the "specific information" would be your birthday, and that is all that would be sent over. With a regular ID, verifying your age would mean handing over your physical card which would have all sorts of other non-relevant information to the task at hand.
Further:
> Only the information needed for a transaction is presented, and the user has the opportunity to review and authorize the information being requested with Face ID or Touch ID before it is shared. Users do not need to unlock, show, or hand over their device to present their ID.
AIUI, cops would have a verifying device or app and the information requested—which you authorize—is sent over wirelessly. Kind of like how you no longer have to hand over your credit/debit cards to (possibly malicious) cashiers, and just keep it in your hand and tap. (Older people may remember the carbon copy 'ka-chunk' machines.)
With a physical ID you have to hand that over because that is the only way the information can be read off of it. With a digital ID you can send a copy of your ID without physical exchange / handover.
Unless there is a very tight control over this - lol nope. Big stores will request as much as they can to target you with ads.
Also, you need an ID to buy some OTC medicine and to pick up some prescribed medicine. As well some other cases when ID needs to be presented, but those probably require more than just DOB anyway.
Blood pressure prescriptions, no ID lots of times. OTC meds which are ingredients to make meth, need an ID.
Does it include controlled substances? Sure, I can pick up ibuprofen 800mg with just my name and DOB said verbally, but whatever is on schedule II (US term, but think Adderall) I required to show my ID.
While should companies tracking us to make more money affect our habits?
And you will now be informed about what is being asked for, as opposed to the current situation where if you are handing over your physical ID you may have no way of knowing what is being gleaned from it.
And being informed, you can choose to accept or decline. You can also question the need for it (the cashier won't be of much help, but inquiries can be done to head office).
1) show a digital ID where I can see that they are asking for much more
2) show my physical ID where they can see much more, they need
I mean, I'd pick #1 because at least it will be used just for marketing and not noting my address as I buy a lot of travel supplies.
Currently if you hand your id, the cashier could theoretically take a photo of it but it's an extra (and awkward) step, and then someone would have to figure out how to extract the data and make it usable.
It is not about requiring ID for all transactions, it is about when ID is actually asked for (which may not be every time), the information can be provided in a more privacy-friendly way.
Since the phone would authenticate your age as well as give the payment information.
It’s pointless to ask someone who’s clearly in their fourties for an ID in this case.
The people building this know nobody wants to hand their phone over to the police.
Having your license confiscated when it doubles as your wallet, MFA device for work, and primary communications device sounds like a disaster.
In principle the police Wallet reader could have a function to virtually suspend the license, instead of physically confiscating your phone.
I wonder if they thought of that, and I wonder if police would use the option or confiscate the phone anyway.
I installed an RFID app from the Apple app store (3rd party, not from Apple) and it couldn't read the chip in my passport. Perhaps Apple's firmware was filtering those out at the time?
I wonder if this is some zero knowledge proofs here or what? Reading the passport and its chip implies some terminal authentication capabilities coming from Apple devices. Passport would not allow reading sensitive data from the chip unless the terminal is valid.
Another question is if Apple is allowed to read your biometric data?
They’ve had some form of this for ages with Apple Pay
It seems (again, if I'm reading correctly) that you only really need a private key in order to issue a passport.
Issuing a passport is a different issue entirely, since you need a country's document signing key.
(There are national-level databases, but presumably not every country has access to every other country's database.)
Countries don't need access to database. They need to validate public key / hashsum is valid (or something along those lines).
Passport chips aren't that complex, especially not American ones. You just need to transmit part of the MRZ to unlock them (Other ICAO compliant passports have slightly different requirements, still all easily doable for any smart phone with NFC transmit)
The Apple ID isn't a ZKP - IIRC they're doing a CBOR representation of the claims which is signed with their own cert.
https://blog.trailofbits.com/2025/10/31/the-cryptography-beh...
It's $165 per 10 years if you don't lose it or $65 if you just need in place of national ID (i.e. no international travel). I think anyone can save up that much in 10 years, renewals a bit cheaper btw.
> Local state ID cards don't prove citizenship.
No, but to get a Real ID in any state you have to prove you're in the country legally, and in some states to get any form of ID you have to prove that.
It's pretty slick.
No ID, nor Board Pass needed.
Just walk up to TSA, and only facial recognition is needed. It's extremely fast too.
When I was in LAX last week, facial recognition on entry was only for US citizens anyway, and for it to work they need to take a photo of you when you're leaving. I don't see how it helps ICE in any way, plus it's handled by CBP.
Also, it didn't work on me, because I left clean shaved and returned with a beard.
I've definitely avoided photos on exit and used it coming back in, so I'm not sure this is accurate.
I reject it because I don't believe in a world where rampant facial recognition should be the norm.
I thought it was pretty neat, but felt super invasive.
CBP facial recognition is far less invasive. It's not an instance of "rampant facial recognition" in my opinion. There is really no downside, "they" already know you might be at the airport because you booked a ticket, since most US airports don't let to the air side without a ticket. You are already on bunch of cameras inside the airport, including right when:
1) your ID verified by human or by a kiosk
2) when you drop off your bags
3) when you board the plane
4) every other time you have to show your ID or boarding pass
You do you though.
If they know that already, then they don't need to use facial recognition. It acts as a de-facto endorsement of the idea that it should be used everywhere else in society, which is what my issue is.
I also lived in Japan for a number of years and I'm familiar with their system at the airports. Japan is not America and I do not find it useful or interesting to compare the two approaches; when I lived there - and indeed, whenever I go back - I'm aware of and resigned to the aspect of that society not giving a shit about it all. I do not think America needs to be the same way.
ICE and CBP are both part of DHS. This data is going to be abused, if it is not already.
What happens if the government can now perfectly enforce that people under 18 can't do X or Y?
Since most of that "digital ID" manifestations are just pixels on a screen, these are not a problem to fake pixel-perfect.
I did some limited travel during the COVID era, including areas that did not want to recognise my country's digital vaccination certificate. I presented them with a pixel-perfect picture of their own country's digital vaccination certificate. It's easy to copy from a screen of a friend, and it's not complicated to create your own Apple Wallet pass that looks like the one you want.
Eventually in a system like that they may refine their procedures and then you get dinged essentially...
"The guy who went to jail" could be unvaccinated (or even infected) and presenting other people's certificates to enter an area for vaccinated people only (e.g. hospitals) where he might have endangered other people's lives; that's something that might be deserving jail time. I was vaccinated however, and by all means had the right to enter that shopping mall; I just wasn't able to prove it to the imperfect system that was there to check.
Digital IDs can't be faked. The only way to fake them would be to convert them to physical (what you did) and hope that the physical ID gets accepted.
It feels healthier for the enforcement apparatus to have a budget, in terms of material personnel or time, that requires some degree of priority-setting. That priority-setting is by its nature a politically responsive process. And it’s compatible with the kind of situation that allows Really Quite Good enforcement, but not of absolutely everything absolutely all the time.
Otherwise ossification feels like exactly the word, as you said, stavros: if it costs nothing for the system to enforce stuff that was important in the hazy past but is no longer relevant, nobody wants to be the one blamed for formally easing restrictions just in case something new bad happens; 20 years later you’re still taking off your shoes at the airport. (I know, I know, they finally quit that. Still took decades. And the part that was cost-free—imaging your genitalia—continues unabated.)
You normally aren't carrying your passport with you, right? So even if lower security, the chance of that information being swiped is generally lower.
Phones are pretty high profile targets, this makes them more so.
I do like the idea and the convenience, but I'm definitely wary of these things too. Especially in the modern tech world where security is often being treated as a second thought as it is less impactful for sales. I'm pretty sure it is always cheaper to implement the security, but right now we're not great at playing long games and we like to gamble. Humans have always been pretty bad at opportunity costs. We see the dollars spent now and that seems to have far more value than what you save later.
On the other hand, currently US citizens are not legally required to walk around with their IDs on them. That's not true for non-citizens btw. You should have to just give the officer your name, but they can detain you while they "verify your identity." With an ID becoming frictionless and more commonly held on person, will this law change? Can we trust that it'll stay the same given our current environment of more frequent ID requests (I'm trying to stay a bit apolitical. Let's not completely open up that issue here?). I'd say at best it is "of concern." But we do live in a world run by surveillance capitalism.
There's a really good example I like of opportunity cost that shows the perverse nature of how we treat them. Look at the Y2K bug. Here on HN most of us know this was a real thing that would have cost tons of money had we not fixed it. But we did. The success was bittersweet though, as the lack of repercussions (the whole point of fixing the problem!) resulted in people believing the issue was overblown. Most people laugh at Y2K as if it was a failed doomsday prediction rather than a success story of how we avoided a "doomsday" (to be overly dramatic) situation. So we create a situation where you're damned if you do and damned if you don't. If you do fix a problem, people treat you as if you were exaggerating the problem. If you don't fix the problem you get lambasted for not having foreseen the issue, but you do tend to be forgiven for fixing it.
Just remember, CloudStrike's stock is doing great[0] ($546). Had you bought the dip ($218) you'd have made a 150% ROI. They didn't even drop to where they were a year previously, so had you bought in July of 2023 ($144) and sold in the dip you'd have still made a 50% profit in that year... (and 280% if you sold today).
Convince me we're good at playing the long game... Convince me we're not acting incredibly myopic... Convince me CloudStrike learned their lesson and the same issue won't happen again...
Look at Germany where they outright refuse to acknowledge emails as a legal notification / correspondence so everything still gets sent as letters and fax. It's extremely slow and cumbersome.
Also it will help for security as the central service can authenticate you, instead of every little hotel and bank branch, etc. keeping a copy of your passport.
Once everyone is mandated to carry digital ID, then possibilities to track population open up.
[1] to paraphrase one many excellent John McCarthy-isms: http://jmc.stanford.edu/general/sayings.html
Digital ID doesn't have to report your location either, depending on the implementation. It's not like it's a given a digital ID system has to give your location.
An SSH key is a digital ID. Does it report your location when you use it? A GPG key can be a digital ID. Does it report your location when you sign something?
I’m against “let’s hold all progress because a few states can go backwards faster than they’ve been” perspective.
Yes, I realise governments already have some powers to view private data, but they have to do a lot of legwork to link data to specific people. They'll always get false positives, false negatives, duplicates, etc. And they'll miss a number of platforms that have data on the person of interest. Digital ID combined with a mandatory identity platform and data retention requirements will make law enforcement far more efficient and give governments unprecedented power over what we see, hear and say online. The government will have a complete list of all the platforms on which you authenticated with their Digital ID.
We're already sleepwalking into this. In Australia, we have the under-16 social media ban taking effect next month. We're also in the process of rolling out our Digital ID, which has an OAuth/OIDC-based identity system. Numerous government departments have already integrated with it. It opens up to private sector integrations in December 2026, just in time for all involved in the under-16 social media ban to realise it's not working effectively and for Digital ID to save the day. The law states that Digital ID is a voluntary means of identification and other methods should always be offered, but the UX of OAuth 2 vs. uploading photos of your ID documents and a selfie, and waiting for it to be reviewed, will make Digital ID the de facto standard for Australians proving their age and, in the process, permanently linking their Digital ID Identifier to all their social media accounts. That includes "anonymous" ones like Reddit. And integrators can apply for an exemption to Digital ID being voluntary on their platform, making the case that the per-user cost of complying with the law without Digital ID is prohibitively expensive.
Once Australia rolls this out to social networks, it will keep expanding until virtually everything is captured.
Governments can do that today already. Digital IDs don't contribute anything to this. They just make our lives easier, not governments'.
> but they have to do a lot of legwork to link data to specific people. They'll always get false positives, false negatives, duplicates, etc.
Those false positives/negatives, duplicates affect real people too. That's just a case for digital IDs, not against.
> and, in the process, permanently linking their Digital ID Identifier to all their social media accounts
How do you reach to that conclusion? How are they permanently linked? It's perfectly possible to verify your age digitally without permanently linking your ID with your social accounts.
> Once Australia rolls this out to social networks, it will keep expanding until virtually everything is captured.
Again, that can be done without digital IDs. You're holding the wrong front here. Privacy invading laws should be fought, but the public shouldn't be kept away from the convenience and privacy gains of digital IDs. It makes no sense.
This is just straight up not true for the EUDI which is probably the most serious and advanced approach to digital ID. The wallets are decentralized and the government does not see the individual authentication transaction in any way.
A person without an iPhone (or not utilizing it fully) does not deserve suspicion. It's not a crime to opt out of the mainstream iPhone sociology. It is not right to treat a person who is e.g. elderly, or for some other reason has "fallen" behind the digital divide, as an inferior person with fewer rights and privileges.
It's reliably in tech peoples' blind spot, when thinking about how to make things "efficient" for the common case, one that reflects their own experience, to not think or care about the less-common cases that don't affect them. See: digital-only payments[0]. But being banned from shopping in a few hipster stores is a small thing compared to being wrongly jailed!
While it may not be moral, our entire world and society are set up to treat folks with more resources as superior people with more rights and privileges. Poorer folks fall behind the digital curve just as readily as they fall behind the professional, educational, etc. ones. Who you are born as and where that takes place is still one of the driving factors of your rights and privileges. It's certainly noble to fight that (just to be clear that I'm not arguing for digital IDs as somehow valid because the rest of the system is already unjust).
I don't know about that. Ability to buy more != superiority and rights and privileges.
I know a bunch of people who disdain the ultra rich and see them as the opposite of superior if anything. And rights are the same for everyone...
Not counting times when id was exchanged for another id, I believe I was asked to show the physical card maybe twice (in six years), one of those was for voting, the was in healthcare. Guess how white I am, lol.
Digital thingy zo, that needs button pressing every time I log into whatever government or goverment-related things.
So you are kind of right
85 more comments available on Hacker News
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.