I was showing a real QR code -- that was issued to a person who wasn't me. As soon as that produced a big green checkmark on anyone's QR scanner, I was in.

Then you're hoping they won't try to match the info on the screen with the info on the paper, which is very easy to foil (just don't skip the check).

If they need to match with the info on paper it's not clear what the case for "digital id" is? If one needs to present "digital id + paper id" one can simply present the paper id as they do today.

They won't. They'll just check the digital ID. I said you can't fake a digital ID, you said you've faked a physical ID, which isn't really relevant.

Digital IDs can't be faked. The only way to fake them would be to convert them to physical (what you did) and hope that the physical ID gets accepted.

That's kinda theoretic discussion by now. As the whole COVID thing is behind us, we can probably look at all the money that were spent in the world to create vaccination certificates, sign them, create the distribution network, distribute the certificates, build the verifying scanners, purchase them en-masse and pay the thousands of people who were standing at the entrance of numerous shopping malls and using these scanners to check the QR codes, only to create a system that is trivially bypassed by using a jpeg file.

I'm not sure how this relates to the main argument that "digital IDs are bad because they lead to perfect enforcement".

My argument is that “digital ids can’t be faked” is a bad argument, and if you rely on it to prove a point then it might be a weak proof.

(Digital IDs indeed can’t be faked but usually they are a part of a process that can be easily bypassed by using something that presents itself as a valid Digital ID even if it’s not.)

They'll be a part of a process that can be easily bypassed until they're the only thing that's accepted.

I don't think they will, as this will leave a significant amount of population without ids. The fallback will always be there.

Credit cards are a great example: they can't be faked, however while the cryptographers are sitting on their high hill and patting themselves on the back for doing great job, the credit card fraud rings billions of dollars every month. It doesn't happen because of fake cards -- it happens by exploiting the flaws in the whole process that a (non-fakeable) card is a part of.

I know a guy who went to jail for that. He was in the news and everything. Banned from this country for life. Warned him that what he was doing was a stupid idea, he was even doing it for others who also got arrested...

I don't know what "that" was, and again, I had both the vaccination and the digital certificate to prove it; the system in place would not accept the real documents, so I fed it with other documents that it did accept.

Showing a QR code that belonged to someone else, like you know, the thing you said you did

Eventually in a system like that they may refine their procedures and then you get dinged essentially...

The people who check your QR code with scanners on the entrance to a shopping mall (and refuse to let you in unless the scanner shows a green mark) are not the police nor the prosecution, and I have a good case to present to a judge in any case.

"The guy who went to jail" could be unvaccinated (or even infected) and presenting other people's certificates to enter an area for vaccinated people only (e.g. hospitals) where he might have endangered other people's lives; that's something that might be deserving jail time. I was vaccinated however, and by all means had the right to enter that shopping mall; I just wasn't able to prove it to the imperfect system that was there to check.