Imagine a digital driving licence that proves you are over eighteen without showing your address. That is selective disclosure: the verifier receives less.

Now imagine you present the proof at three shops. Each receives no name and no birth date, but each presentation contains a stable value derived from the same credential. If the shops compare notes, they may learn that the same unnamed person visited all three.

That is linkability: the verifier can connect events.

The two properties answer different questions.

Less data, same trail

Privacy marketing tends to describe the contents of one transaction. “Only the necessary attribute is shared.” This can be accurate while ignoring the trail formed by many transactions.

The European Data Protection Supervisor has warned that commonly used credential formats may provide selective disclosure without full unlinkability. Stable identifiers, attribute hashes or issuer signatures can allow repeat recognition, especially when relying parties collude.

There are mitigations: one-time credentials issued in batches, domain-specific pseudonyms, anonymous credentials and zero-knowledge proofs. None is magic. Batch issuance complicates revocation and operations. Pseudonyms intentionally preserve some linkability inside a domain. Advanced proofs need mature implementations and agreed standards.

Ask the two-question version

When a wallet says it shares only what is needed, ask:

  1. What does this verifier learn from this presentation?
  2. What can this verifier—or several verifiers together—learn from repeated presentations?

The first question is about disclosure. The second is about the shape of a life over time.

Good privacy needs both. A minimal answer that leaves a durable trail is still an improvement over handing over a passport scan. It is simply not invisibility, anonymity or unlinkability, and should not be sold as though those words were interchangeable.

Source