I think the Estonian e-Card scheme is the right one despite hiccups in its implementation and ID verification should be the domain and responsibility of governments. Each ID card has an embedded private key-public key pair and you can sign to reveal your identity without having to resort to giving away anything else about yourself. There is already a zero-risk way for customers to verify themselves, so giant ID databases are a step backwards.

Many other countries in Europe can do it as well.

    The electronic identity cards of Austria, Belgium, Estonia, Finland, Germany, Italy, Liechtenstein, Lithuania, Portugal and Spain all have a digital signature application which, upon activation, enables the bearer to authenticate the card using their confidential PIN. Consequently they can, at least theoretically, authenticate documents to satisfy any third party that the document's not been altered after being digitally signed. This application uses a registered certificate in conjunction with public/private key pairs so these enhanced cards do not necessarily have to participate in online transactions.

[0] https://en.wikipedia.org/wiki/National_identity_cards_in_the...

Germany has an electronic ID card that can be used to certify identity, or only age, or only uniqueness, for a few pennies per auth. There's an app that lets you use your Android phone as a scanner, paired over wifi.

Yet I've never seen any company use it. Everyone uses slower, more expensive private services that don't ask any questions about what you're going to do with the data they collect.

>I'm sure they're not as lax as Equifax

I am too, but that's not an endorsement. And more pertinently, that is nowhere nearly enough.

Every database of value tends towards uncontrollable sharing over time. The more available and more valuable it is, the harder it is to fight that trend.

The best thing for humanity is to stop making high-value data hordes like this. Unfortunately, the interests of smaller groupings are the reverse.