Internet Identity (Passkeys) definitely figerprintable, right?

Hi -

My questions are about some services available from Web3 and Proton:

Web3 calls it Internet Identity

Proton calls it Pass (allusion to Google Passkey?)

Are they safe that is the first question? Are they private? I think they offer convenience but may figerprint you, right?

Passkeys are per-website, they shouldn’t be cross-identifiable but they WILL (by design) identify you to a website (obviously)


Proton Pass has nothing to do with passkeys.

Passkeys is the name of the industry. Google, Apple and Microsoft adopted this name because it’s more recognisable for normal humans but it isn’t anything different from FIDO2. The companies have set to provide solutions to sync the passkeys across devices essentially like you use password managers today. Some password managers like Bitwarden (announced) and 1Password have adopted passkey sync support as well.

And no they are not fingerprintable. At least we have not seen anything methods of doing so.

You are confusing and mixing up a lot of things here. Also the web3 thing isn’t the same.
This is just one service that uses passkeys to identify you at their service. If you use this “Internet Identity” service like a single sign on solution with SAML or openid then yeah it becomes one single identity to sign you in and that is a bad idea. Just do not use that.


Thank you. I’ll select yours as the answer but the previous one is a good beginning of the conversation as well. Just saying that want to give credit to the other person that gave some input.