Oh boy. Considering that the most authentication that happens seems to be based on government IDs (which are well within the capability of any government to fake in such a way that a random startup would be fooled), this could actually be a serious problem for any dissident who is high-profile enough to attract personal attention from a state.
(On that matter though, how hard is it to fake a convincing scan of a government ID? Do any GDPR data controllers actually verify with the authorities that John Example has a passport with number soandso that expires on soandso?)
(On that matter though, how hard is it to fake a convincing scan of a government ID? Do any GDPR data controllers actually verify with the authorities that John Example has a passport with number soandso that expires on soandso?)