The scheme from the Danish government, shared in another comment, avoids the sharing by allowing token to be used only once, and, because the government issues the tokens, it can block people from getting tokens if they detect abuse. This can be done by rate-limiting, geoblocking and all sorts of techniques.
Remember that the function of the anonymous token is to not allow the service provider (like an OS, or a a website) to see your identity. This still allows the government to see which service provider you are using.
Hopefully the service provider can form pools yo block the government from knowing each individual website, but that’s not a given.
Because then you can share the token and everyone can use it
I’m sure a more robust solution is possible though.
The scheme from the Danish government, shared in another comment, avoids the sharing by allowing token to be used only once, and, because the government issues the tokens, it can block people from getting tokens if they detect abuse. This can be done by rate-limiting, geoblocking and all sorts of techniques.
Remember that the function of the anonymous token is to not allow the service provider (like an OS, or a a website) to see your identity. This still allows the government to see which service provider you are using.
Hopefully the service provider can form pools yo block the government from knowing each individual website, but that’s not a given.