So Italy's IO app https://github.com/pagopa/io-app (wallet, documents, age verification) continuously refuses the users' request for GrapheneOS support and requires google.
Nothing will change until the lawsuits start coming in.
The only hope is the motorola/grapheneOS collaboration and consumer associations, that might sue for anticompetitive behavior.
Make noise on any channel for the apps that require play services, it will help in the future if the lawsuits start, since it will show user support for the initiative.
It's also the fact that it forces each citizen to pay a few hundred Euros to companies which then campaign against their very rights.
Citizens get no support of any kind in case of issues, and has to enter a contractual agreement which is ridiculously asymmetrical, where the company has little to no responsibility of any kind, but has very ample rights to track the other party in extremely creepy ways.
But ... the alternative is that the government actually pays a bit of money to fix the situation! To support their solutions. To actually develop them for enough devices. To secure them ... Plus the services the government made are way more invasive than the Google/Apple ones.
In addition to the money, actually using them would be hundreds of times more complex, and they don't have the provisions Google has, for example accessibility and security services (like actually stopping people stealing accounts on a large scale). All of this can be done, easily even, but it isn't. Politicians don't want to.
Special-casing support for GrapheneOS would be a band-aid, they should find a way to avoid requiring remote attestation in the first place, so anyone can use whatever OS they like.
Android Key Attestation produces attestations that are signed with a certificate chain rooted in the hardware vendor's root. If you use Key Attestation on GrapheneOS on a Pixel device for example, it attests that you're using GrapheneOS's AVB keys, but that attestation is signed by a Google certificate chain.
As a technical point, note that however there is no legal requirement to follow this reference. Wallet providers can choose a different implementation.
The lawsuits, sadly, won't matter. "Security" (or, rather, totalitarian control!) is more important than the 1% of nerds who care enough to tinker with their phone.
It's not 1% here though... Graphene has 300k users worldwide. There's 8 million absolutely illiterate and 150 million functionally illiterate people in Europe for comparison on scale here.
"functionally illiterate" means that while you can read your native language, you will not correctly understand what you have just read.
Rates seem to vary state by state, from as low as 8% (denmark) to 43% (romania).
It's also not a clearly defined target, since it would be better to have rates based on the reading comprehension of the average school at year X or something similar.
I'm curious about this definition, just because it's not something I've ever considered before and googling seems to muddy the water even more.
Is it "functionally illiterate" if you can read the language aloud and not understand it, if you also wouldn't have understood the same thing spoken to you? That seems like it's about comprehension ability, not literacy.
Although one thing that just occurred to me is that if your reading level is low, you might be using all your cognition on reading so that you don't have spare capacity to understand as well - that's frequently the case for me with e.g. Chinese where I can read an entire passage out and then the teacher asks what the passage was about and I'm just thinking "I dunno, I wasn't thinking about that but I think I understood everything".
And that's definitely a different problem to being able to sound out the words, but just having no idea what those words mean, whether you read them or heard them.
And does it have to be your native language, or in any language? Not trying to nitpick, it just feels like the phrase can be usefully applied to a foreign language too.
posters upthread are talking about comprehension and value systems, not literacy.
"functionally illiterate" is the brush that one paints with when describing people of opposing political viewpoint or lower socioeconomic status, for example.
> Guidance tells us the average reading age in the North East is lower than the national average at between 9 to 11 years. To put that into context The Guardian Newspaper has a reading age of 14 and the Sun Newspaper has a reading age of 8.
Health literacy specifically is a major problem in healthcare
> 1 in 4 (26.7% / 931,000 people) adults in Scotland experience challenges due to their lack of literacy skills.
I find that page somewhat ironic as they claim 18% is one in six, but 17.4% is one in five. Seems numeracy is as big a challenge.
The US is no better according to wikipedia
> In 2023, 28% of adults scored at or below Level 1, 29% at Level 2, and 44% at Level 3 or above
> Adults scoring below Level 1 can comprehend simple sentences and short paragraphs with minimal structure but will struggle with multi-step instructions or complex sentences
> Adults scoring at Level 3 or above are considered "proficient at working with information and ideas in texts
Why are you surprised? Europe has 700 million people. Think of the average construction worker you know, do you think they could read and correctly summarize any moderately complex article? Think an article about inflation or evolution or heat pumps or investment funds, etc.
Fairly sure that in most countries the average person reads less than 1 book per year, so half of the population reads less than that. I know people who haven't read a book since highschool, when they were forced to.
There is too much corruption, nothing can be done at this point.
Atleast CIE app works on graphene for now so I can do everything else on the web.
If they block that idk what I would even do.
I do occasionally suspect corruption, but neither Google nor Apple have any incentive to pay off officials to get this passed. They can't beat each other, and the rest of the mobile OS'es is no threat to their revenue.
Google and Apple's odds of being caught are too high to expect they would risk it. They have more to lose if caught than they have to gain.
Obviously some companies do despite the risks, I wouldn't expect this of any individual company, but as a whole some company will once in a while anyway. So stay vigilant.
Honestly, as long as the architectures is fatally flawed (Even if convenient) it's just bandaids over a larger issue.
These mobile id's are too powerful, signing contracts, transfering all your funds or taking loans, regulation is also papering it over a bit by requiring high-stakes lenders,etc to do additional checks.
Germany was going in the right direction imho, they NFC enabled their ID cards (Sweden has info on them but no enablement procedures) that is then paired with the app, so the card acts as a 2nd factor that makes the app itself less of a security issue since a user will be required to physically enable it (sadly the NFC pairings are kinda fiddly.. but I'd take that as a security option for all non-trivial transfers).
> These mobile id's are too powerful, signing contracts, transfering all your funds or taking loans, regulation is also papering it over a bit by requiring high-stakes lenders,etc to do additional checks.
Many countries in the EU already have all of that just done though some national equilevant system (for example here in Finland mainly with bank credentials).
And in fact additonal checks are done when enough money is moving. For example when I signed my bank loan for an apartment I had to sign it again after 24 hours just to be really really sure that I wanted to sign it.
For smaller (but still big enough) stuff a second "second factor" usually kicks in usually in the form of a sms verification after the actual proper login with bank credentials (which has a proper 2 factor auth in itself too)
Even relying on Android's hardware attestation API instead of Play Integrity is an attack on digital autonomy in my opinion. Any security feature which relies on remote attestation of the users entire platform is government overreach as it ultimately gives the government the power to choose what operating systems are acceptable. It is only a matter of time before this power will be misused to put pressure on OS developers to install backdoors for the intelligence agencies. And no, asking people to own two smartphones is not a solution to this problem.
Anonymous digital age verification based on a suitable ZKP scheme and/or blind signatures does not require a general purpose operating system, it just requires a few cryptographic primitives and a set of device-bound keys. It is not too much to ask that the EU develops a specialized hardware token with these exact capabilities and offer them for free to all citizens as an alternative to the app. This also gives the citizens of EU the freedom to choose not to own a smartphone without having their access to digital services severely restricted.
Exactly, I'm not sure what benefits hardware attestation offers to the government. Sure, it's potentially useful for the customer that they can trust their keys are secure on their device, but it kind of misses the point.
It should really be an open-source specification that defines a standard protocol, but where the device just signs a request that it knows has come from a trusted source (so maybe signed by the government's key) with a key that the government's API knows that represents you.
So, I'd envisage something like government portal lets you add a bunch of public keys, one for each device, and shares a public key of its own that can be used to verify any requests. Something that wants to verify your identity can request your public key, and ask the government API for a challenge token which it passed back to you. You can verify the challenge token is signed by the key you trust, you can sign the challenge and return it to the app, which can pass it back to the government API which can then grant access to whatever subset of information they requested (and the challenge key can include enough information for the signing app to present a meaningful request).
Very simple in terms of protocol. Only the government needs to store any of your private data. If an application just needs to know if you are of a sufficient age or not, that's all the information it gets. If you lose your device you can easily revoke your keys and add new ones.
Sure, a specific implementation on a phone might want to use hardware attestation in order to keep its keys safe, but there's no reason that it has to be mandated. A well designed public key system should be sufficient leaving the implementation to safeguard its keys, while providing a simple way to replace keys if needed.
I think the reason these systems require device bound keys is because the government is concerned with easily mass-produced forged age certificates. With software keys you can get an age certificate which can be copied instantly to a large number of devices, with hardware keys the government knows that the certificate is tied to a single physical unit.
Again, at this point, they're taking things too far,age gates shouldn't need to be an impenetrable fortress (notwithstanding the question of whether they should exist in the first place).
It should simply be the adult account on the device is notified if the device is rooted, effectively no longer in child mode. Go crazy with the warnings on both devices if you want as they've opted in at that point.
I'm sorry but clearly the introduction of these apps with these requirements in the near past and near future represent regression over time rather than improvement.
I think it was last year that there was a good presentation from them about how they were going to use ZKP and it was indeed very trust inspiring. But do you think the latest digital wallet solution from eg Danish government uses ZKP? Of course not!
I have to say that the tune they play at FOSDEM and what we see put into production are just two different things.
Not really. EU is actually trying to decouple. But in many cases there are not any homegrown alternatives to support. There is not a single company in EU that could replace, even a considerable part, of software stack provided by Google and Apple.
And, unless the regulatory environment changes., there probably never will be.
Thr answer to US tech giants are not homegrown EU tech giants, but international free software (Free as in Freedom). We already have free operating systems: Linux, BSD. Office software: LibreOffice, etc.
EU regulators have stop listening to tech company lobbyists.
The money can't all come from the state. If the EU wants to compete, it should create a common market worth its name where EU companies can raise billions like American ones. If that doesn't happen but we instead pat ourselves on the back for setting aside a pithy 5 million Euros in some EU budget to support open source, it's never going to happen.
> But in many cases there are not any homegrown alternatives to support
There shouldn't need to be. Realistically for something like this an EU backed highly-audited non-profit should be in place for permanent highly controlled services like this that do not rely on any non-EU entities for it to function.
For context, as yearly spending of 285 million €, that compares to building roughly 20 km of motorway, or 0.5% of EU's agriculture subsidies, or half what the German federal government pays Microsoft per year.
I'll believe it when I'll see it, for now I haven't seen any of the Android forks (LineageOS, EOS, GrapheneOS...) or Linux OS (Phosh, Plasma mobile, Ubports, ...) get any funds from the EU.
The US can call Austria in 5 minutes and with no burden of proof get the airspace permit for a head of sovereign state revoked and the plane swatted instantly upon landing, because someone might have been on board (he wasn’t) whose only real crime was embarrassing the USA by exposing their fundamentally unconstitutional lawbreaking.
Same goes with the prosecutors in Sweden; a phone call and the US got, not charges (as that would actually be official misconduct in Sweden), but enough of an official statement from a prosecutor to get the words “Assange” and “rape” in headlines together around the world by that evening.
European countries are, by and large, lapdogs of the USA. It’s sad. And then the US president turns around and stabs them in the back by threatening invasion and annexation, or complete disregard for the fundamental obligations of NATO members.
I really don’t know what the fuck the Europeans are thinking by playing the US’s stupid games. As we see time and time again, it won’t be repaid in kind.
Unfortunately the big game is opaque it's close to impossible to understand for the common folk. So many questions, so tough to grasp answers. Sickening. The enemy is hiding. One could say that paying the taxes in some form is a path toward a destruction. Phrases like "war economy" are lunatic. It all starts in your mind, and that's why it's the most important to protect your children from the propaganda. Take care!
Obviously, on both side (and beyond) they are nice people trying to plan good things without being too naive. But bragging all day through and destroy all that is in your power is both easier and more attention grabbing than discrete hard work at building better future for everybody.
> I really don’t know what the fuck the Europeans are thinking by playing the US’s stupid games. As we see time and time again, it won’t be repaid in kind.
I feel like the European relationship with the US can really be summed up by the 30 permanent military bases and 84,000 military personnel stationed in their borders and the underlying faith that it's for their own protection, except we better never ask them to leave just in case. Everything else sort of follows from that point.
84 thousand personnel (of which maybe 20 per cent are actual combat troops, given the standard tooth-to-tail ratios of modern mechanized armies) could perhaps occupy Denmark on a good day. For a continent the size and population of Europe, this is not a dominant force by any means.
Putin has about 700 000 personnel in Ukraine right now and isn't making any progress. Barbarossa took about 3 million personnel to start.
Europe will never have digital sovereignty from the US.
It will take 100 years and an extremely expensive, government-mandated reimplementation of every critical US tech service and company.
No EU country is putting up budget for this, and no private enterprise is going to do it because building a worse version of AWS just so that it is "European" makes no financial sense and would most likely just fail anyway.
Hetzner seems to be a pretty good example. It wasn't solely because of EU regulation, but once GDPR made it a worthwhile investment to companies to segregate their data, European data centers have been growing steadily.
Hopefully not. This hate towards good technology and innovation because you don’t like the current president is ridiculous. He’ll be gone in two years or so and then we’ll get back to normal.
> This hate towards good technology and innovation
Mine is to a collective people that vote in these people. I get that people can change, grow, evolve etc but I didnt trust a german for 60 years, I wont trust an american for at least a generation.
I agree with the premise but have the feeling that it’s less about the money. People here in Germany use WhatsApp and Instagram and Gmail and MS Office and Windows not because there are no alternatives but because they either don’t know or don’t care to switch. People are notoriously difficult to convince to switch platforms even if they‘d get more benefits on the other side. My mom does not want to touch any email client besides outlook and she does nothing but read and very occasionally reply to singular emails and she requires only the barest functionality of an email client. Half of my family gets a panic attack when the windows interface changes again. The idea of switching messengers recently in my rather tech sawy circle of friends has resulted in a multi day discussion with no real outcome mainly because some just don’t want to deal with two messengers while their friends and family remain unconvinced. We already have social media, hosting, email, operating systems, messengers and the likes from European providers. People just don’t want to switch.
If there is a higher level mandate or incentive to switch, people absolutely will - for example, if a government decides en masse to switch away from one OS or platform. [0]. This will likely be hugely influential, as then everyone who wants to communicate effectively with that government needs to make sure that they are compatible - which will likely drive adoption of the alternate technologies over time.
However, IMO the big challenge is MS Office - as much as people like to mention the FOSS Office alternatives, there's still a huge gap to cross before mainstream companies will adopt them. (To paraphrase, no-one gets fired for choosing Microsoft Office.)
Beyond this, on the more 'personal' level you discuss, the picture is more varied than you describe. Some people's elderly parents absolutely can and do switch to different email clients or browsers. Some groups of friends can and do switch messenger platforms - my personal comms are now split roughly 80:20 between Whatsapp (the default) and Signal. (It just took a determined minority deciding to switch, and the others followed.)
> We already have social media, hosting, email, operating systems, messengers and the likes from European providers.
Yes, but they aren't really competitive, as they currently aren't the easy/free/well-marketed/popular options that everyone defaults to when they first get a computer, or that their friends are already using. It's just network effect and inertia.
This can and will change if the need for a reduced dependence on the US continues to be front and center of people's minds. (Note this is mostly driven by the Trump administration's behaviour; the next president could probably heal many of these wounds and our European politicians will move one to caring about something else.)
Regulations create monopolies. Even when regulations are aimed at curbing the control of giants, smaller players usually can't afford them and lose market share. This is actually taught as a competitive advantage strategy in business school. Corporations lobby the government to implement laws that seem to hurt them but in actuality create an uneven playing field where marketshare becomes available due to the higher implementation cost.
> Aren't monopolies is what we end up by default if have no regulation at all?
No. Monopolies are only inevitable if the goods aren't elastic, if there is a large cost of entry into the market, or if its a market you can create a moat that is unsurmountable.
Many markets don't have that even with 0 regulation, but might have second order problems like firms creating unsafe products for example.
But in general regulations almost always even unindentedly raise the cost to enter the market. If you make a new regulation that food needs to be safe, then the company needs to pay a safety inspection that a small home-made recipe might not be able to afford (to give a simple example).
At the same time, we now have uber large corporations due to non elastic parts of supply chain (like land) or moats that are insurmountable (like access to US capital). In which case, the FCC should break up monopolies as the current market is not catering to end users and consumers but to owners, which is why the Stock market has been in a never ending bull run.
Don't bigger companies also often benefit from scale in multiple ways so it gets harder and harder for newcomers to compete? And if a newcomer does manage to get a foothold, it might get bought.
> Don't bigger companies also often benefit from scale in multiple ways so it gets harder and harder for newcomers to compete?
That is one of the ways a Moat can happen and a monopoly can occur. For example if you were the only person with a loom and everyone else had to make jumpers by hand, you could make them so cheap they would have to close down.
In some markets those ways you can benefit from scale exist, in others there are drawbacks. In many cases those advantages only exist due to either regulation or lac thereof.
For example ways companies might have an advantage is by manufacturing in cheaper countries, but that only works because those workers have less rights and the cost of transporting is not properly taxed. Carbon taxes on shipping would make manufacturing in China pretty comparatively priced to many european countries. But if you let them contaminate the ocean with crude oil boats, then their manufacturing prowess and cheaper labour cost will offset the shipping cost and destroy a newcomer.
These are very basic examples and they all require nuance but hope it helps to explain it a bit more.
Another example is restaurants, you used to have some advantages from being a chain, but you would still constantly see mom and pop joints compete and even win. But as rent prices keep increasing (the non elastic market of the ground under the lease), suddenly the advantages of scale start beating the disadvantages of worse food and service.
There is always imperfect information, there is no such thing as a perfect market and as a result regulation will always be needed to curb the excesses such as monopoly. Even if we had perfect information, humans remain irrational. This is a simple fact of life and the universe.
I don't think so. Because the theories about elastic markets and monopolies do have a high 'spherical frictionless cow` smell. And they are posed here as gospel. So while it might be a bit of an ad hominem to frame someone as a 120 year old it does succinctly point out a problem and hence adds information.
The same could be said for people who suggest regulation for every problem that comes up, even for problems that were caused by regulation. Maybe we have our blindspots, but the "regulate everything" crowd is much louder and more prevalent on HN than the free market absolutists.
Here's another ad-hominem (to another poster), cause you guys just cannot argue in good faith: Spoken like a true American who had long-forgotten nuance exists.
I mean, has there any empirical evidence disproven any of those base assumptions?
In econ the easiest part is to create a model, the hardest part is seeing it crash against reality. But the basis of monopolies seems to be pretty thoroughly tested. The biggest issues you have now are Chesterton Fence's. Were its hard to know what laws and regulations are therefore safety, parity and economic performance and ones are only creating friction with no benefit due to years of laws being put on top of other laws
I have never been nice, but I admit I have no better literary device to concisely express my sentiment towards your flawed position, to put it nicely.
I am pro-regulation, where regulation for me is busting monopolies, preventing tragedy of commons, setting necessary quality checks, forbidding forced labor. I am against regulation, when it's chat control, 100% tarrifs on whatever, forbidding working on Friday past 17:00 and completely on Weekends. < Why do I even have to point this out?
There's no nuance remaining in this world, people (the proselytizing nerd types) emotionally attach themselves to sophistry that is the spelled-out economic theories, while completely disregarding common sense. Missing forest for trees.
first comment was both cheeky and had a "i agree" at the end. Those are both niceties. Not sure why I would have to explain tone from mild critique to being a wee cu nt in back to back messages
> I am pro-regulation, where regulation for me is busting monopolies, preventing tragedy of commons, setting necessary quality checks, forbidding forced labor. I am against regulation
What does any of this nonsense have anything to do with me replying to someone who had a basic question about the non existance of monopolies in unregulated markets?
I explained the basic mechanisms for monopoly creation which are all easy math formulas that happen in bacteria growth too because "if nothing stops me I eat everything" is equally valid in any env where there is growth
> There's no nuance remaining in this world
coming from anti-intellectual "oh you know chesterton fence" responses is pretty ironic.
Btw if you are going to call people out for using big words maybe dont come out with the most 17 year old "people arent as smart as me as they emotionally attach themselves to sophistry while I am a nuanced rational ubermench". It reeks of intellectual insecurity.
i asked for empirical evidence against the mechanisms of monopoly creation because moats, regulation and inelastic markets are the most studied and reproducible mechanisms in anture, economics and any growth env. The formula just converges to infinity
> In short - fuck America.
its like 3am there, everyone here is asian and european rn... you are fighting windmills
The European Steel and Coal Community (precursor of the EU) was also involved in the effort to stop these. In general this has been something the EU has been involved in since its inception and the best action against monopolies is to not let them form in the first place (why there is so few of them in general in most developed countries. Though that is now slowly changing it seems)
The proposed regulations forcing everybody to use google or apple are ridiculous and very much the opposite of the kind of regulations we need though...
Unless regulations explicitely incorporate how to handle incumbents & newcomers. One instance of that is MMTIS (multi modal passenger information), which explicitly states innovation and new players as a goal. There are other similar examples.
> Regulations create monopolies. Even when regulations are aimed at curbing the control of giants, smaller players usually can't afford them and lose market share. This is actually taught as a competitive advantage strategy in business school. Corporations lobby the government to implement laws that seem to hurt them but in actuality create an uneven playing field where marketshare becomes available due to the higher implementation cost.
The only way to guarantee a monopoly is to have a total lack of regulation. It's known that every "free" market will tend towards monopoly due the 1% law. Regulations are the only way to actually guarantee free markets because perfect free markets only exists in abstract, not in reality. Sometimes, a free market is the wrong solution and you need a regulated monopoly instead and with identity that's the best solution. Why? Because identity is unique to the individual. A individual must (in theory) only have one identity and with very extreme and usually well documented exceptions, such identity doesn't change. The state is the one that must provide a good way for identity and if smaller countries doesn't have the resources, then big countries should provide for all. Also, it removes incompatibility inter-countries while keeping private interests out.
The state should have the sole monopoly on attesting to anyone identity. Because they are the only ones that are not affected by market conditions. This is how countries that have advanced in this topic actually work. If individual states can't reach a common solution, then the collective must do so. The collective failed here because it recommended a private solution rather than mandated a european one. Private sector must not dictate what or how identity is attested, because the private sector has it's profit pursuing agenda, state must evaluate solutions but it's up to the states to run them and implement them.
Market solutions are good for several things, this isn't one of them.
My intuition is that this is not necessarily true, but probably often true in practice but perhaps someone more educated on the matter can speak on that. It must also depend on the expensiveness of the regulation in question. Since in tons of areas regulations are absolutely vital so that for example our buildings don’t collapse, our food remains non-toxic and the medicine we buy is not the pharmacological equivalent to russian roulette the goal should then be to optimise the cost performance of regulations.
> Corporations lobby the government to implement laws that seem to hurt them but in actuality create an uneven playing field where marketshare becomes available due to the higher implementation cost
(nit: I assume you meant "marketshare becomes unavailable")
So you mean that regulations that are created based on lobbying by corporations help them become monopolies? Sure, that makes sense. But thats different from a blanket "Regulations create monopolies".
Because the smaller players can't afford to implement the new regulations they lose their marketshare and it now becomes available for the bigger competitors to absorb.
DMA seems explicitly written to only target monopolies, though (and seems like a surrender from the EU, since monopolies should be broken up and not get laws codifying their business models IMHO).
Can you imagine the collective screeching, across the White house, HN and Apple reality distortion field, that'd happen if EU attempted to breakup the American monopolies?
Electing to not do something impossible and framing it as a surrender is strange to me.
Working as intended. EU wants you to use a device and OS they can fully control. Don't comply with some new ridiculous regulation? Your app will be banned.
> EU App Store: Apple Removes Thousands of Apps Due to Digital Services Act Requirements
> Apple’s app removals follow the Digital Services Act, a European law requiring all app traders to display verified contact details, including address, email, and phone number.
Here in Germany we had court rulings saying the german railway (DB) must offer offline tickets that do not require a computer or smartphone to purchase to not discriminate against the elderly. I am pretty sure we will see similar rulings for EUDI wallet requiring Google/Apple.
There are AFAIK no plans to completely remove the offline ID everyone is currently required to carry, so I doubt there will be similar rulings for EUDI as long as it remains an optional alternative for people who want to use online services.
So when Google bans someone, that person also loses access to all apps that require digital ID?
I remember when a Youtuber asked live viewers to "vote" by typing emojis, and a whole bunch of viewers got their Google accounts banned for spamming[1]. Google is also famously averse to user support (understandable given the scale of their free services), so individual remedy is unlikely.
I can already see the new ransomware: "pay us or we'll send spam from your gmail and you'll lose your digital ID".
In the last 5 years so much of the legislative pressure is coming down to remove anonymous Internet access to save the children or protect us from some harm.
In the end it is all being used to track and control us.
"Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety." -Benjamin Franklin
Never truer words ever spoken. And yet we keep slipping down this slope again and again and again and it seems there is never a way to climb back out.
There's a relatively simple and much more open and secure solution to this: Make physical EU ID cards the attestation source, and require users to tap them against their phone for critical operations (high-value signatures, login on a new device or after repeated authentication failures etc).
That would solve the open hardware/OS "problem" on the device entirely, as there's no trusted hardware or OS signature required anymore. You could argue that this adds the possibility of a MITM attack on the phone (since you don't know what you sign anymore or who you are providing with your PIN, as the card has no display and no PIN pad), but I wonder if mitigating this is worth all the lock-in concerns that phone attestation goes hand in hand with.
As it is, all EU ID cards already have mandatory strong cryptographic authentication, but in a form that's usable only for in-person ID checks (under the corresponding ICAO biometric identity document standards), not for remote ID attestation. This is frustratingly close, but not what's needed.
EU should have mandated a user-facing authentication scheme using a random string as the only authentication factor for everything. Pretty much like the API tokens for contemporary enterprise software, except that they would be used by ordinary people and not by application developers.
And complement it with hardware tokens for highly sensitive applications.
Passkeys could have been that, but they were quickly subverted by the industry.
The problem is not that the ID wallets require Google and Apple. The problem is that we're getting eaten alive by this Big Brother called EU (lead by the UK initiatives) that is starting an unprecedented control over the population.
These ID wallets should be all optional, there should NOT be any age verifications.
I remember ~10 years ago when Europe was laughing at China's face detection systems to track citizens.
This is only reflects their market share for now. The EU legally forbids member states from making a smartphone mandatory to access public services. The EU explicitly anticipated the danger of relying entirely on the iOS and Android and designed the EUDI Wallet framework to allow for other physical form factors. For example;
Europeans do a lot of stupid things, but I believe in light of all the scandals we saw in recent times, you can't explain EU behavior and choices without accounting for corruption. EU division and different level among the different countries of wealth, integrity of political sphere, and different cultural biases make us the perfect target for bribes in order to control votes and choices. Not just promoted by external actors. The Chat Control is a great example: everybody understands how bad this is, the arguments are mostly a shield to avoid revealing the real agenda.
I really don't like how EUDI (OpenID4VP) works in the first place. IMO it should be scrapped and rebuilt from the ground up
It should be an open standard that's local first. Government issues certificate, user loads it into any supported client app on any platform (official, open-source, Google/Apple Wallet, etc). The user should then be able to selectively share data from the certificate with third-parties, directly between the client-app and the third-party, using an open standardized protocol/format. The important challenge is that we obviously shouldn't have to share the entire certificate (which would include all data in it), there shouldn't be a static subject pubkey which creates linkability between data-shares, and obviously we'd need privacy-focused data fields like {"isover18": true} in addition to full DoB.
A few years ago as I was working for a local government, a similar discussion started, but quickly finished after the project owner valiantly displayed her dumbphone.
Only months later did I learn that her husband was investigated for misappropriation of funds, so keeping a minimal digital footprint was important for her.
So, if the majority chose to get microchipped, you believe either we should force the minority to get microchipped against their will, or just exclude them from society?
It captures biometrics and is used across India to easily verify identification using OTP on mobile. Used across almost every sphere - bank accounts, passport, financial services like stocks/mutual funds etc.
You get a unique adhar-id (or can generate virtual IDs if sharing temporarily) to verify your identity across any service.
There seems to be no awareness from EU govenments about how much power we're handing over to two large outside companies. This incompetence in the leadership will cause a lot of harm over the years. This has been going on for a long time.
A little off topic, but does anybody else think that all these attacks on personal freedoms across the western world are very coordinated? Suddenly all countries are making social media ban under 16 laws. Same goes for centralized digital currency push.
Its all lining corporate pockets but what can we do? Europe needs sovereign smartphone infra but even if that existed people would still prefer Iphones.
The corporations have the tech and network effects on their side.
Is it out of character for the EU to push a half baked solution out that covers most but a tiny fraction of the population only to get sued later on and rule against its own idea?
Sarcastic view: Doesn't matter - the EU wont listen, then pull a surprised pikachu and make laws to force googles play integrity to attest that other devices are genuine, because obviously, the problem is google, not stupid design decisions made while creating the app.
Time to reach out to your MEP's! I would imagine the id could web-based for example which would make it much less dependent on the Google's or Apple's "SAFETY" services.
Its simply unreal that the EU is pushing that in order to participate in society that I must accept the TOS of Google or Apple.
God help you if you need to try and fix a serious problem. Sorry, you loaded a video of the first dance of your wedding to YouTube and now have a copyright strike, now you can't file taxes.
Hopefully you are famous enough on Twitter to get someone in Google to fix this.
Big facepalm... EU had really only one job with the EU wallet... And missed the point completely. GrapheneOS is probably closer to EU data security and privacy standards than Android or iOS.
This quite literally validates those "tinhat conspiracy" folks, honestly the EU are not doing us or themselves any favours here. If it is intended to replace cash then it should function like cash. This limitation is draconian.
There is one thing after the next, under Von der Leyen and Metsola, its ridiculous.
5 years ago, some smarty pants would've worked out how to implement digital ID wallets on the block-chain, and there would've been some uptake for it in the European environment .. these days however, it appears everyone has given up on that idea and defaulted back to the fascist approach (corporations doing government work).
> Governments are cementing a monopoly they claim to oppose
Duopoly but yea. Because there is no third alternative. Microsoft failed/gave up with Windows Phone. The people trying to fix secure government services can't really tackle that issue, but the systems needs to be built now anyway.
There are viable third alternatives which do not require building a full smartphone stack. The national eID in Denmark, MitID, is an app "protected by" Play Integrity, but at least there are two non-smartphone alternatives available in the form of either a TOTP code generator or a FIDO2 chip which you can get for free if you can't or won't buy a smartphone.
Age verification solutions could also be built on dedicated hardware tokens, even though the tokens required to build a ZKP or blind signature based solution may not be available off the shelf right now.
The problem was always that the government could ban you from society via the banks banning you, and you having no recourse because it was a business exercising its right to not do business with you.
Without the proper laws and proper leaders of law enforcement that protect an individuals’ right to transact, one’s rights were always just a technological advance away from being taken away.
Because Apple has always been a closed platform whereas Android started out being relatively open. For Android there is an alternative to Play Integrity which would enable governments to get remote attestation assurance on non-Google Android based operating systems like GrapheneOS, but that alternative does not even exist in the Apple ecosystem.
So Italy's IO app https://github.com/pagopa/io-app (wallet, documents, age verification) continuously refuses the users' request for GrapheneOS support and requires google.
Nothing will change until the lawsuits start coming in.
The only hope is the motorola/grapheneOS collaboration and consumer associations, that might sue for anticompetitive behavior.
Make noise on any channel for the apps that require play services, it will help in the future if the lawsuits start, since it will show user support for the initiative.
It's also the fact that it forces each citizen to pay a few hundred Euros to companies which then campaign against their very rights.
Citizens get no support of any kind in case of issues, and has to enter a contractual agreement which is ridiculously asymmetrical, where the company has little to no responsibility of any kind, but has very ample rights to track the other party in extremely creepy ways.
In addition to the money, actually using them would be hundreds of times more complex, and they don't have the provisions Google has, for example accessibility and security services (like actually stopping people stealing accounts on a large scale). All of this can be done, easily even, but it isn't. Politicians don't want to.
https://www.itsme-id.com/business/platform/identification
https://france-identite.gouv.fr/
https://english.rekenkamer.nl/latest/news/2023/03/29/digital...
1/3 of the population functionally illiterate in Europe seems beyond wild to me.
Are you talking about technical illiteracy? security illiteracy?
Or do you mean they can't read english, which is a very different thing.
How good this can become?
Rates seem to vary state by state, from as low as 8% (denmark) to 43% (romania).
It's also not a clearly defined target, since it would be better to have rates based on the reading comprehension of the average school at year X or something similar.
Is it "functionally illiterate" if you can read the language aloud and not understand it, if you also wouldn't have understood the same thing spoken to you? That seems like it's about comprehension ability, not literacy.
Although one thing that just occurred to me is that if your reading level is low, you might be using all your cognition on reading so that you don't have spare capacity to understand as well - that's frequently the case for me with e.g. Chinese where I can read an entire passage out and then the teacher asks what the passage was about and I'm just thinking "I dunno, I wasn't thinking about that but I think I understood everything".
And that's definitely a different problem to being able to sound out the words, but just having no idea what those words mean, whether you read them or heard them.
And does it have to be your native language, or in any language? Not trying to nitpick, it just feels like the phrase can be usefully applied to a foreign language too.
"functionally illiterate" is the brush that one paints with when describing people of opposing political viewpoint or lower socioeconomic status, for example.
https://www.southtyneside.gov.uk/article/16247/Public-Health...
> Guidance tells us the average reading age in the North East is lower than the national average at between 9 to 11 years. To put that into context The Guardian Newspaper has a reading age of 14 and the Sun Newspaper has a reading age of 8.
Health literacy specifically is a major problem in healthcare
https://literacytrust.org.uk/parents-and-families/adult-lite...
> 1 in 4 (26.7% / 931,000 people) adults in Scotland experience challenges due to their lack of literacy skills.
I find that page somewhat ironic as they claim 18% is one in six, but 17.4% is one in five. Seems numeracy is as big a challenge.
The US is no better according to wikipedia
> In 2023, 28% of adults scored at or below Level 1, 29% at Level 2, and 44% at Level 3 or above
> Adults scoring below Level 1 can comprehend simple sentences and short paragraphs with minimal structure but will struggle with multi-step instructions or complex sentences
> Adults scoring at Level 3 or above are considered "proficient at working with information and ideas in texts
https://en.wikipedia.org/wiki/Literacy_in_the_United_States
Fairly sure that in most countries the average person reads less than 1 book per year, so half of the population reads less than that. I know people who haven't read a book since highschool, when they were forced to.
Whoever believes those statistics I have a strait to sell to
[0] https://sailfishos.org/
[1] https://postmarketos.org/
[2] https://puri.sm/products/librem-5/
Obviously some companies do despite the risks, I wouldn't expect this of any individual company, but as a whole some company will once in a while anyway. So stay vigilant.
Other interested parties can still be trying to steer the ship.
These mobile id's are too powerful, signing contracts, transfering all your funds or taking loans, regulation is also papering it over a bit by requiring high-stakes lenders,etc to do additional checks.
Germany was going in the right direction imho, they NFC enabled their ID cards (Sweden has info on them but no enablement procedures) that is then paired with the app, so the card acts as a 2nd factor that makes the app itself less of a security issue since a user will be required to physically enable it (sadly the NFC pairings are kinda fiddly.. but I'd take that as a security option for all non-trivial transfers).
Many countries in the EU already have all of that just done though some national equilevant system (for example here in Finland mainly with bank credentials).
And in fact additonal checks are done when enough money is moving. For example when I signed my bank loan for an apartment I had to sign it again after 24 hours just to be really really sure that I wanted to sign it.
For smaller (but still big enough) stuff a second "second factor" usually kicks in usually in the form of a sms verification after the actual proper login with bank credentials (which has a proper 2 factor auth in itself too)
Anonymous digital age verification based on a suitable ZKP scheme and/or blind signatures does not require a general purpose operating system, it just requires a few cryptographic primitives and a set of device-bound keys. It is not too much to ask that the EU develops a specialized hardware token with these exact capabilities and offer them for free to all citizens as an alternative to the app. This also gives the citizens of EU the freedom to choose not to own a smartphone without having their access to digital services severely restricted.
But it must not limit the ability of running custom software on a phone. And especially not enforcing every person to get a Google/Apple signed phone.
Like if I get GrapheneOS on my phone. Banking/gov apps should work. But I believe this could be possible with enforcing hardware security as well.
I find the bank talking point strange, why are they special, are they even targeted more. It just feels like a boogeyman “think of your money!”
It should really be an open-source specification that defines a standard protocol, but where the device just signs a request that it knows has come from a trusted source (so maybe signed by the government's key) with a key that the government's API knows that represents you.
So, I'd envisage something like government portal lets you add a bunch of public keys, one for each device, and shares a public key of its own that can be used to verify any requests. Something that wants to verify your identity can request your public key, and ask the government API for a challenge token which it passed back to you. You can verify the challenge token is signed by the key you trust, you can sign the challenge and return it to the app, which can pass it back to the government API which can then grant access to whatever subset of information they requested (and the challenge key can include enough information for the signing app to present a meaningful request).
Very simple in terms of protocol. Only the government needs to store any of your private data. If an application just needs to know if you are of a sufficient age or not, that's all the information it gets. If you lose your device you can easily revoke your keys and add new ones.
Sure, a specific implementation on a phone might want to use hardware attestation in order to keep its keys safe, but there's no reason that it has to be mandated. A well designed public key system should be sufficient leaving the implementation to safeguard its keys, while providing a simple way to replace keys if needed.
It should simply be the adult account on the device is notified if the device is rooted, effectively no longer in child mode. Go crazy with the warnings on both devices if you want as they've opted in at that point.
Wasn't there some talk about the pressing need for European digital sovereignty recently? Or was that just performative nonsense?
At FOSDEM, we discuss this at great length. There has been some movement, and I am optimistic that it is improving year on year.
I think it was last year that there was a good presentation from them about how they were going to use ZKP and it was indeed very trust inspiring. But do you think the latest digital wallet solution from eg Danish government uses ZKP? Of course not!
I have to say that the tune they play at FOSDEM and what we see put into production are just two different things.
Yes? Wake up, it is 2026.
And, unless the regulatory environment changes., there probably never will be.
EU regulators have stop listening to tech company lobbyists.
There shouldn't need to be. Realistically for something like this an EU backed highly-audited non-profit should be in place for permanent highly controlled services like this that do not rely on any non-EU entities for it to function.
I hear them complaining but for now, the alternatives are mostly run by hobbyists.
We're starting from so low that even a few dozen millions would help a lot.
Edit: 2000m/7 is 285m, not 466m.
they do.
> 250 million isn't much ...
sigh.
Same goes with the prosecutors in Sweden; a phone call and the US got, not charges (as that would actually be official misconduct in Sweden), but enough of an official statement from a prosecutor to get the words “Assange” and “rape” in headlines together around the world by that evening.
European countries are, by and large, lapdogs of the USA. It’s sad. And then the US president turns around and stabs them in the back by threatening invasion and annexation, or complete disregard for the fundamental obligations of NATO members.
I really don’t know what the fuck the Europeans are thinking by playing the US’s stupid games. As we see time and time again, it won’t be repaid in kind.
Obviously, on both side (and beyond) they are nice people trying to plan good things without being too naive. But bragging all day through and destroy all that is in your power is both easier and more attention grabbing than discrete hard work at building better future for everybody.
I feel like the European relationship with the US can really be summed up by the 30 permanent military bases and 84,000 military personnel stationed in their borders and the underlying faith that it's for their own protection, except we better never ask them to leave just in case. Everything else sort of follows from that point.
Putin has about 700 000 personnel in Ukraine right now and isn't making any progress. Barbarossa took about 3 million personnel to start.
It will take 100 years and an extremely expensive, government-mandated reimplementation of every critical US tech service and company.
No EU country is putting up budget for this, and no private enterprise is going to do it because building a worse version of AWS just so that it is "European" makes no financial sense and would most likely just fail anyway.
Unless it becomes necessary because of EU regulation?
Mine is to a collective people that vote in these people. I get that people can change, grow, evolve etc but I didnt trust a german for 60 years, I wont trust an american for at least a generation.
And even if the bipartisan system make a small turn over, the issue is systemic.
If there is a higher level mandate or incentive to switch, people absolutely will - for example, if a government decides en masse to switch away from one OS or platform. [0]. This will likely be hugely influential, as then everyone who wants to communicate effectively with that government needs to make sure that they are compatible - which will likely drive adoption of the alternate technologies over time.
However, IMO the big challenge is MS Office - as much as people like to mention the FOSS Office alternatives, there's still a huge gap to cross before mainstream companies will adopt them. (To paraphrase, no-one gets fired for choosing Microsoft Office.)
Beyond this, on the more 'personal' level you discuss, the picture is more varied than you describe. Some people's elderly parents absolutely can and do switch to different email clients or browsers. Some groups of friends can and do switch messenger platforms - my personal comms are now split roughly 80:20 between Whatsapp (the default) and Signal. (It just took a determined minority deciding to switch, and the others followed.)
> We already have social media, hosting, email, operating systems, messengers and the likes from European providers.
Yes, but they aren't really competitive, as they currently aren't the easy/free/well-marketed/popular options that everyone defaults to when they first get a computer, or that their friends are already using. It's just network effect and inertia.
This can and will change if the need for a reduced dependence on the US continues to be front and center of people's minds. (Note this is mostly driven by the Trump administration's behaviour; the next president could probably heal many of these wounds and our European politicians will move one to caring about something else.)
[0] https://www.rfi.fr/en/france/20260417-france-to-remove-windo...
And yes, not every regulation destroys monopoly, but regulation is the only thing that could break one.
No. Monopolies are only inevitable if the goods aren't elastic, if there is a large cost of entry into the market, or if its a market you can create a moat that is unsurmountable.
Many markets don't have that even with 0 regulation, but might have second order problems like firms creating unsafe products for example.
But in general regulations almost always even unindentedly raise the cost to enter the market. If you make a new regulation that food needs to be safe, then the company needs to pay a safety inspection that a small home-made recipe might not be able to afford (to give a simple example).
At the same time, we now have uber large corporations due to non elastic parts of supply chain (like land) or moats that are insurmountable (like access to US capital). In which case, the FCC should break up monopolies as the current market is not catering to end users and consumers but to owners, which is why the Stock market has been in a never ending bull run.
That is one of the ways a Moat can happen and a monopoly can occur. For example if you were the only person with a loom and everyone else had to make jumpers by hand, you could make them so cheap they would have to close down.
In some markets those ways you can benefit from scale exist, in others there are drawbacks. In many cases those advantages only exist due to either regulation or lac thereof.
For example ways companies might have an advantage is by manufacturing in cheaper countries, but that only works because those workers have less rights and the cost of transporting is not properly taxed. Carbon taxes on shipping would make manufacturing in China pretty comparatively priced to many european countries. But if you let them contaminate the ocean with crude oil boats, then their manufacturing prowess and cheaper labour cost will offset the shipping cost and destroy a newcomer.
These are very basic examples and they all require nuance but hope it helps to explain it a bit more.
Another example is restaurants, you used to have some advantages from being a chain, but you would still constantly see mom and pop joints compete and even win. But as rent prices keep increasing (the non elastic market of the ground under the lease), suddenly the advantages of scale start beating the disadvantages of worse food and service.
This ad hominem stuff is genuinely worthless.
The same could be said for people who suggest regulation for every problem that comes up, even for problems that were caused by regulation. Maybe we have our blindspots, but the "regulate everything" crowd is much louder and more prevalent on HN than the free market absolutists.
In econ the easiest part is to create a model, the hardest part is seeing it crash against reality. But the basis of monopolies seems to be pretty thoroughly tested. The biggest issues you have now are Chesterton Fence's. Were its hard to know what laws and regulations are therefore safety, parity and economic performance and ones are only creating friction with no benefit due to years of laws being put on top of other laws
> I know "chesterton fence", I smart
4chan greentext style over substance is cute, but its outdated and wasnt that funny a decade ago
if you have nothing to add, then why reply?
I am pro-regulation, where regulation for me is busting monopolies, preventing tragedy of commons, setting necessary quality checks, forbidding forced labor. I am against regulation, when it's chat control, 100% tarrifs on whatever, forbidding working on Friday past 17:00 and completely on Weekends. < Why do I even have to point this out?
There's no nuance remaining in this world, people (the proselytizing nerd types) emotionally attach themselves to sophistry that is the spelled-out economic theories, while completely disregarding common sense. Missing forest for trees.
In short - fuck America.
first comment was both cheeky and had a "i agree" at the end. Those are both niceties. Not sure why I would have to explain tone from mild critique to being a wee cu nt in back to back messages
> I am pro-regulation, where regulation for me is busting monopolies, preventing tragedy of commons, setting necessary quality checks, forbidding forced labor. I am against regulation
What does any of this nonsense have anything to do with me replying to someone who had a basic question about the non existance of monopolies in unregulated markets?
I explained the basic mechanisms for monopoly creation which are all easy math formulas that happen in bacteria growth too because "if nothing stops me I eat everything" is equally valid in any env where there is growth
> There's no nuance remaining in this world
coming from anti-intellectual "oh you know chesterton fence" responses is pretty ironic.
Btw if you are going to call people out for using big words maybe dont come out with the most 17 year old "people arent as smart as me as they emotionally attach themselves to sophistry while I am a nuanced rational ubermench". It reeks of intellectual insecurity.
i asked for empirical evidence against the mechanisms of monopoly creation because moats, regulation and inelastic markets are the most studied and reproducible mechanisms in anture, economics and any growth env. The formula just converges to infinity
> In short - fuck America.
its like 3am there, everyone here is asian and european rn... you are fighting windmills
A lot of these were international. Just read up on "Cartel capitalism".
https://www.cambridge.org/core/journals/enterprise-and-socie...
The European Steel and Coal Community (precursor of the EU) was also involved in the effort to stop these. In general this has been something the EU has been involved in since its inception and the best action against monopolies is to not let them form in the first place (why there is so few of them in general in most developed countries. Though that is now slowly changing it seems)
No.
A better answer would be 'not always'.
The proposed regulations forcing everybody to use google or apple are ridiculous and very much the opposite of the kind of regulations we need though...
The only way to guarantee a monopoly is to have a total lack of regulation. It's known that every "free" market will tend towards monopoly due the 1% law. Regulations are the only way to actually guarantee free markets because perfect free markets only exists in abstract, not in reality. Sometimes, a free market is the wrong solution and you need a regulated monopoly instead and with identity that's the best solution. Why? Because identity is unique to the individual. A individual must (in theory) only have one identity and with very extreme and usually well documented exceptions, such identity doesn't change. The state is the one that must provide a good way for identity and if smaller countries doesn't have the resources, then big countries should provide for all. Also, it removes incompatibility inter-countries while keeping private interests out.
The state should have the sole monopoly on attesting to anyone identity. Because they are the only ones that are not affected by market conditions. This is how countries that have advanced in this topic actually work. If individual states can't reach a common solution, then the collective must do so. The collective failed here because it recommended a private solution rather than mandated a european one. Private sector must not dictate what or how identity is attested, because the private sector has it's profit pursuing agenda, state must evaluate solutions but it's up to the states to run them and implement them.
Market solutions are good for several things, this isn't one of them.
(nit: I assume you meant "marketshare becomes unavailable")
So you mean that regulations that are created based on lobbying by corporations help them become monopolies? Sure, that makes sense. But thats different from a blanket "Regulations create monopolies".
Electing to not do something impossible and framing it as a surrender is strange to me.
> EU App Store: Apple Removes Thousands of Apps Due to Digital Services Act Requirements
> Apple’s app removals follow the Digital Services Act, a European law requiring all app traders to display verified contact details, including address, email, and phone number.
https://www.techrepublic.com/article/eu-app-store-apple-digi...
You think apps which wouldn't want to implement Chat Control will remain on the app store?
EU to legislate about Chat Control behind closed doors (https://news.ycombinator.com/item?id=48707719)
I remember when a Youtuber asked live viewers to "vote" by typing emojis, and a whole bunch of viewers got their Google accounts banned for spamming[1]. Google is also famously averse to user support (understandable given the scale of their free services), so individual remedy is unlikely.
I can already see the new ransomware: "pay us or we'll send spam from your gmail and you'll lose your digital ID".
[1] https://www.engadget.com/2019-11-10-youtube-reinstates-banne...
In the end it is all being used to track and control us.
"Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety." -Benjamin Franklin
Never truer words ever spoken. And yet we keep slipping down this slope again and again and again and it seems there is never a way to climb back out.
That would solve the open hardware/OS "problem" on the device entirely, as there's no trusted hardware or OS signature required anymore. You could argue that this adds the possibility of a MITM attack on the phone (since you don't know what you sign anymore or who you are providing with your PIN, as the card has no display and no PIN pad), but I wonder if mitigating this is worth all the lock-in concerns that phone attestation goes hand in hand with.
As it is, all EU ID cards already have mandatory strong cryptographic authentication, but in a form that's usable only for in-person ID checks (under the corresponding ICAO biometric identity document standards), not for remote ID attestation. This is frustratingly close, but not what's needed.
And complement it with hardware tokens for highly sensitive applications.
Passkeys could have been that, but they were quickly subverted by the industry.
They will frame it as "child porn trafficking patriot saving act" and majority will vote in favour without reading fineprint.
The problem is not that the ID wallets require Google and Apple. The problem is that we're getting eaten alive by this Big Brother called EU (lead by the UK initiatives) that is starting an unprecedented control over the population.
These ID wallets should be all optional, there should NOT be any age verifications.
I remember ~10 years ago when Europe was laughing at China's face detection systems to track citizens.
We're becoming much worse than that now.
1. Smart Cards (The Current National ID)
2. Standalone Hardware Tokens & USB Keys
It should be an open standard that's local first. Government issues certificate, user loads it into any supported client app on any platform (official, open-source, Google/Apple Wallet, etc). The user should then be able to selectively share data from the certificate with third-parties, directly between the client-app and the third-party, using an open standardized protocol/format. The important challenge is that we obviously shouldn't have to share the entire certificate (which would include all data in it), there shouldn't be a static subject pubkey which creates linkability between data-shares, and obviously we'd need privacy-focused data fields like {"isover18": true} in addition to full DoB.
Only months later did I learn that her husband was investigated for misappropriation of funds, so keeping a minimal digital footprint was important for her.
Moral of the story: everyone has a smartphone.
"Your papers, please"
It captures biometrics and is used across India to easily verify identification using OTP on mobile. Used across almost every sphere - bank accounts, passport, financial services like stocks/mutual funds etc.
You get a unique adhar-id (or can generate virtual IDs if sharing temporarily) to verify your identity across any service.
The corporations have the tech and network effects on their side.
God help you if you need to try and fix a serious problem. Sorry, you loaded a video of the first dance of your wedding to YouTube and now have a copyright strike, now you can't file taxes.
Hopefully you are famous enough on Twitter to get someone in Google to fix this.
There is one thing after the next, under Von der Leyen and Metsola, its ridiculous.
Vendor lock-in is real
The government gets data to “manage” the citizens and the companies get data to “manage” consumer and the power structure is protected.
Duopoly but yea. Because there is no third alternative. Microsoft failed/gave up with Windows Phone. The people trying to fix secure government services can't really tackle that issue, but the systems needs to be built now anyway.
Age verification solutions could also be built on dedicated hardware tokens, even though the tokens required to build a ZKP or blind signature based solution may not be available off the shelf right now.
I question that premise.
From fingerprint/face id to digital id..
Like banking apps are now using play protect/depending on Google.
(Just a matter of time Google/Apple will be a banks themselves, as is the danger with governments)
Ofcourse the world could be a more open place, but constraint, rules and control are too pleasing to not implement, sadly.
Without the proper laws and proper leaders of law enforcement that protect an individuals’ right to transact, one’s rights were always just a technological advance away from being taken away.
No thanks, I don't want any of that for obvious security reasons