HN

Comments (181)

• Menu

  Luker88
  The EU reference for wallets strictly required google play services https://github.com/eu-digital-identity-wallet/eudi-app-andro...So Italy's IO app https://github.com/pagopa/io-app (wallet, documents, age verification) continuously refuses the users' request for GrapheneOS support and requires google.Nothing will change until the lawsuits start coming in.The only hope is the motorola/grapheneOS collaboration and consumer associations, that might sue for anticompetitive behavior.Make noise on any channel for the apps that require play services, it will help in the future if the lawsuits start, since it will show user support for the initiative.
• Menu

  ulrikrasmussen
  Even relying on Android's hardware attestation API instead of Play Integrity is an attack on digital autonomy in my opinion. Any security feature which relies on remote attestation of the users entire platform is government overreach as it ultimately gives the government the power to choose what operating systems are acceptable. It is only a matter of time before this power will be misused to put pressure on OS developers to install backdoors for the intelligence agencies. And no, asking people to own two smartphones is not a solution to this problem.Anonymous digital age verification based on a suitable ZKP scheme and/or blind signatures does not require a general purpose operating system, it just requires a few cryptographic primitives and a set of device-bound keys. It is not too much to ask that the EU develops a specialized hardware token with these exact capabilities and offer them for free to all citizens as an alternative to the app. This also gives the citizens of EU the freedom to choose not to own a smartphone without having their access to digital services severely restricted.
• Menu

  petcat
  A European digital ID system that is entirely dependent on 2 US companies.Wasn't there some talk about the pressing need for European digital sovereignty recently? Or was that just performative nonsense?
• Menu

  phyzix5761
  Regulations create monopolies. Even when regulations are aimed at curbing the control of giants, smaller players usually can't afford them and lose market share. This is actually taught as a competitive advantage strategy in business school. Corporations lobby the government to implement laws that seem to hurt them but in actuality create an uneven playing field where marketshare becomes available due to the higher implementation cost.
• Menu

  nickslaughter02
  Working as intended. EU wants you to use a device and OS they can fully control. Don't comply with some new ridiculous regulation? Your app will be banned.> EU App Store: Apple Removes Thousands of Apps Due to Digital Services Act Requirements> Apple’s app removals follow the Digital Services Act, a European law requiring all app traders to display verified contact details, including address, email, and phone number.https://www.techrepublic.com/article/eu-app-store-apple-digi...You think apps which wouldn't want to implement Chat Control will remain on the app store?EU to legislate about Chat Control behind closed doors (https://news.ycombinator.com/item?id=48707719)
• greenleafone7
  I like how we quickly moved past the fact that the government wants to know who we are, what we visit, what we say, what we buy, and has explicitly said that they want to control what we buy, where we go, and what we are allowed to say. But we are focused on what specific mega-corporation those systems will use to function.I agree of course, Europe should not be using US services for critical infrastructure. But more importantly I think that we are private citizens. The government should know as least as possible about us. We on the other hand should know every single move, decision, and discussion they have while they sit on the chairs we paid for.
• Menu

  RyJones
  help us help EU residents:https://openwallet.foundation/https://github.com/openwallet-foundationhttps://github.com/openwallet-foundation-labs
• Menu

  lxgr
  There's a relatively simple and much more open and secure solution to this: Make physical EU ID cards the attestation source, and require users to tap them against their phone for critical operations (high-value signatures, login on a new device or after repeated authentication failures etc).That would solve the open hardware/OS "problem" on the device entirely, as there's no trusted hardware or OS signature required anymore. You could argue that this adds the possibility of a MITM attack on the phone (since you don't know what you sign anymore or who you are providing with your PIN, as the card has no display and no PIN pad), but I wonder if mitigating this is worth all the lock-in concerns that phone attestation goes hand in hand with.As it is, all EU ID cards already have mandatory strong cryptographic authentication, but in a form that's usable only for in-person ID checks (under the corresponding ICAO biometric identity document standards), not for remote ID attestation. This is frustratingly close, but not what's needed.
• Menu

  littlecranky67
  Here in Germany we had court rulings saying the german railway (DB) must offer offline tickets that do not require a computer or smartphone to purchase to not discriminate against the elderly. I am pretty sure we will see similar rulings for EUDI wallet requiring Google/Apple.
• BoppreH
  So when Google bans someone, that person also loses access to all apps that require digital ID?I remember when a Youtuber asked live viewers to "vote" by typing emojis, and a whole bunch of viewers got their Google accounts banned for spamming[1]. Google is also famously averse to user support (understandable given the scale of their free services), so individual remedy is unlikely.I can already see the new ransomware: "pay us or we'll send spam from your gmail and you'll lose your digital ID".[1] https://www.engadget.com/2019-11-10-youtube-reinstates-banne...
• RobKohr
  In the last 5 years so much of the legislative pressure is coming down to remove anonymous Internet access to save the children or protect us from some harm.In the end it is all being used to track and control us."Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety." -Benjamin FranklinNever truer words ever spoken. And yet we keep slipping down this slope again and again and again and it seems there is never a way to climb back out.
• Menu

  sam_lowry_
  EU should have mandated a user-facing authentication scheme using a random string as the only authentication factor for everything. Pretty much like the API tokens for contemporary enterprise software, except that they would be used by ordinary people and not by application developers.And complement it with hardware tokens for highly sensitive applications.Passkeys could have been that, but they were quickly subverted by the industry.
• edukite
  So as an EU citizen and owner of Fairphone 6 with e/OS I'm banned from using apps I should be allowed to use?
• u1hcw9nx
  This is only reflects their market share for now. The EU legally forbids member states from making a smartphone mandatory to access public services. The EU explicitly anticipated the danger of relying entirely on the iOS and Android and designed the EUDI Wallet framework to allow for other physical form factors. For example;1. Smart Cards (The Current National ID)2. Standalone Hardware Tokens & USB Keys
• uyzstvqs
  I really don't like how EUDI (OpenID4VP) works in the first place. IMO it should be scrapped and rebuilt from the ground upIt should be an open standard that's local first. Government issues certificate, user loads it into any supported client app on any platform (official, open-source, Google/Apple Wallet, etc). The user should then be able to selectively share data from the certificate with third-parties, directly between the client-app and the third-party, using an open standardized protocol/format. The important challenge is that we obviously shouldn't have to share the entire certificate (which would include all data in it), there shouldn't be a static subject pubkey which creates linkability between data-shares, and obviously we'd need privacy-focused data fields like {"isover18": true} in addition to full DoB.
• antirez
  Europeans do a lot of stupid things, but I believe in light of all the scandals we saw in recent times, you can't explain EU behavior and choices without accounting for corruption. EU division and different level among the different countries of wealth, integrity of political sphere, and different cultural biases make us the perfect target for bribes in order to control votes and choices. Not just promoted by external actors. The Chat Control is a great example: everybody understands how bad this is, the arguments are mostly a shield to avoid revealing the real agenda.
• Menu

  peterspath
  They should not make it mandatory for or expect people to have a smartphone.
• earth_tattoo
  A little off topic, but does anybody else think that all these attacks on personal freedoms across the western world are very coordinated? Suddenly all countries are making social media ban under 16 laws. Same goes for centralized digital currency push.
• Menu

  naveensky
  Why cant EU have something like Adhar (ID-verification for Indians) https://uidai.gov.in/en/It captures biometrics and is used across India to easily verify identification using OTP on mobile. Used across almost every sphere - bank accounts, passport, financial services like stocks/mutual funds etc.You get a unique adhar-id (or can generate virtual IDs if sharing temporarily) to verify your identity across any service.
• edg5000
  There seems to be no awareness from EU govenments about how much power we're handing over to two large outside companies. This incompetence in the leadership will cause a lot of harm over the years. This has been going on for a long time.
• MaoSYJ
  They to frame this so politicians care is: we are giving monetary policies power to a foreign corporation.
• Menu

  welhoilija
  Time to reach out to your MEP's! I would imagine the id could web-based for example which would make it much less dependent on the Google's or Apple's "SAFETY" services.
• exabrial
  OH FFS. "safety services". NO. It's monopolistic services.
• hoppp
  Its all lining corporate pockets but what can we do? Europe needs sovereign smartphone infra but even if that existed people would still prefer Iphones.The corporations have the tech and network effects on their side.
• santiagobasulto
  I think we're missing the important point here.The problem is not that the ID wallets require Google and Apple. The problem is that we're getting eaten alive by this Big Brother called EU (lead by the UK initiatives) that is starting an unprecedented control over the population.These ID wallets should be all optional, there should NOT be any age verifications.I remember ~10 years ago when Europe was laughing at China's face detection systems to track citizens.We're becoming much worse than that now.
• 6thbit
  Is it out of character for the EU to push a half baked solution out that covers most but a tiny fraction of the population only to get sued later on and rule against its own idea?
• romx
  The entire software even free one is. We need to exclude them all.
• Menu

  J-Kuhn
  Sarcastic view: Doesn't matter - the EU wont listen, then pull a surprised pikachu and make laws to force googles play integrity to attest that other devices are genuine, because obviously, the problem is google, not stupid design decisions made while creating the app.
• MeteorMarc
  Previous discussion, related to grapheneos: https://grapheneos.org/articles/attestation-compatibility-gu...
• dariosalvi78
  Digital single market, digital sovereignty and all those nice words...
• KoolKat23
  This quite literally validates those "tinhat conspiracy" folks, honestly the EU are not doing us or themselves any favours here. If it is intended to replace cash then it should function like cash. This limitation is draconian.There is one thing after the next, under Von der Leyen and Metsola, its ridiculous.
• steviee
  Big facepalm... EU had really only one job with the EU wallet... And missed the point completely. GrapheneOS is probably closer to EU data security and privacy standards than Android or iOS.
• Devasta
  Its simply unreal that the EU is pushing that in order to participate in society that I must accept the TOS of Google or Apple.God help you if you need to try and fix a serious problem. Sorry, you loaded a video of the first dance of your wedding to YouTube and now have a copyright strike, now you can't file taxes.Hopefully you are famous enough on Twitter to get someone in Google to fix this.
• amlord
  Seif-Sovereign Identity wallets that are cross-device are the way around this, but relies on institutions following this path.Vendor lock-in is real
• newsclues
  In general government policy for technology and communications, is a regulatory capture gift to big corporations.The government gets data to “manage” the citizens and the companies get data to “manage” consumer and the power structure is protected.
• Menu

  boxed
  > Governments are cementing a monopoly they claim to opposeDuopoly but yea. Because there is no third alternative. Microsoft failed/gave up with Windows Phone. The people trying to fix secure government services can't really tackle that issue, but the systems needs to be built now anyway.
• Menu

  buffer_overlord
  I use coinpay’s DID it is simple anonymous and works it’s open source too
• realusername
  I don't know who thought that national ids should be vetted by two private companies, not even European!No thanks, I don't want any of that for obvious security reasons
• Menu

  LoganDark
  Huh. This article lumps Apple in with Google when its only qualms seem to be with Google's terrible behavior. The entire article is about Google Play.
• aa-jv
  5 years ago, some smarty pants would've worked out how to implement digital ID wallets on the block-chain, and there would've been some uptake for it in the European environment .. these days however, it appears everyone has given up on that idea and defaulted back to the fascist approach (corporations doing government work).
• poulpy123
  LMAO of course
• mleroy
  [dead]
• john-frandsen
  [flagged]
• anon
  undefined
• anon
  undefined
• Mona1
  [dead]
• CurbStomper
  [dead]