undefined | Better HN

0 pointslxgr2y ago0 comments

Germany is extremely focused on that aspect of history and even used to have laws [1] in the books prohibiting anything SSN-like for many years. Yet German ID cards have a built-in contactless chip that allows using them for online identity verification and e-signing.

This is obviously more secure than taking a photo of an analog ID as an "online identity proof" (a somewhat absurd idea if you think about it, yet it's the state of the art in most countries today). But if done correctly (and I do realize that this is a very big if), it even be more privacy-preserving too:

For example, when trying to prove your age to a website, the only thing that site really should have to learn is the fact whether you were born more or less than a certain number of days ago. Not your date of birth, not your name, and certainly not a picture of your face or any other biometric data.

Digital ID can do that (e.g. by asking the secure chip "Is the accountholder born before $date? If so, please sign this challenge using a key shared among all ID cards" or something equivalent). Analog ID requires you to reveal strictly more information than that to a service provider and hope for the best.

[1] Technically a supreme court opinion

0 comments

cardanome2y ago

I have used the e-signing function of my German ID card exactly zero times.

Even government websites don't support it for the stuff I would like to use it. So it isn't exactly a success story.

lxgrOP2y ago

True, it does seem to be suffering from a chicken-and-egg type of problem: Not enough services accept it, so not enough people actually remember the PIN and care to install the app necessary to use it.

But now that both iOS and Android phones can be used as "card readers", I hope we should finally be seeing some more adoption. Before that, almost nobody had a card reader handy when they needed one.

The EU's eIDAS digital ID/signature portability scheme should also help boost it.

usrusr2y ago

I went through four different use cases in the last two months or so, about 1.5 of them not the state. I'd say the chicken/egg phase is over. But it won't be an everyday tool anytime soon, but the same is true for the physical ID, its not like you need to show it around all too often.

hnaccount_rng2y ago

I’ve used it for your Rentenübersicht (which is actually amazing) and Elster. But yeah, it’s not really deployed

amaccuish2y ago

To add to this, the AusweisApp in Germany shows what information you're sharing to a website and asks you to confirm its ok

hnaccount_rng2y ago

Unfortunately the eID system is neither well communicated nor widely used. Which really is a pity. It’s (at least in principle) quite well thought out. You get clearly shown who’s asking for which information. Then you present the ID to the phone, enter your PIN and only that information gets provided. In principle this would allow for a blind “are you old enough?” check without ever touching the actual data.

But of course while this is a relatively simple game of signatures and certificates and (afaik) safe and secure it is basically impossible to communicate what exactly is provided at which point in a manner that is understandable let alone trustable by the general public. And the workflow requires you to provide the PIN twice, which is nice (it’s not cached) but also annoying

j / k navigate · click thread line to collapse

0 comments

cardanome2y ago

I have used the e-signing function of my German ID card exactly zero times.

Even government websites don't support it for the stuff I would like to use it. So it isn't exactly a success story.

lxgrOP2y ago

But now that both iOS and Android phones can be used as "card readers", I hope we should finally be seeing some more adoption. Before that, almost nobody had a card reader handy when they needed one.

The EU's eIDAS digital ID/signature portability scheme should also help boost it.

usrusr2y ago

hnaccount_rng2y ago

I’ve used it for your Rentenübersicht (which is actually amazing) and Elster. But yeah, it’s not really deployed

amaccuish2y ago

To add to this, the AusweisApp in Germany shows what information you're sharing to a website and asks you to confirm its ok

hnaccount_rng2y ago

j / k navigate · click thread line to collapse