English speaking urban Indians are loud on English media but ultimately don't matter for political decisions because they can't actually flip an LA or LS election. You need to either be a significant voting bloc or a major economic bloc to become a veto player in any country.
[0] - https://www.reuters.com/sustainability/boards-policy-regulat...
[1] - https://www.reuters.com/sustainability/boards-policy-regulat...
Most likely, Indian government will try again
https still uses unencrypted client hello's (ECH) across the vast majority of the internet, showing which domain the client is visiting in plaintext for multi-site servers to do SNI. DNS is still plaintext on most consumer routers/models provided by ISPs, stingray technology exists in the wild and is widely used to mimic cell towers. E2EE is not popular in consumer applications, even Telegram isn't E2EE and the main ones that claim they are like X's new Chat they have the keys on; Matrix having E2EE still shows meta data in plain text, room names in plain text.
While iMessages, RCS, Signal are mostly mainstream, most people are unaware of the need for E2EE. RCS is its own set of issues.
Pegasus, Cellbright, I can go on and on with the spyware companies that can just send a text message and infect devices with 0click exploits.
We can have E2EE but if they can just see the screen or hook in to the messaging app's memory doesn't mean much.
Pick up your cell phone, is it connected to Wifi? Can it see other Wifis? Apps track those nearby SSIDs and report to major databases to have accurate geo-location data down to the spot we stand.
Don't get me started on Ad-Tech.
The EU wants to install backdoors on everybody's devices and get rid of encryption entirely.
Zero Trust Technologies are a fun thing to read in to, especially the need for them.
We shouldn't call it "cyber safety" as that is a loaded phrase here. Obviously other considerations were part of it.
Like with the chat control in the EU now, the foot is already blocking the door
And I'm sure in the end it will cave in. The "they" have a clear plan supported by infinitely more patience and resources than the "us" can muster, and the von der Leyen presidency has shown clear signs of direction towards more control, less privacy (by weakening the GDPR), and less of the good kind of regulation in industry.
As an EU citizen, I'm very unhappy with the Union's recent direction.
But, at least for now, hooray for the temporary victory on the Indian front!
1. Most Indian bureaucracy is clueless about tech things, and just goes by whatever somebody who sounds like techy enough is selling them. Which in this case I'm guessing is a data mining company/lobby.
2. The information derived can be used for various purposes. Plotting election trends, economics, spotting general trends pro/against politics and other nefarious causes. etc.
3. Spying.
4. Using information to go after political opponents.
5. Demographic targeting, which in Indian context almost always means a pogrom against groups, which other groups don't like.
6. Selling data to commercial entities for better targeting, or even social engineering buying choices etc.
There could be many others. But its kind of nice that it was taken back. Having said this, it will be pushed again at some point when people are busy with a crisis and this will be sold as a fix.
That is how they ramped up enrollment in Aadhaar UID.
I held out for many years due to privacy reasons. In the end, I changed my mind - its just immensely useful to the general public.
Aadhar made it easier than before. It is really a quality of life improvement.
The main issue is government requiring IDs even when it is not usually needed in other countries. Mostly in the name of security. This is the root cause. Aadhar is just the symptom.
However Aadhar does enable deeper breaches into privacy due to its unified nature and the way it is validated through government owned infrastructure. There is full tracking possible on all the services that the residents used.
If Aadhar was a self sovereign ID, then having a single ID is definitely a good thing. It keeps privacy intact while usable where needed.
If Aadhaar makes it easier for people living near poverty to get say bank accounts, it'd trump the reservations I have. That's what made UPI possible - just about everyone today has UPI, even people begging for money sometimes have a QR code handy (at least here in Bangalore).
Aadhar is "identity", it is not a "card" of any kind though Indians have inherent love for collecting various cards for fun. I have my driving license, PAN, aapar, kisan and state government health insurance cards, labor department id card. I have few more in some drawer.
Once a person gets aadhar, it acts pretty much same as OAuth. You go to a hotel to get a room, Hotel by law is required to verify that your name and face match. You give your aadhar card to them which they scan on their computer and verify that your name matches your face. Because they are a hotel they have right to only verify that.
This is much more privacy preserving than what supreme court did. Because of Supreme Court, hotels no long bother to implement this and instead demand your passport and other identification, scan it and leave it in their system forever. They also are known to sell this data to other from time to time.
The technical idea behind was aadhar was similar to UPI. Government runs the core infra with basic APIs but private companies build apps on top of it. For example, say GPay builds aadhar interface where when you walk into a hotel to reserve a room, Gpay automatically generates a new aadhar number with permissions only to show your name, photo and age. Hotel system verifies that and stores a receipt. If in future government is investigating who stayed in which room, law enforcement can convert these receipts to identification.
This was a better model which would have unlocked a lot of potential. The government failed to argue the case correctly and supreme court acted more like an activist court.
I do think both Government and Supreme Court failed to show the correct user journey here.
Now, the morons in charge are making it mandatory to book a gas cylinder as well. It’s like once a blind suddenly starts seeing, he wants to capture everything.
A friend then showed me that he downloaded aadhar PSD online, put a random invalid number, his photo and a non-existent address on the bank and used it everywhere where people were asking for aadhar without any need. Building and Airport security, Hotel reservation staff, Bus tickets and so on and used real aadhar only for banking and sim cards. He said this simplifies life a lot.
The truth, as you point out, is that Aadhaar in reality is a an “honour based system”, where UIDAI pretends everything is valid and authenticated as long as it gets used everywhere.
As for the low IQ thing no one wants to acknowledge it but check the charts and see that it’s true. Centuries of caste based inbreeding and colonial clerk education will do that to a population. The added toxins in the turmeric will finish the job.
In the later incarnations, if this is an app which you need to access government services that is less of an issue, though I'm not advocating that this is completely fine. There are already apps like these CoWin (during Covid time), or Digiyatra (despite some of the privacy concerns around it [1]) which many are using. I hope if at all this app gets introduced (in the form you mention) there are larger discussions about permissions and the data access the app would need,and it can be disabled, uninstalled.
I don't view these apps as net negative for a country like India which is helped immensely by digitization.
My comment was just pointing out that governments have a way to get you install the app if they really need to.
The question is what makes service critical. Is Expedia or Uber critical?
Ex A: Ind x ITU, https://cis-india.org/internet-governance/blog/india-itu-res...
Ex B: China x ITU, https://datatracker.ietf.org/liaison/1677/
Read between the lines?
> Given Sanchar Saathi’s increasing acceptance, Government has decided not to make the pre- installation mandatory for mobile manufacturers.
India: Every phone must install a cyber safety app
Apple: No
India: OK, nevermind
?
Apple has been a massive driver for India's electronics manufacturing boom, because it's Apple that has been strongarming it's suppliers like Foxconn and Envision to start manufacturing (not just assembling) in India - just like how Apple helped turbocharge China's electronics upskilling in the late 2000s and early 2010s which helped Apple vendors like BYD and BOE become global competitors in the 2020s.
Tata Group has also become an Apple vendor now as well for both assembly as well as chip packaging, so they probably helped arbitrate.
Apple and India are also negotiating over a potential $38B anti-trust bill [0] which is a significantly higher priority for both parties.
[0] - https://www.reuters.com/sustainability/boards-policy-regulat...
Policy that is hard to pass: SIM binding for all messenger apps and automatic log out every 6 hours for desktop apps.
Even more egregious policy: Pre-install spyware that cannot be disabled.
Withdraw the egregious policy on outrage, and people think they have won the battle.
