I don’t want _all_ my devices to behave like that but I definitely want my phone to be more trustworthy for banking and government service purposes.
Think of it this way: A physical ID (which is what we're trying to replace here) also has limitations, it looks a certain way, has a certain size, etc. Just because somebody wants a smaller ID or one with a larger font or a passport in a different colour or whatever, doesn't mean that this should be allowed or possible. Some limitations exist for a good reason
Because how do you make sure it's the user who does those modifications, willingly and well-informed? That it's not a malicious actor, not an user getting socially engineered or phished? Incredibly difficult compared to the current alternative.
If it's not a software root of trust that provides an attestable environment like Android or iOS. It's going to be a hardware root of trust that provides an attestable hardware environment, like SGX. I can predict no other practical avenue taken. Unless the orangutan really forces a demonstration on how untrustworthy these environments can be and a lot of money and effort is spent.
The world has gone absolutely mad, what the fuck am I even witnessing? It is quite literally becoming 1984 in front of my eyes, with people complying completely voluntarily and openly advocating for it, not even a threat of force to make it happen.
Demanding full control over something like an ID will fundamentally not happen. The same way you won't have full control over the way passports or paper bills are made.
Take for example the expectation that some poor fool's ID can't be cloned and reused by malicious actors - full control directly contradicts that. It will not and must not be possible.
Can you please elaborate on that record?
Worse still, for new mainstream devices that are believed to be safe the state sponsored actors will likely operate unpublished exploits, and will exploit the misplaced faith people and judiciary will put in device attestation. I dont think the very likeable people who worked on Pegasus found themselves respectable jobs - they are likely still selling that sophisticated crap to all authoritarian regimes.
and therefore the app cannot give a reasonable guarantee that it is not running in an adversarial environment that actively tries to break the app's integrity. Thus, the app cannot be used as a verified ID with governmental level of trust.
Conveying authentic information across untrusted channels (your phone screen, say) has been a solved problem since asymmetric cryptography was invented back before I was born
Can you elaborate on what this means? Who is the adversary? What kind of 'integrity'? This sounds like the kind of vague language DRM uses to try to obscure the fact that it sees the users as the enemy. An XBox is 'compromised' when it obeys its owner, not Microsoft.
> governmental level of trust
This made me laugh out loud. Not because it's a meaningless phrase (where does "governmental" rank on a scale of fully to least trusted?), but because it seems to imply that governments do not have a miserable track record when it comes to IT security.
Though I suppose considering a security model sound because it uses security through obscurity like a blackbox integrity check would be very... governmental.
Does that mean "govermental level of trust" ranks somewhere between "snake-oil" and "cope"?
For most governments that is a very low bar.
The whole point in reducing the blast radius is valid - by all means make this optional and allow the user to elect to tie their identity to the device. For everyone else, implement validation of actual transactions, not just user secrets and device secrets.
The initial limitation to Google/Android is not great, we know that, and we have support for other OSs on our list (like, e.g., GrapheneOS). It is simply a matter of where we focus our energy at the moment, not that we don't see the issues.
And personally as a software developer myself i know that nothing is more permanent than a temporary solution. No one will prioritize or give budget to change it later "because it works"
Let me get this straight: you can be a defender of human rights, aligned with the country you live in, but if you fall in disgrace with the American government, _you can't even do transactions with your own country_.
So this is fundamentally flawed, and violates the fundamental rights of German citizens in Germany.
[1] https://www.lbc.co.uk/article/british-icc-chief-prosecutor-l...
Personally I recently switched from an AOSP based android without Google Play to Ubuntu Touch. In the future with better hardware support I will probably switch to postmarketOS.
This is an understatement. Better phrasing would be "when it allows two unaccountable foreign companies to lock citizens out of the digital market".
There are plenty of horror stories of tech giants frivolously banning people. We shouldn't be adding state support to that. I don't want to lose access to digital banking because of some deliberately vague "community guidelines" violation, or because I got mass-reported to some "e-safety" provider that both Apple and Google outsource to.
Sibling comments see this as a good solution, just not a perfect one. I see it as making a bad problem worse.
Simply put: this will never happen. Way too many devices implementations to make this a reality.
What would be “knowing it can work on grapheneOS” for example, in your view?
The limited selection of attestation providers can be criticized for many other reasons, though.
If you were averse to carrots (without any health restrictions on eating them), would every government institution in Germany be required to serve you carrot-free food?
If not, why should they be forced to accommodate every smartphone brand in existence, even if there's only 3 people in Germany using it? THe list has to end somewhere.
You chose to use a non mainstream platform. Thats on you.
The usual 80/20 rule applies here as well.
And if you really are a German citizen, you know how slow the wheels of government already turn in Germany, I assume next week you would be the one complaining that "Germany is so far behind" and that "other countries are so much faster at implementing stuff" :)
Can't buy any single fare public transport tickets online here in Stuttgart? Sure, I'll use the DeutschlandTicket NFC card. Can't view the EPA? Fine then I don't. Can't pay with Wero? Fine, I don't actually need to use shops that don't offer SEPA Vorkasse or Lastschrift (only without a dodgy "identity verification" fintech startup of course.
It is exactly the kind of alternative that European countries should embrace to become less dependent on US tech.
I am not sure if you are European, but why people are still supporting the GMS Android/iOS duopoly after the US revoked the Google accounts, Office 365 accounts, credit cards, Amazon accounts, etc. of ICC judges is beyond me. Supporting only iOS/Google GMS Android in a government app basically gives the US all the means to blackmail you and/or disrupt your digital infrastructure.
It seems there are still people working for European governments (including developers) who seem to have missed 2025 and the first few months 2026?
We are repeating the same mistakes as depending on Russian oil/gas again.
No one wants support for toasters and washing machines. We're talking general purpose compute hardware. TCP is also supported on all these devices. Quite frankly, it's probably easier to implement, if you are not fighting a locked-down OS like iOS.
I know someone who happily codes "verifiable credentials" in Elixir, disregarding all externalities.
Especially considering that mobile-ID has been around since 2007.
Smart-ID sucks. It's not truly hardware-backed, it's proprietary and has fundamental flaws like not having a direct link between the site being authenticated to and the authenticating device (auth can be proxied, just like if it were just plain TOTP).
Banks are giving out QR Tan. Optical TAN devices which work with credit cards and it has been going pretty well. Why can eiDAS not have something similar. Distribute hardware tokens. Get rid of dependency on any OS.
The issue then becomes the UI/UX. If the legal mandate is not strong enough the solution will not gain enough ground. You can see this if you start comparing those countries with an eID rolled out.
https://grapheneos.org/articles/attestation-compatibility-gu...
And a suggestion: add external HSM support at least? (e.g. things like NitroKey/YubiKey)
[1]: https://eudi.dev/latest/architecture-and-reference-framework... I suppose?
They can be trivially rooted, then they spoof the signature and get a pass in Integrity while being wide open for malware (or cooying the ID, ID presume).
> a local internal WSCD, which is a component within the User device, such as a SIM, e-SIM, or embedded Secure Element,
So you could issue SIM-cards / eSIM profiles that only do signatures and nothing else. The app then connects to such eSIM (and you keep your main SIM/eSIM in another slot).
The less stupid variant is, of course, to get mobile operators to issue SIM cards with e-sign capabilities. Estonia has that, for example: https://www.id.ee/en/mobile-id/
It works great. Just keep in mind that newer phones are starting to deprecate physical SIM slots. At the same time certifying eSIM implementations to the same EAL level is an absolutely crazy task.
This is simply unconstitutional and should be escalated ASAP if you don't want to end it before the appropriate court in Leipzig, Karlsruhe, or maybe Luxembourg.
GrapheneOS uses standard Android APIs for hardware attestation (as opposed to Google-specific ones), so why don't you just use those from the get-go?
If this is your plan, please go back to the drawing board.
Provided you know the secret key to a government-issued certificate. Making it impossible to copy said certificate is not really a requirement for identity verification.
Rooted, wildly insecure devices can pass the attestation easily: https://magisk.dev/modules/play-integrity-fix-inject/
Safe, updated devices cannot unless they permit Google to run their surveillance services in the privileged, unconstrained mode.
I think we need some fingerpointing that EU officials strive to avoid.
Authorities/anyone could verify that it's not counterfeit. And photo should be checked anyways to match the person.
So I also don't see the need for attestation. For ID check it should be ok without. For signing stuff ofc it is not resistant to copying. But EID smartcard function already exists.
While it's dramatically worse than devices Google refuses to certify (ie these not running their spyware as privileged services).
> We have to use some kind of attestation mechanism per the eIDAS implementing acts.
What does this attestation need to prove? Is this only about ensuring that private keys are managed by a secure enclave or a TPM?
> we have support for other OSs on our list (like, e.g., GrapheneOS)
I appreciate that, even though I am really not enthusiastic of eIDAS. But time will tell. Thank you.
Concerning secure enclave - what other device except iphones and Pixels have it actually safe?
It’s also illegal on both accessibility grounds as well as violating the eIDAS spirit of no dependency on specific providers.
By shrugging it off as “not great”, you’re also dooming every citizen to have to comply with whatever whimsical terms of service Google and Apple have.
Have you ever tried to unban your Apple/Google account? So in effect, everyone’s access to eID services will depend on some crappy automation some intern in California setup to detect “abuse” or whatever.
There are technical solutions to avoid this dependency and you’re probably getting paid to find, research and adopt them. So … do your job?
Or to put it another way, is a smartphone required? If not, that would already clear up a lot of issues, I think.
EDIT: Whoops, just saw the answer to another comment asking precisely this. So it's not a requirement. Good. Is there a legal framework that ensures that this remains the case? Otherwise, I fear it will become a de facto requirement over time.
If you read French:
* https://www.plus.transformation.gouv.fr/experiences/4531155_...
* https://linuxfr.org/users/jch-2/journaux/l-identite-numeriqu...
Nice... so the rush is to delegate power to the large American platform?
https://www.heise.de/en/news/Paying-without-Google-New-conso...
Sounds like these "eIDAS implementing acts" are the problem, and were influenced by ulterior motives.
What is your fallback for such an important vital service?
Edit: but as pointed out elsewhere in the thread, Play Integrity is not the only way to do hardware attestation on Android. GrapheneOS devs have a guide: https://grapheneos.org/articles/attestation-compatibility-gu...
So avoiding proprietary Google stuff altogether is possible and we should encourage it.
I don't think it's possible. And indeed, avoiding is possible and better, but the companies choose lie of play store "integrity".
Excellent. Massive respect to you for doing this. This attestation business is an existential threat to "other" operating systems. I'm glad to see people are putting effort into supporting them.
For those that do not know, that is the only way to get the Google account back is to use a hardware 2FA in the first place....
AND yubikeys are $60 per yubikey...and generally you want 2 including a backup
Companies and providers (like banks) have to support it, but use is voluntary.
Check out the spec and legal framework, it actually makes sense and is open to different implementations, though you might need to certify it.
Kinda like the discrimination DB does for people using paper tickets vs those using the DB Navigator app.
As a separate device, it should be offline always IMO, and perhaps the size of a passkey. Or one of those banking devices with a display that show an authenticated text saying what you are confirming.
Private smartphones are excluded already.
Translates to:
"We have to make sure citized accessing the public service have not control over the device per the eIDAS implementing acts"
You should be ashamed of being involved in this monopoly handover to American big tech.
Yes, I assume malicious intent, sorry, seen this happen enough tines recently.
We're talking about a state-issued digital identity system, the European equivalent of your ID card, that cannot function without accounts at two US corporations. That's not a UX limitation. That's a structural dependency on foreign infrastructure for core state sovereignty.
The concerns aren't abstract. The US has a documented history of mass surveillance programs (PRISM, XKeyscore) that directly targeted European citizens and governments. Both Apple and Google operate under US jurisdiction, which means CLOUD Act requests, national security letters, and executive pressure are all legal avenues for US government access. PlayIntegrity is explicitly described in your own architecture docs as a black box: "we do not know what they are actually doing in their backend." A critical security component of a state identity system, and you don't know what it does. That's not an engineering trade-off, that's an accountability gap.
GrapheneOS being "on the list" is not reassuring. It means the system launches in a state where European citizens who have actively chosen to reduce their dependence on US Big Tech are excluded from their own national digital identity infrastructure.
The EU passed GDPR to establish digital sovereignty. It's building eIDAS to establish identity sovereignty. Baking in a hard dependency on Google and Apple at the attestation layer undermines both, by design, at launch.
Cost saving measures.
Its funny to see that I can access the bank account through FaceID but to actually make a payment I need to use an SMS code.
You can even run it on OpenBSD or TempleOS if you want to.
Do you realize where this path is going?
Certain European governments would have greatly benefited from KYC/attestation in the late 1930s had it existed.
The device chain is a classic misdirection, it seems everyone here is just following Meta’s lobbying to put this into the OS.
Even the carrier layer would be better than the mobile device layer.
Or, you know, just look at Singapore’s or Swiss National SSO - it functions on an app that layer just fine, no issues
See https://github.com/eu-digital-identity-wallet/eudi-app-andro...
So with a Jolla phone and Linux laptop, I am left in the cold.
It is absolutely insane to put this amount of power in 2 foreign companies that will be able to destroy your life with zero reason, oversight, or due process.
Source: I have a banned Google account (it's over 20 years old at this point). I know the password, but Google doesn't let me log into it. Every few years I try to unsuccessfully recover it.
If you have a Google account and having it banned would be a problem for you here's my advice: migrate. Right now. You never know when one of their bots will deem you a persona non grata.
I hate to say it but the form factor of those crypto hardware wallets might be a good compromise between smartphone and very low level tech. Non-tech folks should be able to use them too, a struggle that the crypto space is constantly working with
The point here is that Waymo requires either an Android account or an Apple account to log into their phone app. Lose that and you cannot take a Waymo. This may be worth a formal complaint to the California Public Utilities Commission, because Waymo is regulated as a common carrier.
California civil code section 2170:
"A common carrier must, if able to do so, accept and carry whatever is offered to him, at a reasonable time and place, of a kind that he undertakes or is accustomed to carry. A common carrier must not give preference in time, price, or otherwise, to one person over another."[1]
This is the core of what it is to be a common carrier. An airline can't require that you join their frequent flyer plan to fly.
As long as the capital city is in Washington, this is normal.
Contrast that with chat control.
My government can read my WhatsApp messages? Not good!
What’s the non-technical narrative here?
[1] Maybe with cash, for now, but cash is clearly not long for this world, and your bank account will be inaccessible already.
> Get banned from society for life
Like every school shooting, every energy crisis brings opportunity to saturate the airwaves with shallow noise that gets people overly upset and they’ll ignore everything else.
Every player on both sides is abusing this mechanic for all eternity.
What worries me is that it's a real global problem in all of our non-autocratic societies. On a positive note, I can see how this is actually becoming a common understanding and gaining traction, as hyped AI products are seen by some as 3rd-party- or SaaS-killers. It seems like we know how to differentiate between independence and dependence, and evaluate any risks affiliated with such a decision. But it baffles me that this differentiation manages to float as some ironic stream in our Zeitgeist, and just barely manages to be taken seriously.
Public debate and assessing politicians and parties would be so much cleaner then if they couldn't use polarizing issues to rally their support and do w/e they please on all other issues.
Although it is a more recent development since a certain billionaire (what else) took up politics as a side hustle.
So far the best modern improvement I’ve seen (and it could be further improved of course) is the increasing use of citizens assemblies.
At least their version has an obvious solution: Make electric cars and solar panels and then stop having oil problems.
Parents can't control what their children are doing 24/7, and neither should they. But they should expect a society where children are protected from billion dollar corporations stealing their attention and radicalising them, at least until they are old enough to leave mandatory schooling.
There are many "real world" age restrictions that exist, and we have decided those are of benefit to society in general. The "online world" is no different.
If we can't have age restrictions online then they should just be abolished in the real world as well, in the name of preserving "privacy and freedom". The online world doesn't exist in isolation like it did in the 90s and 00s.
Also the EU and all those states are also highly incompetent and pretty much only depends on low quality contractors. For example there is very little discussion and info about the fact that the EU digital infrastructure just got owned by what seems to be a random hacker group [0].
- [0] https://cyberalert.com.pl/articles/shinyhunters-eu-europa-br...
The issue isn't the phone, it's that a __government__ is depending on an unregulated private enterprise.
What does this "crimes against currency" mean? I live in several countries at once with different currencies, and I never had a problem with this. And top of this, I travel a lot. I have accounts in 5 countries, in 6 currencies. Should I pay attention to something?
When you realize the tiny tiny percentage of people that have a phone that is not apple or google, you understand why few people are up in arms.
It simply doesn’t affect many people.
A: exclude these people from society or force them to switch to big tech, and
B: accept the consequence where a single other country holds access to everyone's identity information for convenience reasons (because it works for the 99% that are too tech-illiterate to install software that they control instead of the other way around)
You write it as if companies provided tons of help to parents and children. Meanwhile, they spend a lot of money to make it as hard as possible.
Second, kids in Germany have generally a lot more freedom and there is less of knee jerk impulse to blame parents for every accident. Expectation is that adults dont harm them without parents having perfect control every sevond.
It's also ridiculous how it seems we've forgotten computers other than smartphones exist and that not everyone even has a smartphone, let alone with an Apple or Google account.
Great, I can pay with a digital Euro, Wero or something else, without routing my payments via VISA. I just can't do it without an account with Apple or Google. I'm absolutely baffled by politicians, regulators, banks, merchants and implementors lack of ability to think more than one or two steps out.
Sure, the EU is forcing 3rd. party app store, but no one is using them, so no one is pushing apps to them, especially not governments, banks or payment services, they'll be the last to use them.
Wero however is currently only planned as an android/ios app period. There are rumors that a card will come but that's only rumors for now.
In your list of groups to be baffled about I would add journalists. You see many articles about Wero mentioning digital sovereignty, but have you seen any that criticize the required banking apps only being available in google's and apple's app stores?
The regulations sometimes feel like additional burden of the user, but not for the manufacturers (aside for the attestation logic); consider:
> (MEETS_STRONG_INTEGRITY requires a security patch in the last 12 months)
Think about how this essentially codifies planned obsolescence due to not forcing the manufacturers to maintain the devices for life.
Yes and if you look back this is not new. Just look at the extraordinary restrictions that apply to:
- What houses you can build,
- What vehicle you can drive,
- What food you can grow and sell.
The result is real estate has become unaffordable for younger people, our car industry is being annihilated, and the agriculture sector hold by a string.
The digital realm enjoyed an unusual level freedom until now because the silent and boomer generations in charge in the EU understood nothing about it.
Now that the EU is getting involved in "computers" we are starting to understand why peasants have been protesting in Brussels and calling those people insane for decades.
Austria's courts also ruled ages ago that rooting your own device cannot be a legal reason for OEMs like Samsung to refuse warranty coverage, since you can run whatever software you want on hardware you bought.
Maybe your country sucks? Don't blame it on the EU.
That's just not possible, or should the system be legally required to run on an Apple II?
If only currently popular platforms are to be supported, how could a new platform join them in the future if the use of existing ones is mandated by governments?
The viable solution for that is to provide a trusted hardware implementation that can be used with any computing platform that has a documented interface. It can't be a software-only implementation, basically.
The technical solution is a hardware root of trust. This is typically a specially hardened chip in the device. A Trusted Platform Module (TPM).
Your Apple ][ does not have a TPM. It cannot run software that can assess it's identity in a trusted manner.
This may not be unwelcome for authorities considering the recent extrajudicial “unpersoning” of many political enemies in the EU.
I don't think it's a bad idea though. If only for bringing the issue to the public
And while I do think an alternative would be good, the fact is that protecting the private key is the most important part (for example by keeping it on a smartcard with NFD) - hence why the need for a secure device
"but I want to install alternative Android etc etc" yes that's fine - but you know this is a non-secure-(enough) env.
But then to save cost including the support cost banks stopped and instead started to require a non-rooted Android/iPhone.
But I think there are still cell operators without sim card
I feel like this is getting to the point of gaslighting. Many of the allowed devices are bargain bin Android phones running out of date software with known vulnerabilities in both the operating system and the hardware which is supposed to be protecting the keys.
Meanwhile you could be using a hardware security module in a bank vault in a nuclear bunker surrounded by armed guards and the excuse would be that this "isn't secure" because it hasn't been approved by Google or Apple.
Governments shouldn't be requiring you to use any specific vendor or set of vendors. They should be publishing standards so that anyone who implements the standard can interact with the system.
Yeah you could, but most people won't
Should they allow for a yubikey on a non-google phone? Or your own private key? Yes they should. But then there's the issue of enrollment, etc.
No I do not. It is plenty secure compared to a corporate version and nobody should be legally able to deny service over me having control over my own computer.
Needing the entire OS to be secure to protect a key is also a dumb idea in general.
This is the final step in the road to full remote attestation, thankfully PCs already come with Microsoft Pluton chips[1] to make it easier.
[1] https://learn.microsoft.com/en-us/windows/security/hardware-...
This feels like laziness from German implementers, as they don't want to (quoting the spec literally) "implement a mechanism allowing the User to verify the authenticity of the Wallet Unit".
0: https://eudi.dev/latest/architecture-and-reference-framework...
1: https://eudi.dev/latest/architecture-and-reference-framework...
https://github.com/eu-digital-identity-wallet/eudi-app-andro...
> We understand your concerns and truly appreciate your suggestions. As previously mentioned, this is not something that is enforced by the reference implementation — these are simply recommendations, not requirements, for any wallet implementer. That said, we recognize that this is a sensitive topic, and we may need to revisit it, even at the level of recommendations.
> The README files for both the iOS and Android Wallets have been updated to mention only OWASP MASVS compliance, without referencing any specific APIs.
I understand their position, but I also get the concern, especially around existing implementations like the Italian app. I think it's mostly that they have different priorities than ensuring that the reference implementation is a perfect guideline for member states.
This looks like a good vector for a European Citizen Initiative around removing all technological dependency on non-EU providers.
Either the government secures internet payments themselves, which means spending now to do so, coming up with a plan, ... or they can have Apple/Google do it.
1. Google and Apple have a much larger ecosystem and are entrenched in their OSes, which means that they have a much better picture of the user than any government app ever will. They also have surveillance mechanisms that government apps are unable or unwilling to implement. This helps detect and prevent fraud (fraud prevention is mostly just mass surveillance used for good).
2. The eIDAS standards enable anonymous assertions about your identity. This lets you prove your age to a website / app without revealing any other information. There needs to be a way to prevent you from generating millions of such assertions using one ID and giving them out online to anybody who wants them, verified or not. The way you do that is by limiting their generation to trusted hardware, using hardware attestation mechanisms. Google and Apple provide those.
3. Pure laziness. It's an issue that <1% of the population cares about (which is hard to notice if you're in the HN bubble). Almost nobody uses a modern, eIDAS capable smartphone without a Google or Apple account. They may have decided that the part of the population who cares about this just isn't worth pandering to (just like some government institutions may decide that vegans aren't a part of the population they're interested in pandering to).
For 99% of smartphone users, you can't get apps onto their phones without Apple and Google signing the app and letting you into their store, and users can't install the app without an Apple/Google account.
Why remove a dependency on Google, when you'll still be 100% dependent on Google?
Anybody working on "Digital ID" has already made peace with the fact that it can be turned off overnight if Trump says so.
https://en.wikipedia.org/wiki/Edward_Snowden#Revelations
The existence of eIDAS itself is already a big problem. They're going to try to gradually push laws to make it so that you'll need a government issued signature to do anything. That's when they'll have total power over you because they can simply refuse to issue.
Modern computing and communications technologies can be leveraged to build infinitely stable authoritarian regimes. It's even possible for democracies to stumble into it on their own as they attempt to regulate these new technologies. In hindsight, the Internet was built wrong. It has a top-down structure which all of human civilization is beginning to mirror.
The more this signature is necessary the harder it becomes to deny issueing it to somebody.
I don't see how this changes much compared to nowadays. You can already require an ID for all kinds of these and the government already has total control over those. So what changes? China manages to ruin the lives of the people illegally born under the 1-child-policy for decades already, all without systems like eIDAS.
You can't protect yourself from authoritarian regimes with tech or good policy since those will just get ignored. Look at Trumps war with Iran, where did Congress agree to it?
I'm not a fan of these systems either, I also think software should be open and no vendor lock-in should exist. But I don't think this will change much to be honest.
Right now, physical ID is only required for government services, for the most part. But digital signatures can be extended later to gate all services and purchases, both online and physical, including non-government ones. For example, you can't host a website without a gov approved signature for each website.
Under a system like that, you would rarely find out when the gov refuses to issue a signature, or when any kind of injustice happens, really. Websites where people can talk about bad things happening to them will simply be denied a signature to legally operate, so they're given the ultimatum to "voluntarily" censor posts, or be shut down. It becomes impossible to have this very conversation on a public platform with any kind of meaningful reach. And they already have this kind of system in China, since you brought it up. In fact, they have domestic surveillance systems that make the Snowden disclosures look cute.
And in the EU it's already nearly the case. The dystopian horror that KYC/AML has become for honest citizens is beyond belief. And they're of course hiding behind the excuse that "bad guys are laundering money": but going after actual drug dealers, of course they're not doing that. We now have articles wondering if Belgium (where most of the EU institutions do live and where all these totalitarian laws are passed) has become a "narco-state" (where criminals make the rules).
People's life can be ruined when some employee, somewhere, decides he wants to bumps his SAR quota (Suspicious Activity Report): you can have a real-estate transaction fail (and have hence moreover to pay a 10% penalty to the other party) if either a notary, bank employee, real-estate agency employee decided that they've got the nostalgy of the Gestapo-time and decided to act like a good little nazi (yes, Godwin's law: for we're literally talking about totalitarism).
I recently had an notary's employee bother my brother for the source of funds when he bought an apartment... A quarter of a century ago. A quarter of a century ago and he was talking to my brother as if he was a criminal for he didn't have access anymore to the bank wire transfer from 25+ years ago. It's crazy for the exact same controls had already been done 25+ years ago when he bought the apartment. And the notary's employee fully knows that. (regarding that case my brother is currently looking into the national federation of notaries and he's going to file a complaint: he's got emails from that notary's employee that are totally out of line).
The problem is way too much power over the lives of others is put into the hands of petty people: petty bank employees, petty notary employees, petty public servants. The same kind of people who were all too happy to out jews during WWII and who were making sure trains would leave on time.
I previously had a folder where every single money transfer of more than 10 K EUR was saved: I know do it for every transfer below 5 K EUR. And these are to be kept forever for I know that me or my wife or my daughter shall invariably meet motherfuckers asking them "proof of the source of funds from 30 years ago when your father bought that collectible car" (worth less than 20 K back then btw, but worth 6 digits now).
Just fuck these systems and fuck anyone working on it and fuck all the nazis participating in it.
They might have some great software _somewhere_ but I have yet to see it.
It does not have good UX because good UX was never the objective.
This was more than 30 years ago. Now we have a great culture of overregulation.
Everyone is trying to cut costs so as to be able to compete there and Europeans are paying the cost of financing this.
Personally I'm going to wait until the average car age in China crosses the 10-year mark to get a new vehicle. Until that happens there will be no incentive to think about longevity.
See also this issue from 2025 where the developers responded: https://gitlab.opencode.de/bmi/eudi-wallet/wallet-developmen...
AFAICT, there is no mention of an Apple or Google account being required in general - the documentation just lists "signals" that are used to securely authenticate a person - such as Google's/Apple's security ecosystems. I am not sure what this means in practice. Can anybody with deeper understanding explain the actual implications and possible outcomes?
(Note: BMI is the German Federal Ministry for the Interior)
Explanation: https://mastodon.social/@pojntfx/116345725515845020
There is in practice no known way around it for now, and even less so one for regular people, to use this on a device without a Google account
Yeah, quite ahead in terms of making anonymous phone numbers illegal and requiring the government to know your phone number.
And if you don't want to use a smartphone, ID Austria does not work with regular FIDO security keys, you need special ones. Same for the old SmartCard system which didn't work without government-mandated malware.
It seems to imply that the already existing way of authenticating via eID, which is the auth chip present on our ID cards, will still work, if I read it correctly? I understand OP's link to refer to a new, alternative system, that can be used without the ID card.
But take this with a grain of salt, I'm not very well informed about the whole topic.
If you have a FIDO device on your (physical) keyring or a keyboard with a smart card reader or some kind of NFC transceiver connected to your PC, the problem is technically solved - just not practically.
Adding to this: anyone older than 12 years old is required by law to have their government issued ID on them at all times when in public. If your ID is suddenly your smartphone, you're essentially required to have that on you 24/7. Dystopian spyware.
Around a decade ago I was working at a company that used smartcard login for authenticating to internal sites. I've heard of many others doing the same. USB card reader worked fine in both IE and Firefox at the time, so I take your statement to mean that we've somehow regressed since then (not surprising) or this was an isolated instance of success (less likely, considering the US government also uses this: https://en.wikipedia.org/wiki/Common_Access_Card).
Tragedy of the commons, nobody seems to have bothered to work on it. It's not like Chromium or Firefox wouldn't accept contributions.
A paper or certificate can prove an entity trusts your identity to be <firstname, lastname, etc...> but that shouldn't be your identity.
You just are. Not your google Id, not your Apple Id either of course.
Governments are lame.
>You just are/I just am
Is not an acceptable thing to say to a bar tender when being served an alcoholic drink when you're 22. You hand them government issued ID.
I'm not arguing against government ID, I'm saying identity doesn't have to be that piece of paper, or that Google ID.
Analogy: if google ID is your primary key in your User table, then you're cooked. Instead use a uuid for the PK, and add Google ID as just another id. But the identity is the PK.
In 2019, the EU created an eIDAS compatible European Self-Sovereign Identity Framework (ESSIF).
How is the government lame, here? We've had the infrastructure for 7 years now.
You can't have a government issue a Self-Sovereign identity to you, it's an oxymoron. They can only issue credentials. But then they'd feel like they're losing control, so they pervert it. Now they call it SSI but it's just digital credentials.
The very title says it all: German implementation of eIDAS will require Google or Apple ID. That's not self-sovereign identity.
And that's why I find it lame.
Either governments can develop (and pay for) THAT technology, or they can use Apple/Google ...
Government software is usually low-quality, expensive procurement crap, often riddled with security holes, and an exercise in checkbox checking. UX and user friction can't be expressed as a verifiable clause in a procurement contract, so they're ignored.
Besides, every time EU governments tried to force smartphone manufacturers to pre-install government apps, the population freaked out over (unwarranted) surveillance concerns. This isn't something you can do without pre-installing apps (you don't want these APIs opened up because then attestation loses all meaning).
Not necessarily the company that locks out entire family because one of the family member jacked off on the chat with Gemini model.
I mean you could use Huawei and others, but the FUD campaigns against chinese manufacturers was pretty agressive in the EU.
So one may argue that the implementers are only taking the pragmatic approach regarding something that is out of their hands.
Also you weirdly forget all the Chinese phones. There's also some tiny European brand which will have absolutely no way to limit their users dependency on the famously hostile and unconctactable provider.
> unknown system image (e.g. custom ROM)
Oh no, what a horrible crime, somebody dared to modify operating system on their own device..
Gladly.
There was a time window 2 years ago where it appeared that I need an actual phone number to do my taxes, but even that was replaced with something more universal.
If you don’t have an iPhone or an android, you can get a physical one time password device.
The MitID design is strange, but in this regard it is well done.
Requiring citizens to have (buy) some device to simply prove they are who they are seems hostile and dystopian to me. Some say it’s the future; I’m not convinced.
However, if you were to allow me to use my pocket computer (and nothing else) to prove I am who I say I am, you would want to trust that I am not pretending to be somebody else after extracting private keys from their phone or whatnot. I.e., you would want to require some sort of trusted computing.
Currently, that seems to only be provided by closed ecosystem phones.
Even still, I think it’s a mistake to be rolling out eIDAS as a mobile app first. The specification allows for this to be a dedicated hardware key (maybe even something YubiKey-like, and the EU already requires all phone manufacturers to have USB-C), so why not start with that.
Actually, that is not what’s happening. Based on further research, the use of eIDAS is required to be left up to citizen’s decision.
BUT government do not want sovereignty more than they want snoop on citizens.
You're linking to a bugtracker. I doubt they're inviting people to spam it with duplicate entries — valid as I think the concern is. But maybe it says somewhere that you can leave feedback here and I just haven't seen it?
From their README:
> We are interested to receive feedback on all aspects described in the document. To provide feedback, please file an Issue on OpenCoDE.
https://gitlab.opencode.de/bmi/eudi-wallet/wallet-developmen...
Because you'll be stonewalled by devs because they can't really changer decisions made bu higher ups.
Edit: I'd sign it, but don't want manage and diffuse it.
> MEETS_STRONG_INTEGRITY also includes the requirement that the device has received a security patch _within the last 12 months_
Good luck with that.
These are expensive products, you need depth of expertise and experience to create a system that could compete with the likes of gmail and Microsoft and ... so it's not a wonder that this hasn't happened yet. But pretending like this can be a public service is foolish (too high stakes ~~if~~ when it gets hacked), and pretending like existing providers that offer identity and email are sufficient is equally foolish. Google and ms and apple etc all offer the basics for free, and this is necessary for mass adoption. It will be an expensive project. But necessary, if the eu wants strategic autonomy.
---
Oh and requiring a us based account is not even the most egregious part of this proposal, ffs
We're currently paying a small tax to the US for each card transaction we have.
Play Integrity could the worst offender here, as it can be leveraged to force a user to have installed the app through the Play Store. Indirectly, requiring a Google account.
These days an ID system that doesn’t work online is next to useless.
https://www.ausweisapp.bund.de/en/open-source I just saw that it's available in alpine.
So I tried installing it on my postmarketOS smartphone and it runs out of the box: https://i.imgur.com/nRIAyrq.png
My Shift6mq is listed has not having NFC support in postmarketOS, so I can't actually test it, but I assume the USB card reader option will work once it's supported.
App attestation does not require an Apple account nor a google account. For Android, it does limit the ROMs to Google certified ones and requires GMS to be installed if Play Integrity is used. An alternative option, would be to use the Hardware Attestation API directly, GrapheneOS would be thanking you.
I've spent a good amount of time implementing exactly this type of system for a backup service.
his document specifies a way to cryptographically attest the integrity of a HTTP request hitting a server.
The attestation proves the request came from a device and attest the legitimacy of the bootloader, OS and app.
Google and Apple are in a privileged position to be able to bypass the app attestation though, so depending on the threat model, it's not bulletproof.
edit: Play Integrity could the worst offender here, as it can be leveraged to force a user to have installed the app through the Play Store. Indirectly, requiring a Google account.
To me, there is no difference between your sentences. You require the blessing of an American company to be able use eIDAS. Google has the power to disable eIDAS at a national scale by making the attestation services treat all devices as not certified.
There should be NO reliance whatsoever on a private company not under the control (direct or indirect) of the government let alone a foreign private company.
Edit: I just noticed your username and the fact that your account is very new. Are you astroturfing?
App attestation can fail on simulators, Graphene OS, dev builds, I've seen it all. There is one check you can do to see if an app was side loaded, so indirectly, can require Google account.
Title is still misleading though, as it explicitly mentions accounts.
But in pure technical & UX terms, you don't need to be logged in.
The problem with modified phones containing malware is very real and unless you want a full on Apple "you're not allowed to touch the OS" model you need some kind of audited OS verification that you as a user or a security sensitive software can depend on.
And this malware is largely based on open source code (Linux) that was originally developed on open, documented hardware, where the firmware boot loader did nothing more than load the first 512 bytes of your hard disk to address 0x7c00 and transfer complete control to it.
Yes, there were viruses that exploited this openness, but imagine if Linus Torvalds would have needed a cryptographic certificate from IBM or Microsoft to be allowed to run his own code! This is basically the situation we have today, and if you don't see how dystopian this is, I don't know what more to say.
I will never understand why such an overwhelming majority of people seem to just accept this. When frigging barcodes where introduced, there were widespread conspiracy theories about it being the Mark of the Beast -- ridiculous of course, but look at now where in some places you literally can't buy or sell without carrying around a device that is hostile to your interests. And soon it will be mandated by the state for everyone.
Google must be destroyed.
There is a mixure of incompetence and big tech aggressive lobbying on gov 'standards' all over EU... making anything internet hard locked on big tech ultra-massively complex software, protocols and file formats.
In my country, it is the web: classic web support interop was actually killed 10 years ago. Now, only web apps requiring one of the gigantic and ultra complex web engines from the WHATNG cartel are working. No more "small' web engines (including their SDK) does work, and it did close the door for good to anything 'not big tech' (here the WHATNG cartel), what a bummer, oopsie!
In means in my country, to interact with the gov agencies and dependencies, you are now FORCED BY LAW to use only WHATNG cartel web engines. Wow, corruption (there is big public money there)? brain washing grade lobbying (what seems to be the case)? incompetence (always expected on complex matters)?
To add insult to injury, in my country, the ONLY person who have the power to fix that is the prime minister (then also the president). Oooof!
Of course, very simple classic web sites do work on 'smart phones' (apple did threaten to remove its browser... we know why: to force a technical hard dependency on them since they have a significant amount of the "market").
We all know their weak spot: a simple and stable in time, "good enough" to do the job, set of existing protocols/file formats (to protect the SDKs, I would include the computer languages, for instance excluding c++ and similar for plain and simple C and assembly to protect against the obviously ultra-complex SDK components): it will reduce dramatically the complexity and size of any current and future, local, implementations.
What's seems to be happening when I look at that: some people all over EU countries are trying to fight their way out of big tech because of gov officials probably being brain washed by lobbying (do not exclude the possibility of "corruption" and there is always some level) of incompetence which is expected).
Since it is happening in France and Germany, core of the EU...
Now what?
Fascism is the reality.
And its global.
Global fascism is what is already the case.
As an example, an EU citizen working in Sweden should be able to submit Swedish tax forms whilst living here by using a digital identity from the originating nation.
There are also some standards in place like ETSI standardized extensions to PDF signatures so that you can verify that a signature inside the PDF was actually signed by a specific physical person (the standard is there but it's not fully used throughout the EU yet due to some legacies).
Implementation is a bit of a mess still but things are converging.
Slovenia hands out certificates for online government services, including document signing, and it seems to be going fine, with the added benefit that Google can't take away my access.
The big question is how to let users properly handle their certificates so they won't get abused into being useless.
If I understood it correctly, the German current Ausweissapp seems to require NFC to read it from your personal id card together with a PIN code you got with the card, it's not entirely user-friendly since aligning the card with your phone seems to be prickly.
Swedish BankID handles it internally in their app (unlocked via PIN's) but they don't have a good way to use it to sign things (It all relies on the infrastructure even if they give out signature documents it's not compatible with pADES).
There's a new govt sponsored one that I assume will piggyback on the personal cards/passes that are readable via NFC.
Norway and Denmark iirc supports proper signatures but I don't think the certificates are under user control (someone correct me if I'm wrong here).
Now these things are mostly issues for document signatures, authentication is often handled via other flows.
What I skimmed from the article, it seems to be more in line with Swedish BankID and is actually fairly smooth for end users even if less secure than what they have now with Ausweissapp.
Eidas tries to harmonize these implementations across EU member states.
Several paid providers for X.509 certificates exist but document signing certificates cost around 80 € per year [0]. And if I want duplicate X.509 certificates for my redundant Yubikeys then the cost doubles.
Other providers require an initial deposit and then charge per signature [1], which leads to intransparent pricing. In the interest of open commerce, I strongly believe that securely signing an electronic document should cost the same as my manual signature, i.e. nothing.
A partial solution already exists because I can use my electronic ID card with the AusweisApp to prove my identity when interacting with German authorities. This feature is generally useful because I live outside of the EU, but I especially appreciate that I can have my OpenPGP key signed by Governikus (a government provider) to prove the key belongs to my name [2].
Technically, I should be able to use my certified PGP key to sign documents, but in practice most non techies don't know how to validate my signature. For the average user opening my signed PDF in Adobe Reader, I would need an X.509 certificate from a trusted Certificate Authority for users to see the green check mark.
[0] https://shop.certum.eu/documentsigning-certifcates.html
[1] https://www.entrust.com/products/electronic-digital-signing
- someone sends you a docusign link
- you sign up with your email
- you sign with your name in a cutesy font
Theres a dispute? Well it was going to end up in court no matter how you signed it anyway. This has all the hallmarks of a design by committee project by people whose salary is paid regardless of demonstrating market fit, productivity, usage, plain sensibleness...
Can I also send the Docusign document via Signal without Docusign knowing the person who signs it?
Because that is what the eIDAS is supposed to deliver on top of cryptographic validation of signatures.
The fact that it's ALWAYS a docusign is the ridiculous part. It is just a glorified where you enter your name and email. No need to pretend otherwise. Any other service would be just as good. This is basic human sheep-like behavior?
I did not know that root CA keys are generated in faraday cages?? Multiple custodians persent, then kept in tamper proof vaults.
I had no idea until I saw this visual breakdown - https://vectree.io/c/public-key-infrastructure-pki-and-certi...
I assume this should be "intra-EU"? I'm not very familiar with eidas so I'm not sure, but afaik it's about signatures within the EU, not between different EUs (as there is only one in this world). (I hate this inter/intra wording, always have to translate it in my head to understand whether it's like internet (between networks) or like intranet (within a network). Would recommend using "within-" instead of intra whenever it's not already a well-established word, like intranet)
electronic IDentification, Authentication and trust Services
Does this lock Germans out of society if they dont buy American tech?
Sometimes I wish the Germans had an island of their own somewhere up north near the american continent.
It is so clear how lobbyists operate here. I'd call it undermining national sovereignty.
Please prove me wrong, I genuinely want to understand the implication of the linked document.
It's an account requirement in a roundabout way.
What I don't understand is: ELSTER (taxes) already uses electronic signatures, don't these signature already fulfil the requirements of eIDAS? Why do we even need Google/Apple?
GDPR good, but oh no... gotta spy on everyone now.
