German implementer here. We have to use some kind of attestation mechanism per the eIDAS implementing acts. That doesn't work without operating system support.
The initial limitation to Google/Android is not great, we know that, and we have support for other OSs on our list (like, e.g., GrapheneOS). It is simply a matter of where we focus our energy at the moment, not that we don't see the issues.
verbalize2224 26 minutes ago [-]
You should think about how easy it is to permanently lose access to your Google account for very trivial issues and Google doesn't offer any form of recovery. That in addition to the current geopolitical situation should be reason enough not to rely on that for any justification.
And personally as a software developer myself i know that nothing is more permanent than a temporary solution. No one will prioritize or give budget to change it later "because it works"
ghighi7878 5 minutes ago [-]
Tbh, I feel this is stupid.
Banks are giving out QR Tan. Optical TAN devices which work with credit cards and it has been going pretty well. Why can eiDAS not have something similar. Distribute hardware tokens. Get rid of dependency on any OS.
ibbtown 24 minutes ago [-]
Why is a trusted device chain needed? It will put more trust in the potential Chinese device maker and American software companies than the user who's id is shown?
kodebach 14 minutes ago [-]
Simply because the law was written that way. But also the whole idea of identity verification becomes pretty useless, if there is no chain of trust. You could run a modified client that lets you assume any identity you choose, exactly the opposite of what eIDAS is trying to achieve.
notpushkin 9 minutes ago [-]
> You could run a modified client that lets you assume any identity you choose
Provided you know the secret key to a government-issued certificate. Making it impossible to copy said certificate is not really a requirement for identity verification.
reconnecting 15 minutes ago [-]
Humiliating disregard for sovereignty.
brador 23 minutes ago [-]
Google has banned many accounts of genuine users.
What is your fallback for such an important vital service?
notpushkin 13 minutes ago [-]
To play the devil’s advocate here: MEETS_STRONG_INTEGRITY on Android doesn’t require a Google account AFAIK. But it might change, of course.
Companies and providers (like banks) have to support it, but use is voluntary.
Check out the spec and legal framework, it actually makes sense and is open to different implementations, though you might need to certify it.
jahnu 26 minutes ago [-]
I wonder if there will be a big enough market for a very compact smartphone equivalent device that can be used just for credentials? A device that is offline on standby except when you need it. Perhaps the size of a car key.
AndyMcConachie 22 minutes ago [-]
You're screwed. This has been the way for a while now. You cannot exist in society without a smart phone and it's only going to get worse.
maccard 4 minutes ago [-]
If you can't exist in society without a smart phone already, how is it going to get worse?
HighGoldstein 14 minutes ago [-]
Essential services (banks, government services, public transport) generally still support SMS as an alternative to their mobile apps when there's no completely offline process.
ksjfjsmb 13 minutes ago [-]
Sich bei staatlichen Dienstleistungen auf Google oder Apple zu verlassen, kommt schon fast einem Verrat gleich. Trump hasst uns.
darccio 2 hours ago [-]
It makes no sense. eIDAS 2.0 specs don't require specific hardware [0]. They basically store verifiable credentials [1] and any other cryptographically signed attestations.
This feels like laziness from German implementers, as they don't want to (quoting the spec literally) "implement a mechanism allowing the User to verify the authenticity of the Wallet Unit".
Look at reference implementation. Maintainers resist removing google dependency for no good apparent reason. An if there is persistence without reason - there is a reason.
Why would this be? Bureaucracy / inability to change?
archerx 31 minutes ago [-]
Or someone could be getting kickbacks on the down low.
6 minutes ago [-]
jakoblorz 3 hours ago [-]
What if you „lose“ your google / apple account, like this sanctioned judge of the international criminal court? Crazy to imagine that we are still baking in dependency on US providers in european societies, even though there is clear indications we should be doing the opposite?
debazel 2 hours ago [-]
You wouldn't even have to be a high profile target like a sanctioned judge. Simply getting your account banned by some automated process that marked you as "suspicious" will basically render you excluded from society.
It is absolutely insane to put this amount of power in 2 foreign companies that will be able to destroy your life with zero reason, oversight, or due process.
hulitu 54 minutes ago [-]
> Crazy to imagine that we are still baking in dependency on US providers in european societies
As long as the capital city is in Washington, this is normal.
Animats 2 hours ago [-]
Then you can't take a Waymo any more.
_3u10 2 hours ago [-]
[flagged]
aparadja 2 hours ago [-]
This tone is not very suitable for HN. I’m sure you could start a better discussion if you gave it a proper try.
RandomGerm4n 2 hours ago [-]
I attestation should be abolished altogether. An app should have absolutely no way of knowing what kind of device it’s running on or what changes the user has made to the system. It is up to each individual to ensure the security of their own device. App developers should do no more than offer recommendations. If someone wants to use GrapheneOS, root their device (not recommended), or run the whole thing in an emulator, a homemade compatibility layer under Linux, or a custom port for MS-DOS, that should be possible.
kodebach 6 minutes ago [-]
I agree, you should be able to run anything you want, root your device, etc., but you also have to accept the consequences of that. If an app can no longer verify its own integrity, certain features are simply impossible to implement securely.
Think of it this way: A physical ID (which is what we're trying to replace here) also has limitations, it looks a certain way, has a certain size, etc. Just because somebody wants a smaller ID or one with a larger font or a passport in a different colour or whatever, doesn't mean that this should be allowed or possible. Some limitations exist for a good reason
reddalo 2 hours ago [-]
Exactly. It's my own device, I can do whatever I please with it. There shouldn't be an automated way for apps to check if my device has been blessed by the US tech giants or not.
tsoukase 2 minutes ago [-]
EU depending so much on Goo/App feels suspicious for direct lobbying, as someone noted. If I were Ursula, I would draw a red line: no US digital dependence. But the rounding error of the rounding error of these trillion dollar companies is enough to expunge the nonexistent EU infra.
cebert 9 hours ago [-]
I am shocked that there isn’t more opposition from the general public to policies like this that erode privacy and freedom. I am a parent and can appreciate the need to control what children do on the internet, but at some point parents need to parent. I fear we’re giving up a lot of freedom and adding unneeded complexity under the guise of keeping children safe.
gmerc 3 hours ago [-]
Germany is distracted with its version of “the gun debate” aka speed limits.
Like every school shooting, every energy crisis brings opportunity to
saturate the airwaves with shallow noise that gets people overly
upset and they’ll ignore everything else.
Every player on both sides is abusing this mechanic for all eternity.
whilenot-dev 2 hours ago [-]
I think this view is too reductionist, as people can (and usually do) debate more than one topic at a time. The problem is that technological dependence isn't gaining enough precaution when commodity products are being discussed.
What worries me is that it's a real global problem in all of our non-autocratic societies. On a positive note, I can see how this is actually becoming a common understanding and gaining traction, as hyped AI products are seen by some as 3rd-party- or SaaS-killers. It seems like we know how to differentiate between independence and dependence, and evaluate any risks affiliated with such a decision. But it baffles me that this differentiation manages to float as some ironic stream in our Zeitgeist, and just barely manages to be taken seriously.
looperhacks 1 hours ago [-]
Nobody is seriously discussing speed limits right now ...
bluecalm 2 hours ago [-]
Imagine we had real democracy where people vote on issues.
Speed limits? Vote once every 7 years or so on it and be done with it. Same for abortion laws, drug laws, gambling laws.
Have a debate, vote, come back to it in 7 years if there is public interest.
Preferably vote locally on issues that can be applied locally (like speed limits/enforcement etc.).
Public debate and assessing politicians and parties would be so much cleaner then if they couldn't use polarizing issues to rally their support and do w/e they please on all other issues.
heavyset_go 48 minutes ago [-]
Popular vote would have made sure civil rights legislation never passed and everything down to the schools and bathrooms would still be segregated.
rcbdev 28 minutes ago [-]
What German civil rights legislation are you referring to?
jahnu 19 minutes ago [-]
I would hate to live in that political system. Just imagining the ways it would be gamed and the billionaire press would leverage these votes makes me shudder.
So far the best modern improvement I’ve seen (and it could be further improved of course) is the increasing use of citizens assemblies.
> every energy crisis brings opportunity to saturate the airwaves with shallow noise that gets people overly upset and they’ll ignore everything else.
At least their version has an obvious solution: Make electric cars and solar panels and then stop having oil problems.
lukan 3 hours ago [-]
The speeding debate won't go away with this, though, as speeding is not about oil.
ArnoVW 2 hours ago [-]
I believe the idea is that friction and resistance is proportional to the square of the speed. After a certain speed, every 10 mph extra starts to really count in your mileage.
krater23 9 minutes ago [-]
The idea is that some green ideologists think that when they don't need to drive a car because they don't leave their city, no one needs to drive a car. Because car driving creates CO2 which means car driving is bad. And they search for ways to implement that or make driving a car as bad as possible. Because they can't make the Deutsche Bahn better, they have to make driving your own car worse.
AnthonyMouse 4 minutes ago [-]
But then why not just make car driving not create CO2?
AnthonyMouse 3 hours ago [-]
You still can't get people upset about gas prices every time there isn't peace in the middle east once they stop buying gas.
baxtr 3 hours ago [-]
I think because most people, even tech savvy ones don’t understand how this might effect their lives. It’s too abstract. At least how it’s portrayed here.
Contrast that with chat control.
My government can read my WhatsApp messages? Not good!
What’s the non-technical narrative here?
TeMPOraL 2 hours ago [-]
> Write too many color emojis in a row on a YouTube livestream chat
> Get banned from society for life
hhh 3 hours ago [-]
Well, it affects a tiny percentage of people today, so why would they see it as impacting them?
TeMPOraL 7 minutes ago [-]
"My government can read my XXX" also affects only a tiny percentage of people today, but due to historical precedents and a lot of history and civics lessons, everyone thinks it affects them personally.
AnthonyMouse 3 hours ago [-]
Do people in Europe not intuitively understand that willingly making yourself [more] dependent on a foreign corporation is disadvantageous to you?
herbst 2 hours ago [-]
Do people outside of Europe do not understand how Germany is just a small fraction of Europe.
not_that_d 2 hours ago [-]
While true, it influences a lot in the EU
herbst 2 hours ago [-]
I don't think they influence more than France does. But I don't know, I live in Europe but don't care for the EU
reddalo 2 hours ago [-]
If you live in Europe you should care for the EU: not only it's the reason why there hasn't been a war for 80+ years, but if we can have a voice on the international stage it's because we are united instead of 27 small independent countries.
lukan 23 minutes ago [-]
Do you live within the EU, or in europe?
baxtr 2 hours ago [-]
Don’t feel bad! The EU cares about you as much as you care about the EU.
AnthonyMouse 2 hours ago [-]
People in Texas are in the US, right?
krater23 7 minutes ago [-]
No, most people aren't interested at all. They say it will nothing happen. Changed a little bit since Trump, but not enough to have really impact.
rufasterisco 46 minutes ago [-]
US dependency did bring a lot of value to a lot (albeit not all) of Europeans in past, specifically 1938-1988.
If you were born, raised and lived in that timespan, you might have developed a deep seated and hard to break habit to rely on that dependency for security and lifestyle/wealth.
Also, that same lifestyle is based on ignoring externalities applied to commons and/or events happening “somewhere else”, even when factually proven.
Little wonder and tiny bit ironic that the same principle has embedded itself so deeply, that it holds true even when the damage is inward, just a few indirections away.
On your side, yes, I think that “people in Europe” intuitively understand that, it just needs time to blossom.
The reputation/trust damage self inflicted by the current US administration is triggering a pushback that will expand into the future.
As a point in case, it will lead to reconsidering assumptions on habits that many generations of US businesses and diplomats have built.
Many in this thread point at difference instances of services that should be decoupled.
Connecting the dots, the larger picture looks painfully obvious to me: Silicon Valley never was a partner to be trusted, and certainly not after they built or bent every business to rely on an ad ecosystem that exploits users.
That original sin, on which a huge portion of Wall Street rests, is now at the center of discussions.
Hence, the EU will build tools to address this because it has to, but consumers will flock to them especially from the US, since at this point no one can trust SV companies on data privacy (since Snowdens at least), no one can trust the US administration to protect citizens (since Trump at least), and about half of the US is scared about what’s going on deeply enough (the emotional push needed to break the habit).
They will move their data it the EU (where else? China?).
This will be compounded by the fact that everyone tries to build better LLMs and to get AGI, while forgetting that LLMs work on data pipelines.
AnthonyMouse 23 minutes ago [-]
> The reputation/trust damage self inflicted by the current US administration is triggering a pushback that will expand into the future.
This barely even seems like the relevant part. If Google was founded in Japan and Apple in Brazil, it would still be foolish to entrench them as a dependency. It would barely even be better to do it with a local company.
> They will move their data it the EU (where else? China?).
This feels like hopium. Network effects are powerful and as long as the internet is actually global, there are really only two options: 1) Centralized megacorps, and then the US ones have both the US apparatus behind them and the incumbency advantage, or 2) open protocols where no corporation of any nation is a gatekeeper.
So for Europeans to get the hooks of the US incumbents out of them, their best chance by far is the second one, and that one is also mostly to the advantage of the Americans who aren't the existing incumbents, which is why it works. Start making phones with open hardware and social networks with open protocols and you can get people outside of your own country to use them because they don't much like the incumbents either, and that's how you reclaim the network effect. Try to clone the US megacorps without the US apparatus to get them established in other countries and they don't because they're wary of foreign central control, which in turn means you don't get the network effect and you lose.
But then it's not so much that data ends up in "the EU" as that it's on your own device and then backed up or distributed as encrypted chunks in a distributed network which isn't tied to any specific jurisdiction.
shevy-java 3 hours ago [-]
But there is nothing abstract here. A private entity, situated in a country that is very hostile and pro-Russia, controls parts of the software stack and implementation here. That's a law written by lobbyists.
heavyset_go 59 minutes ago [-]
[dead]
Ardon 8 hours ago [-]
As far as I can tell, people are getting blitzed. People I know are incredibly deep in their personalized bubble and genuinely aren't even hearing about it. It's genuinely distressing. In general and for the future of democracy.
whilenot-dev 3 hours ago [-]
It feels like this era of hyper-individualism requires too much attention from each individual and favors those that can afford to outsource the work. While that stabilizes the role of society as a system, I feel like this is most worrisome for the less privileged in any low-trust environment.
7bit 1 hours ago [-]
Because it requires tech iCal knowledge which 99% of the population don't have.
sunshine-o 2 hours ago [-]
This is because the EU is basically designed as a lobbying platform. Note that lobbying by its own citizen is possible and welcome but expensive and require a some coordination, so basically foreign actors and big corporations are dominating.
This is not a secret, the process is actually very transparent but it is "hidden" in all the documents nobody really want to dig into.
Also the EU and all those states are also highly incompetent and pretty much only depends on low quality contractors.
For example there is very little discussion and info about the fact that the EU digital infrastructure just got owned by what seems to be a random hacker group [0].
What percentage of people have a phone that is not apple or google?
indrora 2 hours ago [-]
My uncle has lost 4 Google accounts. Two to password loss, one to a fire, one to being banned for crimes against currency (having the audacity to live in several countries with different currencies)
The issue isn't the phone, it's that a __government__ is depending on an unregulated private enterprise.
ruszki 2 hours ago [-]
> one to being banned for crimes against currency (having the audacity to live in several countries with different currencies)
What does this "crimes against currency" mean? I live in several countries at once with different currencies, and I never had a problem with this. And top of this, I travel a lot. I have accounts in 5 countries, in 6 currencies. Should I pay attention to something?
isolatedsystem 3 hours ago [-]
I think the point is rather what percentage of people will continue to need to have a phone that is Apple or Google, due to death by a million decisions like these.
testing22321 3 hours ago [-]
Well the comment above was expressing disbelief that more people are not up in arms about this.
When you realize the tiny tiny percentage of people that have a phone that is not apple or google, you understand why few people are up in arms.
It simply doesn’t affect many people.
AnthonyMouse 3 hours ago [-]
This feels like arguing that people wouldn't object to having a shock collar padlocked around their neck because it's not currently shocking them. You don't have to see very many moves ahead to guess what happens if you don't object.
Whereas if the collar is touted as fashionable and the lock is hidden until it's engaged, now your problem is not that people don't care, it's that they don't know, which is different.
maccard 32 minutes ago [-]
I don't think this analogy comes even close to holding water.
AnthonyMouse 17 minutes ago [-]
So cementing a dependency on paperclip-optimizing foreign megacorps to intermediate all your purchases and communications doesn't allow them to influence your behavior?
maccard 52 seconds ago [-]
A dependency on a paperclip optimizing foregin megacorp is not remotely compara le to a "shock collar padlocked around your neck"
watwut 3 hours ago [-]
> at some point parents need to parent
You write it as if companies provided tons of help to parents and children. Meanwhile, they spend a lot of money to make it as hard as possible.
Second, kids in Germany have generally a lot more freedom and there is less of knee jerk impulse to blame parents for every accident. Expectation is that adults dont harm them without parents having perfect control every sevond.
shevy-java 3 hours ago [-]
The age verification sniffing laws will come to the EU and Germany too, so your assessment is, in my opinion, too limited and incomplete. It's not really about parenting, it is about grabbing more and more data from people.
AlBugdy 9 hours ago [-]
All these requirements for specific hardware and software are ridiculous. Let every citizen use whatever computer they want. It should be up to the user to secure themselves. Authentication should only require a password or a key pair. If the user wants more security, they can set up TOTP or buy a security dongle or something.
It's also ridiculous how it seems we've forgotten computers other than smartphones exist and that not everyone even has a smartphone, let alone with an Apple or Google account.
atanasi 3 hours ago [-]
The current policy trend in the EU is definitely not based on the principle of each user evaluating their own risk. On the contrary, service providers like financial institutes and identity providers have the responsibility to keep users safe, and more and more regulation will be made. The natural consequence is restricting which platforms are supported.
rolandog 1 hours ago [-]
"Legislation will continue until morale improves."
The regulations sometimes feel like additional burden of the user, but not for the manufacturers (aside for the attestation logic); consider:
> (MEETS_STRONG_INTEGRITY requires a security patch in the last 12 months)
Think about how this essentially codifies planned obsolescence due to not forcing the manufacturers to maintain the devices for life.
sunshine-o 1 hours ago [-]
> The current policy trend in the EU is definitely not based on the principle of each user evaluating their own risk.
Yes and if you look back this is not new. Just look at the extraordinary restrictions that apply to:
- What houses you can build,
- What vehicle you can drive,
- What food you can grow and sell.
The result is real estate has become unaffordable for younger people, our car industry is being annihilated, and the agriculture sector hold by a string.
The digital realm enjoyed an unusual level freedom until now because the silent and boomer generations in charge in the EU understood nothing about it.
Now that the EU is getting involved in "computers" we are starting to understand why peasants have been protesting in Brussels and calling those people insane for decades.
rcbdev 19 minutes ago [-]
I really have to wonder where in the EU you live. In Vienna, I got to buy an apartment in my mid-twenties by just saving up, which was easy, as many apartments are rent-capped and there's lots of cheap social housing. I got to enjoy free university, allowing me to get a high paying job. I get to use very cheap all electric state-subsidized rental car offerings if I need them, which is rare since we have federally good rail and bus coverage. And I enjoy affordable meat, dairy and vegetables all sourced from inside my country.
Austria's courts also ruled ages ago that rooting your own device cannot be a legal reason for OEMs like Samsung to refuse warranty coverage, since you can run whatever software you want on hardware you bought.
Maybe your country sucks? Don't blame it on the EU.
krater23 23 seconds ago [-]
Yes, blame Germany.
direwolf20 3 hours ago [-]
> let every citizen use whatever computer they want.
That's just not possible, or should the system be legally required to run on an Apple II?
seba_dos1 3 hours ago [-]
It should be legally required to provide enough interoperation capabilities for a compatible frontend to be written for an Apple II by whoever would like to do that, as the government can't be expected to write and maintain clients for every platform that's now in existence or that will be created in future.
If only currently popular platforms are to be supported, how could a new platform join them in the future if the use of existing ones is mandated by governments?
realo 52 minutes ago [-]
The problem to solve is trust.
The technical solution is a hardware root of trust. This is typically a specially hardened chip in the device. A Trusted Platform Module (TPM).
Your Apple ][ does not have a TPM. It cannot run software that can assess it's identity in a trusted manner.
jmorenoamor 2 hours ago [-]
No, but it should be open enough to be reasonably independent of specific services and devices.
cocoto 3 hours ago [-]
Simple, provide a simple API, let the community build the clients for the machines they have.
direwolf20 2 hours ago [-]
That's antithetical to the goal of a secure ID. It has to be really impossible to get stolen, or as difficult as a physical card. If the ID is just a password, you can tell other people your password, and it can be stolen, and it can be cloned. Germany is a strict liability country, and you will be fined or imprisoned for anything that is done with your identity card that was cloned because your PC was infected by malware if you don't report it stolen.
7bit 1 hours ago [-]
You can make an argument without pulling it into the ridiculous, you know?
weddpros 2 hours ago [-]
Self Sovereign Identity (aka SSI) is the only way out of those identity sovereignty issues. It shouldn't be acceptable that your identity depends on anything or anyone. It should just be your identity.
A paper or certificate can prove an entity trusts your identity to be <firstname, lastname, etc...> but that shouldn't be your identity.
You just are. Not your google Id, not your Apple Id either of course.
Governments are lame.
rcbdev 27 minutes ago [-]
> Governments are lame
In 2019, the EU created an eIDAS compatible European Self-Sovereign Identity Framework (ESSIF).
How is the government lame, here? We've had the infrastructure for 7 years now.
s_dev 51 minutes ago [-]
You are conflating the philosophical notion of identity with functional identification in the real world. There is no cryptographic escape hatch from the social contract.
>You just are/I just am
Is not an acceptable thing to say to a bar tender when being served an alcoholic drink when you're 22. You hand them government issued ID.
0x_rs 8 hours ago [-]
Does this mean sanctioned individuals, such as those in the International Criminal Court, would be unable to access eIDAS, among other things? As it requires, from my understanding, installing app(s) from the play store, thus requiring an account there and being able to access it, which isn't happening if you're among those or really, in any group that might get the same treatment in the future.
iamnothere 8 hours ago [-]
If an account is required, then yes. Good catch.
This may not be unwelcome for authorities considering the recent extrajudicial “unpersoning” of many political enemies in the EU.
comex 4 hours ago [-]
It definitely would be unwelcome for EU authorities in cases like the recent US sanctions against ICC officials.
OgsyedIE 3 hours ago [-]
Not to mention the German debanking and account closing of a few middle eastern journalists living in Germany, their spouses and in one case their children.
raverbashing 4 hours ago [-]
Yes?
I don't think it's a bad idea though. If only for bringing the issue to the public
And while I do think an alternative would be good, the fact is that protecting the private key is the most important part (for example by keeping it on a smartcard with NFD) - hence why the need for a secure device
"but I want to install alternative Android etc etc" yes that's fine - but you know this is a non-secure-(enough) env.
fpoling 2 hours ago [-]
Physical SIM cards are just as secure as the security enclave on the phone. In Norway few years ago banks even used that for secure authentication that worked on dumb phones with local mobile network providers pre-installing the required software on their SIM cards.
But then to save cost including the support cost banks stopped and instead started to require a non-rooted Android/iPhone.
raverbashing 2 hours ago [-]
Yup, it would be so much better to have it tied to simcard (though it might not help so much with anonymity)
But I think there are still cell operators without sim card
Dylan16807 1 hours ago [-]
> but you know this is a non-secure-(enough) env.
No I do not. It is plenty secure compared to a corporate version and nobody should be legally able to deny service over me having control over my own computer.
Needing the entire OS to be secure to protect a key is also a dumb idea in general.
heavyset_go 38 minutes ago [-]
> Needing the entire OS to be secure to protect a key is also a dumb idea in general.
This is the final step in the road to full remote attestation, thankfully PCs already come with Microsoft Pluton chips[1] to make it easier.
> "but I want to install alternative Android etc etc" yes that's fine - but you know this is a non-secure-(enough) env.
I feel like this is getting to the point of gaslighting. Many of the allowed devices are bargain bin Android phones running out of date software with known vulnerabilities in both the operating system and the hardware which is supposed to be protecting the keys.
Meanwhile you could be using a hardware security module in a bank vault in a nuclear bunker surrounded by armed guards and the excuse would be that this "isn't secure" because it hasn't been approved by Google or Apple.
Governments shouldn't be requiring you to use any specific vendor or set of vendors. They should be publishing standards so that anyone who implements the standard can interact with the system.
raverbashing 2 hours ago [-]
> Meanwhile you could be using a hardware security module in a bank vault
Yeah you could, but most people won't
Should they allow for a yubikey on a non-google phone? Or your own private key? Yes they should. But then there's the issue of enrollment, etc.
AnthonyMouse 2 hours ago [-]
> Yeah you could, but most people won't
When something is required by law, it needs to work for all people.
It also specifically needs to not entrench incumbents by impeding the ability of challengers that don't currently have market share from ever getting any.
> Should they allow for a yubikey on a non-google phone? Or your own private key? Yes they should. But then there's the issue of enrollment, etc.
There is no such issue because enrollment should be part of the standard so any device that implements the standard can be enrolled.
zkmon 25 minutes ago [-]
Google is becoming a bit draconic. They did not allow me to create new email account, saying I already have too many accounts. But they also don't allow me to delete existing accounts, saying there is no authentication method available to access/delete those old accounts.
wolfi1 3 hours ago [-]
I'm not quite sure if the German implementation is possible without mobile devices (couldn't find anything on that at first glance). the Austrian implementation on the other hand does not require a mobile device, if you want to do it on a pc you just need a fido2 token
It seems to imply that the already existing way of authenticating via eID, which is the auth chip present on our ID cards, will still work, if I read it correctly? I understand OP's link to refer to a new, alternative system, that can be used without the ID card.
But take this with a grain of salt, I'm not very well informed about the whole topic.
userbinator 1 hours ago [-]
ISO7816 (smartcard) has existed for nearly 4 decades as the standard secure identity card, widely used by the banking industry among others. Very unintrusive and not hostile beyond needing to carry a little chip. If governments want a national ID, they could just give everyone one of those.
lta 10 hours ago [-]
That sounds like a very smart move at the time where Europe realize the US isn't such a gray partner and it's trying to reduce it's critical dependencies on foreign nations tech and infra. Good job.
I'm actually very surprised to see this from the germans who have this reputation of great engineering culture
iknowstuff 10 hours ago [-]
Not in software. German software is awful. Think german cars, banks, telecoms etc
MrDresden 3 hours ago [-]
Nor in the physical world either. Crumbling planes, trains and automobile infrastructure. Collapsed bridges, airports that don't function properly etc.
fmajid 10 hours ago [-]
Ah yes, the fabulous car engineering of Dieselgate.
wqaatwt 3 hours ago [-]
Well they got caught..
CalRobert 2 hours ago [-]
And then they successfully lobbied the EU to water down rules for transitioning to electric.
newsicanuse 9 hours ago [-]
While I agree, it'd be hard to say that SAP is not good
c0balt 7 hours ago [-]
As someone who has experienced a Migration to SAP, no it is quite hard to say it is good. Doesn't work on mobile (unless you toggle on "desktop" mode, at which point if kinda works), is slower than the preceding PHP solution and generally functions like a POS. Other SAP implementations did not seem to behave much better.
They might have some great software _somewhere_ but I have yet to see it.
pepperoni_pizza 36 minutes ago [-]
SAP is very good at what it is trying to do, which is to define, standardize, automate and run a business process, and it is equipped with a large library of premade processes so you don't have to reinvent the wheel.
It does not have good UX because good UX was never the objective.
zelphirkalt 9 hours ago [-]
SAP software is the bane of most people, who have to use it, except for expensive consultants, who make bank preying on hapless clueless companies opting to use SAP software.
GuestFAUniverse 2 hours ago [-]
We had people formerly saying that in our org and going to a _decade_ of several failed ERPs.
Now we run SAP.
Still people are unsatisfied with SAP. Not even recognising that the failures are mostly self instricted policies.
The organisation worked somehow before having an ERP, because people ignored the given organisation and improvised. That's close to impossible if you use digital processes from end to end.
And yet, the ones with the poor organisational skills blame software.
herbst 2 hours ago [-]
Strong =! Good
gpvos 4 hours ago [-]
[citation needed]
randomNumber7 2 hours ago [-]
> from the germans who have this reputation of great engineering culture
This was more than 30 years ago. Now we have a great culture of overregulation.
CalRobert 2 hours ago [-]
I think the reputation is fading. I know I’d take a Chinese car over a German one.
Tade0 50 minutes ago [-]
I wouldn't, as China being the largest single market for motor vehicles and the cutthroat competition there is what caused all this.
Everyone is trying to cut costs so as to be able to compete there and Europeans are paying the cost of financing this.
Personally I'm going to wait until the average car age in China crosses the 10-year mark to get a new vehicle. Until that happens there will be no incentive to think about longevity.
AFAICT, there is no mention of an Apple or Google account being required in general - the documentation just lists "signals" that are used to securely authenticate a person - such as Google's/Apple's security ecosystems.
I am not sure what this means in practice.
Can anybody with deeper understanding explain the actual implications and possible outcomes?
(Note: BMI is the German Federal Ministry for the Interior)
There is in practice no known way around it for now, and even less so one for regular people, to use this on a device without a Google account
chvid 3 hours ago [-]
The Danish MitId also only runs on Google and Apple devices. No alternative phone platforms are supported including open source Android.
If you don’t have an iPhone or an android, you can get a physical one time password device.
tomjen3 3 hours ago [-]
You can get that anyway, and you should because 2 is 1 and 1 is none.
TobTobXX 3 hours ago [-]
Same in Switzerland. The app needed to sign in to fill out my taxes doesn't work on ungoogled Android.
afandian 3 hours ago [-]
Can you do your taxes on a computer without a phone?
herbst 2 hours ago [-]
Yes. Without any issues still.
Gladly.
There was a time window 2 years ago where it appeared that I need an actual phone number to do my taxes, but even that was replaced with something more universal.
goblin89 3 hours ago [-]
In context of eIDAS, your phone starts to be used for much more sensitive matters than typing comments or even logging in to your bank. The repercussions from having a secretly patched bootloader can involve another person assuming your identity, including for large B2B transactions.
Requiring citizens to have (buy) some device to simply prove they are who they are seems hostile and dystopian to me. Some say it’s the future; I’m not convinced.
However, if you were to allow me to use my pocket computer (and nothing else) to prove I am who I say I am, you would want to trust that I am not pretending to be somebody else after extracting private keys from their phone or whatnot. I.e., you would want to require some sort of trusted computing.
Currently, that seems to only be provided by closed ecosystem phones.
Even still, I think it’s a mistake to be rolling out eIDAS as a mobile app first. The specification allows for this to be a dedicated hardware key (maybe even something YubiKey-like, and the EU already requires all phone manufacturers to have USB-C), so why not start with that.
goblin89 27 minutes ago [-]
> Requiring citizens to have (buy) some device to simply prove they are who they are seems hostile and dystopian to me.
Actually, that is not what’s happening. Based on further research, the use of eIDAS is required to be left up to citizen’s decision.
thomasingalls 2 hours ago [-]
Europe needs a private European identity provider. Until this happens, Europe will remain a technological vassal state of the US.
These are expensive products, you need depth of expertise and experience to create a system that could compete with the likes of gmail and Microsoft and ... so it's not a wonder that this hasn't happened yet. But pretending like this can be a public service is foolish (too high stakes ~~if~~ when it gets hacked), and pretending like existing providers that offer identity and email are sufficient is equally foolish. Google and ms and apple etc all offer the basics for free, and this is necessary for mass adoption. It will be an expensive project. But necessary, if the eu wants strategic autonomy.
---
Oh and requiring a us based account is not even the most egregious part of this proposal, ffs
reddalo 2 hours ago [-]
Not only that, be we also need a European payment system that's not tied to VISA / MasterCard, etc.
We're currently paying a small tax to the US for each card transaction we have.
SkiFire13 1 hours ago [-]
It seems that many Android devices won't safisfy the requirements, even when using a device approved by Google:
> MEETS_STRONG_INTEGRITY also includes the requirement that the device has received a security patch _within the last 12 months_
Good luck with that.
rkagerer 3 hours ago [-]
That headline doesn't match the article at all. Can someone elaborate/confirm this really is the case?
You're linking to a bugtracker. I doubt they're inviting people to spam it with duplicate entries — valid as I think the concern is. But maybe it says somewhere that you can leave feedback here and I just haven't seen it?
chmod775 7 hours ago [-]
They are taking feedback there and also have already responded to some of it.
From their README:
> We are interested to receive feedback on all aspects
described in the document. To provide feedback, please file an Issue on OpenCoDE.
Possibly I‘m not smart enough to understand, but from what I see is that the implementers intend to leverage existing security architecture of Android/Google and iOS/Apple, respectively- arguably to drive adoption. The document doesn’t state anywhere that Apple / Google account is a requirement to use German eIDAS. From what I can tell, one may (continue to) use its government issued ID card with electronic signature for authentication.
Please prove me wrong, I genuinely want to understand the implication of the linked document.
livvy 10 hours ago [-]
Can anyone point me to where in the MDVN page it mentions requiring Apple and Google account? Thanks
weikju 10 hours ago [-]
Because the attestations will only work on iOS and Google Play integrity attested devices. Meaning Apple and Google accounts required.
blitzar 3 hours ago [-]
A phone is also required then?
livvy 9 hours ago [-]
This is an assumption, but not confirmed.
AppAttestationz 9 hours ago [-]
I spent months designing a system, exactly like this. An account is not needed, at least for Apple.
Play Integrity could the worst offender here, as it can be leveraged to force a user to have installed the app through the Play Store. Indirectly, requiring a Google account.
jml7c5 10 hours ago [-]
Is the link broken for anyone else? I'm getting ERR_CONNECTION_CLOSED.
lucb1e 8 hours ago [-]
Works for me in Germany. I wonder if it's some overzealous bot protection that's cutting off humans again, in this case from what looks like a government website, but without further testing that's hard to say. You could check if it works from another network, or if other people on your network range have the same issue (like if you're in 13.37.0.0/16 then maybe someone else at the ISP is also in that range and could check if it got blocked outright)
nixass 3 hours ago [-]
So much about digital sovereignty
shevy-java 3 hours ago [-]
So much for Europe to decouple from orange-man country ...
It is so clear how lobbyists operate here. I'd call it undermining national sovereignty.
zb3 10 hours ago [-]
> threats:
> unknown system image (e.g. custom ROM)
Oh no, what a horrible crime, somebody dared to modify operating system on their own device..
NooneAtAll3 10 hours ago [-]
what's eIDAS?
whizzter 10 hours ago [-]
EU digital identity law to make inter-EU signatures (And authentication) work.
As an example, an EU citizen working in Sweden should be able to submit Swedish tax forms whilst living here by using a digital identity from the originating nation.
There are also some standards in place like ETSI standardized extensions to PDF signatures so that you can verify that a signature inside the PDF was actually signed by a specific physical person (the standard is there but it's not fully used throughout the EU yet due to some legacies).
Implementation is a bit of a mess still but things are converging.
mzajc 10 hours ago [-]
Is there a reason this user-hostile mess is preferred over an X.509 certificate (besides big tech lobbying)?
Slovenia hands out certificates for online government services, including document signing, and it seems to be going fine, with the added benefit that Google can't take away my access.
whizzter 8 hours ago [-]
In the end it's mostly x509 certificates, an ETSI pADES PDF signature for example contains the signing x509 certificate (ETSI specifies extension OID's to the x509 certificates to contain personal numbers, country, etc).
The big question is how to let users properly handle their certificates so they won't get abused into being useless.
If I understood it correctly, the German current Ausweissapp seems to require NFC to read it from your personal id card together with a PIN code you got with the card, it's not entirely user-friendly since aligning the card with your phone seems to be prickly.
Swedish BankID handles it internally in their app (unlocked via PIN's) but they don't have a good way to use it to sign things (It all relies on the infrastructure even if they give out signature documents it's not compatible with pADES).
There's a new govt sponsored one that I assume will piggyback on the personal cards/passes that are readable via NFC.
Norway and Denmark iirc supports proper signatures but I don't think the certificates are under user control (someone correct me if I'm wrong here).
Now these things are mostly issues for document signatures, authentication is often handled via other flows.
What I skimmed from the article, it seems to be more in line with Swedish BankID and is actually fairly smooth for end users even if less secure than what they have now with Ausweissapp.
sfjailbird 9 hours ago [-]
Most people wouldn't know what to do with a certificate, so governments build some stuff on top (like an official mobile app) which makes auth easier. It's usually just certificates underneath (not exposed to the user).
Eidas tries to harmonize these implementations across EU member states.
Maken 9 hours ago [-]
eIDAS is about making the electronic IDs emitted by the different EU governments intercompatible, so you can use a Slovenian certificate to authenticate into the German tax system, if you want to.
ResearchAtPlay 8 hours ago [-]
Do you happen to know if German citizens can obtain a certificate to sign PDFs (from the government / for free)?
Several paid providers for X.509 certificates exist but document signing certificates cost around 80 € per year [0]. And if I want duplicate X.509 certificates for my redundant Yubikeys then the cost doubles.
Other providers require an initial deposit and then charge per signature [1], which leads to intransparent pricing. In the interest of open commerce, I strongly believe that securely signing an electronic document should cost the same as my manual signature, i.e. nothing.
A partial solution already exists because I can use my electronic ID card with the AusweisApp to prove my identity when interacting with German authorities. This feature is generally useful because I live outside of the EU, but I especially appreciate that I can have my OpenPGP key signed by Governikus (a government provider) to prove the key belongs to my name [2].
Technically, I should be able to use my certified PGP key to sign documents, but in practice most non techies don't know how to validate my signature. For the average user opening my signed PDF in Adobe Reader, I would need an X.509 certificate from a trusted Certificate Authority for users to see the green check mark.
I assume this should be "intra-EU"? I'm not very familiar with eidas so I'm not sure, but afaik it's about signatures within the EU, not between different EUs (as there is only one in this world). (I hate this inter/intra wording, always have to translate it in my head to understand whether it's like internet (between networks) or like intranet (within a network). Would recommend using "within-" instead of intra whenever it's not already a well-established word, like intranet)
whizzter 8 hours ago [-]
Yes of course, a bit tired here since it's nighttime.
stefan_ 10 hours ago [-]
The gold standard for digital signatures today is
- someone sends you a docusign link
- you sign up with your email
- you sign with your name in a cutesy font
Theres a dispute? Well it was going to end up in court no matter how you signed it anyway.
This has all the hallmarks of a design by committee project by people whose salary is paid regardless of demonstrating market fit, productivity, usage, plain sensibleness...
martimarkov 9 hours ago [-]
Can I use Docusign to provide my identity in Estonia online via my phone when I move there to buy a SIM card or open a bank account or file a document with the local authority?
Can I also send the Docusign document via Signal without Docusign knowing the person who signs it?
Because that is what the eIDAS is supposed to deliver on top of cryptographic validation of signatures.
alfiedotwtf 7 hours ago [-]
Made me laugh then cry. I’m willing to bet your comment still stands in 2030 unless someone like Apple allows FaceID to be used to sign too (this seems like an obvious and easy thing to do as they already got more than half of the infrastructure in place)
bossyTeacher 9 hours ago [-]
> Theres a dispute? Well it was going to end up in court no matter how you signed it anyway.
The fact that it's ALWAYS a docusign is the ridiculous part. It is just a glorified where you enter your name and email. No need to pretend otherwise. Any other service would be just as good. This is basic human sheep-like behavior?
electronic IDentification, Authentication and trust Services
stefan_ 10 hours ago [-]
So what was the point of putting a crypto chip into every ID if you are gonna try and reinvent the entire trusted environment in the fucking smartphone?
AppAttestationz 9 hours ago [-]
The title is misleading.
App attestation does not require an Apple account nor a google account. For Android, it does limit the ROMs to Google certified ones and requires GMS to be installed if Play Integrity is used. An alternative option, would be to use the Hardware Attestation API directly, GrapheneOS would be thanking you.
I've spent a good amount of time implementing exactly this type of system for a backup service.
his document specifies a way to cryptographically attest the integrity of a HTTP request hitting a server.
The attestation proves the request came from a device and attest the legitimacy of the bootloader, OS and app.
Google and Apple are in a privileged position to be able to bypass the app attestation though, so depending on the threat model, it's not bulletproof.
edit: Play Integrity could the worst offender here, as it can be leveraged to force a user to have installed the app through the Play Store. Indirectly, requiring a Google account.
seba_dos1 4 hours ago [-]
There's no such thing as "legitimacy of the bootloader, OS" that can be verified by someone who isn't the device's user. The bootloader that booted the phone I type this on is patched by me, which makes it more "legitimate" than any other bootloader that could be placed there.
goblin89 3 hours ago [-]
The reason (or, depending on your inclinations, the excuse) for trusted computing to exist is not to guarantee that I didn’t patch the bootloader of the phone on which I type my comment; it’s to guarantee I didn’t patch the bootloader of the phone on which your grandma logs in to her bank without her knowledge.
seba_dos1 2 hours ago [-]
No, the reason is to let application providers decide which platforms you can run their software on. The reasons why they need that are diverse: DRM, preventing reverse engineering, shifting liability, "cheating" prevention - to name a few, but ultimately they're all about asserting control over the user, just motivated differently in various use cases. "Think of the grandmas".
ruszki 1 hours ago [-]
What's the problem with the current status quo, or the status quo 5 or 10 years ago? 20 years ago there were basically no cheating prevention, but nobody cared. We just didn't play with cheaters. There are still cheaters in all games. No matter what kind of DRM streaming platforms use, their movies are on torrent immediately. The only difference compared to 5-20 years ago is that user experience is worse. I need to install a lot of intrusive bullshits, and I cannot watch movies with proper resolution. For literally nothing.
seba_dos1 42 minutes ago [-]
It's not just that "user experience is worse", it's an existential threat to Free Software.
In the past, when you had a proprietary tool you needed to use to do something, people could analyze and reimplement it. The reasons to do that varied - someone needed "muh freedomz", someone else wanted to do the thing on an unsupported platform, someone else wanted to change something in the way the tool worked (perhaps annoyed by paper jams)... Eventually you could end up with an interoperable FLOSS reimplementation. This has happened with lots of various things - IMs, network service clients, appliance drivers, even operating systems, and this is how people like me could switch away from Windows and have their computers (and later phones) remain fully functional in the society around us, perhaps with minor annoyances, but without real showstoppers.
Remote attestation changes this dynamic drastically. Gaim (Pidgin), Kadu couldn't be made if the service provider like AIM, ICQ, Gadu-Gadu etc. could determine whether you're using the Official App™ from the Official Store™ on the Official OS™ and just refuse to handle requests from your reimplementation. They could still try and be hostile to you without it, and often did, but it wasn't an uneven fight. Currently we're still in the early days and you can still go by in the society by defaulting to use services on the Web, using plastic card instead of phone for payments etc. but this is already changing. And it's not just a matter of networked services either - I bet we're going to see peripheral devices refusing to be driven by non-attested implementations too.
Secure boot chains have some value and are worth having, but not when they don't let the user be in charge (or let the user delegate that to someone else) and when they prioritize the security of "apps" rather than users. The ability for us as users to lie to the apps is actually essential to preserving our agency. Without that we're screwed, as now to connect ourselves to the fabric of the society we'll need to find and exploit vulnerabilities that are going to be patched as soon as they become public.
goblin89 2 hours ago [-]
[dead]
AppAttestationz 3 hours ago [-]
You can bicker about the words all day long. Legitimacy, or perhaps better: authenticity, in this context, would be a bootloader or OS that doesn't allow tampering with the execution of an app.
seba_dos1 3 hours ago [-]
Any bootloader or OS that doesn't allow the user to tamper with it or the other tools they're using on it is obviously illegitimate malware.
AppAttestationz 2 hours ago [-]
It's a funny comment, because actual malware, very much loves to tamper with the bootloader and OS.
Which was the motivation for cryptographically attesting the boot process and OS, and in part paved the way for app attestation.
There are alternatives though:
The Android Hardware Attestation API enables attestation on custom ROMs, but the attestation verifier needs a list of hashes for all "acceptable" ROMs. GrapheneOS publishes these but there's nobody, to my knowledge, maintaining a community list.
seba_dos1 2 hours ago [-]
Nothing funny in it, I'm afraid. Socially accepted malware is still malware. Caffeine is a stimulant, alcohol is a drug, a piece of software that works against the user is a malware.
Cryptographic attestation is not a problem in itself, the problem is exactly what you already somewhat hinted at: it's who and how decides who to trust and who gets to make (or delegate) the choices. You can make a secure system that lets the user be in charge, but these systems we're discussing here don't (and that's by design; they're made to protect "apps", not users).
izacus 3 hours ago [-]
Sorry but this is nonsense - most users, even the Linux toting power users - don't have the time, ability or knowledge to verify the contents of their OS in a way that would catch issues prevented by attestation.
The problem with modified phones containing malware is very real and unless you want a full on Apple "you're not allowed to touch the OS" model you need some kind of audited OS verification that you as a user or a security sensitive software can depend on.
seba_dos1 3 hours ago [-]
No, what you're saying is nonsense. I can burn a key into efuses of this phone to make it only boot things signed by me and make the whole boot path verified, OS image immutable etc. and all of this can provide me some value, but it's absolutely not in my interest to let applications be picky on what can or can't happen in the OS (even if they would accept my key being there rather than Google's, which they won't). The only thing it manages to do is to prevent me from using the device the way I want or need it to be used.
rep_lodsb 2 hours ago [-]
There's also a problem with unmodified phones containing malware, namely an operating system made by an advertising company, which is designed to collect as much information about you as possible.
And this malware is largely based on open source code (Linux) that was originally developed on open, documented hardware, where the firmware boot loader did nothing more than load the first 512 bytes of your hard disk to address 0x7c00 and transfer complete control to it.
Yes, there were viruses that exploited this openness, but imagine if Linus Torvalds would have needed a cryptographic certificate from IBM or Microsoft to be allowed to run his own code! This is basically the situation we have today, and if you don't see how dystopian this is, I don't know what more to say.
I will never understand why such an overwhelming majority of people seem to just accept this. When frigging barcodes where introduced, there were widespread conspiracy theories about it being the Mark of the Beast -- ridiculous of course, but look at now where in some places you literally can't buy or sell without carrying around a device that is hostile to your interests. And soon it will be mandated by the state for everyone.
Google must be destroyed.
bossyTeacher 9 hours ago [-]
> App attestation does not require an Apple account nor a google account. For Android, it does limit the ROMs to Google certified ones and requires GMS to be installed.
To me, there is no difference between your sentences. You require the blessing of an American company to be able use eIDAS. Google has the power to disable eIDAS at a national scale by making the attestation services treat all devices as not certified.
There should be NO reliance whatsoever on a private company not under the control (direct or indirect) of the government let alone a foreign private company.
Edit: I just noticed your username and the fact that your account is very new. Are you astroturfing?
AppAttestationz 9 hours ago [-]
I made an account because I'm qualified to talk about this topic :-) I've spent a considerable time testing every corner case of UX, and DX of an app attested service.
App attestation can fail on simulators, Graphene OS, dev builds, I've seen it all. There is one check you can do to see if an app was side loaded, so indirectly, can require Google account.
Title is still misleading though, as it explicitly mentions accounts.
whatsupdog 9 hours ago [-]
Come September, there will be no side loaded apps on Android.
I agree, there is still a reliance on the tech giants that produce the phones, who are the o'es embedding the cryptographic keys, to make this end to end attestation work.
But in pure technical & UX terms, you don't need to be logged in.
bossyTeacher 9 hours ago [-]
[flagged]
31 minutes ago [-]
AppAttestationz 9 hours ago [-]
Your whole point is orthogonal to what I said too.
I said the title is misleading, which it is.
Your argument that app attestation should be avoided because big tech company can withhold it is garbage. It holds no water. They can cut off access to the app in general by removing it from the app stores and the devices that have it installed.
American big tech has Europe in a stranglehold, I agree with your sentiment there.
eIDAS can be used with the ID reader on Linux even, there's no lock out. They want to offer a convenient alternative for the normies, in a secure manner, I don't mind.
Edit: my 70 y/o mother even eIDAS authenticates (not germany, other EU country) on Linux Mint. There's no argument for lockout in my anecdotal perspective.
lucb1e 8 hours ago [-]
How are you expecting someone here to complete a captcha in the comments?
Rendered at 09:46:50 GMT+0000 (Coordinated Universal Time) with Vercel.
The initial limitation to Google/Android is not great, we know that, and we have support for other OSs on our list (like, e.g., GrapheneOS). It is simply a matter of where we focus our energy at the moment, not that we don't see the issues.
And personally as a software developer myself i know that nothing is more permanent than a temporary solution. No one will prioritize or give budget to change it later "because it works"
Banks are giving out QR Tan. Optical TAN devices which work with credit cards and it has been going pretty well. Why can eiDAS not have something similar. Distribute hardware tokens. Get rid of dependency on any OS.
Provided you know the secret key to a government-issued certificate. Making it impossible to copy said certificate is not really a requirement for identity verification.
What is your fallback for such an important vital service?
Companies and providers (like banks) have to support it, but use is voluntary.
Check out the spec and legal framework, it actually makes sense and is open to different implementations, though you might need to certify it.
This feels like laziness from German implementers, as they don't want to (quoting the spec literally) "implement a mechanism allowing the User to verify the authenticity of the Wallet Unit".
0: https://eudi.dev/latest/architecture-and-reference-framework...
1: https://eudi.dev/latest/architecture-and-reference-framework...
https://github.com/eu-digital-identity-wallet/eudi-app-andro...
It is absolutely insane to put this amount of power in 2 foreign companies that will be able to destroy your life with zero reason, oversight, or due process.
As long as the capital city is in Washington, this is normal.
Think of it this way: A physical ID (which is what we're trying to replace here) also has limitations, it looks a certain way, has a certain size, etc. Just because somebody wants a smaller ID or one with a larger font or a passport in a different colour or whatever, doesn't mean that this should be allowed or possible. Some limitations exist for a good reason
Like every school shooting, every energy crisis brings opportunity to saturate the airwaves with shallow noise that gets people overly upset and they’ll ignore everything else.
Every player on both sides is abusing this mechanic for all eternity.
What worries me is that it's a real global problem in all of our non-autocratic societies. On a positive note, I can see how this is actually becoming a common understanding and gaining traction, as hyped AI products are seen by some as 3rd-party- or SaaS-killers. It seems like we know how to differentiate between independence and dependence, and evaluate any risks affiliated with such a decision. But it baffles me that this differentiation manages to float as some ironic stream in our Zeitgeist, and just barely manages to be taken seriously.
Public debate and assessing politicians and parties would be so much cleaner then if they couldn't use polarizing issues to rally their support and do w/e they please on all other issues.
So far the best modern improvement I’ve seen (and it could be further improved of course) is the increasing use of citizens assemblies.
https://en.wikipedia.org/wiki/Citizens%27_assembly
At least their version has an obvious solution: Make electric cars and solar panels and then stop having oil problems.
Contrast that with chat control.
My government can read my WhatsApp messages? Not good!
What’s the non-technical narrative here?
> Get banned from society for life
Also, that same lifestyle is based on ignoring externalities applied to commons and/or events happening “somewhere else”, even when factually proven. Little wonder and tiny bit ironic that the same principle has embedded itself so deeply, that it holds true even when the damage is inward, just a few indirections away.
On your side, yes, I think that “people in Europe” intuitively understand that, it just needs time to blossom. The reputation/trust damage self inflicted by the current US administration is triggering a pushback that will expand into the future. As a point in case, it will lead to reconsidering assumptions on habits that many generations of US businesses and diplomats have built.
Many in this thread point at difference instances of services that should be decoupled. Connecting the dots, the larger picture looks painfully obvious to me: Silicon Valley never was a partner to be trusted, and certainly not after they built or bent every business to rely on an ad ecosystem that exploits users.
That original sin, on which a huge portion of Wall Street rests, is now at the center of discussions. Hence, the EU will build tools to address this because it has to, but consumers will flock to them especially from the US, since at this point no one can trust SV companies on data privacy (since Snowdens at least), no one can trust the US administration to protect citizens (since Trump at least), and about half of the US is scared about what’s going on deeply enough (the emotional push needed to break the habit). They will move their data it the EU (where else? China?).
This will be compounded by the fact that everyone tries to build better LLMs and to get AGI, while forgetting that LLMs work on data pipelines.
This barely even seems like the relevant part. If Google was founded in Japan and Apple in Brazil, it would still be foolish to entrench them as a dependency. It would barely even be better to do it with a local company.
> They will move their data it the EU (where else? China?).
This feels like hopium. Network effects are powerful and as long as the internet is actually global, there are really only two options: 1) Centralized megacorps, and then the US ones have both the US apparatus behind them and the incumbency advantage, or 2) open protocols where no corporation of any nation is a gatekeeper.
So for Europeans to get the hooks of the US incumbents out of them, their best chance by far is the second one, and that one is also mostly to the advantage of the Americans who aren't the existing incumbents, which is why it works. Start making phones with open hardware and social networks with open protocols and you can get people outside of your own country to use them because they don't much like the incumbents either, and that's how you reclaim the network effect. Try to clone the US megacorps without the US apparatus to get them established in other countries and they don't because they're wary of foreign central control, which in turn means you don't get the network effect and you lose.
But then it's not so much that data ends up in "the EU" as that it's on your own device and then backed up or distributed as encrypted chunks in a distributed network which isn't tied to any specific jurisdiction.
Also the EU and all those states are also highly incompetent and pretty much only depends on low quality contractors. For example there is very little discussion and info about the fact that the EU digital infrastructure just got owned by what seems to be a random hacker group [0].
- [0] https://cyberalert.com.pl/articles/shinyhunters-eu-europa-br...
The issue isn't the phone, it's that a __government__ is depending on an unregulated private enterprise.
What does this "crimes against currency" mean? I live in several countries at once with different currencies, and I never had a problem with this. And top of this, I travel a lot. I have accounts in 5 countries, in 6 currencies. Should I pay attention to something?
When you realize the tiny tiny percentage of people that have a phone that is not apple or google, you understand why few people are up in arms.
It simply doesn’t affect many people.
Whereas if the collar is touted as fashionable and the lock is hidden until it's engaged, now your problem is not that people don't care, it's that they don't know, which is different.
You write it as if companies provided tons of help to parents and children. Meanwhile, they spend a lot of money to make it as hard as possible.
Second, kids in Germany have generally a lot more freedom and there is less of knee jerk impulse to blame parents for every accident. Expectation is that adults dont harm them without parents having perfect control every sevond.
It's also ridiculous how it seems we've forgotten computers other than smartphones exist and that not everyone even has a smartphone, let alone with an Apple or Google account.
The regulations sometimes feel like additional burden of the user, but not for the manufacturers (aside for the attestation logic); consider:
> (MEETS_STRONG_INTEGRITY requires a security patch in the last 12 months)
Think about how this essentially codifies planned obsolescence due to not forcing the manufacturers to maintain the devices for life.
Yes and if you look back this is not new. Just look at the extraordinary restrictions that apply to:
- What houses you can build,
- What vehicle you can drive,
- What food you can grow and sell.
The result is real estate has become unaffordable for younger people, our car industry is being annihilated, and the agriculture sector hold by a string.
The digital realm enjoyed an unusual level freedom until now because the silent and boomer generations in charge in the EU understood nothing about it.
Now that the EU is getting involved in "computers" we are starting to understand why peasants have been protesting in Brussels and calling those people insane for decades.
Austria's courts also ruled ages ago that rooting your own device cannot be a legal reason for OEMs like Samsung to refuse warranty coverage, since you can run whatever software you want on hardware you bought.
Maybe your country sucks? Don't blame it on the EU.
That's just not possible, or should the system be legally required to run on an Apple II?
If only currently popular platforms are to be supported, how could a new platform join them in the future if the use of existing ones is mandated by governments?
The technical solution is a hardware root of trust. This is typically a specially hardened chip in the device. A Trusted Platform Module (TPM).
Your Apple ][ does not have a TPM. It cannot run software that can assess it's identity in a trusted manner.
A paper or certificate can prove an entity trusts your identity to be <firstname, lastname, etc...> but that shouldn't be your identity.
You just are. Not your google Id, not your Apple Id either of course.
Governments are lame.
In 2019, the EU created an eIDAS compatible European Self-Sovereign Identity Framework (ESSIF).
How is the government lame, here? We've had the infrastructure for 7 years now.
>You just are/I just am
Is not an acceptable thing to say to a bar tender when being served an alcoholic drink when you're 22. You hand them government issued ID.
This may not be unwelcome for authorities considering the recent extrajudicial “unpersoning” of many political enemies in the EU.
I don't think it's a bad idea though. If only for bringing the issue to the public
And while I do think an alternative would be good, the fact is that protecting the private key is the most important part (for example by keeping it on a smartcard with NFD) - hence why the need for a secure device
"but I want to install alternative Android etc etc" yes that's fine - but you know this is a non-secure-(enough) env.
But then to save cost including the support cost banks stopped and instead started to require a non-rooted Android/iPhone.
But I think there are still cell operators without sim card
No I do not. It is plenty secure compared to a corporate version and nobody should be legally able to deny service over me having control over my own computer.
Needing the entire OS to be secure to protect a key is also a dumb idea in general.
This is the final step in the road to full remote attestation, thankfully PCs already come with Microsoft Pluton chips[1] to make it easier.
[1] https://learn.microsoft.com/en-us/windows/security/hardware-...
I feel like this is getting to the point of gaslighting. Many of the allowed devices are bargain bin Android phones running out of date software with known vulnerabilities in both the operating system and the hardware which is supposed to be protecting the keys.
Meanwhile you could be using a hardware security module in a bank vault in a nuclear bunker surrounded by armed guards and the excuse would be that this "isn't secure" because it hasn't been approved by Google or Apple.
Governments shouldn't be requiring you to use any specific vendor or set of vendors. They should be publishing standards so that anyone who implements the standard can interact with the system.
Yeah you could, but most people won't
Should they allow for a yubikey on a non-google phone? Or your own private key? Yes they should. But then there's the issue of enrollment, etc.
When something is required by law, it needs to work for all people.
It also specifically needs to not entrench incumbents by impeding the ability of challengers that don't currently have market share from ever getting any.
> Should they allow for a yubikey on a non-google phone? Or your own private key? Yes they should. But then there's the issue of enrollment, etc.
There is no such issue because enrollment should be part of the standard so any device that implements the standard can be enrolled.
It seems to imply that the already existing way of authenticating via eID, which is the auth chip present on our ID cards, will still work, if I read it correctly? I understand OP's link to refer to a new, alternative system, that can be used without the ID card.
But take this with a grain of salt, I'm not very well informed about the whole topic.
They might have some great software _somewhere_ but I have yet to see it.
It does not have good UX because good UX was never the objective.
This was more than 30 years ago. Now we have a great culture of overregulation.
Everyone is trying to cut costs so as to be able to compete there and Europeans are paying the cost of financing this.
Personally I'm going to wait until the average car age in China crosses the 10-year mark to get a new vehicle. Until that happens there will be no incentive to think about longevity.
See also this issue from 2025 where the developers responded: https://gitlab.opencode.de/bmi/eudi-wallet/wallet-developmen...
AFAICT, there is no mention of an Apple or Google account being required in general - the documentation just lists "signals" that are used to securely authenticate a person - such as Google's/Apple's security ecosystems. I am not sure what this means in practice. Can anybody with deeper understanding explain the actual implications and possible outcomes?
(Note: BMI is the German Federal Ministry for the Interior)
Explanation: https://mastodon.social/@pojntfx/116345725515845020
There is in practice no known way around it for now, and even less so one for regular people, to use this on a device without a Google account
If you don’t have an iPhone or an android, you can get a physical one time password device.
Gladly.
There was a time window 2 years ago where it appeared that I need an actual phone number to do my taxes, but even that was replaced with something more universal.
Requiring citizens to have (buy) some device to simply prove they are who they are seems hostile and dystopian to me. Some say it’s the future; I’m not convinced.
However, if you were to allow me to use my pocket computer (and nothing else) to prove I am who I say I am, you would want to trust that I am not pretending to be somebody else after extracting private keys from their phone or whatnot. I.e., you would want to require some sort of trusted computing.
Currently, that seems to only be provided by closed ecosystem phones.
Even still, I think it’s a mistake to be rolling out eIDAS as a mobile app first. The specification allows for this to be a dedicated hardware key (maybe even something YubiKey-like, and the EU already requires all phone manufacturers to have USB-C), so why not start with that.
Actually, that is not what’s happening. Based on further research, the use of eIDAS is required to be left up to citizen’s decision.
These are expensive products, you need depth of expertise and experience to create a system that could compete with the likes of gmail and Microsoft and ... so it's not a wonder that this hasn't happened yet. But pretending like this can be a public service is foolish (too high stakes ~~if~~ when it gets hacked), and pretending like existing providers that offer identity and email are sufficient is equally foolish. Google and ms and apple etc all offer the basics for free, and this is necessary for mass adoption. It will be an expensive project. But necessary, if the eu wants strategic autonomy.
---
Oh and requiring a us based account is not even the most egregious part of this proposal, ffs
We're currently paying a small tax to the US for each card transaction we have.
> MEETS_STRONG_INTEGRITY also includes the requirement that the device has received a security patch _within the last 12 months_
Good luck with that.
You're linking to a bugtracker. I doubt they're inviting people to spam it with duplicate entries — valid as I think the concern is. But maybe it says somewhere that you can leave feedback here and I just haven't seen it?
From their README:
> We are interested to receive feedback on all aspects described in the document. To provide feedback, please file an Issue on OpenCoDE.
https://gitlab.opencode.de/bmi/eudi-wallet/wallet-developmen...
Please prove me wrong, I genuinely want to understand the implication of the linked document.
Play Integrity could the worst offender here, as it can be leveraged to force a user to have installed the app through the Play Store. Indirectly, requiring a Google account.
It is so clear how lobbyists operate here. I'd call it undermining national sovereignty.
> unknown system image (e.g. custom ROM)
Oh no, what a horrible crime, somebody dared to modify operating system on their own device..
As an example, an EU citizen working in Sweden should be able to submit Swedish tax forms whilst living here by using a digital identity from the originating nation.
There are also some standards in place like ETSI standardized extensions to PDF signatures so that you can verify that a signature inside the PDF was actually signed by a specific physical person (the standard is there but it's not fully used throughout the EU yet due to some legacies).
Implementation is a bit of a mess still but things are converging.
Slovenia hands out certificates for online government services, including document signing, and it seems to be going fine, with the added benefit that Google can't take away my access.
The big question is how to let users properly handle their certificates so they won't get abused into being useless.
If I understood it correctly, the German current Ausweissapp seems to require NFC to read it from your personal id card together with a PIN code you got with the card, it's not entirely user-friendly since aligning the card with your phone seems to be prickly.
Swedish BankID handles it internally in their app (unlocked via PIN's) but they don't have a good way to use it to sign things (It all relies on the infrastructure even if they give out signature documents it's not compatible with pADES).
There's a new govt sponsored one that I assume will piggyback on the personal cards/passes that are readable via NFC.
Norway and Denmark iirc supports proper signatures but I don't think the certificates are under user control (someone correct me if I'm wrong here).
Now these things are mostly issues for document signatures, authentication is often handled via other flows.
What I skimmed from the article, it seems to be more in line with Swedish BankID and is actually fairly smooth for end users even if less secure than what they have now with Ausweissapp.
Eidas tries to harmonize these implementations across EU member states.
Several paid providers for X.509 certificates exist but document signing certificates cost around 80 € per year [0]. And if I want duplicate X.509 certificates for my redundant Yubikeys then the cost doubles.
Other providers require an initial deposit and then charge per signature [1], which leads to intransparent pricing. In the interest of open commerce, I strongly believe that securely signing an electronic document should cost the same as my manual signature, i.e. nothing.
A partial solution already exists because I can use my electronic ID card with the AusweisApp to prove my identity when interacting with German authorities. This feature is generally useful because I live outside of the EU, but I especially appreciate that I can have my OpenPGP key signed by Governikus (a government provider) to prove the key belongs to my name [2].
Technically, I should be able to use my certified PGP key to sign documents, but in practice most non techies don't know how to validate my signature. For the average user opening my signed PDF in Adobe Reader, I would need an X.509 certificate from a trusted Certificate Authority for users to see the green check mark.
[0] https://shop.certum.eu/documentsigning-certifcates.html
[1] https://www.entrust.com/products/electronic-digital-signing
[2] https://pgp.governikus.de/wizard/requirements
I assume this should be "intra-EU"? I'm not very familiar with eidas so I'm not sure, but afaik it's about signatures within the EU, not between different EUs (as there is only one in this world). (I hate this inter/intra wording, always have to translate it in my head to understand whether it's like internet (between networks) or like intranet (within a network). Would recommend using "within-" instead of intra whenever it's not already a well-established word, like intranet)
- someone sends you a docusign link
- you sign up with your email
- you sign with your name in a cutesy font
Theres a dispute? Well it was going to end up in court no matter how you signed it anyway. This has all the hallmarks of a design by committee project by people whose salary is paid regardless of demonstrating market fit, productivity, usage, plain sensibleness...
Can I also send the Docusign document via Signal without Docusign knowing the person who signs it?
Because that is what the eIDAS is supposed to deliver on top of cryptographic validation of signatures.
The fact that it's ALWAYS a docusign is the ridiculous part. It is just a glorified where you enter your name and email. No need to pretend otherwise. Any other service would be just as good. This is basic human sheep-like behavior?
electronic IDentification, Authentication and trust Services
App attestation does not require an Apple account nor a google account. For Android, it does limit the ROMs to Google certified ones and requires GMS to be installed if Play Integrity is used. An alternative option, would be to use the Hardware Attestation API directly, GrapheneOS would be thanking you.
I've spent a good amount of time implementing exactly this type of system for a backup service.
his document specifies a way to cryptographically attest the integrity of a HTTP request hitting a server.
The attestation proves the request came from a device and attest the legitimacy of the bootloader, OS and app.
Google and Apple are in a privileged position to be able to bypass the app attestation though, so depending on the threat model, it's not bulletproof.
edit: Play Integrity could the worst offender here, as it can be leveraged to force a user to have installed the app through the Play Store. Indirectly, requiring a Google account.
In the past, when you had a proprietary tool you needed to use to do something, people could analyze and reimplement it. The reasons to do that varied - someone needed "muh freedomz", someone else wanted to do the thing on an unsupported platform, someone else wanted to change something in the way the tool worked (perhaps annoyed by paper jams)... Eventually you could end up with an interoperable FLOSS reimplementation. This has happened with lots of various things - IMs, network service clients, appliance drivers, even operating systems, and this is how people like me could switch away from Windows and have their computers (and later phones) remain fully functional in the society around us, perhaps with minor annoyances, but without real showstoppers.
Remote attestation changes this dynamic drastically. Gaim (Pidgin), Kadu couldn't be made if the service provider like AIM, ICQ, Gadu-Gadu etc. could determine whether you're using the Official App™ from the Official Store™ on the Official OS™ and just refuse to handle requests from your reimplementation. They could still try and be hostile to you without it, and often did, but it wasn't an uneven fight. Currently we're still in the early days and you can still go by in the society by defaulting to use services on the Web, using plastic card instead of phone for payments etc. but this is already changing. And it's not just a matter of networked services either - I bet we're going to see peripheral devices refusing to be driven by non-attested implementations too.
Secure boot chains have some value and are worth having, but not when they don't let the user be in charge (or let the user delegate that to someone else) and when they prioritize the security of "apps" rather than users. The ability for us as users to lie to the apps is actually essential to preserving our agency. Without that we're screwed, as now to connect ourselves to the fabric of the society we'll need to find and exploit vulnerabilities that are going to be patched as soon as they become public.
Which was the motivation for cryptographically attesting the boot process and OS, and in part paved the way for app attestation.
There are alternatives though: The Android Hardware Attestation API enables attestation on custom ROMs, but the attestation verifier needs a list of hashes for all "acceptable" ROMs. GrapheneOS publishes these but there's nobody, to my knowledge, maintaining a community list.
Cryptographic attestation is not a problem in itself, the problem is exactly what you already somewhat hinted at: it's who and how decides who to trust and who gets to make (or delegate) the choices. You can make a secure system that lets the user be in charge, but these systems we're discussing here don't (and that's by design; they're made to protect "apps", not users).
The problem with modified phones containing malware is very real and unless you want a full on Apple "you're not allowed to touch the OS" model you need some kind of audited OS verification that you as a user or a security sensitive software can depend on.
And this malware is largely based on open source code (Linux) that was originally developed on open, documented hardware, where the firmware boot loader did nothing more than load the first 512 bytes of your hard disk to address 0x7c00 and transfer complete control to it.
Yes, there were viruses that exploited this openness, but imagine if Linus Torvalds would have needed a cryptographic certificate from IBM or Microsoft to be allowed to run his own code! This is basically the situation we have today, and if you don't see how dystopian this is, I don't know what more to say.
I will never understand why such an overwhelming majority of people seem to just accept this. When frigging barcodes where introduced, there were widespread conspiracy theories about it being the Mark of the Beast -- ridiculous of course, but look at now where in some places you literally can't buy or sell without carrying around a device that is hostile to your interests. And soon it will be mandated by the state for everyone.
Google must be destroyed.
To me, there is no difference between your sentences. You require the blessing of an American company to be able use eIDAS. Google has the power to disable eIDAS at a national scale by making the attestation services treat all devices as not certified.
There should be NO reliance whatsoever on a private company not under the control (direct or indirect) of the government let alone a foreign private company.
Edit: I just noticed your username and the fact that your account is very new. Are you astroturfing?
App attestation can fail on simulators, Graphene OS, dev builds, I've seen it all. There is one check you can do to see if an app was side loaded, so indirectly, can require Google account.
Title is still misleading though, as it explicitly mentions accounts.
Google details new 24-hour process to sideload unverified Android apps (1196 points, 16 days ago, 1262 comments) https://news.ycombinator.com/item?id=47442690
But in pure technical & UX terms, you don't need to be logged in.
I said the title is misleading, which it is.
Your argument that app attestation should be avoided because big tech company can withhold it is garbage. It holds no water. They can cut off access to the app in general by removing it from the app stores and the devices that have it installed.
American big tech has Europe in a stranglehold, I agree with your sentiment there.
eIDAS can be used with the ID reader on Linux even, there's no lock out. They want to offer a convenient alternative for the normies, in a secure manner, I don't mind.
Edit: my 70 y/o mother even eIDAS authenticates (not germany, other EU country) on Linux Mint. There's no argument for lockout in my anecdotal perspective.