electronic IDentification, Authentication and trust Services
whizzter•Apr 4, 2026
EU digital identity law to make inter-EU signatures (And authentication) work.
As an example, an EU citizen working in Sweden should be able to submit Swedish tax forms whilst living here by using a digital identity from the originating nation.
There are also some standards in place like ETSI standardized extensions to PDF signatures so that you can verify that a signature inside the PDF was actually signed by a specific physical person (the standard is there but it's not fully used throughout the EU yet due to some legacies).
Implementation is a bit of a mess still but things are converging.
stefan_•Apr 4, 2026
The gold standard for digital signatures today is
- someone sends you a docusign link
- you sign up with your email
- you sign with your name in a cutesy font
Theres a dispute? Well it was going to end up in court no matter how you signed it anyway.
This has all the hallmarks of a design by committee project by people whose salary is paid regardless of demonstrating market fit, productivity, usage, plain sensibleness...
bossyTeacher•Apr 5, 2026
> Theres a dispute? Well it was going to end up in court no matter how you signed it anyway.
The fact that it's ALWAYS a docusign is the ridiculous part. It is just a glorified where you enter your name and email. No need to pretend otherwise. Any other service would be just as good. This is basic human sheep-like behavior?
martimarkov•Apr 5, 2026
Can I use Docusign to provide my identity in Estonia online via my phone when I move there to buy a SIM card or open a bank account or file a document with the local authority?
Can I also send the Docusign document via Signal without Docusign knowing the person who signs it?
Because that is what the eIDAS is supposed to deliver on top of cryptographic validation of signatures.
alfiedotwtf•Apr 5, 2026
Made me laugh then cry. I’m willing to bet your comment still stands in 2030 unless someone like Apple allows FaceID to be used to sign too (this seems like an obvious and easy thing to do as they already got more than half of the infrastructure in place)
mzajc•Apr 4, 2026
Is there a reason this user-hostile mess is preferred over an X.509 certificate (besides big tech lobbying)?
Slovenia hands out certificates for online government services, including document signing, and it seems to be going fine, with the added benefit that Google can't take away my access.
Maken•Apr 5, 2026
eIDAS is about making the electronic IDs emitted by the different EU governments intercompatible, so you can use a Slovenian certificate to authenticate into the German tax system, if you want to.
sfjailbird•Apr 5, 2026
Most people wouldn't know what to do with a certificate, so governments build some stuff on top (like an official mobile app) which makes auth easier. It's usually just certificates underneath (not exposed to the user).
Eidas tries to harmonize these implementations across EU member states.
whizzter•Apr 5, 2026
In the end it's mostly x509 certificates, an ETSI pADES PDF signature for example contains the signing x509 certificate (ETSI specifies extension OID's to the x509 certificates to contain personal numbers, country, etc).
The big question is how to let users properly handle their certificates so they won't get abused into being useless.
If I understood it correctly, the German current Ausweissapp seems to require NFC to read it from your personal id card together with a PIN code you got with the card, it's not entirely user-friendly since aligning the card with your phone seems to be prickly.
Swedish BankID handles it internally in their app (unlocked via PIN's) but they don't have a good way to use it to sign things (It all relies on the infrastructure even if they give out signature documents it's not compatible with pADES).
There's a new govt sponsored one that I assume will piggyback on the personal cards/passes that are readable via NFC.
Norway and Denmark iirc supports proper signatures but I don't think the certificates are under user control (someone correct me if I'm wrong here).
Now these things are mostly issues for document signatures, authentication is often handled via other flows.
What I skimmed from the article, it seems to be more in line with Swedish BankID and is actually fairly smooth for end users even if less secure than what they have now with Ausweissapp.
lucb1e•Apr 5, 2026
> inter-EU signatures
I assume this should be "intra-EU"? I'm not very familiar with eidas so I'm not sure, but afaik it's about signatures within the EU, not between different EUs (as there is only one in this world). (I hate this inter/intra wording, always have to translate it in my head to understand whether it's like internet (between networks) or like intranet (within a network). Would recommend using "within-" instead of intra whenever it's not already a well-established word, like intranet)
whizzter•Apr 5, 2026
Yes of course, a bit tired here since it's nighttime.
ResearchAtPlay•Apr 5, 2026
Do you happen to know if German citizens can obtain a certificate to sign PDFs (from the government / for free)?
Several paid providers for X.509 certificates exist but document signing certificates cost around 80 € per year [0]. And if I want duplicate X.509 certificates for my redundant Yubikeys then the cost doubles.
Other providers require an initial deposit and then charge per signature [1], which leads to intransparent pricing. In the interest of open commerce, I strongly believe that securely signing an electronic document should cost the same as my manual signature, i.e. nothing.
A partial solution already exists because I can use my electronic ID card with the AusweisApp to prove my identity when interacting with German authorities. This feature is generally useful because I live outside of the EU, but I especially appreciate that I can have my OpenPGP key signed by Governikus (a government provider) to prove the key belongs to my name [2].
Technically, I should be able to use my certified PGP key to sign documents, but in practice most non techies don't know how to validate my signature. For the average user opening my signed PDF in Adobe Reader, I would need an X.509 certificate from a trusted Certificate Authority for users to see the green check mark.
So what was the point of putting a crypto chip into every ID if you are gonna try and reinvent the entire trusted environment in the fucking smartphone?
mr_toad•Apr 5, 2026
ID cards don’t connect to the internet.
These days an ID system that doesn’t work online is next to useless.
haagch•Apr 5, 2026
It's an NFC card that can be read with any NFC card reader, USB or smartphone based.
My Shift6mq is listed has not having NFC support in postmarketOS, so I can't actually test it, but I assume the USB card reader option will work once it's supported.
jml7c5•Apr 4, 2026
Is the link broken for anyone else? I'm getting ERR_CONNECTION_CLOSED.
lucb1e•Apr 5, 2026
Works for me in Germany. I wonder if it's some overzealous bot protection that's cutting off humans again, in this case from what looks like a government website, but without further testing that's hard to say. You could check if it works from another network, or if other people on your network range have the same issue (like if you're in 13.37.0.0/16 then maybe someone else at the ISP is also in that range and could check if it got blocked outright)
lta•Apr 4, 2026
That sounds like a very smart move at the time where Europe realize the US isn't such a gray partner and it's trying to reduce it's critical dependencies on foreign nations tech and infra. Good job.
I'm actually very surprised to see this from the germans who have this reputation of great engineering culture
iknowstuff•Apr 5, 2026
Not in software. German software is awful. Think german cars, banks, telecoms etc
fmajid•Apr 5, 2026
Ah yes, the fabulous car engineering of Dieselgate.
wqaatwt•Apr 5, 2026
Well they got caught..
CalRobert•Apr 5, 2026
And then they successfully lobbied the EU to water down rules for transitioning to electric.
newsicanuse•Apr 5, 2026
While I agree, it'd be hard to say that SAP is not good
zelphirkalt•Apr 5, 2026
SAP software is the bane of most people, who have to use it, except for expensive consultants, who make bank preying on hapless clueless companies opting to use SAP software.
c0balt•Apr 5, 2026
As someone who has experienced a Migration to SAP, no it is quite hard to say it is good. Doesn't work on mobile (unless you toggle on "desktop" mode, at which point if kinda works), is slower than the preceding PHP solution and generally functions like a POS. Other SAP implementations did not seem to behave much better.
They might have some great software _somewhere_ but I have yet to see it.
gpvos•Apr 5, 2026
[citation needed]
herbst•Apr 5, 2026
Strong =! Good
GuestFAUniverse•Apr 5, 2026
We had people formerly saying that in our org and going to a _decade_ of several failed ERPs.
Now we run SAP.
Still people are unsatisfied with SAP. Not even recognising that the failures are mostly self instricted policies.
The organisation worked somehow before having an ERP, because people ignored the given organisation and improvised. That's close to impossible if you use digital processes from end to end.
And yet, the ones with the poor organisational skills blame software.
pepperoni_pizza•Apr 5, 2026
SAP is very good at what it is trying to do, which is to define, standardize, automate and run a business process, and it is equipped with a large library of premade processes so you don't have to reinvent the wheel.
It does not have good UX because good UX was never the objective.
MrDresden•Apr 5, 2026
Nor in the physical world either. Crumbling planes, trains and automobile infrastructure. Collapsed bridges, airports that don't function properly etc.
randomNumber7•Apr 5, 2026
> from the germans who have this reputation of great engineering culture
This was more than 30 years ago. Now we have a great culture of overregulation.
CalRobert•Apr 5, 2026
I think the reputation is fading. I know I’d take a Chinese car over a German one.
Tade0•Apr 5, 2026
I wouldn't, as China being the largest single market for motor vehicles and the cutthroat competition there is what caused all this.
Everyone is trying to cut costs so as to be able to compete there and Europeans are paying the cost of financing this.
Personally I'm going to wait until the average car age in China crosses the 10-year mark to get a new vehicle. Until that happens there will be no incentive to think about longevity.
livvy•Apr 4, 2026
Can anyone point me to where in the MDVN page it mentions requiring Apple and Google account? Thanks
weikju•Apr 4, 2026
Because the attestations will only work on iOS and Google Play integrity attested devices. Meaning Apple and Google accounts required.
livvy•Apr 5, 2026
This is an assumption, but not confirmed.
AppAttestationz•Apr 5, 2026
I spent months designing a system, exactly like this. An account is not needed, at least for Apple.
Play Integrity could the worst offender here, as it can be leveraged to force a user to have installed the app through the Play Store. Indirectly, requiring a Google account.
AFAICT, there is no mention of an Apple or Google account being required in general - the documentation just lists "signals" that are used to securely authenticate a person - such as Google's/Apple's security ecosystems.
I am not sure what this means in practice.
Can anybody with deeper understanding explain the actual implications and possible outcomes?
(Note: BMI is the German Federal Ministry for the Interior)
There is in practice no known way around it for now, and even less so one for regular people, to use this on a device without a Google account
zb3•Apr 5, 2026
> threats:
> unknown system image (e.g. custom ROM)
Oh no, what a horrible crime, somebody dared to modify operating system on their own device..
AppAttestationz•Apr 5, 2026
The title is misleading.
App attestation does not require an Apple account nor a google account. For Android, it does limit the ROMs to Google certified ones and requires GMS to be installed if Play Integrity is used. An alternative option, would be to use the Hardware Attestation API directly, GrapheneOS would be thanking you.
I've spent a good amount of time implementing exactly this type of system for a backup service.
his document specifies a way to cryptographically attest the integrity of a HTTP request hitting a server.
The attestation proves the request came from a device and attest the legitimacy of the bootloader, OS and app.
Google and Apple are in a privileged position to be able to bypass the app attestation though, so depending on the threat model, it's not bulletproof.
edit: Play Integrity could the worst offender here, as it can be leveraged to force a user to have installed the app through the Play Store. Indirectly, requiring a Google account.
bossyTeacher•Apr 5, 2026
> App attestation does not require an Apple account nor a google account. For Android, it does limit the ROMs to Google certified ones and requires GMS to be installed.
To me, there is no difference between your sentences. You require the blessing of an American company to be able use eIDAS. Google has the power to disable eIDAS at a national scale by making the attestation services treat all devices as not certified.
There should be NO reliance whatsoever on a private company not under the control (direct or indirect) of the government let alone a foreign private company.
Edit: I just noticed your username and the fact that your account is very new. Are you astroturfing?
AppAttestationz•Apr 5, 2026
I agree, there is still a reliance on the tech giants that produce the phones, who are the o'es embedding the cryptographic keys, to make this end to end attestation work.
But in pure technical & UX terms, you don't need to be logged in.
AppAttestationz•Apr 5, 2026
I made an account because I'm qualified to talk about this topic :-) I've spent a considerable time testing every corner case of UX, and DX of an app attested service.
App attestation can fail on simulators, Graphene OS, dev builds, I've seen it all. There is one check you can do to see if an app was side loaded, so indirectly, can require Google account.
Title is still misleading though, as it explicitly mentions accounts.
whatsupdog•Apr 5, 2026
Come September, there will be no side loaded apps on Android.
Functionaly it's dubious if this will not cause further issues. Developer tools cause some security checks to fail. It's not yet known if the unknown apps setting will do the same
seba_dos1•Apr 5, 2026
There's no such thing as "legitimacy of the bootloader, OS" that can be verified by someone who isn't the device's user. The bootloader that booted the phone I type this on is patched by me, which makes it more "legitimate" than any other bootloader that could be placed there.
AppAttestationz•Apr 5, 2026
You can bicker about the words all day long. Legitimacy, or perhaps better: authenticity, in this context, would be a bootloader or OS that doesn't allow tampering with the execution of an app.
seba_dos1•Apr 5, 2026
Any bootloader or OS that doesn't allow the user to tamper with it or the other tools they're using on it is obviously illegitimate malware.
AppAttestationz•Apr 5, 2026
It's a funny comment, because actual malware, very much loves to tamper with the bootloader and OS.
Which was the motivation for cryptographically attesting the boot process and OS, and in part paved the way for app attestation.
There are alternatives though:
The Android Hardware Attestation API enables attestation on custom ROMs, but the attestation verifier needs a list of hashes for all "acceptable" ROMs. GrapheneOS publishes these but there's nobody, to my knowledge, maintaining a community list.
seba_dos1•Apr 5, 2026
Nothing funny in it, I'm afraid. Socially accepted malware is still malware. Caffeine is a stimulant, alcohol is a drug, a piece of software that works against the user is a malware.
Cryptographic attestation is not a problem in itself, the problem is exactly what you already somewhat hinted at: it's who and how decides who to trust and who gets to make (or delegate) the choices. You can make a secure system that lets the user be in charge, but these systems we're discussing here don't (and that's by design; they're made to protect "apps", not users).
izacus•Apr 5, 2026
Sorry but this is nonsense - most users, even the Linux toting power users - don't have the time, ability or knowledge to verify the contents of their OS in a way that would catch issues prevented by attestation.
The problem with modified phones containing malware is very real and unless you want a full on Apple "you're not allowed to touch the OS" model you need some kind of audited OS verification that you as a user or a security sensitive software can depend on.
seba_dos1•Apr 5, 2026
No, what you're saying is nonsense. I can burn a key into efuses of this phone to make it only boot things signed by me and make the whole boot path verified, OS image immutable etc. and all of this can provide me some value, but it's absolutely not in my interest to let applications be picky on what can or can't happen in the OS (even if they would accept my key being there rather than Google's, which they won't). The only thing it manages to do is to prevent me from using the device the way I want or need it to be used.
izacus•Apr 5, 2026
I agree about the part where apps shouldn't be able to see whether the OS is trusted.
But to remove that incentive you first need to stop punishing app companies for compromised user OSes from legal perspective.
Are you willing to absolve Google, Apple and Deutsche Bank from responsibility of damage that happens on compromised user OSes?
seba_dos1•Apr 5, 2026
The attested systems have vulnerabilities too, so how do they deal with that responsibility?
rep_lodsb•Apr 5, 2026
There's also a problem with unmodified phones containing malware, namely an operating system made by an advertising company, which is designed to collect as much information about you as possible.
And this malware is largely based on open source code (Linux) that was originally developed on open, documented hardware, where the firmware boot loader did nothing more than load the first 512 bytes of your hard disk to address 0x7c00 and transfer complete control to it.
Yes, there were viruses that exploited this openness, but imagine if Linus Torvalds would have needed a cryptographic certificate from IBM or Microsoft to be allowed to run his own code! This is basically the situation we have today, and if you don't see how dystopian this is, I don't know what more to say.
I will never understand why such an overwhelming majority of people seem to just accept this. When frigging barcodes where introduced, there were widespread conspiracy theories about it being the Mark of the Beast -- ridiculous of course, but look at now where in some places you literally can't buy or sell without carrying around a device that is hostile to your interests. And soon it will be mandated by the state for everyone.
Google must be destroyed.
izacus•Apr 5, 2026
Yeah, randomly calling software that you don't like "malware" isn't making a strong case you think it does. Or helps in this discussion.
rep_lodsb•Apr 5, 2026
It's doing things that are against the interest of the user. But obviously, that's no longer an acceptable definition! According to our benevolent overlords, Android is definitely not malware, while yt-dlp is </s>
goblin89•Apr 5, 2026
The reason (or, depending on your inclinations, the excuse) for trusted computing to exist is not to guarantee that I didn’t patch the bootloader of the phone on which I type my comment; it’s to guarantee I didn’t patch the bootloader of the phone on which your grandma logs in to her bank without her knowledge.
seba_dos1•Apr 5, 2026
No, the reason is to let application providers decide which platforms you can run their software on. The reasons why they need that are diverse: DRM, preventing reverse engineering, shifting liability, "cheating" prevention - to name a few, but ultimately they're all about asserting control over the user, just motivated differently in various use cases. "Think of the grandmas".
ruszki•Apr 5, 2026
What's the problem with the current status quo, or the status quo 5 or 10 years ago? 20 years ago there were basically no cheating prevention, but nobody cared. We just didn't play with cheaters. There are still cheaters in all games. No matter what kind of DRM streaming platforms use, their movies are on torrent immediately. The only difference compared to 5-20 years ago is that user experience is worse. I need to install a lot of intrusive bullshits, and I cannot watch movies with proper resolution. For literally nothing.
seba_dos1•Apr 5, 2026
It's not just that "user experience is worse", it's an existential threat to Free Software.
In the past, when you had a proprietary tool you needed to use to do something, people could analyze and reimplement it. The reasons to do that varied - someone needed "muh freedomz", someone else wanted to do the thing on an unsupported platform, someone else wanted to change something in the way the tool worked (perhaps annoyed by paper jams)... Eventually you could end up with an interoperable FLOSS reimplementation. This has happened with lots of various things - IMs, network service clients, appliance drivers, even operating systems, and this is how people like me could switch away from Windows and have their computers (and later phones) remain fully functional in the society around us, perhaps with minor annoyances, but without real showstoppers.
Remote attestation changes this dynamic drastically. Gaim (Pidgin), Kadu couldn't be made if the service provider like AIM, ICQ, Gadu-Gadu etc. could determine whether you're using the Official App™ from the Official Store™ on the Official OS™ and just refuse to handle requests from your reimplementation. They could still try and be hostile to you without it, and often did, but it wasn't an uneven fight. Currently we're still in the early days and you can still go by in the society by defaulting to use services on the Web, using plastic card instead of phone for payments etc. but this is already changing. And it's not just a matter of networked services either - I bet we're going to see peripheral devices refusing to be driven by non-attested implementations too.
Secure boot chains have some value and are worth having, but not when they don't let the user be in charge (or let the user delegate that to someone else) and when they prioritize the security of "apps" rather than users. The ability for us as users to lie to the apps is actually essential to preserving our agency. Without that we're screwed, as now to connect ourselves to the fabric of the society we'll need to find and exploit vulnerabilities that are going to be patched as soon as they become public.
Avamander•Apr 5, 2026
> The ability for us as users to lie to the apps is actually essential to preserving our agency. Without that we're screwed, as now to connect ourselves to the fabric of the society we'll need to find and exploit vulnerabilities that are going to be patched as soon as they become public.
The same freedom is being abused by malicious actors. Even on Windows (like BlackLotus), but also on pre-infected phones emptying people's bank accounts. This is an incredibly unfortunate outcome, but what's the solution?
I see no other potential outcome than that free computing and trusted computing are going to be totally separate. Possibly even on the same device, but not in a way that lets anyone tamper with it.
seba_dos1•Apr 5, 2026
A lot of other freedoms are being abused and always have been, but somehow we don't go and ban kitchen knives, as having them around is valuable. This is a false dichotomy. Systems can be secure and trusted by the user without having to cede control, and some risks are just not worth eliminating.
Most importantly - it's the user who needs to know whether their system has been tampered with, not apps.
Avamander•Apr 5, 2026
> but somehow we don't go and ban kitchen knives, as having them around is valuable
Some countries do :) Though I think physical analogies are misleading in a lot of ways here.
> Systems can be secure and trusted by the user without having to cede control, and some risks are just not worth eliminating.
Secure, yes, trustworthy to a random developer looking at your device, no. They're entirely separate concepts.
> Most importantly - it's the user who needs to know whether their system has been tampered with, not apps.
Expecting users to know things does a lot of heavy lifting here.
seba_dos1•Apr 5, 2026
I never mentioned users having to know things (what you quoted was about the user getting informed whether their system is compromised, which is the job of a secure boot chain). The user being in control means that the user can decide who to trust. The user may end up choosing Google, Apple, Microsoft etc. and it's fine as long as they have a choice. Most users won't even be bothered to choose and that's fine too, but with remote attestation, it's not the user who decides even if they want to. And we don't need random developers looking at our devices to consider them trustworthy. It's not their fucking business.
goblin89•Apr 5, 2026
> somehow we don't go and ban kitchen knives
False analogy. You can’t have your kitchen knife exploited by a hacker team in North Korea, who shotgun attacks half of the public Internet infrastructure and uses the proceeds to fund the national nuclear program, can you? (I somewhat exaggerate, but you get the idea.)
> Systems can be secure and trusted by the user without having to cede control
In an ideal world where users have infinite information and infinite capability to process and internalize it to become an infosec expert, sure. I don’t know about you, but most of us don’t live in that world.
I agree it’s not perfect. Having to use liquid glass and being unable to install custom watch faces is ridiculous. There’s probably an opportunity for a hardened OS which can be trusted by interested parties to not be maliciously altered, and also not force so many constraints onto users like current walled gardens do. But a fully open OS, plus an ordinary user who has no time or willingness to casually become a tptacek on the side, in addition to completely unrelated full-time job that’s getting more competitive due to LLMs and whatnot, seems more like a disaster than utopia.
ruszki•Apr 5, 2026
> You can’t have your kitchen knife exploited by a hacker team in North Korea, who shotgun attacks half of the public Internet infrastructure and uses the proceeds to fund the national nuclear program, can you? (I somewhat exaggerate, but you get the idea.)
Isn’t the status quo, that you need to intentionally choose to allow this?
seba_dos1•Apr 5, 2026
Yes (well, kinda - attested systems can be and are vulnerable too), and remote attestation is completely orthogonal to that threat anyway. Securing the boot chain does not involve letting apps verify the environment they run in, it's an extra (anti-)feature that's built on top of secure boot chains.
It's also really incredible how people can see "user being in control" and just immediately jump to "user having to be an infosec expert", as if one implied the other. You can't really discuss things in good faith in such climate :(
ruszki•Apr 5, 2026
How large is this preinfected phones problem? Is it large enough to sacrifice freedom?
Avamander•Apr 5, 2026
We have had a large discovery of pre-installed malware every year for the past decade so far. Seems like a fairly big problem.
AlBugdy•Apr 5, 2026
All these requirements for specific hardware and software are ridiculous. Let every citizen use whatever computer they want. It should be up to the user to secure themselves. Authentication should only require a password or a key pair. If the user wants more security, they can set up TOTP or buy a security dongle or something.
It's also ridiculous how it seems we've forgotten computers other than smartphones exist and that not everyone even has a smartphone, let alone with an Apple or Google account.
direwolf20•Apr 5, 2026
> let every citizen use whatever computer they want.
That's just not possible, or should the system be legally required to run on an Apple II?
seba_dos1•Apr 5, 2026
It should be legally required to provide enough interoperation capabilities for a compatible frontend to be written for an Apple II by whoever would like to do that, as the government can't be expected to write and maintain clients for every platform that's now in existence or that will be created in future.
If only currently popular platforms are to be supported, how could a new platform join them in the future if the use of existing ones is mandated by governments?
Avamander•Apr 5, 2026
> If only currently popular platforms are to be supported, how could a new platform join them in the future if the use of existing ones is mandated by governments?
The viable solution for that is to provide a trusted hardware implementation that can be used with any computing platform that has a documented interface. It can't be a software-only implementation, basically.
vslira•Apr 5, 2026
Glad you mentioned this possibility
Countries have centuries of experience providing attestation services through notaries. Germany is even infamous for requiring them for things that would sound ridiculous even in Brazil (both movie and country)
I can’t see why governments couldn’t incorporate this existing infrastructure into the digital world. Make them sell hardware ID wallets, enforce the real identity owner to be present to invalidate a previous ID or whatever, and add legal restrictions for the government not be able to alter these registries
cocoto•Apr 5, 2026
Simple, provide a simple API, let the community build the clients for the machines they have.
direwolf20•Apr 5, 2026
That's antithetical to the goal of a secure ID. It has to be really impossible to get stolen, or as difficult as a physical card. If the ID is just a password, you can tell other people your password, and it can be stolen, and it can be cloned. Germany is a strict liability country, and you will be fined or imprisoned for anything that is done with your identity card that was cloned because your PC was infected by malware if you don't report it stolen.
inexcf•Apr 5, 2026
And as we know it is impossible to give someone your physical card.
AlBugdy•Apr 5, 2026
> If the ID is just a password, you can tell other people your password, and it can be stolen, and it can be cloned.
You can give your physical cards to other people or give them access to your computers, too.
> Germany is a strict liability country, and you will be fined or imprisoned for anything that is done with your identity card that was cloned because your PC was infected by malware if you don't report it stolen.
I don't see an issue with this.
direwolf20•Apr 5, 2026
You don't see an issue with going to prison because you got a computer virus and didn't know you got a computer virus?
jmorenoamor•Apr 5, 2026
No, but it should be open enough to be reasonably independent of specific services and devices.
7bit•Apr 5, 2026
You can make an argument without pulling it into the ridiculous, you know?
realo•Apr 5, 2026
The problem to solve is trust.
The technical solution is a hardware root of trust. This is typically a specially hardened chip in the device. A Trusted Platform Module (TPM).
Your Apple ][ does not have a TPM. It cannot run software that can assess it's identity in a trusted manner.
atanasi•Apr 5, 2026
The current policy trend in the EU is definitely not based on the principle of each user evaluating their own risk. On the contrary, service providers like financial institutes and identity providers have the responsibility to keep users safe, and more and more regulation will be made. The natural consequence is restricting which platforms are supported.
sunshine-o•Apr 5, 2026
> The current policy trend in the EU is definitely not based on the principle of each user evaluating their own risk.
Yes and if you look back this is not new. Just look at the extraordinary restrictions that apply to:
- What houses you can build,
- What vehicle you can drive,
- What food you can grow and sell.
The result is real estate has become unaffordable for younger people, our car industry is being annihilated, and the agriculture sector hold by a string.
The digital realm enjoyed an unusual level freedom until now because the silent and boomer generations in charge in the EU understood nothing about it.
Now that the EU is getting involved in "computers" we are starting to understand why peasants have been protesting in Brussels and calling those people insane for decades.
rcbdev•Apr 5, 2026
I really have to wonder where in the EU you live. In Vienna, I got to buy an apartment in my mid-twenties by just saving up, which was easy, as many apartments are rent-capped and there's lots of cheap social housing. I got to enjoy free university, allowing me to get a high paying job. I get to use very cheap all electric state-subsidized rental car offerings if I need them, which is rare since we have federally good rail and bus coverage. And I enjoy affordable meat, dairy and vegetables all sourced from inside my country.
Austria's courts also ruled ages ago that rooting your own device cannot be a legal reason for OEMs like Samsung to refuse warranty coverage, since you can run whatever software you want on hardware you bought.
Maybe your country sucks? Don't blame it on the EU.
krater23•Apr 5, 2026
Yes, blame Germany.
sunshine-o•Apr 5, 2026
Yes congratulation, you get to benefit from a lot of regulated and subsidized things: housing, education and transportation.
While enjoying a high paying job in probably a still very unregulated domain (computers/internet related).
This is not about one country vs another.
The problem is you cannot have a society with everybody winning on both fronts unfortunately. You also need people making, cleaning stuff, growing food, cooking, etc. Not everybody can live in the capital with "very cheap all electric state-subsidized rental car" and Vienna is probably not food self sufficient...
rcbdev•Apr 5, 2026
> Vienna is probably not food self sufficient
No, but Austria is. And our farmers enjoy much support through subsidies - from the EU and our own budget - and social protections, often having better and cheaper health care than most other Austrians, since they are insured under their very own social insurance law (BSVG), contrary to other employees (ASVG) and self-employed (GSVG).
Farmers also enjoy very high levels of respect and appreciation here, even in Vienna.
> While enjoying a high paying job in probably a still very unregulated domain (computers/internet related).
Calling Information Technology an 'unregulated domain' in the EU when we're all busy implementing NIS2 regulation and preparing for the Cyber Resilience Act entering into force soon seems disingenuous.
sunshine-o•Apr 5, 2026
> And our farmers enjoy very high levels of subsidies
Yes, thanks. This was my original point "the agriculture sector hold by a string". It is by design unsustainable and if you cut those "high levels of subsidies" it collapses.
> Calling Information Technology an 'unregulated domain' in the EU when we're all busy implementing NIS2 regulation and preparing for the Cyber Resilience Act entering into force soon seems disingenuous.
Yes this is why I said "still"
rcbdev•Apr 5, 2026
I do not understand what you're trying to communicate with "hold by a string" - we subsidize our farmers because we do not want to completely wreck our local agricultural supply chains just because food from, say Brazil, would be theoretically cheaper today. Another factor is that we actually have the ability to properly enforce quality standards if the food is produced within our jurisdiction.
This is no different to subsidizing public transport, because having this infrastructure local and autonomous is just strategically important enough for the tax payer to finance it. Would you say that public transport in EU capitals is "holding on by a string"?
Ray20•Apr 5, 2026
> apartments are rent-capped
> cheap social housing
> free university
> high paying job
> very cheap all electric state-subsidized rental car offerings
> affordable meat, dairy and vegetables
And here we can simply examine the tax structure and conclude that the problem isn't whether the country sucks, but whether the side you're on sucks.
After all, how can housing be affordable for ordinary workers if they have to subsidize from their own pocket free university, cheap housing, electric cars, high wages, and everything else for the privileged class?
> Maybe your country sucks?
And maybe your country sucks too. It is just North Korea is also the best country to live in (if you're Kim Jong Un).
rolandog•Apr 5, 2026
"Legislation will continue until morale improves."
The regulations sometimes feel like additional burden of the user, but not for the manufacturers (aside for the attestation logic); consider:
> (MEETS_STRONG_INTEGRITY requires a security patch in the last 12 months)
Think about how this essentially codifies planned obsolescence due to not forcing the manufacturers to maintain the devices for life.
mrweasel•Apr 5, 2026
Last week I was watching a YouTube video, talking about the EU creating payment services independent of VISA and MasterCard. What struck me is that they are all apps, which will require an app store.
Great, I can pay with a digital Euro, Wero or something else, without routing my payments via VISA. I just can't do it without an account with Apple or Google. I'm absolutely baffled by politicians, regulators, banks, merchants and implementors lack of ability to think more than one or two steps out.
Sure, the EU is forcing 3rd. party app store, but no one is using them, so no one is pushing apps to them, especially not governments, banks or payment services, they'll be the last to use them.
haagch•Apr 5, 2026
The digital Euro seems still in early planning stages. It seems people want to plan a physical card for it, but whether online payments will work without a platform dependent app is unclear for now.
Wero however is currently only planned as an android/ios app period. There are rumors that a card will come but that's only rumors for now.
In your list of groups to be baffled about I would add journalists. You see many articles about Wero mentioning digital sovereignty, but have you seen any that criticize the required banking apps only being available in google's and apple's app stores?
cebert•Apr 5, 2026
I am shocked that there isn’t more opposition from the general public to policies like this that erode privacy and freedom. I am a parent and can appreciate the need to control what children do on the internet, but at some point parents need to parent. I fear we’re giving up a lot of freedom and adding unneeded complexity under the guise of keeping children safe.
Ardon•Apr 5, 2026
As far as I can tell, people are getting blitzed. People I know are incredibly deep in their personalized bubble and genuinely aren't even hearing about it. It's genuinely distressing. In general and for the future of democracy.
whilenot-dev•Apr 5, 2026
It feels like this era of hyper-individualism requires too much attention from each individual and favors those that can afford to outsource the work. While that stabilizes the role of society as a system, I feel like this is most worrisome for the less privileged in any low-trust environment.
gmerc•Apr 5, 2026
Germany is distracted with its version of “the gun debate” aka speed limits.
Like every school shooting, every energy crisis brings opportunity to
saturate the airwaves with shallow noise that gets people overly
upset and they’ll ignore everything else.
Every player on both sides is abusing this mechanic for all eternity.
AnthonyMouse•Apr 5, 2026
> every energy crisis brings opportunity to saturate the airwaves with shallow noise that gets people overly upset and they’ll ignore everything else.
At least their version has an obvious solution: Make electric cars and solar panels and then stop having oil problems.
lukan•Apr 5, 2026
The speeding debate won't go away with this, though, as speeding is not about oil.
AnthonyMouse•Apr 5, 2026
You still can't get people upset about gas prices every time there isn't peace in the middle east once they stop buying gas.
ArnoVW•Apr 5, 2026
I believe the idea is that friction and resistance is proportional to the square of the speed. After a certain speed, every 10 mph extra starts to really count in your mileage.
krater23•Apr 5, 2026
The idea is that some green ideologists think that when they don't need to drive a car because they don't leave their city, no one needs to drive a car. Because car driving creates CO2 which means car driving is bad. And they search for ways to implement that or make driving a car as bad as possible. Because they can't make the Deutsche Bahn better, they have to make driving your own car worse.
AnthonyMouse•Apr 5, 2026
But then why not just make car driving not create CO2?
kyboren•Apr 5, 2026
Because that doesn't play to Germany's industrial and economic strengths (precision machining, metallurgy, basically the whole ICE automobile supply chain).
EVs are just mechanically much simpler, with a shorter BOM that largely centers around Asian (particularly Chinese) battery, REE, and semiconductor supply chains, so hundreds of thousands of good jobs that supported Germany's industrial model are now economically obsolete.
kuerbel•Apr 5, 2026
An EV is the superior vehicle in every aspect. Cheap fuel, reliable, nice to drive, less maintenance costs, less noisy and yes, no local emissions.
whilenot-dev•Apr 5, 2026
I think this view is too reductionist, as people can (and usually do) debate more than one topic at a time. The problem is that technological dependence isn't gaining enough precaution when commodity products are being discussed.
What worries me is that it's a real global problem in all of our non-autocratic societies. On a positive note, I can see how this is actually becoming a common understanding and gaining traction, as hyped AI products are seen by some as 3rd-party- or SaaS-killers. It seems like we know how to differentiate between independence and dependence, and evaluate any risks affiliated with such a decision. But it baffles me that this differentiation manages to float as some ironic stream in our Zeitgeist, and just barely manages to be taken seriously.
bluecalm•Apr 5, 2026
Imagine we had real democracy where people vote on issues.
Speed limits? Vote once every 7 years or so on it and be done with it. Same for abortion laws, drug laws, gambling laws.
Have a debate, vote, come back to it in 7 years if there is public interest.
Preferably vote locally on issues that can be applied locally (like speed limits/enforcement etc.).
Public debate and assessing politicians and parties would be so much cleaner then if they couldn't use polarizing issues to rally their support and do w/e they please on all other issues.
heavyset_go•Apr 5, 2026
Popular vote would have made sure civil rights legislation never passed and everything down to the schools and bathrooms would still be segregated.
rcbdev•Apr 5, 2026
What German civil rights legislation are you referring to?
bluecalm•Apr 5, 2026
I think you are wrong but it's hard to guess what would would happen in the past.
Meanwhile a lot of unpopular policies are implemented right now.
You are hoping "good minority" will get its way ahead of "evil majority" in indirect democracy but if anything I see the reverse happening in a lot of Western countries today.
jahnu•Apr 5, 2026
I would hate to live in that political system. Just imagining the ways it would be gamed and the billionaire press would leverage these votes makes me shudder.
So far the best modern improvement I’ve seen (and it could be further improved of course) is the increasing use of citizens assemblies.
I find it much easier to live with a decision knowing people around me made it.
As it is the strongest lobby wins which usually doesn't contain me. In a world where people vote on issues I can at least move to somewhere where people think like me.
Taking speed limits and road safety in general as example I feel vocal minority of car enthusiasts are holding the silent majority hostage and that's the reason we don't have more sensible regulation in a lot of EU countries.
kuerbel•Apr 5, 2026
As a Swiss all I can say is that this is not how that would work out. Some of the most polarising statements I have ever heard come from Swiss politicians.
Although it is a more recent development since a certain billionaire (what else) took up politics as a side hustle.
looperhacks•Apr 5, 2026
Nobody is seriously discussing speed limits right now ...
CrimsonRain•Apr 5, 2026
all speed limits in highways are stupid. It should be follow distance enforcement instead.
dboreham•Apr 5, 2026
Single-vehicle accidents exist.
watwut•Apr 5, 2026
> at some point parents need to parent
You write it as if companies provided tons of help to parents and children. Meanwhile, they spend a lot of money to make it as hard as possible.
Second, kids in Germany have generally a lot more freedom and there is less of knee jerk impulse to blame parents for every accident. Expectation is that adults dont harm them without parents having perfect control every sevond.
shevy-java•Apr 5, 2026
The age verification sniffing laws will come to the EU and Germany too, so your assessment is, in my opinion, too limited and incomplete. It's not really about parenting, it is about grabbing more and more data from people.
baxtr•Apr 5, 2026
I think because most people, even tech savvy ones don’t understand how this might effect their lives. It’s too abstract. At least how it’s portrayed here.
Contrast that with chat control.
My government can read my WhatsApp messages? Not good!
What’s the non-technical narrative here?
shevy-java•Apr 5, 2026
But there is nothing abstract here. A private entity, situated in a country that is very hostile and pro-Russia, controls parts of the software stack and implementation here. That's a law written by lobbyists.
hhh•Apr 5, 2026
Well, it affects a tiny percentage of people today, so why would they see it as impacting them?
AnthonyMouse•Apr 5, 2026
Do people in Europe not intuitively understand that willingly making yourself [more] dependent on a foreign corporation is disadvantageous to you?
herbst•Apr 5, 2026
Do people outside of Europe do not understand how Germany is just a small fraction of Europe.
not_that_d•Apr 5, 2026
While true, it influences a lot in the EU
herbst•Apr 5, 2026
I don't think they influence more than France does. But I don't know, I live in Europe but don't care for the EU
baxtr•Apr 5, 2026
Don’t feel bad! The EU cares about you as much as you care about the EU.
reddalo•Apr 5, 2026
If you live in Europe you should care for the EU: not only it's the reason why there hasn't been a war for 80+ years, but if we can have a voice on the international stage it's because we are united instead of 27 small independent countries.
lukan•Apr 5, 2026
Do you live within the EU, or in europe?
megous•Apr 5, 2026
Thankfully, not in the technology area. Eg. we in the post-soviet EU block are well beyond using fax, and stuff like that, ... :)
AnthonyMouse•Apr 5, 2026
People in Texas are in the US, right?
rufasterisco•Apr 5, 2026
US dependency did bring a lot of value to a lot (albeit not all) of Europeans in past, specifically 1938-1988.
If you were born, raised and lived in that timespan, you might have developed a deep seated and hard to break habit to rely on that dependency for security and lifestyle/wealth.
Also, that same lifestyle is based on ignoring externalities applied to commons and/or events happening “somewhere else”, even when factually proven.
Little wonder and tiny bit ironic that the same principle has embedded itself so deeply, that it holds true even when the damage is inward, just a few indirections away.
On your side, yes, I think that “people in Europe” intuitively understand that, it just needs time to blossom.
The reputation/trust damage self inflicted by the current US administration is triggering a pushback that will expand into the future.
As a point in case, it will lead to reconsidering assumptions on habits that many generations of US businesses and diplomats have built.
Many in this thread point at difference instances of services that should be decoupled.
Connecting the dots, the larger picture looks painfully obvious to me: Silicon Valley never was a partner to be trusted, and certainly not after they built or bent every business to rely on an ad ecosystem that exploits users.
That original sin, on which a huge portion of Wall Street rests, is now at the center of discussions.
Hence, the EU will build tools to address this because it has to, but consumers will flock to them especially from the US, since at this point no one can trust SV companies on data privacy (since Snowdens at least), no one can trust the US administration to protect citizens (since Trump at least), and about half of the US is scared about what’s going on deeply enough (the emotional push needed to break the habit).
They will move their data it the EU (where else? China?).
This will be compounded by the fact that everyone tries to build better LLMs and to get AGI, while forgetting that LLMs work on data pipelines.
AnthonyMouse•Apr 5, 2026
> The reputation/trust damage self inflicted by the current US administration is triggering a pushback that will expand into the future.
This barely even seems like the relevant part. If Google was founded in Japan and Apple in Brazil, it would still be foolish to entrench them as a dependency. It would barely even be better to do it with a local company.
> They will move their data it the EU (where else? China?).
This feels like hopium. Network effects are powerful and as long as the internet is actually global, there are really only two options: 1) Centralized megacorps, and then the US ones have both the US apparatus behind them and the incumbency advantage, or 2) open protocols where no corporation of any nation is a gatekeeper.
So for Europeans to get the hooks of the US incumbents out of them, their best chance by far is the second one, and that one is also mostly to the advantage of the Americans who aren't the existing incumbents, which is why it works. Start making phones with open hardware and social networks with open protocols and you can get people outside of your own country to use them because they don't much like the incumbents either, and that's how you reclaim the network effect. Try to clone the US megacorps without the US apparatus to get them established in other countries and they don't because they're wary of foreign central control, which in turn means you don't get the network effect and you lose.
But then it's not so much that data ends up in "the EU" as that it's on your own device and then backed up or distributed as encrypted chunks in a distributed network which isn't tied to any specific jurisdiction.
TeMPOraL•Apr 5, 2026
Relying on open protocols to make all the difference is much more potent hopium than what GP wrote.
Open protocols are kind of thing techies do when in cooperative mode, when industry isn't looking. But this is not this kind of problem - this is an economic, geopolitical problem. It's not about your local school moving off Windows to Linux, it's about the European corporations moving off Azure to some other cloud solution offered by European corporations (do we even have any?).
I'll grant it, the turmoil of such transitions is a perfect moment for pushing for open protocols, federated solutions, etc. - the industry is distracted, there's more space to sneak in some good solution before everyone notices, and EU has cultural and political tradition of pushing towards FLOSS (even if largely just as an alternative to Microsoft) and associated values/memetic complex. But open anything won't save the day - more corporations will.
It's a blind spot for some software folks, because they forget that FLOSS is an exception here; everything else in the real world - including computing hardware and supporting power and network infrastructure - plays by rules of market economy, with proprietary solutions and clear structures of ownership.
It makes no sense to try and fight this here - but it does make sense to go along with the flow and improve things by pushing for more globally optimal solutions, especially that EU is known to be favorable to using openness in protocols and standards as a policy vehicle, both internally and externally.
ElFitz•Apr 5, 2026
> it's about the European corporations moving off Azure to some other cloud solution offered by European corporations (do we even have any?).
Scaleway and OVH?
Although I’m not sure how they compare at scale to AWS / Azure / GCP.
rufasterisco•Apr 5, 2026
great counterpoint! (no i'm not an LLM, it is a actually a crucial perspective)
i especially agree with
> But open anything won't save the day - more corporations will.
i am not advocating for a pure "open source will save the world"
there are just a few points i'd like you to consider, and hopefully give me insights i can learn from
* other than code, open source has also given us governance "experiments" capable of running critical systems. As another poster was mentioning, the risk is to fallback on "big corps", usually run by "big man", and we are back to zero. The hope? expectations? is that the open source governance ecosystem has tackled this space in enough dimensions to be able to build something over this.
I am looking specifically at the area around licenses (mariadb, redis, ...) and just overall governance frameworks, as in "deteach business ownership from ethical frameworks"
* in order to build anything this big/reliable, without megacorp budgets, you can just ... pay FLOSS? They are one of the 2 majorly screwed groups by the current SV setup (with PLENTY of cavaets,amongst them that SV is a huge open soure contributor)
The other one being content creators.
Slogan? "For this to succeed, you need the best coders and the best marketing departments in the world"
Looks to me like incentives are aligned towards them being available.
Talking broadly on a systemic level: details need refinement, and space beyond this single message.
* EU (the political instituion) desperately needs this. An innovative tech ecosystem (not startup, not product) driven by "european values" that puts them on the spot. Start with redefining it: there are no users, but citizens.
Something effectively out-innovating SV, not just trying to get on par.
The risk of "being bought out/copied" doesn't really apply, since (as I said in my original comment) the discriminator is existential: US companies cannot be trusted because they built the existing system.
Any attempt to block this (stop users from getting their data back) is going to be challenged by the EU (GDPR violations cannot be brought to court by citizens, only by nation's data authorities, which means a citizen gets big guns and doesn't ned to pay).
Also, go on and explain that to all you other (US and not) users.
* A EU cloud provider doesn't have to provide the same services an US provides. That would hardly be innovative.
You also don't need to focus on corporations. Provide data storage for citizens, that will be the basis to build a privacy focus cloud, and then business might want that.
There is a possible continuation into "advantages of storage&privacy based vs compute", that i skip.
But essentially, to me it seems that an open source, true, "give me back my data" business driven initiative has never been as actionable as now.
I short, such a project can make 2 bold statements
"We are more innovative than SV"
"We have better freedoms than the US"
rufasterisco•Apr 5, 2026
thank you for the insightful answer
> But then it's not so much that data ends up in "the EU" as that it's on your own device and then backed up or distributed as encrypted chunks in a distributed network which isn't tied to any specific jurisdiction.
100%
i launched into a long trajectory from the comment i was originally answering to, and stopped short
i think-of? dream-of? try-to-build? what you just said
my "in the EU" claim is mostly around legislation (EU art 8 vs US CLOUDS act vs vs China approach to citizen's data)
the legislation is there, since GDPR
it's a matter of tools
since corps built tools, they "forgot" to add the third button on cookie banners: "give me back my data" ... (and fourth: "delete it")
but the legal framework is there, as well as most of the tooling (google takeout, and so on from all other major players)
it's not that pipelines for moving data from US corps to inidividual do not exists, it's more that, up to now, whenever i was talking about "data rights" to people, even in tech, i got yawns back
now we have a "perfect storm": distrust towards US (administration, collpasing onto US businesses) + global uncertainty towards AI (where lots of people just perceive something happening but lack any tool that gives them control over it)
this is what i perceive as a tectonic shift that can be used innovatively, by EU businesses, hopefully leveraging open
for completeness, i have indeed wrapped "EU" as the spearhead for this, given the incentives to build it, but yes, central authority over this should live inside of each citizen nation framework (see, Japan and South Korea, both providing legal frameworks for data protection)
krater23•Apr 5, 2026
No, most people aren't interested at all. They say it will nothing happen. Changed a little bit since Trump, but not enough to have really impact.
TeMPOraL•Apr 5, 2026
"My government can read my XXX" also affects only a tiny percentage of people today, but due to historical precedents and a lot of history and civics lessons, everyone thinks it affects them personally.
TeMPOraL•Apr 5, 2026
> Write too many color emojis in a row on a YouTube livestream chat
> Get banned from society for life
applfanboysbgon•Apr 5, 2026
The non-technical narrative is very simple: Google, Apple, or the German government can revoke your ID at any time. You cannot purchase or sell anything[1], sign any contracts, have a job, rent an apartment, use public transportation, or receive any kind of government services without an ID. This should sound extremely alarming to everyone regardless of technical knowledge.
[1] Maybe with cash, for now, but cash is clearly not long for this world, and your bank account will be inaccessible already.
4ad•Apr 5, 2026
It also makes you sound like a conspiracy theory nutjob, and the current political climate in Europe is such that people are really sensitive to this sort of alarmist messaging (which they erroneously perceive as fascist rhetoric) and will not listen to you because they don't want to be associated with those people.
I don't think we can win this fight. Personally I tried to advocate against eIDAS in Austria and I've had negative success. After my warnings, people like it more.
"Oh, it's an EU thing? it must be good!".
applfanboysbgon•Apr 5, 2026
I feel like if you frame it against the Americans you might have more success? Given this implementation is fully Google/Apple-based. Then it's not "conspiracy theory" but "something that is literally happening and in the news already", where you can point to the Europeans who were sanctioned by the US. But after demonstrating the American threat is real, it is also important to turn around and ask whether your own government should have that much power either, and for what benefit do you stand to gain by giving them that much? For those people who think you sound like a fascist nutjob, I would ask: you might be okay with the current government having this power, but will it still be okay if the FPÖ comes to have this power?
But then again, maybe there is nothing that can be done. It boggles my mind that even on HN most people are defending this. It seems like freedom is a completely lost cause.
testing22321•Apr 5, 2026
What percentage of people have a phone that is not apple or google?
isolatedsystem•Apr 5, 2026
I think the point is rather what percentage of people will continue to need to have a phone that is Apple or Google, due to death by a million decisions like these.
testing22321•Apr 5, 2026
Well the comment above was expressing disbelief that more people are not up in arms about this.
When you realize the tiny tiny percentage of people that have a phone that is not apple or google, you understand why few people are up in arms.
It simply doesn’t affect many people.
AnthonyMouse•Apr 5, 2026
This feels like arguing that people wouldn't object to having a shock collar padlocked around their neck because it's not currently shocking them. You don't have to see very many moves ahead to guess what happens if you don't object.
Whereas if the collar is touted as fashionable and the lock is hidden until it's engaged, now your problem is not that people don't care, it's that they don't know, which is different.
maccard•Apr 5, 2026
I don't think this analogy comes even close to holding water.
AnthonyMouse•Apr 5, 2026
So cementing a dependency on paperclip-optimizing foreign megacorps to intermediate all your purchases and communications doesn't allow them to influence your behavior?
maccard•Apr 5, 2026
A dependency on a paperclip optimizing foregin megacorp is not remotely compara le to a "shock collar padlocked around your neck"
testing22321•Apr 5, 2026
I’m not for one second saying I like it, agree with it, or support it.
I’m just saying there are not many people impacted, so there are not going to be many people making noise.
People are simply too deep in the trenches of day to day to object to things that don’t impact them personally
indrora•Apr 5, 2026
My uncle has lost 4 Google accounts. Two to password loss, one to a fire, one to being banned for crimes against currency (having the audacity to live in several countries with different currencies)
The issue isn't the phone, it's that a __government__ is depending on an unregulated private enterprise.
ruszki•Apr 5, 2026
> one to being banned for crimes against currency (having the audacity to live in several countries with different currencies)
What does this "crimes against currency" mean? I live in several countries at once with different currencies, and I never had a problem with this. And top of this, I travel a lot. I have accounts in 5 countries, in 6 currencies. Should I pay attention to something?
Aachen•Apr 5, 2026
Are you saying there's a threshold percentage somewhere below which you're happy to
A: exclude these people from society or force them to switch to big tech, and
B: accept the consequence where a single other country holds access to everyone's identity information for convenience reasons (because it works for the 99% that are too tech-illiterate to install software that they control instead of the other way around)
sunshine-o•Apr 5, 2026
This is because the EU is basically designed as a lobbying platform. Note that lobbying by its own citizen is possible and welcome but expensive and require a some coordination, so basically foreign actors and big corporations are dominating.
This is not a secret, the process is actually very transparent but it is "hidden" in all the documents nobody really want to dig into.
Also the EU and all those states are also highly incompetent and pretty much only depends on low quality contractors.
For example there is very little discussion and info about the fact that the EU digital infrastructure just got owned by what seems to be a random hacker group [0].
Because it requires tech iCal knowledge which 99% of the population don't have.
phatfish•Apr 5, 2026
I'm not. Parents are very much in favour of restrictions on what can be accessed online.
Parents can't control what their children are doing 24/7, and neither should they. But they should expect a society where children are protected from billion dollar corporations stealing their attention and radicalising them, at least until they are old enough to leave mandatory schooling.
There are many "real world" age restrictions that exist, and we have decided those are of benefit to society in general. The "online world" is no different.
If we can't have age restrictions online then they should just be abolished in the real world as well, in the name of preserving "privacy and freedom". The online world doesn't exist in isolation like it did in the 90s and 00s.
You're linking to a bugtracker. I doubt they're inviting people to spam it with duplicate entries — valid as I think the concern is. But maybe it says somewhere that you can leave feedback here and I just haven't seen it?
chmod775•Apr 5, 2026
They are taking feedback there and also have already responded to some of it.
From their README:
> We are interested to receive feedback on all aspects
described in the document. To provide feedback, please file an Issue on OpenCoDE.
Does this mean sanctioned individuals, such as those in the International Criminal Court, would be unable to access eIDAS, among other things? As it requires, from my understanding, installing app(s) from the play store, thus requiring an account there and being able to access it, which isn't happening if you're among those or really, in any group that might get the same treatment in the future.
iamnothere•Apr 5, 2026
If an account is required, then yes. Good catch.
This may not be unwelcome for authorities considering the recent extrajudicial “unpersoning” of many political enemies in the EU.
comex•Apr 5, 2026
It definitely would be unwelcome for EU authorities in cases like the recent US sanctions against ICC officials.
OgsyedIE•Apr 5, 2026
Not to mention the German debanking and account closing of a few middle eastern journalists living in Germany, their spouses and in one case their children.
iamnothere•Apr 5, 2026
Fair... they should think about this then
raverbashing•Apr 5, 2026
Yes?
I don't think it's a bad idea though. If only for bringing the issue to the public
And while I do think an alternative would be good, the fact is that protecting the private key is the most important part (for example by keeping it on a smartcard with NFD) - hence why the need for a secure device
"but I want to install alternative Android etc etc" yes that's fine - but you know this is a non-secure-(enough) env.
AnthonyMouse•Apr 5, 2026
> "but I want to install alternative Android etc etc" yes that's fine - but you know this is a non-secure-(enough) env.
I feel like this is getting to the point of gaslighting. Many of the allowed devices are bargain bin Android phones running out of date software with known vulnerabilities in both the operating system and the hardware which is supposed to be protecting the keys.
Meanwhile you could be using a hardware security module in a bank vault in a nuclear bunker surrounded by armed guards and the excuse would be that this "isn't secure" because it hasn't been approved by Google or Apple.
Governments shouldn't be requiring you to use any specific vendor or set of vendors. They should be publishing standards so that anyone who implements the standard can interact with the system.
raverbashing•Apr 5, 2026
> Meanwhile you could be using a hardware security module in a bank vault
Yeah you could, but most people won't
Should they allow for a yubikey on a non-google phone? Or your own private key? Yes they should. But then there's the issue of enrollment, etc.
AnthonyMouse•Apr 5, 2026
> Yeah you could, but most people won't
When something is required by law, it needs to work for all people.
It also specifically needs to not entrench incumbents by impeding the ability of challengers that don't currently have market share from ever getting any.
> Should they allow for a yubikey on a non-google phone? Or your own private key? Yes they should. But then there's the issue of enrollment, etc.
There is no such issue because enrollment should be part of the standard so any device that implements the standard can be enrolled.
fpoling•Apr 5, 2026
Physical SIM cards are just as secure as the security enclave on the phone. In Norway few years ago banks even used that for secure authentication that worked on dumb phones with local mobile network providers pre-installing the required software on their SIM cards.
But then to save cost including the support cost banks stopped and instead started to require a non-rooted Android/iPhone.
raverbashing•Apr 5, 2026
Yup, it would be so much better to have it tied to simcard (though it might not help so much with anonymity)
But I think there are still cell operators without sim card
Dylan16807•Apr 5, 2026
> but you know this is a non-secure-(enough) env.
No I do not. It is plenty secure compared to a corporate version and nobody should be legally able to deny service over me having control over my own computer.
Needing the entire OS to be secure to protect a key is also a dumb idea in general.
heavyset_go•Apr 5, 2026
> Needing the entire OS to be secure to protect a key is also a dumb idea in general.
This is the final step in the road to full remote attestation, thankfully PCs already come with Microsoft Pluton chips[1] to make it easier.
That headline doesn't match the article at all. Can someone elaborate/confirm this really is the case?
shevy-java•Apr 5, 2026
So much for Europe to decouple from orange-man country ...
It is so clear how lobbyists operate here. I'd call it undermining national sovereignty.
chvid•Apr 5, 2026
The Danish MitId also only runs on Google and Apple devices. No alternative phone platforms are supported including open source Android.
If you don’t have an iPhone or an android, you can get a physical one time password device.
tomjen3•Apr 5, 2026
You can get that anyway, and you should because 2 is 1 and 1 is none.
spragl•Apr 5, 2026
You can get that, even if you have a phone with the app on it. MitID is perfectly okay with that. At login time you will be prompted for your token code, but there is an option to switch to the app ("Skift til MitID app" in the bottom of the box).
The MitID design is strange, but in this regard it is well done.
TobTobXX•Apr 5, 2026
Same in Switzerland. The app needed to sign in to fill out my taxes doesn't work on ungoogled Android.
afandian•Apr 5, 2026
Can you do your taxes on a computer without a phone?
herbst•Apr 5, 2026
Yes. Without any issues still.
Gladly.
There was a time window 2 years ago where it appeared that I need an actual phone number to do my taxes, but even that was replaced with something more universal.
TobTobXX•Apr 5, 2026
Somewhat. To fill out my taxes online, I could sign up with either the AGOV app (needs Google Android) or a USB security key. I happened to have a yubikey, but I needed to mess with the firefox about:config (security.webauth.u2f=true IIRC). It did work in the end though.
nixass•Apr 5, 2026
So much about digital sovereignty
jakoblorz•Apr 5, 2026
What if you „lose“ your google / apple account, like this sanctioned judge of the international criminal court? Crazy to imagine that we are still baking in dependency on US providers in european societies, even though there is clear indications we should be doing the opposite?
Animats•Apr 5, 2026
Then you can't take a Waymo any more.
Animats•Apr 5, 2026
Amusingly, the points on this posting have been going up and down quite a bit. Range is -1 to 2 so far.
The point here is that Waymo requires either an Android account or an Apple account to log into their phone app. Lose that and you cannot take a Waymo.
This may be worth a formal complaint to the California Public Utilities Commission, because Waymo is regulated as a common carrier.
California civil code section 2170:
"A common carrier must, if able to do so, accept and carry whatever is offered to him, at a reasonable time and place, of a kind that he undertakes or is accustomed to carry. A common carrier must not give preference in time, price, or otherwise, to one person over another."[1]
This is the core of what it is to be a common carrier. An airline can't require that you join their frequent flyer plan to fly.
You wouldn't even have to be a high profile target like a sanctioned judge. Simply getting your account banned by some automated process that marked you as "suspicious" will basically render you excluded from society.
It is absolutely insane to put this amount of power in 2 foreign companies that will be able to destroy your life with zero reason, oversight, or due process.
kouteiheika•Apr 5, 2026
This is not a hypothetical problem and you don't need to be deliberately targeted. It actually happens to normal people. And if it does you have absolutely zero recourse.
Source: I have a banned Google account (it's over 20 years old at this point). I know the password, but Google doesn't let me log into it. Every few years I try to unsuccessfully recover it.
If you have a Google account and having it banned would be a problem for you here's my advice: migrate. Right now. You never know when one of their bots will deem you a persona non grata.
stephbook•Apr 5, 2026
Can't you just create a new account?
kouteiheika•Apr 5, 2026
You can, but you lose access to anything that was associated with your old account.
Another fun thing Google did is to automatically (without my consent) add a required second-factor authentication to my current Google account. I have this old, e-waste tier phone that I use mostly only as a glorified alarm clock, and at one point I used it to log into my current Google account.
Imagine my surprise when I tried to log in to my Google account from somewhere else, and it asked me for an authentication code from this phone. Again, I have never explicitly set it up as such - Google did this automatically! So if I were to lose this phone I'd be screwed yet again, with yet another inaccessible Google account that I will have no way of recovering.
At this point I don't depend on any Big Tech services; my Google account has nothing of value associated with it (only my YouTube subscription list, which is easy enough to backup and restore), and I pay for my own email on my own domain, etc. So if I get screwed over yet again by a big, soulless corporation that just sees me as a number on their bottom-line, well, I just won't care.
tavavex•Apr 5, 2026
You better hope that whatever is-this-the-same-user heuristics they have on their side never find out for the duration of your entire life.
ghosty141•Apr 5, 2026
In his case, I'm pretty sure 20 y/o data is pretty useless nowadays in terms of fingerprinting and usage heuristics.
hulitu•Apr 5, 2026
> Crazy to imagine that we are still baking in dependency on US providers in european societies
As long as the capital city is in Washington, this is normal.
jakoblorz•Apr 5, 2026
Not sure I‘m getting what you are saying - us providers‘ capital city is always in Washington DC, no?
Sorry if I’m misunderstanding something here
201984•Apr 5, 2026
He's saying the EU's capital city is Washington.
wolfi1•Apr 5, 2026
I'm not quite sure if the German implementation is possible without mobile devices (couldn't find anything on that at first glance). the Austrian implementation on the other hand does not require a mobile device, if you want to do it on a pc you just need a fido2 token
It seems to imply that the already existing way of authenticating via eID, which is the auth chip present on our ID cards, will still work, if I read it correctly? I understand OP's link to refer to a new, alternative system, that can be used without the ID card.
But take this with a grain of salt, I'm not very well informed about the whole topic.
kodebach•Apr 5, 2026
As strange as it is, but Austria is quite far ahead in terms of eIDAS since we've had Handysignatur for more than a decade. I wouldn't be surprised, if the Germans are planning to support hardware tokens, but haven't had the time yet.
4ad•Apr 5, 2026
> Austria is quite far ahead
Yeah, quite ahead in terms of making anonymous phone numbers illegal and requiring the government to know your phone number.
And if you don't want to use a smartphone, ID Austria does not work with regular FIDO security keys, you need special ones. Same for the old SmartCard system which didn't work without government-mandated malware.
spragl•Apr 5, 2026
I havent looked into the details of either, but what would prevent Germans from using the Austrian implementation?
wolfi1•Apr 5, 2026
Austria provides their implementation only to people with Austrian citizenship or people working in Austria
goblin89•Apr 5, 2026
In context of eIDAS, your phone starts to be used for much more sensitive matters than typing comments or even logging in to your bank. The repercussions from having a secretly patched bootloader can involve another person assuming your identity, including for large B2B transactions.
Requiring citizens to have (buy) some device to simply prove they are who they are seems hostile and dystopian to me. Some say it’s the future; I’m not convinced.
However, if you were to allow me to use my pocket computer (and nothing else) to prove I am who I say I am, you would want to trust that I am not pretending to be somebody else after extracting private keys from their phone or whatnot. I.e., you would want to require some sort of trusted computing.
Currently, that seems to only be provided by closed ecosystem phones.
Even still, I think it’s a mistake to be rolling out eIDAS as a mobile app first. The specification allows for this to be a dedicated hardware key (maybe even something YubiKey-like, and the EU already requires all phone manufacturers to have USB-C), so why not start with that.
goblin89•Apr 5, 2026
> Requiring citizens to have (buy) some device to simply prove they are who they are seems hostile and dystopian to me.
Actually, that is not what’s happening. Based on further research, the use of eIDAS is required to be left up to citizen’s decision.
RandomGerm4n•Apr 5, 2026
I attestation should be abolished altogether. An app should have absolutely no way of knowing what kind of device it’s running on or what changes the user has made to the system. It is up to each individual to ensure the security of their own device. App developers should do no more than offer recommendations. If someone wants to use GrapheneOS, root their device (not recommended), or run the whole thing in an emulator, a homemade compatibility layer under Linux, or a custom port for MS-DOS, that should be possible.
reddalo•Apr 5, 2026
Exactly. It's my own device, I can do whatever I please with it. There shouldn't be an automated way for apps to check if my device has been blessed by the US tech giants or not.
kodebach•Apr 5, 2026
I agree, you should be able to run anything you want, root your device, etc., but you also have to accept the consequences of that. If an app can no longer verify its own integrity, certain features are simply impossible to implement securely.
Think of it this way: A physical ID (which is what we're trying to replace here) also has limitations, it looks a certain way, has a certain size, etc. Just because somebody wants a smaller ID or one with a larger font or a passport in a different colour or whatever, doesn't mean that this should be allowed or possible. Some limitations exist for a good reason
applfanboysbgon•Apr 5, 2026
Comparing being able to run the hardware and software of your choice to "wanting a passport in a different color or whatever" is so completely fucked, and it's beyond insane as a justification for giving two American tech companies with a well established track record for doing evil control over your citizens' ID.
The world has gone absolutely mad, what the fuck am I even witnessing? It is quite literally becoming 1984 in front of my eyes, with people
complying completely voluntarily and openly advocating for it, not even a threat of force to make it happen.
Avamander•Apr 5, 2026
You keep lashing out at people in this thread.
Demanding full control over something like an ID will fundamentally not happen. The same way you won't have full control over the way passports or paper bills are made.
Take for example the expectation that some poor fool's ID can't be cloned and reused by malicious actors - full control directly contradicts that. It will not and must not be possible.
applfanboysbgon•Apr 5, 2026
We don't need 'full control' over an ID. We need the status quo, where we have mostly have control over our devices, and where paper IDs are still the foundation of society. Things are fine the way they are. There are problems, sure, but no problems that are made better by an all-encompassing surveillance state.
If I am lashing out, it is because this is perhaps the most dangerous thing I've ever seen proposed, and it is deeply distressing how people are sleepwalking into it. To be honest, if I were German, I would probably just kill myself the day I was legally mandated by my government to register my identity with Google. That might sound hyperbolic, but I'm really not kidding. I have lived with privacy, anonymity, and freedom for all of my life. If the future of this world is one where the government and Google have complete control over every single thing you do, I'd rather die having lived a satisfying life than witness the horrors that are to come.
tzs•Apr 5, 2026
How do you use your paper ID to to prove identity or age or citizenship to someone hundreds of kilometers away whom you are conducting an online transaction with?
lejalv•Apr 5, 2026
It's not that important to be able to do that. You have been educated to trade your freedom for that kind of convenience, but it is not necessary.
Proof: things mostly work now without all the surveillance state shenanigans.
More proof: humans have lived full and fulfilling lives without "proving identity or age or citizenship to someone hundreds of kilometers away"
Avamander•Apr 5, 2026
> It's not that important to be able to do that. You have been educated to trade your freedom for that kind of convenience, but it is not necessary.
It's important enough that people do so without any eID, using methods both more invasive and less reliable. Gas bills, document photos, having to take videos and pictures of yourself.
Humans have lived in caves and died of preventable diseases, it doesn't mean it's a better way of living.
integralid•Apr 5, 2026
>To be honest, if I were German, I would probably just kill myself the day I was legally mandated by my government to register my identity with Google. That might sound hyperbolic, but I'm really not kidding.
This is honestly not a good argument - it makes you sound desperate and puts in doubt your mental stability. I don't think you actually have mental problems, I just mean this this kind of argument comes off bad.
Also nobody is forcing anyone to do anything. You don't have to own a digital ID. It just makes things easier, because you can sign things over the internet, or present your phone instead of your plastic ID. Both things already have alternatives (qualified signatures and regular physical ID), so no immediate harm is being done.
Don't get me wrong, I am personally anti bigtech, I try to degoogle as much as possible, and I find the thought of my government coercing me to use google/apple duopoly repulsive. I dislike that, but using phones (instead of for example dedicated hardware) IS pragmatic, and you are not forced to do anything.
Sent from my pixel phone.
fsflover•Apr 5, 2026
> I try to degoogle as much as possible
> Sent from my pixel phone
This contradiction is not even funny. Sent from my Librem 5.
applfanboysbgon•Apr 5, 2026
> You don't have to own a digital ID.
For now. In 5 years you will, there is not one doubt in my mind about that. We've been on a slippery slope for (at least) 40 years straight, every year is a loss of privacy rights compared to the last, there is not a single year that reversed the trend, not a single year where we paused and stayed where we were. Once digital ID is implemented everywhere, alternatives will be quickly phased out. It's straight downhill as governments and corporations take more and more advantage of technology to build a degree of surveillance that even dystopian science fiction writers couldn't imagine.
The government, the corporations, the data brokers each individual corp sells your data to to compile a unified profile, and anyone the data brokers are willing to sell to have an unbelievable amount of information on the average citizen. They know where you live, where you are at all times, where you work, every website you visit, every Google search you've ever made, everything you purchase, all of your acquaintances, when and for how long you call those acquaintances, the full contents of any conversations you have with those acquaintances, your interests, your hobbies, your political beliefs.
I have thus far managed, I believe, to avoid the worst of the surveillance, with a tremendous amount of effort and the sacrifice of an unbelievable amount of personal convenience. But every year I find myself losing access to more and more things that I am unable to do without compromising my privacy. If it gets as far as government-mandated Google ID in my country, I think it's completely rational to kill oneself rather than live like cattle. If there were a resistance movement, I would participate in that instead, but this is happening completely voluntarily. You people want this. There is no resistance. Fine, you can have your dystopia. But there is no reason I need to be part of it, and I don't think it's a sign of mental illness to opt out. I don't much believe in living for the sake of living, you should live if it brings you happiness/satisfaction/whatever and don't if it doesn't.
viktorcode•Apr 5, 2026
> with a well established track record for doing evil control
Can you please elaborate on that record?
applfanboysbgon•Apr 5, 2026
The clauses are [with a well established track record for doing evil] [control over your citizens' ID], if that's not clear. I wonder from where your quote cut off if my sentence was misunderstood.
As to the well-established track record of doing evil... gestures broadly everything? Google in particular has built an empire on stripping away people's privacy, and they regularly ruin people's livelihood by eg. shutting down Youtube accounts incorrectly with automated systems and no way of ever reaching a human for support unless you're famous enough to make it a PR issue. Apple is the same, just recently with a thread on HN lamenting that Apple was destroying their business because they revoked their dev license, or in other words, a private company unilaterally revoked the ability of a business to create mobile software for billions of devices. And now we want to give them control over our IDs? ????????????????????????
fsflover•Apr 5, 2026
Search for "Google" in my favorite submissions on HN.
RandomGerm4n•Apr 5, 2026
Users have the right to modify any app running on their own device. Software security should never depend on the user having no control over their own device. Smartphones are essentially just regular computers, and on them you can use a debugger and do whatever you want. Viewing smartphones as closed systems like game consoles where you need the manufacturer’s permission for everything only leads us into the dystopia that Richard Stallman described as early as 1997 in his short story "The Right to Read"
Avamander•Apr 5, 2026
Once SafetyNet was brought to Android a decade ago the tendency has been clear - these freedoms are going to be restricted heavily.
Because how do you make sure it's the user who does those modifications, willingly and well-informed? That it's not a malicious actor, not an user getting socially engineered or phished? Incredibly difficult compared to the current alternative.
If it's not a software root of trust that provides an attestable environment like Android or iOS. It's going to be a hardware root of trust that provides an attestable hardware environment, like SGX. I can predict no other practical avenue taken. Unless the orangutan really forces a demonstration on how untrustworthy these environments can be and a lot of money and effort is spent.
lvass•Apr 5, 2026
You can maybe, trust the user to handle it's own certificate in their own devices?
Though I admit requiring attestation is probably a good default.
Avamander•Apr 5, 2026
One important feature of a legal ID is that it's hard to copy, so attestation from the hardware storage would have to be basically mandatory.
But yeah, the user could have a choice to this extent.
viktorcode•Apr 5, 2026
To become dystopia people must be forced to use locked down smartphones. In reality you buy the one that suits your needs and do not enforce your design decisions on the smartphones other people use.
tavavex•Apr 5, 2026
Where is that free choice that you see "in reality"? This post is about the opposite of that getting put in place. The actual reality is that almost every service provider is converging on supporting a few extremely restrictive options. From every private service you can think of, to key government services. They all are saying "to interact with us, you must use one of these two types of devices, with all the attestation and security measures intact". It's impossible for people to make their own design decisions or choose for themselves, because other options do not have the corporate/government blessing.
It's ridiculous that you look at all of us being forced into a government-protected duopoly, and then say "Don't you dare force your decisions on us!" to anyone suggesting that this should not be the default. Rules for us, but not them.
GranPC•Apr 5, 2026
Well, in that case, if they want full control and attestation yadda yadda, I'm fine with them shipping me a device they fully control exclusively for use of this stuff. But if we're talking about my smartphone that I paid for with my money that I worked for, I will do whatever I damn please with it. So I guess that means eIDAS will be inaccessible to me.
aenis•Apr 5, 2026
True, but its really hard to name a family of commercial devices with security features in hardware, including serious security features, which were not eventually hacked.
Worse still, for new mainstream devices that are believed to be safe the state sponsored actors will likely operate unpublished exploits, and will exploit the misplaced faith people and judiciary will put in device attestation. I dont think the very likeable people who worked on Pegasus found themselves respectable jobs - they are likely still selling that sophisticated crap to all authoritarian regimes.
no_time•Apr 5, 2026
This is the original sin of modern computing. Almost all anti user features are only made possible because we didn't pass laws against "secure elements" that serve the maker and not the owner when NGSCB got announced.
aenis•Apr 5, 2026
Exactly this. And whats more, the idea of device attestation makes people trust those devices, and the history of rooting consoles and phones proves that nothing holds, even tech backed by billions in commercial interest.
The whole point in reducing the blast radius is valid - by all means make this optional and allow the user to elect to tie their identity to the device. For everyone else, implement validation of actual transactions, not just user secrets and device secrets.
viktorcode•Apr 5, 2026
> An app should have absolutely no way of knowing what kind of device it’s running on or what changes the user has made to the system.
and therefore the app cannot give a reasonable guarantee that it is not running in an adversarial environment that actively tries to break the app's integrity. Thus, the app cannot be used as a verified ID with governmental level of trust.
pona-a•Apr 5, 2026
If your app needs to be protected from harm, it cannot protect the user from said harm. I hoped software engineering culture was lucky to not have the same precepts that make lockpicking a crime in the real world, that we successfully make it into common knowledge that you can't grant any trust to the client, but it seems "trusted computing" is making some of us unlearn that lesson.
Aachen•Apr 5, 2026
There's a difference between needing to lock down the whole OS and just the secure element. The secure hardware component can sign a challenge and prove possession of a private key without you being able to extract it. Smartcards have done this for decades (most people here will know an implementation under the name Yubikey).
Conveying authentic information across untrusted channels (your phone screen, say) has been a solved problem since asymmetric cryptography was invented back before I was born
like_any_other•Apr 5, 2026
> an adversarial environment that actively tries to break the app's integrity
Can you elaborate on what this means? Who is the adversary? What kind of 'integrity'? This sounds like the kind of vague language DRM uses to try to obscure the fact that it sees the users as the enemy. An XBox is 'compromised' when it obeys its owner, not Microsoft.
MetaWhirledPeas•Apr 5, 2026
> governmental level of trust
For most governments that is a very low bar.
wpm•Apr 5, 2026
All the more reason to not be requiring such things in the first place.
darccio•Apr 5, 2026
It makes no sense. eIDAS 2.0 specs don't require specific hardware [0]. They basically store verifiable credentials [1] and any other cryptographically signed attestations.
This feels like laziness from German implementers, as they don't want to (quoting the spec literally) "implement a mechanism allowing the User to verify the authenticity of the Wallet Unit".
Look at reference implementation. Maintainers resist removing google dependency for no good apparent reason. An if there is persistence without reason - there is a reason.
Why would this be? Bureaucracy / inability to change?
archerx•Apr 5, 2026
Or someone could be getting kickbacks on the down low.
rafaelmn•Apr 5, 2026
Or it's just way easier to implement this way and they don't want to waste time on stuff only HN crowd cares about ?
bakugo•Apr 5, 2026
Implementing Play Integrity is something developers have to go out of their way to do. Not implementing it requires literally zero effort. So no, it's not easier to do it this way.
kackerlacker•Apr 5, 2026
One could say the same thing about virus scanners. They are obviously too little too late "security" so standards that require them have given up on real requirements like a way to achieve actual assurance of no buffer overflows. Nonetheless, an implementation to such a standard that chooses any off the shelf scanner is a lot less work than implementing a new scanner.
spwa4•Apr 5, 2026
It is to move the burden of securing payments ("did the user actually, willingly, to the satisfaction of a court of law, initiate this payment?") onto Google and Apple.
Either the government secures internet payments themselves, which means spending now to do so, coming up with a plan, ... or they can have Apple/Google do it.
stingraycharles•Apr 5, 2026
I thought this was about identity, though, not securing payments. Isn’t that sufficiently tackled with the digital signature?
spwa4•Apr 5, 2026
It is about supporting "online cross-border transactions", in other words for providing a legally binding way for agreements to be made. This will be the basis for VISAs, proving you hold credentials (initially driving license, but will extend further), proving you've signed a contract. This MAY include a central-bank wallet with "digital Euro", or it may not, but even without, it's about money.
You can smell where this is going, no? This is how the EU is looking to make any kind of internet authentication go through them. By providing companies like telcos with an online identity that says "if a customer clicks 'buy' logged in through eIDAS and they don't pay, EU courts will if needed get the money from their homes, their mothers, sell their dog to make sure you get paid".
Then things like forcing kids off the internet, the always returning porn and copyright regulations rules and so on will follow.
taejo•Apr 5, 2026
Btw a visa is a document allowing entry into a country, while VISA is a word mark used by Visa, inc. for their payment cards and network. I think you're referring to the travel document, but since the context also includes payment networks, I'm not 100% sure.
miki123211•Apr 5, 2026
Several reasons I can think of:
1. Google and Apple have a much larger ecosystem and are entrenched in their OSes, which means that they have a much better picture of the user than any government app ever will. They also have surveillance mechanisms that government apps are unable or unwilling to implement. This helps detect and prevent fraud (fraud prevention is mostly just mass surveillance used for good).
2. The eIDAS standards enable anonymous assertions about your identity. This lets you prove your age to a website / app without revealing any other information. There needs to be a way to prevent you from generating millions of such assertions using one ID and giving them out online to anybody who wants them, verified or not. The way you do that is by limiting their generation to trusted hardware, using hardware attestation mechanisms. Google and Apple provide those.
3. Pure laziness. It's an issue that <1% of the population cares about (which is hard to notice if you're in the HN bubble). Almost nobody uses a modern, eIDAS capable smartphone without a Google or Apple account. They may have decided that the part of the population who cares about this just isn't worth pandering to (just like some government institutions may decide that vegans aren't a part of the population they're interested in pandering to).
ethbr1•Apr 5, 2026
Appreciate you taking the time to write out the steel man. Ascribing motive to others without an honest appraisal of the benefits of choices one might not like is lazy.
There can be good reasons for a bad thing, and it's important to factor them in when having a discussion.
sneak•Apr 5, 2026
The issue is that correctly implementing #2 means that your publishing can be censored at the rate at which you can buy discrete iPhones.
Anonymity isn’t anonymity if you can’t generate millions of them cheaply.
darccio•Apr 5, 2026
I don't feel they resist. Quoting them:
> We understand your concerns and truly appreciate your suggestions. As previously mentioned, this is not something that is enforced by the reference implementation — these are simply recommendations, not requirements, for any wallet implementer. That said, we recognize that this is a sensitive topic, and we may need to revisit it, even at the level of recommendations.
> The README files for both the iOS and Android Wallets have been updated to mention only OWASP MASVS compliance, without referencing any specific APIs.
I understand their position, but I also get the concern, especially around existing implementations like the Italian app. I think it's mostly that they have different priorities than ensuring that the reference implementation is a perfect guideline for member states.
This looks like a good vector for a European Citizen Initiative around removing all technological dependency on non-EU providers.
argomo•Apr 5, 2026
That's the kind of corporate baby-talk I use when I'm trying to resist doing something.
michaelt•Apr 5, 2026
Operate European tech infrastructure without a dependency on America challenge (Impossible)
For 99% of smartphone users, you can't get apps onto their phones without Apple and Google signing the app and letting you into their store, and users can't install the app without an Apple/Google account.
Why remove a dependency on Google, when you'll still be 100% dependent on Google?
Anybody working on "Digital ID" has already made peace with the fact that it can be turned off overnight if Trump says so.
wolvoleo•Apr 5, 2026
On Android you don't need to sign in with a Google account. You do need it for the play store but many brands have alternatives. Like the Samsung app store, Honor has their own too, I'm sure more brands do. And there's always aurora.
Yes not many use it but if you cut this path off then people will never get there.
bakugo•Apr 5, 2026
Being able to install whatever apps you want on Android without any sort of dependency on a Google signature or API was the standard for a decade and a half.
Let's not act like things have always been this bad and thus we should just accept it as the norm, because they haven't, the noose is actively tightening as time goes on.
lern_too_spel•Apr 5, 2026
It is still the standard today and for the foreseeable future. The only difference is that it will also be possible to install an app not distributed through a preinstalled app store on Google Android builds without a warning as long as the APK has a Google signature.
spwa4•Apr 5, 2026
You can just as well say "the correct reaction to having a guns aimed at your head is NOT to give the guy another gun ... you know, in case the first one fails to fire when he starts pulling triggers".
Plus, the net difference is that this gives Google and Apple the ability to kill the ability of individuals to make payments (and tax them) ... do you want that?
(And I would say, compared to having European banks tax them, the answer is not so obvious)
The real issue is, of course, that this moves the burden of keeping phones secure onto Google and Apple, who are very willing to take on that burden in trade for a percentage of all consumer payment traffic in Germany. It's yet another choice between "spend money now to build a government department to secure payments ... or have Apple/Google do that for you". And they're choosing to save a little bit of money in the short term in trade for what is effectively a new tax.
subscribed•Apr 5, 2026
Oh, but Google doesn't really excel in making phones "secure".
Sure, their researchers are great, but Google itself claims that several years old phones running Oreo are safe and secure. They also extended the time for vendors to bring patches to the new vulnerabilities, they themselves slowed down - compare timeframe between patches released by GrapheneOS and patches released by Google - the latest GOS release provides patches for vulnerabilities that will be fixed by Google in.... October 2026: https://grapheneos.org/releases#2026040300
spwa4•Apr 5, 2026
Compared to EU governments' security for their citizens Google has absolutely perfect, world-class, bullet-proof, iron-clad ultimate security.
I do get that that's not exactly impressive. It isn't.
subscribed•Apr 5, 2026
Why adding an additional, unnecessary, superficial requirement?
It's not necessary to provide the functionality and enforces the dependency onto he potentially hostile actor (case in point: Microsoft disabling email account of Chief Prosecutor of ICC because US requested so).
It stifles innovation in the future and hurts GrapheneOS right now.
Let me turn the question back at you: why do you think adding unnecessary dependency is better than not adding it?
Does it serve users, governments, service?
Does it anything good for the interested parties or does it only serve Apple, Goggle and the US government?
xmodem•Apr 5, 2026
It's an objection to adding a new dependency, not an attempt to remove an existing one. If we can't stop adding new dependencies, we are certain to be stuck with the status quo forever.
aenis•Apr 5, 2026
Step by step. We realize we will not get there in one day.
Its the same as with bicycle paths. Initially - those make no sense, leading from nowhere to nowhere. Give it a few years, and a usable network emerges.
Right now there is serious money and brainpower being poured into sovereign cloud tech. Thanks to the gift of open source and standards, its actually not impossible to create modern systems with zero US dependency.
I fear, though, that as with everything else Microsoft Excel will be the hardest dependency to deal with.
GoblinSlayer•Apr 5, 2026
5.4 Attestation Rulebooks and Attestation schemes
thomasingalls•Apr 5, 2026
Europe needs a private European identity provider. Until this happens, Europe will remain a technological vassal state of the US.
These are expensive products, you need depth of expertise and experience to create a system that could compete with the likes of gmail and Microsoft and ... so it's not a wonder that this hasn't happened yet. But pretending like this can be a public service is foolish (too high stakes ~~if~~ when it gets hacked), and pretending like existing providers that offer identity and email are sufficient is equally foolish. Google and ms and apple etc all offer the basics for free, and this is necessary for mass adoption. It will be an expensive project. But necessary, if the eu wants strategic autonomy.
---
Oh and requiring a us based account is not even the most egregious part of this proposal, ffs
reddalo•Apr 5, 2026
Not only that, be we also need a European payment system that's not tied to VISA / MasterCard, etc.
We're currently paying a small tax to the US for each card transaction we have.
weddpros•Apr 5, 2026
Self Sovereign Identity (aka SSI) is the only way out of those identity sovereignty issues. It shouldn't be acceptable that your identity depends on anything or anyone. It should just be your identity.
A paper or certificate can prove an entity trusts your identity to be <firstname, lastname, etc...> but that shouldn't be your identity.
You just are. Not your google Id, not your Apple Id either of course.
Governments are lame.
s_dev•Apr 5, 2026
You are conflating the philosophical notion of identity with functional identification in the real world. There is no cryptographic escape hatch from the social contract.
>You just are/I just am
Is not an acceptable thing to say to a bar tender when being served an alcoholic drink when you're 22. You hand them government issued ID.
rcbdev•Apr 5, 2026
> Governments are lame
In 2019, the EU created an eIDAS compatible European Self-Sovereign Identity Framework (ESSIF).
How is the government lame, here? We've had the infrastructure for 7 years now.
jonathanstrange•Apr 5, 2026
How is that not lame?
userbinator•Apr 5, 2026
ISO7816 (smartcard) has existed for nearly 4 decades as the standard secure identity card, widely used by the banking industry among others. Very unintrusive and not hostile beyond needing to carry a little chip. If governments want a national ID, they could just give everyone one of those.
red_admiral•Apr 5, 2026
Already exists as biometric passport or ID card in several countries. The problem is things like authenticating online to submit your tax form. App-as-2FA is kind of the standard for example to log in to your online bank portal, though for government services the threat model and privacy implications are different.
If you have a FIDO device on your (physical) keyring or a keyboard with a smart card reader or some kind of NFC transceiver connected to your PC, the problem is technically solved - just not practically.
Aachen•Apr 5, 2026
Note that phones also have NFC readers. Instead of requiring everyone to have a locked-down phone, they could offer day you use said phone to read the chip or use any other (USB) reader you like. I believe there's a German government app that already does this, Ausweisapp2 iirc. As someone with a different nationality who lives in Germany, I don't know more than that
JorgeGT•Apr 5, 2026
This is exactly how we implemented eIDAS in Spain. The government-issued national ID (DNIe) is an ISO 7816-compliant smart card. Latest versions are also ISO 14443-compliant for contactless reading. To use it, you just need a simple smart card reader or an NFC-enabled phone. https://www.dnielectronico.es/PortalDNIe/PRF1_Cons02.action?...
elric•Apr 5, 2026
Belgium has had exactly this for decades. But now they want to get on the hype train for smartphone based ID, because card reader support is still shit in browsers in 2026.
Adding to this: anyone older than 12 years old is required by law to have their government issued ID on them at all times when in public. If your ID is suddenly your smartphone, you're essentially required to have that on you 24/7. Dystopian spyware.
Avamander•Apr 5, 2026
> because card reader support is still shit in browsers in 2026.
Tragedy of the commons, nobody seems to have bothered to work on it. It's not like Chromium or Firefox wouldn't accept contributions.
userbinator•Apr 5, 2026
because card reader support is still shit in browsers in 2026
Around a decade ago I was working at a company that used smartcard login for authenticating to internal sites. I've heard of many others doing the same. USB card reader worked fine in both IE and Firefox at the time, so I take your statement to mean that we've somehow regressed since then (not surprising) or this was an isolated instance of success (less likely, considering the US government also uses this: https://en.wikipedia.org/wiki/Common_Access_Card).
SkiFire13•Apr 5, 2026
It seems that many Android devices won't safisfy the requirements, even when using a device approved by Google:
> MEETS_STRONG_INTEGRITY also includes the requirement that the device has received a security patch _within the last 12 months_
Good luck with that.
blindseeker•Apr 5, 2026
Possibly I‘m not smart enough to understand, but from what I see is that the implementers intend to leverage existing security architecture of Android/Google and iOS/Apple, respectively- arguably to drive adoption. The document doesn’t state anywhere that Apple / Google account is a requirement to use German eIDAS. From what I can tell, one may (continue to) use its government issued ID card with electronic signature for authentication.
Please prove me wrong, I genuinely want to understand the implication of the linked document.
webhamster•Apr 5, 2026
German implementer here. We have to use some kind of attestation mechanism per the eIDAS implementing acts. That doesn't work without operating system support.
The initial limitation to Google/Android is not great, we know that, and we have support for other OSs on our list (like, e.g., GrapheneOS). It is simply a matter of where we focus our energy at the moment, not that we don't see the issues.
archerx•Apr 5, 2026
What if I don’t have a smartphone?
jahnu•Apr 5, 2026
I wonder if there will be a big enough market for a very compact smartphone equivalent device that can be used just for credentials? A device that is offline on standby except when you need it. Perhaps the size of a car key.
Matumio•Apr 5, 2026
If it can go online, I'd prefer to use an android work (or user) profile with only auth apps in it, and nothing else.
As a separate device, it should be offline always IMO, and perhaps the size of a passkey. Or one of those banking devices with a display that show an authenticated text saying what you are confirming.
archerx•Apr 5, 2026
What if it was the size of a credit card and it had stuff like your name, date of birth and even a picture of your face. I want to name this invention an ID card…
subscribed•Apr 5, 2026
And if you added a cryptographic layer to it, with your own private key baked into it, you could both sign the documents, confirm your identity and the government could confirm it's actually you....
....wow, that would be reinventing the existing model of the leading ID cards....
Crazy if you think about it :)
AndyMcConachie•Apr 5, 2026
You're screwed. This has been the way for a while now. You cannot exist in society without a smart phone and it's only going to get worse.
HighGoldstein•Apr 5, 2026
Essential services (banks, government services, public transport) generally still support SMS as an alternative to their mobile apps when there's no completely offline process.
maccard•Apr 5, 2026
If you can't exist in society without a smart phone already, how is it going to get worse?
0x3f•Apr 5, 2026
Perhaps you won't be able to exist in private without a smart phone. Or there will be some technology beyond a smartphone that you can't exist without.
subscribed•Apr 5, 2026
...without a smartphone that is surveilling you 24/7.
Companies and providers (like banks) have to support it, but use is voluntary.
Check out the spec and legal framework, it actually makes sense and is open to different implementations, though you might need to certify it.
bschwarz•Apr 5, 2026
If they have to support something that most everybody has they will soon stop supporting alternatives that are not required by law. What then?
pastage•Apr 5, 2026
You are not required to accept anything other than digital ids. So from experience, whatever demands euid has will be what is required to identify you.
dudefeliciano•Apr 5, 2026
My prediction is that eventually services for people NOT using the digital ID will be so degraded to be almost useless or seriously disadvantageous.
Kinda like the discrimination DB does for people using paper tickets vs those using the DB Navigator app.
verbalize2224•Apr 5, 2026
You should think about how easy it is to permanently lose access to your Google account for very trivial issues and Google doesn't offer any form of recovery. That in addition to the current geopolitical situation should be reason enough not to rely on that for any justification.
And personally as a software developer myself i know that nothing is more permanent than a temporary solution. No one will prioritize or give budget to change it later "because it works"
trklausss•Apr 5, 2026
What? They should freaking think of sanctions, not about "how easy is to lose Google account". Both Google and Apple are American companies. If someone lands on a sanctions list, they close your account without further notice [1].
Let me get this straight: you can be a defender of human rights, aligned with the country you live in, but if you fall in disgrace with the American government, _you can't even do transactions with your own country_.
So this is fundamentally flawed, and violates the fundamental rights of German citizens in Germany.
Sanctions are a bonus point argument, but shouldn't be a factor either. No citizen should be subjected to this, whether the company running it is American or German. Can you imagine if the Nazis had this level of control in the 1930s? Imagine having your ID digitally revoked, effectively cutting you out of society completely, without so much as an attic to hide in before it can happen. This is a completely dystopian legislation from start to finish. There is no possible way this can ever provide a benefit to the German people, it exists only to control them.
extraduder_ire•Apr 5, 2026
His wife and kids are sanctioned too. Sometimes it isn't even anything you did.
GoblinSlayer•Apr 5, 2026
Can't you just make a new google account then?
subscribed•Apr 5, 2026
That's crazy.
Imagine cheering for the company that will block the criminal prosecutors investigating war crimes and genocide from having the ID at all(1) once the supporter of the investigated sanctions the law-abiding persons: https://www.whitehouse.gov/presidential-actions/2025/02/impo...
But anyway - why the requirement in the first place?
(1) because sanctioned person must not be allowed to create another account.
GoblinSlayer•Apr 5, 2026
It's puzzling how such sanctions are enforceable in the first place. If the person published their phone number then maybe, but if not then little can be done to identify them.
KellyCriterion•Apr 5, 2026
....with a new phone number....
ibbtown•Apr 5, 2026
Why is a trusted device chain needed? It will put more trust in the potential Chinese device maker and American software companies than the user who's id is shown?
kodebach•Apr 5, 2026
Simply because the law was written that way. But also the whole idea of identity verification becomes pretty useless, if there is no chain of trust. You could run a modified client that lets you assume any identity you choose, exactly the opposite of what eIDAS is trying to achieve.
notpushkin•Apr 5, 2026
> You could run a modified client that lets you assume any identity you choose
Provided you know the secret key to a government-issued certificate. Making it impossible to copy said certificate is not really a requirement for identity verification.
subscribed•Apr 5, 2026
Some countries fixed it already, see Estonian ir Polish IDs with digital layer (performing signing, authentication, etc), and the devices only acting as untrusted interfaces to these.
sam_lowry_•Apr 5, 2026
Who wrote that law and why, this is the question.
I think we need some fingerpointing that EU officials strive to avoid.
kro•Apr 5, 2026
It will likely display something like a QR Code with signature anyways, otherwise it's just a glorified passport picture?
Authorities/anyone could verify that it's not counterfeit. And photo should be checked anyways to match the person.
So I also don't see the need for attestation. For ID check it should be ok without. For signing stuff ofc it is not resistant to copying. But EID smartcard function already exists.
Safe, updated devices cannot unless they permit Google to run their surveillance services in the privileged, unconstrained mode.
pwlb•Apr 5, 2026
The documentation actually reveals why this will most likely not work, given you are on expert on mobile security
pwlb•Apr 5, 2026
This is necessary because the wallets contain an identity proofing functionality called PID(Person Identification Data). Showing these credentials basically approves you are you. There are high requirements for identity proofing that even pre-date wallets and that makes sense, because the potentially blast radius of identity theft is huge. Historically, these have been secured in smartcards, like eID cards or passports and are not shifting to the smartphone. Verifying the security posture of your device and app is therefore crucial.
subscribed•Apr 5, 2026
OK, but Google will happily confirm android device running Oreo is safe.
While it's dramatically worse than devices Google refuses to certify (ie these not running their spyware as privileged services).
oytis•Apr 5, 2026
What do you mean "shifting to smartphone"? It's not a natural process - it's a technical decision to shift them to the smartphone, and a really bad one. We already have smart cards, they work and do not depend on any corporations, even less foreign corporations.
brador•Apr 5, 2026
Google has banned many accounts of genuine users.
What is your fallback for such an important vital service?
notpushkin•Apr 5, 2026
To play the devil’s advocate here: MEETS_STRONG_INTEGRITY on Android doesn’t require a Google account AFAIK. But it might change, of course.
So avoiding proprietary Google stuff altogether is possible and we should encourage it.
reconnecting•Apr 5, 2026
Humiliating disregard for sovereignty.
ksjfjsmb•Apr 5, 2026
Sich bei staatlichen Dienstleistungen auf Google oder Apple zu verlassen, kommt schon fast einem Verrat gleich. Trump hasst uns.
ghighi7878•Apr 5, 2026
Tbh, I feel this is stupid.
Banks are giving out QR Tan. Optical TAN devices which work with credit cards and it has been going pretty well. Why can eiDAS not have something similar. Distribute hardware tokens. Get rid of dependency on any OS.
mariusor•Apr 5, 2026
I'm pretty sure electronic IDs are a good starting point for exactly this. Hopefully they get wider use inside the EU.
dudefeliciano•Apr 5, 2026
why do you hope that?
pwlb•Apr 5, 2026
Banks actually have high fraud rates today because of weak security mechanisms. If attackers steal your money, the bank will reimburse you. If attackers steal your identity, you are really screwed. Security requirements for banking and identity are simply different.
ghighi7878•Apr 5, 2026
Mobile Google account based is even weaker than hardware tokens used by banks. Make of that what you will.
GoblinSlayer•Apr 5, 2026
If they use SSN as a password, it doesn't mean you can't have something slightly more reasonable without going full cyberpunk dystopia.
ulrikrasmussen•Apr 5, 2026
Please give some evidence that this is due to hardware tokens failing where a smartphone based solution would have prevented it
Avamander•Apr 5, 2026
Plenty of EU countries have rolled out SmartCards for this exact purpose, some are now adding NFC functionality. Nothing really stops Germany from continuing like that either.
The issue then becomes the UI/UX. If the legal mandate is not strong enough the solution will not gain enough ground. You can see this if you start comparing those countries with an eID rolled out.
omnibrain•Apr 5, 2026
The German ID card (Personalausweis) supports certificates and communication via NFC.
I really don’t understand what’s all this about?
German citizen here. I find this attitude horrible and threatening. You are working on sacrificing yet another part of our digital sovereignty to a US company. There are trillions of better things to do with your life.
sam_lowry_•Apr 5, 2026
European Citizen here, and indeed lots of people in IT turn a blind eye onto the collateral damage their work may create.
I know someone who happily codes "verifiable credentials" in Elixir, disregarding all externalities.
oytis•Apr 5, 2026
What's wrong with verifiable credentials? It's an important thing to have it seems? Your passport or a bank card are verifiable credentials, or at least are designed to be.
vaylian•Apr 5, 2026
Thank you for chiming in.
> We have to use some kind of attestation mechanism per the eIDAS implementing acts.
What does this attestation need to prove? Is this only about ensuring that private keys are managed by a secure enclave or a TPM?
> we have support for other OSs on our list (like, e.g., GrapheneOS)
I appreciate that, even though I am really not enthusiastic of eIDAS. But time will tell. Thank you.
subscribed•Apr 5, 2026
They won't implement alternatives later, they'll be no point if "most of out customers is using either of the major providers".
Concerning secure enclave - what other device except iphones and Pixels have it actually safe?
Aachen•Apr 5, 2026
The nfc chips in identity documents
vaylian•Apr 5, 2026
> They won't implement alternatives later, they'll be no point if "most of out customers is using either of the major providers".
It's hard for me to assess the effort needed here, but I guess that the GrapheneOS implementation will be 99% like the regular Android implementation. Supporting both systems does not seem to be that unrealistic.
notpushkin•Apr 5, 2026
Just a quick question, and sorry if it might have been answered already... why preventing duplication is so important? I know it’s in the spec probably [1], but I can’t figure out the reason.
And a suggestion: add external HSM support at least? (e.g. things like NitroKey/YubiKey)
I’ve just had another, completely stupid but not implausible, idea:
> a local internal WSCD, which is a component within the User device, such as a SIM, e-SIM, or embedded Secure Element,
So you could issue SIM-cards / eSIM profiles that only do signatures and nothing else. The app then connects to such eSIM (and you keep your main SIM/eSIM in another slot).
The less stupid variant is, of course, to get mobile operators to issue SIM cards with e-sign capabilities. Estonia has that, for example: https://www.id.ee/en/mobile-id/
Avamander•Apr 5, 2026
> The less stupid variant is, of course, to get mobile operators to issue SIM cards with e-sign capabilities. Estonia has that, for example: https://www.id.ee/en/mobile-id/
It works great. Just keep in mind that newer phones are starting to deprecate physical SIM slots. At the same time certifying eSIM implementations to the same EAL level is an absolutely crazy task.
pwlb•Apr 5, 2026
Preventing credential duplication is a requirement to achieve high level of assurance. One of its purpose is to limit the potential damage that can be done by attacks. If credentials are bound to hardware-bound keys, attackers will always need access to this key store to make any miss-use. If you don't prevent duplication, attackers may extract credentials and miss-use them at a 1000 places simultaneously.
subscribed•Apr 5, 2026
Okay, but Google certifies phones which are not updates for the last several years.
They can be trivially rooted, then they spoof the signature and get a pass in Integrity while being wide open for malware (or cooying the ID, ID presume).
pwlb•Apr 5, 2026
The documentation clearly outlines that there are multiple signals being analysed. Relying on play integrity alone is definitely not sufficient as you state.
anonzzzies•Apr 5, 2026
I think it should be possible IMHO, like it is for many banks (still), to get a hardware token and then use whatever hardware/browser. Even a nice EU hardware token which allows banks , govs etc to add their keys/seeds in the enclave would be nicer so I don't have the lug 1000 tokens around, but it's still better than having to trust non sovereign companies for anything without backup; like multiple here said; Google/Apple getting the command from the Dep of War to shut down EU phone attestation, you losing your account etc, or, you know, me simply not wanting to use their stuff.
ExoticPearTree•Apr 5, 2026
The hardware tokens ate being phased out by banks and replaced with SMS OTP codes + passwords.
Cost saving measures.
Its funny to see that I can access the bank account through FaceID but to actually make a payment I need to use an SMS code.
egorfine•Apr 5, 2026
> That doesn't work without operating system support
Do you realize where this path is going?
Certain European governments would have greatly benefited from KYC/attestation in the late 1930s had it existed.
elric•Apr 5, 2026
Yup. But apparently the EU is refusing to take lessons from history.
gambiting•Apr 5, 2026
Germany is just part of EU - as many other people pointed out, there is no requirement from the EU to implement it this way. Same as California or New York making extremely Draconian laws around 3D printing doesn't represent all of US.
khalic•Apr 5, 2026
It's insane to make yourselves US dependent from the very beginning, at least provide something like a crypto-key that you can get from an official, banks can do it, so can you.
haagch•Apr 5, 2026
German citizen here. So why is an implementation going forward when you already know it will not serve all citizens? Why are we not refusing to implement this until we know we can make it work on all devices?
Personally I recently switched from an AOSP based android without Google Play to Ubuntu Touch. In the future with better hardware support I will probably switch to postmarketOS.
dark-star•Apr 5, 2026
because then it will never get done. There are still people using old Nokia phones, for those there will never be a solution.
The usual 80/20 rule applies here as well.
And if you really are a German citizen, you know how slow the wheels of government already turn in Germany, I assume next week you would be the one complaining that "Germany is so far behind" and that "other countries are so much faster at implementing stuff" :)
abc123abc123•Apr 5, 2026
Yeah, let's burn the witches who care about privacy! Jokes aside, in a democracy, the systems must be designed so that everyone can participate. We manage to do it with voting, with income tax declaration, but for some strange reason, with ID we want to achieve 1984 nirvana, and crush the voices who tell us that the surveilance society we are building is just setting us up for the next Hitler.
haagch•Apr 5, 2026
Nah, I'm that one idiot who uses alternative open software and just accepts when services aren't offered to me. The older I get, the easier it feels to not give a fuck anymore.
Can't buy any single fare public transport tickets online here in Stuttgart? Sure, I'll use the DeutschlandTicket NFC card. Can't view the EPA? Fine then I don't. Can't pay with Wero? Fine, I don't actually need to use shops that don't offer SEPA Vorkasse or Lastschrift (only without a dodgy "identity verification" fintech startup of course.
sippeangelo•Apr 5, 2026
Then maybe it shouldn't be done? What??
jijijijij•Apr 5, 2026
> There are still people using old Nokia phones
No one wants support for toasters and washing machines. We're talking general purpose compute hardware. TCP is also supported on all these devices. Quite frankly, it's probably easier to implement, if you are not fighting a locked-down OS like iOS.
p2detar•Apr 5, 2026
Do we have stats how many germans use something else than Google Android, Samsung Knox or Apple? I recon it should be less than 1% which quite honestly is in fact „all“ citizens.
elric•Apr 5, 2026
Sure, let's just arbitrarily exclude ~1million people because they're not running the government's preferred American spyware.
p2detar•Apr 5, 2026
This is an unfair and a straw man argument, is it not? Are you also unhappy that in a democracy the 51% choose how the other 49% are going to be governed?
Why device attestation is required is quite well explained by this github comment [0]. I am in the industry and I agree fully with it, because it is a fact a problem for most smart phone users in terms of security.
I think your analogy is flawed. I can be part of the losing 49% and still be entitled to receive the same services as the 51%, whereas people who chose a privacy-oriented OS are essentially going to be excluded from essential governmental services. That's a whole different kind of thing.
I'm not going to replace my 1200 EUR smartphone with a device that forces me to have an account with Apple or Google. I've been issued a German identity card, which is its own computer that includes a digital identity already. I also own an expensive card reader, which together forms a system that is completely capable of supporting any attestation anyone would need. They should just stop excluding me already.
p2detar•Apr 5, 2026
> privacy-oriented OS
Well, in all seriousness what examples could you give me here in terms of device hardware attestation? Even GrapheneOS does use Google root certificates to attest your device. There is indeed an option for EUDI to keep a list of keys and I bet this is probably the way they are going to go for Android in the future. We shouldn't forget this is still in the planing phase.
> to have an account with Apple or Google.
True for Google, not true for Apple. Device attestation on iOS does not require you to have an iCloud account or sign into some Apple services. It works entirely using device hardware ids.
> I also own an expensive card reader, which together forms a system that is completely capable of supporting any attestation anyone would need.
Nope. This is eID and verifies your identity, it does not attest the security of your hardware. These are two different problems we talk about here.
fsflover•Apr 5, 2026
> in all seriousness what examples could you give me here in terms of device hardware attestation?
My Librem 5 runs an FSF-endorsed OS and has a smartcard.
> True for Google, not true for Apple. Device attestation on iOS does not require you to have an iCloud account or sign into some Apple services.
This is extremely misleading. Even if true, you must have an account in order to install any app on an iPhone.
p2detar•Apr 5, 2026
> My Librem 5 runs an FSF-endorsed OS and has a smartcard.
Ok, so how does that help with device attestation? If I am an app developer how does it tell me that your OS has not been tempered with or actually that my app has not been tempered with? Are there any cryptographic keys stored in a secure place on the device that the Librem vendor can verify?
> This is extremely misleading.
But it's not. It's an architectural difference between how Google and Apple implemented attestation. Apple stores the generated keys in a secure part on your device and certifies them. The rest is your job as an app developer. And as a user, you do not have your iCloud or iTunes account used for device attestation. In contrast Google and its Play services are an integral part of the attestation workflow.
For Apple it's evident from their docs. As a side note: I do try to learn more about this, because of an incoming project concerning it.
> You can’t rely on your app’s logic to perform security checks on itself because a compromised app can falsify the results. Instead, you use the shared instance of the DCAppAttestService class in your app to create a hardware-based, cryptographic key that uses Apple servers to certify that the key belongs to a valid instance of your app. Then you use the service to cryptographically sign server requests using the certified key. Your app uses these measures to assert its legitimacy with any server requests for sensitive or premium content.
> If I am an app developer how does it tell me that your OS has not been tempered with or actually that my app has not been tempered with?
This is not your business to verify and control what can run on my phone. I can do it with my smart card, which securely stores cryptographic keys.
> And as a user, you do not have your iCloud or iTunes account used for device attestation.
It does not matter. An account is necessary to make the phone usable at all. The attestation is useless on a phone that can't install apps.
Hackbraten•Apr 5, 2026
> Nope. This is eID and verifies your identity, it does not attest the security of your hardware.
The reader and its firmware is already certified by the federal IT security agency BSI for use with eID and banking. Why shouldn’t I be allowed to use that for whatever digital identity wallet thing the EU is cooking up?
p2detar•Apr 5, 2026
Correct me if I’m wrong please, but this is a mobile Wallet app, an enclave, for government issued documents: Ausweis, Diploma, etc. How does a card reader come into the workflow here? I don’t quite get your point.
Hackbraten•Apr 5, 2026
Currently, the card reader is the only thing that allows me to do banking and use government services on Linux. If at some point, governmental services decide to drop support for the physical-card-plus-reader systems and move everything to mobile wallets instead (like many banks already did), then I can’t do shit anymore without Apple or Google.
well_ackshually•Apr 5, 2026
>I' ve been issued a German identity card, which is its own computer that includes a digital identity already.
Then keep using it, instead of the not-mandatory app?
> I also own an expensive card reader, which together forms a system that is completely capable of supporting any attestation anyone would need.
Sure. In the mean time, do we tell the other few dozen millions that don't have an expensive card reader to go fuck themselves, or can we get to work on a solution that, even if not ideal, makes their lives easier?
> They should just stop excluding me already.
They aren't. You said it yourself, your ID is in your pocket.
shakna•Apr 5, 2026
If it requires a Google or Apple account, then it also requires those companies never cease an account, either. Or vulnerable people will be harmed.
nothinkjustai•Apr 5, 2026
> Are you also unhappy that in a democracy the 51% choose how the other 49% are going to be governed
Yes of course. That is one of it’s fundamental issues.
ryandrake•Apr 5, 2026
This is a very, VERY stereotypical Tech Product Manager viewpoint: "N% of users are hard to support edge cases, so we should exclude them." You see this justification everywhere in business. "We'll drop support for [old OS] once it gets to 1% of our user base." "Only 1% of our users have non-Latin characters in their usernames so it's OK to not support that." "1% of our users are on 3G or slower Internet connections, so we don't have to consider them in our performance metrics."
It's a pragmatic, profit-oriented point of view, but not one that makes sense when your mission is to be inclusive of everyone.
type0•Apr 5, 2026
In fact „all“ citizens who are willing to be surveilled by Google and Apple, unless German government provides each citizen with similar eID hardware there won't be any digital equality any time soon. Maybe they should pay to some subsidiary company of IBM (like RedHat) to do this, they already have such a good track record of storing nationality on their machines /s
There's a big difference between having to run a particular company's OS and being forced to share private data (whether that's merely your DNS requests or your ID documents and full financial history). with said organization.
ExoticPearTree•Apr 5, 2026
> Why are we not refusing to implement this until we know we can make it work on all devices?
Simply put: this will never happen. Way too many devices implementations to make this a reality.
fsflover•Apr 5, 2026
It's just a matter of creating a web app.
well_ackshually•Apr 5, 2026
And what attestation services does your web app use? Do we lock that web app behind having Secure boot enabled, along with a Java applet for the fun of it?
My business, no. Your government however, has a few reasons to want to ensure that the ID you're going to use to vote, to prove your identity to any service, etc, etc, does not get passed from device to device.
Configure your phone however you want, then use your physical ID because your phone isn't supported. They're not taking it away. In the same way that you can file your taxes. Having an online filing service doesn't mean you're being "excluded" because your i386 running BeOS isn't part of the supported hardware. Send a letter. It'll still work.
miki123211•Apr 5, 2026
Do all German hospitals serve vegan food?
If you were averse to carrots (without any health restrictions on eating them), would every government institution in Germany be required to serve you carrot-free food?
If not, why should they be forced to accommodate every smartphone brand in existence, even if there's only 3 people in Germany using it? THe list has to end somewhere.
RobotToaster•Apr 5, 2026
> Do all German hospitals serve vegan food?
Can't speak for Germany, but they do in the UK. It would be illegal discrimination against a belief for them not to.
vovavili•Apr 5, 2026
Subsidizing expensive tastes doesn't strike me as discriminatory.
sotix•Apr 5, 2026
Vegetables, legumes, nuts, and grains are not expensive, and veganism is a protected class in the UK.
plagiarist•Apr 5, 2026
Yeah but when you're mad at a nation not force-feeding meat to vegans you have to come up with some reason why the vegans are bad.
aziaziazi•Apr 5, 2026
Actually the subsidies mostly go to diary farming. Vegan food is cheap to produce but mostly not subsidised. This, plus the (no) economy of scale makes the shelf prices sometimes slightly higher, eg soy milk vs defatted milk.
RobotToaster•Apr 5, 2026
Would you say the same if they refused to serve kosher/halal meals for Muslim/Jewish patients?
UK law protects some philosophical beliefs equally to religions. (what qualifies is a bit of a mess as it's all case law)
(On a practical note, I imagine it's easier for hospitals to just serve vegan food for anyone who is vegetarian/Muslim/Jewish rather than have specific kosher/halal meals)
raw_anon_1111•Apr 5, 2026
Actual yes since I think all religions are illogical…
conception•Apr 5, 2026
Lol at eating just plants as being expensive. You do know where animals that are eaten get their food right?
b112•Apr 5, 2026
While the example your provide is reasonable fair, the comparison is not.
For it to be fair comparison, the carrots would have to be grown by a foreign company, known for using unsafe growing practices, causing contamination. Eg, poison carrots. This same company would have to be under the control of a very hostile, very actively aggressive and threatening nation.
Such as one currently threatening to annex allies, among other things.
With the US literally tapping and spying on heads of foreign states:
Only insane people would objectively decide to use Google or Apple anything for any form of ID. Those platforms should literally be outlawed. Any use of push notifications or identity attention should be looked at as utter fantasy.
Here's a secret for you. There really isn't any urgent requirement to have an electronic identification method. It can wait. Supporting legislation can be passed first. There are lots of ways to do so.
For example, the entire EU could pass legislation stating that all cell phones have open source code available, including all binary blobs for drivers. And that all phones are unlockable, and that (for example) the phone has a version of the rom you can download without any Google services.
(If Apple isn't able to compete here, well... too bad)
The phones would not be legal to sell, unless the open source firmware was compiled in front of regulators. The point of this is another pet-peeve of mine, it would allow people to support their own phones, for that source code would be released the day that phone was no longer supported.
And yes, it's trivial to have open source firmware blobs. There just isn't a market for it. Pass a law, and sellers of SoC and other ICs will capitulate, or maybe more punitive laws will be passed against them. As someone once said, yes companies can have a lot of sway.
But governments have police, courts, and armies.
Right now, Android and Apple devices are a literal arm of the US government's spying apparatus, even if those two companies actively work against it.
Do not trust Google Play. Do not trust Firebase. Do not trust Google. At all.
Are Germans just too trusting? I remember 15 years ago, when nuclear power plants were closing, concerns were raised about the reliance on Russian natural gas. These were waved away. Russia? What's wrong with Russia! They're almost allies, they're capitalists now!
Don't do this again.
Do NOT trust Google. Don't. Don't make it a core part of any identity management.
Imagine, needing an active Google account to even bank! Or to file your taxes, or even to prove who you are!? Google cancels accounts with no recourse, no reason why, won't help anyone, and this is to be the core of identity management for Germany?
The average person won't even be able to install any German Government designed apps, unless they are on the Play store! Are you going to teach Grandma how to use ADB to install an app? Without an active Google Account, will you even be able to use push notifications?
Why would a government even allow ID to be blocked by the requirement that a company with terrible, horrible, inane customer service, which just kills accounts without recourse, be a gatekeeper?
No Google account, no ID! Wha!?
It's literally not sane.
LexGray•Apr 5, 2026
I think it falls under the article yesterday about male German citizens having restrictions on their travel. Electronic ID is a step toward “papers please”.
Germany at least seems to feel international war is only a few steps away and from how militant the Chinese and Russians have been treating their “territory” I am not sure it is a bad call.
America has likewise turned bad preferring violence over dialogue and loves tracking “hostile influences on the American way of life”. Those influences being anyone who would call out the toxic culprits making America into a cesspit.
Tying to Apple and Google? It is a terrible idea. Both are prone to freeze devices for financial or social issues.
However, a fix I would accept is to force the device makers to support multiple accounts out of box on every device to keep separate what the corporations have proven time and again they cannot be trusted to combine. Also for those companies to be forced to make a cheap credit card sized device which must be held to power on for the few that truly hate the ecosystems.
dudefeliciano•Apr 5, 2026
> cheap credit card sized device
I don't understand why this is not the default to be honest, and why people are not advocating for that
b112•Apr 5, 2026
The first thing to go in every major war, will be the reliably of electronic anything.
What's wrong with ID cards and cash?
faust201•Apr 5, 2026
They do.
haagch•Apr 5, 2026
Lots of hospitals don't even serve healthy food in any sense, so expecting a good coverage of dietary options is optimistic...
But to answer the question in a real way: Veganism is often regarded as just a dietary choice like any other, when in reality courts in several countries have more or less agreed to classify it as a matter of conscience, which would give adherents some right to it. Though it seems German courts have been reluctant to draw much legal consequence from it - so far at least.
So in that sense, I don't think people have been talking about digital sovereignty and abstaining from proprietary software under another country's jurisdiction much as a matter of conscience yet. We can thank Trump that it might actually become a thing though.
preisschild•Apr 5, 2026
You are forgetting that by not allowing more open platforms they effectively force you to accept Apple/Google EULA's essentially forcing you to give your private data to Google/Apple.
dgellow•Apr 5, 2026
The ones I’m aware of do, yes
dabber21•Apr 5, 2026
also German here, we have to get rid of the 100% perfection at launch expectation its crippling this country
conception•Apr 5, 2026
But things not in the launch can easily be deprioritized as budget issues indefinitely. “Oh why spend the money adding support for just a few people??” will be the line moving forward.
charcircuit•Apr 5, 2026
It would be cheaper to just buy all of the outliers a bottom of the barrel Android phone for them to use with the tax money.
Collecting telemetry is not the same thing as surveillance. Using such vocabulary to describe what a phone does is both misleading and manipulating, playing into the angle of scaremongering people who do not want to be survived.
fsflover•Apr 5, 2026
So please tell us what the difference is.
charcircuit•Apr 5, 2026
With surveillance a person gets surveilled with telemetry a person doesn't. Telemetry is collecting information about the operation of the device. The goal of telemetry is to understand how the device is operating where with surveillance it is about seeing what a person is doing.
tavavex•Apr 5, 2026
The types of data that's collected for these two purposes have a significant overlap.
Sufficiently detailed telemetry is indistinguishable from surveillance because even if the goal isn't to target you right now, they will still have the secondary option of going back and inspecting all that data you sent them if they ever are interested in you. Another secondary use of telemetry is selling it to someone else to squeeze out a bit more money. There's no downside to doing this, so any business that collects a lot of varied telemetry and likes making money might as well do it. And once the data is in the hands of adtech businesses, it becomes a whole lot more like tracking you personally than just collecting some data for development. In Google's case, you don't even need to hand it over to anyone else, everything stays in-house.
preisschild•Apr 5, 2026
What does it matter in practice? Do you seriously think Google, the targeted advertisement company, does not use that Telemetry for targeted advertisements?
dmantis•Apr 5, 2026
Do you imply that it's not possible for the US intelligence agencies to request this data from google per person of interest and deliver some information from the metadata?
I heavily doubt that.
AJ007•Apr 5, 2026
Are you a lobbyist for Google, Apple, Meta, or the adtech industry? Because if you aren't, you are parroting their bullshit.
dns_snek•Apr 5, 2026
Save your keystrokes. I think I've seen that nickname express anti-consumer, pro-corporate, freedom-violating viewpoints in dozens of different threads on a pretty wide variety of topics at this point. Not once have I seen them take the pro-consumer stance.
haagch•Apr 5, 2026
It really doesn't matter. When you power on an android smartphone with google play installed for the first time you are presented with a gate screen that asks you to consent to google's privacy policy. You can't use the phone without accepting. (for example https://forum.fairphone.com/t/finalising-the-setup-wizard-wi...)
Using smartphones with such a setup should not become required by a European government on a fundamental level.
raw_anon_1111•Apr 5, 2026
Yes just like it’s cheaper to just provide people who can’t afford a phone in the US a phone by taxing other cell phone users - and I don’t have a problem with that.
ramblerman•Apr 5, 2026
Taxpayer money project being tied to a dependency on Apple google is 100% counter what that money should be used for.
You are copy pasting a “correct” argument against eu bureaucracy in the absolute wrong space
josefx•Apr 5, 2026
A 10% goal would be a good first step. Now excuse me while I read some tea leaves to find out if my trains will be on time tomorrow ( spoiler: they wont).
dudefeliciano•Apr 5, 2026
surely 10% of DB digital offerings work as expected, just not the 10% that is essential for train travel.
fsflover•Apr 5, 2026
Refusing to send all your private data to the US to benefit their megacorps, using the tax payers' money, is not "perfection". It is the only reasonable and legal choice.
tremon•Apr 5, 2026
This is not about 100% perfection at launch, this is about civil equality. Launching without broad support for use cases creates a two-tier society.
like_any_other•Apr 5, 2026
> it will not serve all citizens
This is an understatement. Better phrasing would be "when it allows two unaccountable foreign companies to lock citizens out of the digital market".
There are plenty of horror stories of tech giants frivolously banning people. We shouldn't be adding state support to that. I don't want to lose access to digital banking because of some deliberately vague "community guidelines" violation, or because I got mass-reported to some "e-safety" provider that both Apple and Google outsource to.
Sibling comments see this as a good solution, just not a perfect one. I see it as making a bad problem worse.
gmueckl•Apr 5, 2026
You have the totally wrong expectations here. Some service that requires citizens to buy and bring their own devices in order to use a service will by definition always be exclusive. Whining about lacking compatibility with some niche sbowflake devices is just inappropriate in this context. The only solutiin is to require an actually convenient fallback for those otherwise excluded from that service.
The limited selection of attestation providers can be criticized for many other reasons, though.
class4behavior•Apr 5, 2026
Your disdain isn't helpinh you here either as you're just as wrong as parent.
Such public utilities ought to always prioritize privacy, platform-independence, and empowering market competion long- and short-term. And to achieve that you need to start at the design level.
In this case, clearly, you either have to avoid relying on app attestation or lay the foundation for an unrestricted number of independent chain of trust frameworks.
The latter, of course, is a policy-level issue, but the ones responsible for the design and development are the ones who need to pass such concerns up the chain.
gmueckl•Apr 5, 2026
You have the right starting point, but the wrong conclusion. Government services need to be inclusive of everybody. But you simply cannot build technical solutions that put technical requirements on devices owned by the users in a way that the service is sufficiently inclusive. That is just a fact.
If you want to be critical of the outcome on compatibility grounds, forcing a grind to increase technical compatibility is the wrong thing to ask for. That must necessarily always leave some people behind. The only honest alternative positions on that front are (a) the government issues the tech to everybody itself or (b) the government doesn't build advanced systems at all.
The German government offices rely on a lot of quaint-looking paper based processes, but they have one thing going for them: working through them can be done with pen and paper - tools that are available for cheap and broadly compatible. It's probably not such a bad thing after all?
raw_anon_1111•Apr 5, 2026
Because you can’t please all of the people. And before someone likens it to the ADA. Even with accommodations you have to make, car makers aren’t for instance required to make cars that blind people can drive.
You chose to use a non mainstream platform. Thats on you.
retired•Apr 5, 2026
Perhaps look at the Spanish Cl@ve, it works with Linux. It's just a simple digital certificate that allows you to identify yourself.
You can even run it on OpenBSD or TempleOS if you want to.
fredgrott•Apr 5, 2026
so I have to buy a Yubikey hardware thingie to keep my Google account just to use eIDAS??
For those that do not know, that is the only way to get the Google account back is to use a hardware 2FA in the first place....
AND yubikeys are $60 per yubikey...and generally you want 2 including a backup
tannhaeuser•Apr 5, 2026
You must go back to the drawing board and rely on highly-regulated Telecom standards (that's why they were mandated in the first place!) not monopolistic defacto "best practices" you have no influence over because they're more convenient for you.
This is simply unconstitutional and should be escalated ASAP if you don't want to end it before the appropriate court in Leipzig, Karlsruhe, or maybe Luxembourg.
jonathanstrange•Apr 5, 2026
Another German citizen here. I think what you're doing is illegal and will be blocked by German courts.
0x3f•Apr 5, 2026
It's funny because this is also the exact German response for when your neighbour has an unsanctioned BBQ.
gorgoiler•Apr 5, 2026
I know it’s not quite the same thing as an OS vendor, but culturally, if you’re having trouble empathizing with the ick in this thread then imagine if the initial implementation was available only for account holders with Facebook, Yahoo! Mail, or MySpace.
oytis•Apr 5, 2026
I don't get it. Are mechanisms in our ID cards not strong enough so that we have to rely on the security of the operating system?
NanoCoaster•Apr 5, 2026
Will eIDAS be the only way to identify yourself in cases where it's needed, or will we be able to user other mechanisms like the german ID card stuff or an entirely separate alternative?
Or to put it another way, is a smartphone required? If not, that would already clear up a lot of issues, I think.
EDIT: Whoops, just saw the answer to another comment asking precisely this. So it's not a requirement. Good. Is there a legal framework that ensures that this remains the case? Otherwise, I fear it will become a de facto requirement over time.
jech•Apr 5, 2026
One datapoint: at least in practice, it used to be impossible to delete an entry in the French INPI database (trademarks and company names) without eIDAS. It forced me to unearth an old unmodified Android phone (I run LineageOS on my main phone).
I'm also thinking of keeping an android phone purely for auth purposes, separate from my main one. The world's most overengineered (and probably also less safe) Yubikey.
> If you read French
Let's see how far my five years of French at school will get me. I'm not getting my hopes up ;)
Aachen•Apr 5, 2026
Also if you are legally required to be able to use some backup mechanism, it can become the de facto requirement
regnerd•Apr 5, 2026
that‘s not correct. Article 5 eIDAS2 explicitly states, that europeans exercise full control over their data. Therefore EUDI wallet must not be a walled garden.
Especially if the wallet shall be used for authenticating and signing, it must be available to all europeans, even those sanctioned by the US.
If this is your plan, please go back to the drawing board.
eMPee584•Apr 5, 2026
There's a new initiative by some non-google non-apple phone vendors called *UnifiedAttestation* which I hope you will support at some point in the future:
In light of all of these shortcomings with platform attestation, why go with the eIDAS 2 wallet approach at all? eIDAS 1 already solved this with Mobile-ID (SIM-based, no Google/Apple dependency) and Smart-ID (server-side key management with minimal platform reliance). What does the wallet model give you that justifies this level of dependency on two American corporations’ proprietary backends?
Especially considering that mobile-ID has been around since 2007.
nip•Apr 5, 2026
I’m sorry to lash out at you but I keep getting disappointed in European countries (more precisely the ever disappointing EU commission) all suffering of the NIH syndrome instead of collaborating and learning from each other
ExoticPearTree•Apr 5, 2026
There is mothing to be gained politically by doing this. You think you look good if you say “hey, the Poles had this really good idea, how about we do the same”?
Plus, the process is something like:
- we want to do $something
- hire consultants to help us define $something and produce a document
- hire other consultants to write the specs for the project
- launch an RFP
- select a winner
- wait for the implementation to finish
All the proposed solutions will be something paid, ideally made by a really large company to lend it credibility, and with maintenance costs that justify hiring dedicated people for it.
In the end no one gets what they want.
You think if there was any will wouldn’t the whole EU use whatever the Estonians are doing very well?
jen20•Apr 5, 2026
> You think you look good if you say “hey, the Poles had this really good idea, how about we do the same”?
Yes.
> You think if there was any will wouldn’t the whole EU use whatever the Estonians are doing very well?
Using the Estonian system would be vastly preferable.
If politics doesn’t allow that, the political environment is broken.
grundrausch3n•Apr 5, 2026
How is the Estonian system now? I remember when I visited around 2010 our host just had a quite simple smart card reader and could just use it to sign in to government services with their ID and as far as I remember even sign mails and documents. Germany of course could not use normal smart cards but had to use NFC cards with special readers and made the signing feature and additional service you had to pay for on a yearly basis. Of course the Germans system did not went anywhere for years. I do have a reader now and can use it for some governmental services and have very limited appetite to bind the ID to my phone.
mytailorisrich•Apr 5, 2026
Isn't the eIDAS 2 wallet approach a legal requirement of eIDAS 2 (which is an EU regulation, i.e. the law).
nip•Apr 5, 2026
It is, mandated by the EU commission.
Instead they could have mandated the use of eIDAS 1 to all countries + extend it with attribute/credential support, and let countries choose their implementation (cards, SIM, server-side).
Instead we’re back to the drawing board with the big shortcomings highlighted in this thread.
mytailorisrich•Apr 5, 2026
Oh OK, I understand your point now.
Avamander•Apr 5, 2026
SIM-based solutions are on their way out because phones are starting to lose SIM slots. Certifying eSIM implementations to the same EAL level (as Mobile-ID SIMs are) is way way too difficult. At least for one country doing it alone.
Smart-ID sucks. It's not truly hardware-backed, it's proprietary and has fundamental flaws like not having a direct link between the site being authenticated to and the authenticating device (auth can be proxied, just like if it were just plain TOTP).
nip•Apr 5, 2026
Agree on Smart-ID but the answer is to fix those flaws, not to replace the entire approach with one that depends on Google Play Integrity verdicts that even the German architects admit they can’t fully trust.
SIM-based solutions on their way out is a non-issue. For eSIM to support that use case, political will only is needed: the EU got Apple to abandon the lightning cable, this is not any different.
Avamander•Apr 5, 2026
> Agree on Smart-ID but the answer is to fix those flaws
Fundamentally can't be, it'd be a whole new solution.
> For eSIM to support that use case, political will only is needed: the EU got Apple to abandon the lightning cable, this is not any different.
Mandate every phone vendor to EAL4(+) certify their eSIMs? I'd love to see that, but I'm not sure that's a viable approach to take.
pwlb•Apr 5, 2026
EIDAS 2 motivation is implicitly that eID failed in eIDAS 1. It simply either didn't take off or didn't work at all
gmerc•Apr 5, 2026
“Not Great” is the understatement of the century. It fails to protect sovereign identity by handing the default to companies not only under foreign sanctions control but who also lock people from their accounts without recourse.
The device chain is a classic misdirection, it seems everyone here is just following Meta’s lobbying to put this into the OS.
Even the carrier layer would be better than the mobile device layer.
Or, you know, just look at Singapore’s or Swiss National SSO - it functions on an app that layer just fine, no issues
Shouldn't the energy instead be focused on creating a standardized eIDAS driver API that OS vendors are required to implement?
utopiah•Apr 5, 2026
> The initial limitation to Google/Android [...] is simply a matter of where we focus our energy at the moment
Nice... so the rush is to delegate power to the large American platform?
bakugo•Apr 5, 2026
> We have to use some kind of attestation mechanism per the eIDAS implementing acts.
Sounds like these "eIDAS implementing acts" are the problem, and were influenced by ulterior motives.
isodev•Apr 5, 2026
> The initial limitation to Google/Android is not great
It’s also illegal on both accessibility grounds as well as violating the eIDAS spirit of no dependency on specific providers.
By shrugging it off as “not great”, you’re also dooming every citizen to have to comply with whatever whimsical terms of service Google and Apple have.
Have you ever tried to unban your Apple/Google account? So in effect, everyone’s access to eID services will depend on some crappy automation some intern in California setup to detect “abuse” or whatever.
There are technical solutions to avoid this dependency and you’re probably getting paid to find, research and adopt them. So … do your job?
ulrikrasmussen•Apr 5, 2026
This is simply unacceptable. You are not making an innocent pragmatic compromise here, you are launching digital infrastructure which initially will tie everyone to Google/Apple and give alternatives a huge disadvantage for an unknown amount of time. Nobody knows when, or even if ever, support for open platforms will arrive.
You should be ashamed of being involved in this monopoly handover to American big tech.
aenis•Apr 5, 2026
Fingers crossed for the judiciary - if the implementers ignore the intention of the law, then lawyers will have to help them understand the limits of corner cutting - and block this.
subscribed•Apr 5, 2026
I bet £50 that the alternative (eg GrapheneOS attestation (based on the standard AOSP attestation)) will be delayed, then delayed, then scrapped since almost everyone is using Google Plag integrity anyway.
Yes, I assume malicious intent, sorry, seen this happen enough tines recently.
chaz6•Apr 5, 2026
Have you considered Unified Attestation [1] which is an alternative to Google's?
> The initial limitation to Google/Android is not great, we know that, and we have support for other OSs on our list (like, e.g., GrapheneOS).
GrapheneOS uses standard Android APIs for hardware attestation (as opposed to Google-specific ones), so why don't you just use those from the get-go?
zajio1am•Apr 5, 2026
Why not just use U2F or certificates on crypto-tokens?
zajio1am•Apr 5, 2026
Note that for eIDAS 1, a Czechia e-identity provider uses U2F tokens.
crest•Apr 5, 2026
This is on the stupid side of lazy (again). You'll still be sovereign only at the pleasure of Apple and Google if you submit to their platform as a service crap.
inexcf•Apr 5, 2026
Side question. How come it is always the most incompetent people who get put in charge of implementing things like that. Over and over apps and services are developed in Germany and completely fail at what they are supposed to achieve. Where are these people recruited from?
matheusmoreira•Apr 5, 2026
> and we have support for other OSs on our list (like, e.g., GrapheneOS)
Excellent. Massive respect to you for doing this. This attestation business is an existential threat to "other" operating systems. I'm glad to see people are putting effort into supporting them.
morpheuskafka•Apr 5, 2026
What happens if someone is banned from both companies (even for a very legitimate reason such as hosting illegal content -- they still need to access government services)?
dudefeliciano•Apr 5, 2026
What about people hosting content that is illegal in the US but not Germany (not sure what that may be now, but with the direction the US is taking maybe in a couple years even the fat Vance meme could become some kind of illegal subversive content). Anger the big daddy and your identitiy is gone.
mrsssnake•Apr 5, 2026
> We have to use some kind of attestation mechanism per the eIDAS implementing acts.
Translates to:
"We have to make sure citized accessing the public service have not control over the device per the eIDAS implementing acts"
dudefeliciano•Apr 5, 2026
glad that the "move fast break things" mentality has finally arrived to Germany, just didn't expect the public sector to be the first to implement it
amaccuish•Apr 5, 2026
Why the need for a Cloud HSM?
whizzter•Apr 5, 2026
Is this implementation related to the AusweissApp I've seen mentioned before (that reads the cert via NFC from a physical card) or another implementation?
zkmon•Apr 5, 2026
Google is becoming a bit draconic. They did not allow me to create new email account, saying I already have too many accounts. But they also don't allow me to delete existing accounts, saying there is no authentication method available to access/delete those old accounts.
tsoukase•Apr 5, 2026
EU depending so much on Goo/App feels suspicious for direct lobbying, as someone noted. If I were Ursula, I would draw a red line: no US digital dependence. But the rounding error of the rounding error of these trillion dollar companies is enough to expunge the nonexistent EU infra.
sylware•Apr 5, 2026
Well, since it happened also for my gov (France) 10 years ago, we can see this pattern happening in the whole EU.
There is a mixure of incompetence and big tech aggressive lobbying on gov 'standards' all over EU... making anything internet hard locked on big tech ultra-massively complex software, protocols and file formats.
In my country, it is the web: classic web support interop was actually killed 10 years ago. Now, only web apps requiring one of the gigantic and ultra complex web engines from the WHATNG cartel are working. No more "small' web engines (including their SDK) does work, and it did close the door for good to anything 'not big tech' (here the WHATNG cartel), what a bummer, oopsie!
In means in my country, to interact with the gov agencies and dependencies, you are now FORCED BY LAW to use only WHATNG cartel web engines. Wow, corruption (there is big public money there)? brain washing grade lobbying (what seems to be the case)? incompetence (always expected on complex matters)?
To add insult to injury, in my country, the ONLY person who have the power to fix that is the prime minister (then also the president). Oooof!
Of course, very simple classic web sites do work on 'smart phones' (apple did threaten to remove its browser... we know why: to force a technical hard dependency on them since they have a significant amount of the "market").
We all know their weak spot: a simple and stable in time, "good enough" to do the job, set of existing protocols/file formats (to protect the SDKs, I would include the computer languages, for instance excluding c++ and similar for plain and simple C and assembly to protect against the obviously ultra-complex SDK components): it will reduce dramatically the complexity and size of any current and future, local, implementations.
What's seems to be happening when I look at that: some people all over EU countries are trying to fight their way out of big tech because of gov officials probably being brain washed by lobbying (do not exclude the possibility of "corruption" and there is always some level) of incompetence which is expected).
Since it is happening in France and Germany, core of the EU...
Now what?
trklausss•Apr 5, 2026
Knowing the German, how much of a fiasco will this be? Many Germans despise having to go online with specific services due to "Datenschutz". Now you are telling them that they need an external (American) service in order to use this?
What I don't understand is: ELSTER (taxes) already uses electronic signatures, don't these signature already fulfil the requirements of eIDAS? Why do we even need Google/Apple?
coretx•Apr 5, 2026
Germans are likely going to try and hang the public servants for high treason via their constitutional court.
verisimi•Apr 5, 2026
Corporations + government = fascism.
Fascism is the reality.
And its global.
Global fascism is what is already the case.
sajithdilshan•Apr 5, 2026
As someone living in Germany, the alternative would be snail mail, which is used to send a pre-authentication code, username and then another code. This is pretty common with insurance providers, German traditional banks, etc. However, the annoying part is that if you ever forget or lose the code, then you would have to request a new one via mail that would arrive like 2 weeks after.
jonathanstrange•Apr 5, 2026
The alternative is a secure physical device and that's also the correct way to go if you insist on having online ID checks and take digital sovereignty seriously instead of making it a joke lip service like these implementers do.
makerofthings•Apr 5, 2026
Requiring people to use products from one of two private American companies with a bad track record of locking people out of their accounts is more than “not great”. Some things are better not done if they can’t be done well.
mytailorisrich•Apr 5, 2026
Yes but in the real world all smartphones are either Apple or Android. Europe has zero footprint in either software or hardware. It is not creating a requirement to use specific products, it is using the products people already have.
So one may argue that the implementers are only taking the pragmatic approach regarding something that is out of their hands.
jonathanstrange•Apr 5, 2026
We're talking about an essential government service, not just another weather app. You have to look at this through the lense of national security, the debate about EU digital sovereignty, and the requirements of the GDPR in light of the US CLOUD Act, as well as prior decisions of EU courts about these issues.
mytailorisrich•Apr 5, 2026
Yes all that you wrote is true. But that does not magically change anything to what I previously stated: in the real world all smartphones are either Apple or Android...
I don't know what the eIDAS 2.0 requires in term of security but it may make the choice the implementers made here unavoidable in practice, as hinted by @webhamster.
If so, it seems that a solution, if technically possible, might be to mandate that OSes provide the required security features without tie-in.
The outrage in the comments feels a bit like people yelling at clouds...
taotau•Apr 5, 2026
correction. in the real world all smartphones are either apple, android or none/other. in terms of legals, you really do have to cater to all three, which is why we don't have one world government.
mytailorisrich•Apr 5, 2026
This is about a digital wallet, so people who don't have a smartphone are out of scope.
Now, "other" than Apple/Android is so small as to be negligible and governments also have a duty not to waste taxpayers' money, which means not spending hundreds of thousands to cater for an ultra small number of people who have an easy access to an alternative.
To have government apps work only on iOS and Android is perfectly reasonable in the current state of the world where this covers 99% of smartphones.
znort_•Apr 5, 2026
> To have government apps work only on iOS and Android is perfectly reasonable in the current state of the world where this covers 99% of smartphones.
the fundamental flaw with that approach is that it is totally unreasonable to have government apps in anything other than open source and fully public systems. nothing else can really be trusted, and any private/closed source option should be disqualified from the get go.
the reason is simple: you can't trust private entities or opaque systems, and you can't trust government either, thus the solution has to be fully transparent or you're doing nothing.
the problem with that is that it is hard, expensive and/or inconvenient.
limagnolia•Apr 5, 2026
Why should I have to have a smartphone to have a digital wallet? Smart watches, tablets, laptops, portable game consoles, etc, are all perfectly cromulent hardware for running a digital wallet.
Hackbraten•Apr 5, 2026
> in the real world all smartphones are either Apple or Android...
So you're claiming that Mobian doesn't exist? PureOS doesn't exist? PostmarketOS doesn't exist? Ubuntu Touch doesn't exist? SailfishOS doesn't exist?
jonathanstrange•Apr 5, 2026
Essential EU government services cannot be devised on the hope that US companies will invent something that - contrary to current US legislation - will somehow provide the attestation services needed in a GDPR-compliant way without forcing EU citizens to provide personal data to US companies.
If it's not possible to create such a system for mobile phones because of legal issues (as you seem to acknowledge and judges have found in the past), then the focus would have to be on creating hardware devices in the EU, ideally with open source hardware and software. These can be made reasonably secure, have been used by banks for a long time, and would enhance digital sovereignty.
What I find unacceptable is the attitude "well, it will violate the law but as a matter of practicality it's the only choice we have right now so we'll just do it."
mytailorisrich•Apr 5, 2026
> Essential EU government services cannot be devised on the hope that US companies...
I don't disagree. I am just pointing out that this is wishful thinking right now.
As said, Europe has zero footprint in hardware or software so the choice is either not to develop any digital services or to accept that they will run of foreign hardware/software because everything is either Android or Apple and runs on hardware that is from US/Taiwan/China.
Developping honegrown alternives is pie in the sky or a 20 year project if we are optimistic (which I am not)...
Frankly, many comments, and the reactions to mine, show how out of touch and idealistic or naive the HN crowd can be.
subscribed•Apr 5, 2026
It literały has created the dependency on google when thought Android offers the standard/generic AOSP attestation.
Also you weirdly forget all the Chinese phones. There's also some tiny European brand which will have absolutely no way to limit their users dependency on the famously hostile and unconctactable provider.
FabHK•Apr 5, 2026
Most Chinese smartphones run Android (Huawei uses HarmonyOS).
qwertox•Apr 5, 2026
Maybe that will force the companies to not be allowed to just lock you out of the account.
gmerc•Apr 5, 2026
Ya, sorry, no, maybe is not really a durable position here.
subscribed•Apr 5, 2026
You, your siblings, your parents, etc, etc.
spwa4•Apr 5, 2026
So what can be used as an attestation API? WHAT will make sure that when a phone says "you're paying 10 euro to $coffee_place" that it isn't a bitmap being shown over "you're paying 10.000 euro to $scammer", above the pay button. Note: needs to be a real guarantee that isn't a permission question away from going away.
Either governments can develop (and pay for) THAT technology, or they can use Apple/Google ...
xorcist•Apr 5, 2026
That seems like a weak argument to require attestation? What would attestation prevent that scenario, specifically?
spwa4•Apr 5, 2026
Oh I see your confusion. It is not trying to prove it's not cheating with the UI (or remote control, or ...) to the owner of the phone. It's proving to the owner of the website (or app, or SIM, or ...) that it's really the user agreeing to the contract on the screen. Or, more to the point, it's proving it to courts after the fact so they'll convict the owner of the phone rather than the business or government.
The scenario it would prevent is that a government gets a filled in form with someone requesting unemployment benefits, or reimbursement for a medical procedure on account X ... and then government finds out after payment, later, in court, that the owner of the phone never agreed to it and it needs to pay it out again (because the claim, true or not, that a scammer initiated the payment agreement in some way rather than the owner). Same for business and agreeing to a loan and ...
It is NOT to protect you, the owner of the phone, against scammers (it does not really do that at all), it is to protect companies and especially governments AGAINST the owner of the phone. It is a way to fire most EU government employees by allowing automation that currently can't work because you can't legally trust phone and internet automation to be binding in court.
GoblinSlayer•Apr 5, 2026
Do you imply that google can prove such a thing or it's just a security theater for (((compliance)))? AFAIK attestation attests hardware, not software, but hardware attestation is self contained and doesn't require any remote cartel permission, cf yubikey attestation.
spwa4•Apr 5, 2026
The EU is trying to make a standard that courts will enforce because EU politicians (the commission, not parliament) really want that. But all EU countries are trying to save cash without touching what's causing the money problem (that would be pensions, there is no way in hell EU governments can spend what's required to keep pensions going as is even in 2026. In the past they spent all the pension money instead of investing and now they have to start paying it back, except they can't. And if they touch pensions ... well there's a French joke. It goes something like this "One of the greatest accomplishments of the 20th century is that you can see Paris from space. Look there it is, that flame right there ...")
So they're just going to use the Apple/Google standards and declare the job done. So it's theater from all sides. Politicians will pretend this is a good solution because they don't want to spend real money, and they really want to tempt EU kids to get loans on their smartphones because, you know, in the EU you're protected from companies exploiting you. Of course, that just means governments will have to do it instead.
miki123211•Apr 5, 2026
I'm not sure I want my government to develop that technology.
Government software is usually low-quality, expensive procurement crap, often riddled with security holes, and an exercise in checkbox checking. UX and user friction can't be expressed as a verifiable clause in a procurement contract, so they're ignored.
Besides, every time EU governments tried to force smartphone manufacturers to pre-install government apps, the population freaked out over (unwarranted) surveillance concerns. This isn't something you can do without pre-installing apps (you don't want these APIs opened up because then attestation loses all meaning).
GoblinSlayer•Apr 5, 2026
It's not that difficult, just `git pull lineage`.
subscribed•Apr 5, 2026
In case of Android - AOSP attestation.
Not necessarily the company that locks out entire family because one of the family member jacked off on the chat with Gemini model.
ExoticPearTree•Apr 5, 2026
There are no alternatives.
I mean you could use Huawei and others, but the FUD campaigns against chinese manufacturers was pretty agressive in the EU.
letmetweakit•Apr 5, 2026
:facepalm:
ttkari•Apr 5, 2026
Oh but isn't that great. This is just the kind of digital sovereignty these times call for.
Sometimes I wish the Germans had an island of their own somewhere up north near the american continent.
robertDouglass•Apr 5, 2026
lobbyists!
kkfx•Apr 5, 2026
Simply eIDAS must works on smart-cards and desktop USB/built-in card reader, not mobile (cr)App.
BUT government do not want sovereignty more than they want snoop on citizens.
coretx•Apr 5, 2026
Time for a digital Reichstag fire. When will the germans stop repeating history ?
nickslaughter02•Apr 5, 2026
How many billions will EU countries spend on this bull shit? Who needs it?
The existence of eIDAS itself is already a big problem. They're going to try to gradually push laws to make it so that you'll need a government issued signature to do anything. That's when they'll have total power over you because they can simply refuse to issue.
Modern computing and communications technologies can be leveraged to build infinitely stable authoritarian regimes. It's even possible for democracies to stumble into it on their own as they attempt to regulate these new technologies. In hindsight, the Internet was built wrong. It has a top-down structure which all of human civilization is beginning to mirror.
TacticalCoder•Apr 5, 2026
> They're going to try to gradually push laws to make it so that you'll need a government issued signature to do anything.
And in the EU it's already nearly the case. The dystopian horror that KYC/AML has become for honest citizens is beyond belief. And they're of course hiding behind the excuse that "bad guys are laundering money": but going after actual drug dealers, of course they're not doing that. We now have articles wondering if Belgium (where most of the EU institutions do live and where all these totalitarian laws are passed) has become a "narco-state" (where criminals make the rules).
People's life can be ruined when some employee, somewhere, decides he wants to bumps his SAR quota (Suspicious Activity Report): you can have a real-estate transaction fail (and have hence moreover to pay a 10% penalty to the other party) if either a notary, bank employee, real-estate agency employee decided that they've got the nostalgy of the Gestapo-time and decided to act like a good little nazi (yes, Godwin's law: for we're literally talking about totalitarism).
I recently had an notary's employee bother my brother for the source of funds when he bought an apartment... A quarter of a century ago. A quarter of a century ago and he was talking to my brother as if he was a criminal for he didn't have access anymore to the bank wire transfer from 25+ years ago. It's crazy for the exact same controls had already been done 25+ years ago when he bought the apartment. And the notary's employee fully knows that. (regarding that case my brother is currently looking into the national federation of notaries and he's going to file a complaint: he's got emails from that notary's employee that are totally out of line).
The problem is way too much power over the lives of others is put into the hands of petty people: petty bank employees, petty notary employees, petty public servants. The same kind of people who were all too happy to out jews during WWII and who were making sure trains would leave on time.
I previously had a folder where every single money transfer of more than 10 K EUR was saved: I know do it for every transfer below 5 K EUR. And these are to be kept forever for I know that me or my wife or my daughter shall invariably meet motherfuckers asking them "proof of the source of funds from 30 years ago when your father bought that collectible car" (worth less than 20 K back then btw, but worth 6 digits now).
Just fuck these systems and fuck anyone working on it and fuck all the nazis participating in it.
ghosty141•Apr 5, 2026
> They're going to try to gradually push laws to make it so that you'll need a government issued signature to do anything. That's when they'll have total power over you because they can simply refuse to issue.
The more this signature is necessary the harder it becomes to deny issueing it to somebody.
I don't see how this changes much compared to nowadays. You can already require an ID for all kinds of these and the government already has total control over those. So what changes? China manages to ruin the lives of the people illegally born under the 1-child-policy for decades already, all without systems like eIDAS.
You can't protect yourself from authoritarian regimes with tech or good policy since those will just get ignored. Look at Trumps war with Iran, where did Congress agree to it?
I'm not a fan of these systems either, I also think software should be open and no vendor lock-in should exist. But I don't think this will change much to be honest.
txrx0000•Apr 5, 2026
It will matter a lot in the long run. I will outline one concrete way it will matter, which I think is the most critical, but there are other ways it will do damage besides this:
Right now, physical ID is only required for government services, for the most part. But digital signatures can be extended later to gate all services and purchases, both online and physical, including non-government ones. For example, you can't host a website without a gov approved signature for each website.
Under a system like that, you would rarely find out when the gov refuses to issue a signature, or when any kind of injustice happens, really. Websites where people can talk about bad things happening to them will simply be denied a signature to legally operate, so they're given the ultimatum to "voluntarily" censor posts, or be shut down. It becomes impossible to have this very conversation on a public platform with any kind of meaningful reach. And they already have this kind of system in China, since you brought it up. In fact, they have domestic surveillance systems that make the Snowden disclosures look cute.
jbverschoor•Apr 5, 2026
eIDIOTS I guess
Glorified2202•Apr 5, 2026
Can every german citizen opt out?
Glorified2202•Apr 5, 2026
Can every german citizen just opt out and not have to use any kind of digital ID?
docmars•Apr 5, 2026
This is such an egregious and embarrassing breach in privacy, it's crazy.
GDPR good, but oh no... gotta spy on everyone now.
48 Comments
electronic IDentification, Authentication and trust Services
As an example, an EU citizen working in Sweden should be able to submit Swedish tax forms whilst living here by using a digital identity from the originating nation.
There are also some standards in place like ETSI standardized extensions to PDF signatures so that you can verify that a signature inside the PDF was actually signed by a specific physical person (the standard is there but it's not fully used throughout the EU yet due to some legacies).
Implementation is a bit of a mess still but things are converging.
- someone sends you a docusign link
- you sign up with your email
- you sign with your name in a cutesy font
Theres a dispute? Well it was going to end up in court no matter how you signed it anyway. This has all the hallmarks of a design by committee project by people whose salary is paid regardless of demonstrating market fit, productivity, usage, plain sensibleness...
The fact that it's ALWAYS a docusign is the ridiculous part. It is just a glorified where you enter your name and email. No need to pretend otherwise. Any other service would be just as good. This is basic human sheep-like behavior?
Can I also send the Docusign document via Signal without Docusign knowing the person who signs it?
Because that is what the eIDAS is supposed to deliver on top of cryptographic validation of signatures.
Slovenia hands out certificates for online government services, including document signing, and it seems to be going fine, with the added benefit that Google can't take away my access.
Eidas tries to harmonize these implementations across EU member states.
The big question is how to let users properly handle their certificates so they won't get abused into being useless.
If I understood it correctly, the German current Ausweissapp seems to require NFC to read it from your personal id card together with a PIN code you got with the card, it's not entirely user-friendly since aligning the card with your phone seems to be prickly.
Swedish BankID handles it internally in their app (unlocked via PIN's) but they don't have a good way to use it to sign things (It all relies on the infrastructure even if they give out signature documents it's not compatible with pADES).
There's a new govt sponsored one that I assume will piggyback on the personal cards/passes that are readable via NFC.
Norway and Denmark iirc supports proper signatures but I don't think the certificates are under user control (someone correct me if I'm wrong here).
Now these things are mostly issues for document signatures, authentication is often handled via other flows.
What I skimmed from the article, it seems to be more in line with Swedish BankID and is actually fairly smooth for end users even if less secure than what they have now with Ausweissapp.
I assume this should be "intra-EU"? I'm not very familiar with eidas so I'm not sure, but afaik it's about signatures within the EU, not between different EUs (as there is only one in this world). (I hate this inter/intra wording, always have to translate it in my head to understand whether it's like internet (between networks) or like intranet (within a network). Would recommend using "within-" instead of intra whenever it's not already a well-established word, like intranet)
Several paid providers for X.509 certificates exist but document signing certificates cost around 80 € per year [0]. And if I want duplicate X.509 certificates for my redundant Yubikeys then the cost doubles.
Other providers require an initial deposit and then charge per signature [1], which leads to intransparent pricing. In the interest of open commerce, I strongly believe that securely signing an electronic document should cost the same as my manual signature, i.e. nothing.
A partial solution already exists because I can use my electronic ID card with the AusweisApp to prove my identity when interacting with German authorities. This feature is generally useful because I live outside of the EU, but I especially appreciate that I can have my OpenPGP key signed by Governikus (a government provider) to prove the key belongs to my name [2].
Technically, I should be able to use my certified PGP key to sign documents, but in practice most non techies don't know how to validate my signature. For the average user opening my signed PDF in Adobe Reader, I would need an X.509 certificate from a trusted Certificate Authority for users to see the green check mark.
[0] https://shop.certum.eu/documentsigning-certifcates.html
[1] https://www.entrust.com/products/electronic-digital-signing
[2] https://pgp.governikus.de/wizard/requirements
These days an ID system that doesn’t work online is next to useless.
https://www.ausweisapp.bund.de/en/open-source I just saw that it's available in alpine.
So I tried installing it on my postmarketOS smartphone and it runs out of the box: https://i.imgur.com/nRIAyrq.png
My Shift6mq is listed has not having NFC support in postmarketOS, so I can't actually test it, but I assume the USB card reader option will work once it's supported.
They might have some great software _somewhere_ but I have yet to see it.
It does not have good UX because good UX was never the objective.
This was more than 30 years ago. Now we have a great culture of overregulation.
Everyone is trying to cut costs so as to be able to compete there and Europeans are paying the cost of financing this.
Personally I'm going to wait until the average car age in China crosses the 10-year mark to get a new vehicle. Until that happens there will be no incentive to think about longevity.
Play Integrity could the worst offender here, as it can be leveraged to force a user to have installed the app through the Play Store. Indirectly, requiring a Google account.
See also this issue from 2025 where the developers responded: https://gitlab.opencode.de/bmi/eudi-wallet/wallet-developmen...
AFAICT, there is no mention of an Apple or Google account being required in general - the documentation just lists "signals" that are used to securely authenticate a person - such as Google's/Apple's security ecosystems. I am not sure what this means in practice. Can anybody with deeper understanding explain the actual implications and possible outcomes?
(Note: BMI is the German Federal Ministry for the Interior)
Explanation: https://mastodon.social/@pojntfx/116345725515845020
There is in practice no known way around it for now, and even less so one for regular people, to use this on a device without a Google account
> unknown system image (e.g. custom ROM)
Oh no, what a horrible crime, somebody dared to modify operating system on their own device..
App attestation does not require an Apple account nor a google account. For Android, it does limit the ROMs to Google certified ones and requires GMS to be installed if Play Integrity is used. An alternative option, would be to use the Hardware Attestation API directly, GrapheneOS would be thanking you.
I've spent a good amount of time implementing exactly this type of system for a backup service.
his document specifies a way to cryptographically attest the integrity of a HTTP request hitting a server.
The attestation proves the request came from a device and attest the legitimacy of the bootloader, OS and app.
Google and Apple are in a privileged position to be able to bypass the app attestation though, so depending on the threat model, it's not bulletproof.
edit: Play Integrity could the worst offender here, as it can be leveraged to force a user to have installed the app through the Play Store. Indirectly, requiring a Google account.
To me, there is no difference between your sentences. You require the blessing of an American company to be able use eIDAS. Google has the power to disable eIDAS at a national scale by making the attestation services treat all devices as not certified.
There should be NO reliance whatsoever on a private company not under the control (direct or indirect) of the government let alone a foreign private company.
Edit: I just noticed your username and the fact that your account is very new. Are you astroturfing?
But in pure technical & UX terms, you don't need to be logged in.
App attestation can fail on simulators, Graphene OS, dev builds, I've seen it all. There is one check you can do to see if an app was side loaded, so indirectly, can require Google account.
Title is still misleading though, as it explicitly mentions accounts.
Google details new 24-hour process to sideload unverified Android apps (1196 points, 16 days ago, 1262 comments) https://news.ycombinator.com/item?id=47442690
Which was the motivation for cryptographically attesting the boot process and OS, and in part paved the way for app attestation.
There are alternatives though: The Android Hardware Attestation API enables attestation on custom ROMs, but the attestation verifier needs a list of hashes for all "acceptable" ROMs. GrapheneOS publishes these but there's nobody, to my knowledge, maintaining a community list.
Cryptographic attestation is not a problem in itself, the problem is exactly what you already somewhat hinted at: it's who and how decides who to trust and who gets to make (or delegate) the choices. You can make a secure system that lets the user be in charge, but these systems we're discussing here don't (and that's by design; they're made to protect "apps", not users).
The problem with modified phones containing malware is very real and unless you want a full on Apple "you're not allowed to touch the OS" model you need some kind of audited OS verification that you as a user or a security sensitive software can depend on.
But to remove that incentive you first need to stop punishing app companies for compromised user OSes from legal perspective.
Are you willing to absolve Google, Apple and Deutsche Bank from responsibility of damage that happens on compromised user OSes?
And this malware is largely based on open source code (Linux) that was originally developed on open, documented hardware, where the firmware boot loader did nothing more than load the first 512 bytes of your hard disk to address 0x7c00 and transfer complete control to it.
Yes, there were viruses that exploited this openness, but imagine if Linus Torvalds would have needed a cryptographic certificate from IBM or Microsoft to be allowed to run his own code! This is basically the situation we have today, and if you don't see how dystopian this is, I don't know what more to say.
I will never understand why such an overwhelming majority of people seem to just accept this. When frigging barcodes where introduced, there were widespread conspiracy theories about it being the Mark of the Beast -- ridiculous of course, but look at now where in some places you literally can't buy or sell without carrying around a device that is hostile to your interests. And soon it will be mandated by the state for everyone.
Google must be destroyed.
In the past, when you had a proprietary tool you needed to use to do something, people could analyze and reimplement it. The reasons to do that varied - someone needed "muh freedomz", someone else wanted to do the thing on an unsupported platform, someone else wanted to change something in the way the tool worked (perhaps annoyed by paper jams)... Eventually you could end up with an interoperable FLOSS reimplementation. This has happened with lots of various things - IMs, network service clients, appliance drivers, even operating systems, and this is how people like me could switch away from Windows and have their computers (and later phones) remain fully functional in the society around us, perhaps with minor annoyances, but without real showstoppers.
Remote attestation changes this dynamic drastically. Gaim (Pidgin), Kadu couldn't be made if the service provider like AIM, ICQ, Gadu-Gadu etc. could determine whether you're using the Official App™ from the Official Store™ on the Official OS™ and just refuse to handle requests from your reimplementation. They could still try and be hostile to you without it, and often did, but it wasn't an uneven fight. Currently we're still in the early days and you can still go by in the society by defaulting to use services on the Web, using plastic card instead of phone for payments etc. but this is already changing. And it's not just a matter of networked services either - I bet we're going to see peripheral devices refusing to be driven by non-attested implementations too.
Secure boot chains have some value and are worth having, but not when they don't let the user be in charge (or let the user delegate that to someone else) and when they prioritize the security of "apps" rather than users. The ability for us as users to lie to the apps is actually essential to preserving our agency. Without that we're screwed, as now to connect ourselves to the fabric of the society we'll need to find and exploit vulnerabilities that are going to be patched as soon as they become public.
The same freedom is being abused by malicious actors. Even on Windows (like BlackLotus), but also on pre-infected phones emptying people's bank accounts. This is an incredibly unfortunate outcome, but what's the solution?
I see no other potential outcome than that free computing and trusted computing are going to be totally separate. Possibly even on the same device, but not in a way that lets anyone tamper with it.
Most importantly - it's the user who needs to know whether their system has been tampered with, not apps.
Some countries do :) Though I think physical analogies are misleading in a lot of ways here.
> Systems can be secure and trusted by the user without having to cede control, and some risks are just not worth eliminating.
Secure, yes, trustworthy to a random developer looking at your device, no. They're entirely separate concepts.
> Most importantly - it's the user who needs to know whether their system has been tampered with, not apps.
Expecting users to know things does a lot of heavy lifting here.
False analogy. You can’t have your kitchen knife exploited by a hacker team in North Korea, who shotgun attacks half of the public Internet infrastructure and uses the proceeds to fund the national nuclear program, can you? (I somewhat exaggerate, but you get the idea.)
> Systems can be secure and trusted by the user without having to cede control
In an ideal world where users have infinite information and infinite capability to process and internalize it to become an infosec expert, sure. I don’t know about you, but most of us don’t live in that world.
I agree it’s not perfect. Having to use liquid glass and being unable to install custom watch faces is ridiculous. There’s probably an opportunity for a hardened OS which can be trusted by interested parties to not be maliciously altered, and also not force so many constraints onto users like current walled gardens do. But a fully open OS, plus an ordinary user who has no time or willingness to casually become a tptacek on the side, in addition to completely unrelated full-time job that’s getting more competitive due to LLMs and whatnot, seems more like a disaster than utopia.
Isn’t the status quo, that you need to intentionally choose to allow this?
It's also really incredible how people can see "user being in control" and just immediately jump to "user having to be an infosec expert", as if one implied the other. You can't really discuss things in good faith in such climate :(
It's also ridiculous how it seems we've forgotten computers other than smartphones exist and that not everyone even has a smartphone, let alone with an Apple or Google account.
That's just not possible, or should the system be legally required to run on an Apple II?
If only currently popular platforms are to be supported, how could a new platform join them in the future if the use of existing ones is mandated by governments?
The viable solution for that is to provide a trusted hardware implementation that can be used with any computing platform that has a documented interface. It can't be a software-only implementation, basically.
Countries have centuries of experience providing attestation services through notaries. Germany is even infamous for requiring them for things that would sound ridiculous even in Brazil (both movie and country)
I can’t see why governments couldn’t incorporate this existing infrastructure into the digital world. Make them sell hardware ID wallets, enforce the real identity owner to be present to invalidate a previous ID or whatever, and add legal restrictions for the government not be able to alter these registries
You can give your physical cards to other people or give them access to your computers, too.
> Germany is a strict liability country, and you will be fined or imprisoned for anything that is done with your identity card that was cloned because your PC was infected by malware if you don't report it stolen.
I don't see an issue with this.
The technical solution is a hardware root of trust. This is typically a specially hardened chip in the device. A Trusted Platform Module (TPM).
Your Apple ][ does not have a TPM. It cannot run software that can assess it's identity in a trusted manner.
Yes and if you look back this is not new. Just look at the extraordinary restrictions that apply to:
- What houses you can build,
- What vehicle you can drive,
- What food you can grow and sell.
The result is real estate has become unaffordable for younger people, our car industry is being annihilated, and the agriculture sector hold by a string.
The digital realm enjoyed an unusual level freedom until now because the silent and boomer generations in charge in the EU understood nothing about it.
Now that the EU is getting involved in "computers" we are starting to understand why peasants have been protesting in Brussels and calling those people insane for decades.
Austria's courts also ruled ages ago that rooting your own device cannot be a legal reason for OEMs like Samsung to refuse warranty coverage, since you can run whatever software you want on hardware you bought.
Maybe your country sucks? Don't blame it on the EU.
While enjoying a high paying job in probably a still very unregulated domain (computers/internet related).
This is not about one country vs another.
The problem is you cannot have a society with everybody winning on both fronts unfortunately. You also need people making, cleaning stuff, growing food, cooking, etc. Not everybody can live in the capital with "very cheap all electric state-subsidized rental car" and Vienna is probably not food self sufficient...
No, but Austria is. And our farmers enjoy much support through subsidies - from the EU and our own budget - and social protections, often having better and cheaper health care than most other Austrians, since they are insured under their very own social insurance law (BSVG), contrary to other employees (ASVG) and self-employed (GSVG).
Farmers also enjoy very high levels of respect and appreciation here, even in Vienna.
> While enjoying a high paying job in probably a still very unregulated domain (computers/internet related).
Calling Information Technology an 'unregulated domain' in the EU when we're all busy implementing NIS2 regulation and preparing for the Cyber Resilience Act entering into force soon seems disingenuous.
Yes, thanks. This was my original point "the agriculture sector hold by a string". It is by design unsustainable and if you cut those "high levels of subsidies" it collapses.
> Calling Information Technology an 'unregulated domain' in the EU when we're all busy implementing NIS2 regulation and preparing for the Cyber Resilience Act entering into force soon seems disingenuous.
Yes this is why I said "still"
This is no different to subsidizing public transport, because having this infrastructure local and autonomous is just strategically important enough for the tax payer to finance it. Would you say that public transport in EU capitals is "holding on by a string"?
And here we can simply examine the tax structure and conclude that the problem isn't whether the country sucks, but whether the side you're on sucks.
After all, how can housing be affordable for ordinary workers if they have to subsidize from their own pocket free university, cheap housing, electric cars, high wages, and everything else for the privileged class?
> Maybe your country sucks?
And maybe your country sucks too. It is just North Korea is also the best country to live in (if you're Kim Jong Un).
The regulations sometimes feel like additional burden of the user, but not for the manufacturers (aside for the attestation logic); consider:
> (MEETS_STRONG_INTEGRITY requires a security patch in the last 12 months)
Think about how this essentially codifies planned obsolescence due to not forcing the manufacturers to maintain the devices for life.
Great, I can pay with a digital Euro, Wero or something else, without routing my payments via VISA. I just can't do it without an account with Apple or Google. I'm absolutely baffled by politicians, regulators, banks, merchants and implementors lack of ability to think more than one or two steps out.
Sure, the EU is forcing 3rd. party app store, but no one is using them, so no one is pushing apps to them, especially not governments, banks or payment services, they'll be the last to use them.
Wero however is currently only planned as an android/ios app period. There are rumors that a card will come but that's only rumors for now.
In your list of groups to be baffled about I would add journalists. You see many articles about Wero mentioning digital sovereignty, but have you seen any that criticize the required banking apps only being available in google's and apple's app stores?
Like every school shooting, every energy crisis brings opportunity to saturate the airwaves with shallow noise that gets people overly upset and they’ll ignore everything else.
Every player on both sides is abusing this mechanic for all eternity.
At least their version has an obvious solution: Make electric cars and solar panels and then stop having oil problems.
EVs are just mechanically much simpler, with a shorter BOM that largely centers around Asian (particularly Chinese) battery, REE, and semiconductor supply chains, so hundreds of thousands of good jobs that supported Germany's industrial model are now economically obsolete.
What worries me is that it's a real global problem in all of our non-autocratic societies. On a positive note, I can see how this is actually becoming a common understanding and gaining traction, as hyped AI products are seen by some as 3rd-party- or SaaS-killers. It seems like we know how to differentiate between independence and dependence, and evaluate any risks affiliated with such a decision. But it baffles me that this differentiation manages to float as some ironic stream in our Zeitgeist, and just barely manages to be taken seriously.
Public debate and assessing politicians and parties would be so much cleaner then if they couldn't use polarizing issues to rally their support and do w/e they please on all other issues.
You are hoping "good minority" will get its way ahead of "evil majority" in indirect democracy but if anything I see the reverse happening in a lot of Western countries today.
So far the best modern improvement I’ve seen (and it could be further improved of course) is the increasing use of citizens assemblies.
https://en.wikipedia.org/wiki/Citizens%27_assembly
Taking speed limits and road safety in general as example I feel vocal minority of car enthusiasts are holding the silent majority hostage and that's the reason we don't have more sensible regulation in a lot of EU countries.
Although it is a more recent development since a certain billionaire (what else) took up politics as a side hustle.
You write it as if companies provided tons of help to parents and children. Meanwhile, they spend a lot of money to make it as hard as possible.
Second, kids in Germany have generally a lot more freedom and there is less of knee jerk impulse to blame parents for every accident. Expectation is that adults dont harm them without parents having perfect control every sevond.
Contrast that with chat control.
My government can read my WhatsApp messages? Not good!
What’s the non-technical narrative here?
Also, that same lifestyle is based on ignoring externalities applied to commons and/or events happening “somewhere else”, even when factually proven. Little wonder and tiny bit ironic that the same principle has embedded itself so deeply, that it holds true even when the damage is inward, just a few indirections away.
On your side, yes, I think that “people in Europe” intuitively understand that, it just needs time to blossom. The reputation/trust damage self inflicted by the current US administration is triggering a pushback that will expand into the future. As a point in case, it will lead to reconsidering assumptions on habits that many generations of US businesses and diplomats have built.
Many in this thread point at difference instances of services that should be decoupled. Connecting the dots, the larger picture looks painfully obvious to me: Silicon Valley never was a partner to be trusted, and certainly not after they built or bent every business to rely on an ad ecosystem that exploits users.
That original sin, on which a huge portion of Wall Street rests, is now at the center of discussions. Hence, the EU will build tools to address this because it has to, but consumers will flock to them especially from the US, since at this point no one can trust SV companies on data privacy (since Snowdens at least), no one can trust the US administration to protect citizens (since Trump at least), and about half of the US is scared about what’s going on deeply enough (the emotional push needed to break the habit). They will move their data it the EU (where else? China?).
This will be compounded by the fact that everyone tries to build better LLMs and to get AGI, while forgetting that LLMs work on data pipelines.
This barely even seems like the relevant part. If Google was founded in Japan and Apple in Brazil, it would still be foolish to entrench them as a dependency. It would barely even be better to do it with a local company.
> They will move their data it the EU (where else? China?).
This feels like hopium. Network effects are powerful and as long as the internet is actually global, there are really only two options: 1) Centralized megacorps, and then the US ones have both the US apparatus behind them and the incumbency advantage, or 2) open protocols where no corporation of any nation is a gatekeeper.
So for Europeans to get the hooks of the US incumbents out of them, their best chance by far is the second one, and that one is also mostly to the advantage of the Americans who aren't the existing incumbents, which is why it works. Start making phones with open hardware and social networks with open protocols and you can get people outside of your own country to use them because they don't much like the incumbents either, and that's how you reclaim the network effect. Try to clone the US megacorps without the US apparatus to get them established in other countries and they don't because they're wary of foreign central control, which in turn means you don't get the network effect and you lose.
But then it's not so much that data ends up in "the EU" as that it's on your own device and then backed up or distributed as encrypted chunks in a distributed network which isn't tied to any specific jurisdiction.
Open protocols are kind of thing techies do when in cooperative mode, when industry isn't looking. But this is not this kind of problem - this is an economic, geopolitical problem. It's not about your local school moving off Windows to Linux, it's about the European corporations moving off Azure to some other cloud solution offered by European corporations (do we even have any?).
I'll grant it, the turmoil of such transitions is a perfect moment for pushing for open protocols, federated solutions, etc. - the industry is distracted, there's more space to sneak in some good solution before everyone notices, and EU has cultural and political tradition of pushing towards FLOSS (even if largely just as an alternative to Microsoft) and associated values/memetic complex. But open anything won't save the day - more corporations will.
It's a blind spot for some software folks, because they forget that FLOSS is an exception here; everything else in the real world - including computing hardware and supporting power and network infrastructure - plays by rules of market economy, with proprietary solutions and clear structures of ownership.
It makes no sense to try and fight this here - but it does make sense to go along with the flow and improve things by pushing for more globally optimal solutions, especially that EU is known to be favorable to using openness in protocols and standards as a policy vehicle, both internally and externally.
Scaleway and OVH? Although I’m not sure how they compare at scale to AWS / Azure / GCP.
i am not advocating for a pure "open source will save the world" there are just a few points i'd like you to consider, and hopefully give me insights i can learn from
* other than code, open source has also given us governance "experiments" capable of running critical systems. As another poster was mentioning, the risk is to fallback on "big corps", usually run by "big man", and we are back to zero. The hope? expectations? is that the open source governance ecosystem has tackled this space in enough dimensions to be able to build something over this. I am looking specifically at the area around licenses (mariadb, redis, ...) and just overall governance frameworks, as in "deteach business ownership from ethical frameworks"
* in order to build anything this big/reliable, without megacorp budgets, you can just ... pay FLOSS? They are one of the 2 majorly screwed groups by the current SV setup (with PLENTY of cavaets,amongst them that SV is a huge open soure contributor) The other one being content creators. Slogan? "For this to succeed, you need the best coders and the best marketing departments in the world" Looks to me like incentives are aligned towards them being available. Talking broadly on a systemic level: details need refinement, and space beyond this single message.
* EU (the political instituion) desperately needs this. An innovative tech ecosystem (not startup, not product) driven by "european values" that puts them on the spot. Start with redefining it: there are no users, but citizens. Something effectively out-innovating SV, not just trying to get on par. The risk of "being bought out/copied" doesn't really apply, since (as I said in my original comment) the discriminator is existential: US companies cannot be trusted because they built the existing system. Any attempt to block this (stop users from getting their data back) is going to be challenged by the EU (GDPR violations cannot be brought to court by citizens, only by nation's data authorities, which means a citizen gets big guns and doesn't ned to pay). Also, go on and explain that to all you other (US and not) users.
* A EU cloud provider doesn't have to provide the same services an US provides. That would hardly be innovative. You also don't need to focus on corporations. Provide data storage for citizens, that will be the basis to build a privacy focus cloud, and then business might want that. There is a possible continuation into "advantages of storage&privacy based vs compute", that i skip.
But essentially, to me it seems that an open source, true, "give me back my data" business driven initiative has never been as actionable as now. I short, such a project can make 2 bold statements "We are more innovative than SV" "We have better freedoms than the US"
> But then it's not so much that data ends up in "the EU" as that it's on your own device and then backed up or distributed as encrypted chunks in a distributed network which isn't tied to any specific jurisdiction.
100% i launched into a long trajectory from the comment i was originally answering to, and stopped short
i think-of? dream-of? try-to-build? what you just said
my "in the EU" claim is mostly around legislation (EU art 8 vs US CLOUDS act vs vs China approach to citizen's data)
the legislation is there, since GDPR it's a matter of tools
since corps built tools, they "forgot" to add the third button on cookie banners: "give me back my data" ... (and fourth: "delete it") but the legal framework is there, as well as most of the tooling (google takeout, and so on from all other major players)
it's not that pipelines for moving data from US corps to inidividual do not exists, it's more that, up to now, whenever i was talking about "data rights" to people, even in tech, i got yawns back
now we have a "perfect storm": distrust towards US (administration, collpasing onto US businesses) + global uncertainty towards AI (where lots of people just perceive something happening but lack any tool that gives them control over it)
this is what i perceive as a tectonic shift that can be used innovatively, by EU businesses, hopefully leveraging open
for completeness, i have indeed wrapped "EU" as the spearhead for this, given the incentives to build it, but yes, central authority over this should live inside of each citizen nation framework (see, Japan and South Korea, both providing legal frameworks for data protection)
> Get banned from society for life
[1] Maybe with cash, for now, but cash is clearly not long for this world, and your bank account will be inaccessible already.
I don't think we can win this fight. Personally I tried to advocate against eIDAS in Austria and I've had negative success. After my warnings, people like it more.
"Oh, it's an EU thing? it must be good!".
But then again, maybe there is nothing that can be done. It boggles my mind that even on HN most people are defending this. It seems like freedom is a completely lost cause.
When you realize the tiny tiny percentage of people that have a phone that is not apple or google, you understand why few people are up in arms.
It simply doesn’t affect many people.
Whereas if the collar is touted as fashionable and the lock is hidden until it's engaged, now your problem is not that people don't care, it's that they don't know, which is different.
I’m just saying there are not many people impacted, so there are not going to be many people making noise.
People are simply too deep in the trenches of day to day to object to things that don’t impact them personally
The issue isn't the phone, it's that a __government__ is depending on an unregulated private enterprise.
What does this "crimes against currency" mean? I live in several countries at once with different currencies, and I never had a problem with this. And top of this, I travel a lot. I have accounts in 5 countries, in 6 currencies. Should I pay attention to something?
A: exclude these people from society or force them to switch to big tech, and
B: accept the consequence where a single other country holds access to everyone's identity information for convenience reasons (because it works for the 99% that are too tech-illiterate to install software that they control instead of the other way around)
Also the EU and all those states are also highly incompetent and pretty much only depends on low quality contractors. For example there is very little discussion and info about the fact that the EU digital infrastructure just got owned by what seems to be a random hacker group [0].
- [0] https://cyberalert.com.pl/articles/shinyhunters-eu-europa-br...
Parents can't control what their children are doing 24/7, and neither should they. But they should expect a society where children are protected from billion dollar corporations stealing their attention and radicalising them, at least until they are old enough to leave mandatory schooling.
There are many "real world" age restrictions that exist, and we have decided those are of benefit to society in general. The "online world" is no different.
If we can't have age restrictions online then they should just be abolished in the real world as well, in the name of preserving "privacy and freedom". The online world doesn't exist in isolation like it did in the 90s and 00s.
You're linking to a bugtracker. I doubt they're inviting people to spam it with duplicate entries — valid as I think the concern is. But maybe it says somewhere that you can leave feedback here and I just haven't seen it?
From their README:
> We are interested to receive feedback on all aspects described in the document. To provide feedback, please file an Issue on OpenCoDE.
https://gitlab.opencode.de/bmi/eudi-wallet/wallet-developmen...
This may not be unwelcome for authorities considering the recent extrajudicial “unpersoning” of many political enemies in the EU.
I don't think it's a bad idea though. If only for bringing the issue to the public
And while I do think an alternative would be good, the fact is that protecting the private key is the most important part (for example by keeping it on a smartcard with NFD) - hence why the need for a secure device
"but I want to install alternative Android etc etc" yes that's fine - but you know this is a non-secure-(enough) env.
I feel like this is getting to the point of gaslighting. Many of the allowed devices are bargain bin Android phones running out of date software with known vulnerabilities in both the operating system and the hardware which is supposed to be protecting the keys.
Meanwhile you could be using a hardware security module in a bank vault in a nuclear bunker surrounded by armed guards and the excuse would be that this "isn't secure" because it hasn't been approved by Google or Apple.
Governments shouldn't be requiring you to use any specific vendor or set of vendors. They should be publishing standards so that anyone who implements the standard can interact with the system.
Yeah you could, but most people won't
Should they allow for a yubikey on a non-google phone? Or your own private key? Yes they should. But then there's the issue of enrollment, etc.
When something is required by law, it needs to work for all people.
It also specifically needs to not entrench incumbents by impeding the ability of challengers that don't currently have market share from ever getting any.
> Should they allow for a yubikey on a non-google phone? Or your own private key? Yes they should. But then there's the issue of enrollment, etc.
There is no such issue because enrollment should be part of the standard so any device that implements the standard can be enrolled.
But then to save cost including the support cost banks stopped and instead started to require a non-rooted Android/iPhone.
But I think there are still cell operators without sim card
No I do not. It is plenty secure compared to a corporate version and nobody should be legally able to deny service over me having control over my own computer.
Needing the entire OS to be secure to protect a key is also a dumb idea in general.
This is the final step in the road to full remote attestation, thankfully PCs already come with Microsoft Pluton chips[1] to make it easier.
[1] https://learn.microsoft.com/en-us/windows/security/hardware-...
It is so clear how lobbyists operate here. I'd call it undermining national sovereignty.
If you don’t have an iPhone or an android, you can get a physical one time password device.
The MitID design is strange, but in this regard it is well done.
Gladly.
There was a time window 2 years ago where it appeared that I need an actual phone number to do my taxes, but even that was replaced with something more universal.
The point here is that Waymo requires either an Android account or an Apple account to log into their phone app. Lose that and you cannot take a Waymo. This may be worth a formal complaint to the California Public Utilities Commission, because Waymo is regulated as a common carrier.
California civil code section 2170:
"A common carrier must, if able to do so, accept and carry whatever is offered to him, at a reasonable time and place, of a kind that he undertakes or is accustomed to carry. A common carrier must not give preference in time, price, or otherwise, to one person over another."[1]
This is the core of what it is to be a common carrier. An airline can't require that you join their frequent flyer plan to fly.
[1] https://codes.findlaw.com/ca/civil-code/civ-sect-2169/
It is absolutely insane to put this amount of power in 2 foreign companies that will be able to destroy your life with zero reason, oversight, or due process.
Source: I have a banned Google account (it's over 20 years old at this point). I know the password, but Google doesn't let me log into it. Every few years I try to unsuccessfully recover it.
If you have a Google account and having it banned would be a problem for you here's my advice: migrate. Right now. You never know when one of their bots will deem you a persona non grata.
Another fun thing Google did is to automatically (without my consent) add a required second-factor authentication to my current Google account. I have this old, e-waste tier phone that I use mostly only as a glorified alarm clock, and at one point I used it to log into my current Google account.
Imagine my surprise when I tried to log in to my Google account from somewhere else, and it asked me for an authentication code from this phone. Again, I have never explicitly set it up as such - Google did this automatically! So if I were to lose this phone I'd be screwed yet again, with yet another inaccessible Google account that I will have no way of recovering.
At this point I don't depend on any Big Tech services; my Google account has nothing of value associated with it (only my YouTube subscription list, which is easy enough to backup and restore), and I pay for my own email on my own domain, etc. So if I get screwed over yet again by a big, soulless corporation that just sees me as a number on their bottom-line, well, I just won't care.
As long as the capital city is in Washington, this is normal.
Sorry if I’m misunderstanding something here
It seems to imply that the already existing way of authenticating via eID, which is the auth chip present on our ID cards, will still work, if I read it correctly? I understand OP's link to refer to a new, alternative system, that can be used without the ID card.
But take this with a grain of salt, I'm not very well informed about the whole topic.
Yeah, quite ahead in terms of making anonymous phone numbers illegal and requiring the government to know your phone number.
And if you don't want to use a smartphone, ID Austria does not work with regular FIDO security keys, you need special ones. Same for the old SmartCard system which didn't work without government-mandated malware.
Requiring citizens to have (buy) some device to simply prove they are who they are seems hostile and dystopian to me. Some say it’s the future; I’m not convinced.
However, if you were to allow me to use my pocket computer (and nothing else) to prove I am who I say I am, you would want to trust that I am not pretending to be somebody else after extracting private keys from their phone or whatnot. I.e., you would want to require some sort of trusted computing.
Currently, that seems to only be provided by closed ecosystem phones.
Even still, I think it’s a mistake to be rolling out eIDAS as a mobile app first. The specification allows for this to be a dedicated hardware key (maybe even something YubiKey-like, and the EU already requires all phone manufacturers to have USB-C), so why not start with that.
Actually, that is not what’s happening. Based on further research, the use of eIDAS is required to be left up to citizen’s decision.
Think of it this way: A physical ID (which is what we're trying to replace here) also has limitations, it looks a certain way, has a certain size, etc. Just because somebody wants a smaller ID or one with a larger font or a passport in a different colour or whatever, doesn't mean that this should be allowed or possible. Some limitations exist for a good reason
The world has gone absolutely mad, what the fuck am I even witnessing? It is quite literally becoming 1984 in front of my eyes, with people complying completely voluntarily and openly advocating for it, not even a threat of force to make it happen.
Demanding full control over something like an ID will fundamentally not happen. The same way you won't have full control over the way passports or paper bills are made.
Take for example the expectation that some poor fool's ID can't be cloned and reused by malicious actors - full control directly contradicts that. It will not and must not be possible.
If I am lashing out, it is because this is perhaps the most dangerous thing I've ever seen proposed, and it is deeply distressing how people are sleepwalking into it. To be honest, if I were German, I would probably just kill myself the day I was legally mandated by my government to register my identity with Google. That might sound hyperbolic, but I'm really not kidding. I have lived with privacy, anonymity, and freedom for all of my life. If the future of this world is one where the government and Google have complete control over every single thing you do, I'd rather die having lived a satisfying life than witness the horrors that are to come.
Proof: things mostly work now without all the surveillance state shenanigans.
More proof: humans have lived full and fulfilling lives without "proving identity or age or citizenship to someone hundreds of kilometers away"
It's important enough that people do so without any eID, using methods both more invasive and less reliable. Gas bills, document photos, having to take videos and pictures of yourself.
Humans have lived in caves and died of preventable diseases, it doesn't mean it's a better way of living.
This is honestly not a good argument - it makes you sound desperate and puts in doubt your mental stability. I don't think you actually have mental problems, I just mean this this kind of argument comes off bad.
Also nobody is forcing anyone to do anything. You don't have to own a digital ID. It just makes things easier, because you can sign things over the internet, or present your phone instead of your plastic ID. Both things already have alternatives (qualified signatures and regular physical ID), so no immediate harm is being done.
Don't get me wrong, I am personally anti bigtech, I try to degoogle as much as possible, and I find the thought of my government coercing me to use google/apple duopoly repulsive. I dislike that, but using phones (instead of for example dedicated hardware) IS pragmatic, and you are not forced to do anything.
Sent from my pixel phone.
> Sent from my pixel phone
This contradiction is not even funny. Sent from my Librem 5.
For now. In 5 years you will, there is not one doubt in my mind about that. We've been on a slippery slope for (at least) 40 years straight, every year is a loss of privacy rights compared to the last, there is not a single year that reversed the trend, not a single year where we paused and stayed where we were. Once digital ID is implemented everywhere, alternatives will be quickly phased out. It's straight downhill as governments and corporations take more and more advantage of technology to build a degree of surveillance that even dystopian science fiction writers couldn't imagine.
The government, the corporations, the data brokers each individual corp sells your data to to compile a unified profile, and anyone the data brokers are willing to sell to have an unbelievable amount of information on the average citizen. They know where you live, where you are at all times, where you work, every website you visit, every Google search you've ever made, everything you purchase, all of your acquaintances, when and for how long you call those acquaintances, the full contents of any conversations you have with those acquaintances, your interests, your hobbies, your political beliefs.
I have thus far managed, I believe, to avoid the worst of the surveillance, with a tremendous amount of effort and the sacrifice of an unbelievable amount of personal convenience. But every year I find myself losing access to more and more things that I am unable to do without compromising my privacy. If it gets as far as government-mandated Google ID in my country, I think it's completely rational to kill oneself rather than live like cattle. If there were a resistance movement, I would participate in that instead, but this is happening completely voluntarily. You people want this. There is no resistance. Fine, you can have your dystopia. But there is no reason I need to be part of it, and I don't think it's a sign of mental illness to opt out. I don't much believe in living for the sake of living, you should live if it brings you happiness/satisfaction/whatever and don't if it doesn't.
Can you please elaborate on that record?
As to the well-established track record of doing evil... gestures broadly everything? Google in particular has built an empire on stripping away people's privacy, and they regularly ruin people's livelihood by eg. shutting down Youtube accounts incorrectly with automated systems and no way of ever reaching a human for support unless you're famous enough to make it a PR issue. Apple is the same, just recently with a thread on HN lamenting that Apple was destroying their business because they revoked their dev license, or in other words, a private company unilaterally revoked the ability of a business to create mobile software for billions of devices. And now we want to give them control over our IDs? ????????????????????????
Because how do you make sure it's the user who does those modifications, willingly and well-informed? That it's not a malicious actor, not an user getting socially engineered or phished? Incredibly difficult compared to the current alternative.
If it's not a software root of trust that provides an attestable environment like Android or iOS. It's going to be a hardware root of trust that provides an attestable hardware environment, like SGX. I can predict no other practical avenue taken. Unless the orangutan really forces a demonstration on how untrustworthy these environments can be and a lot of money and effort is spent.
But yeah, the user could have a choice to this extent.
It's ridiculous that you look at all of us being forced into a government-protected duopoly, and then say "Don't you dare force your decisions on us!" to anyone suggesting that this should not be the default. Rules for us, but not them.
Worse still, for new mainstream devices that are believed to be safe the state sponsored actors will likely operate unpublished exploits, and will exploit the misplaced faith people and judiciary will put in device attestation. I dont think the very likeable people who worked on Pegasus found themselves respectable jobs - they are likely still selling that sophisticated crap to all authoritarian regimes.
The whole point in reducing the blast radius is valid - by all means make this optional and allow the user to elect to tie their identity to the device. For everyone else, implement validation of actual transactions, not just user secrets and device secrets.
and therefore the app cannot give a reasonable guarantee that it is not running in an adversarial environment that actively tries to break the app's integrity. Thus, the app cannot be used as a verified ID with governmental level of trust.
Conveying authentic information across untrusted channels (your phone screen, say) has been a solved problem since asymmetric cryptography was invented back before I was born
Can you elaborate on what this means? Who is the adversary? What kind of 'integrity'? This sounds like the kind of vague language DRM uses to try to obscure the fact that it sees the users as the enemy. An XBox is 'compromised' when it obeys its owner, not Microsoft.
For most governments that is a very low bar.
This feels like laziness from German implementers, as they don't want to (quoting the spec literally) "implement a mechanism allowing the User to verify the authenticity of the Wallet Unit".
0: https://eudi.dev/latest/architecture-and-reference-framework...
1: https://eudi.dev/latest/architecture-and-reference-framework...
https://github.com/eu-digital-identity-wallet/eudi-app-andro...
Either the government secures internet payments themselves, which means spending now to do so, coming up with a plan, ... or they can have Apple/Google do it.
You can smell where this is going, no? This is how the EU is looking to make any kind of internet authentication go through them. By providing companies like telcos with an online identity that says "if a customer clicks 'buy' logged in through eIDAS and they don't pay, EU courts will if needed get the money from their homes, their mothers, sell their dog to make sure you get paid".
Then things like forcing kids off the internet, the always returning porn and copyright regulations rules and so on will follow.
1. Google and Apple have a much larger ecosystem and are entrenched in their OSes, which means that they have a much better picture of the user than any government app ever will. They also have surveillance mechanisms that government apps are unable or unwilling to implement. This helps detect and prevent fraud (fraud prevention is mostly just mass surveillance used for good).
2. The eIDAS standards enable anonymous assertions about your identity. This lets you prove your age to a website / app without revealing any other information. There needs to be a way to prevent you from generating millions of such assertions using one ID and giving them out online to anybody who wants them, verified or not. The way you do that is by limiting their generation to trusted hardware, using hardware attestation mechanisms. Google and Apple provide those.
3. Pure laziness. It's an issue that <1% of the population cares about (which is hard to notice if you're in the HN bubble). Almost nobody uses a modern, eIDAS capable smartphone without a Google or Apple account. They may have decided that the part of the population who cares about this just isn't worth pandering to (just like some government institutions may decide that vegans aren't a part of the population they're interested in pandering to).
There can be good reasons for a bad thing, and it's important to factor them in when having a discussion.
Anonymity isn’t anonymity if you can’t generate millions of them cheaply.
> We understand your concerns and truly appreciate your suggestions. As previously mentioned, this is not something that is enforced by the reference implementation — these are simply recommendations, not requirements, for any wallet implementer. That said, we recognize that this is a sensitive topic, and we may need to revisit it, even at the level of recommendations.
> The README files for both the iOS and Android Wallets have been updated to mention only OWASP MASVS compliance, without referencing any specific APIs.
I understand their position, but I also get the concern, especially around existing implementations like the Italian app. I think it's mostly that they have different priorities than ensuring that the reference implementation is a perfect guideline for member states.
This looks like a good vector for a European Citizen Initiative around removing all technological dependency on non-EU providers.
For 99% of smartphone users, you can't get apps onto their phones without Apple and Google signing the app and letting you into their store, and users can't install the app without an Apple/Google account.
Why remove a dependency on Google, when you'll still be 100% dependent on Google?
Anybody working on "Digital ID" has already made peace with the fact that it can be turned off overnight if Trump says so.
Yes not many use it but if you cut this path off then people will never get there.
Let's not act like things have always been this bad and thus we should just accept it as the norm, because they haven't, the noose is actively tightening as time goes on.
Plus, the net difference is that this gives Google and Apple the ability to kill the ability of individuals to make payments (and tax them) ... do you want that?
(And I would say, compared to having European banks tax them, the answer is not so obvious)
The real issue is, of course, that this moves the burden of keeping phones secure onto Google and Apple, who are very willing to take on that burden in trade for a percentage of all consumer payment traffic in Germany. It's yet another choice between "spend money now to build a government department to secure payments ... or have Apple/Google do that for you". And they're choosing to save a little bit of money in the short term in trade for what is effectively a new tax.
Sure, their researchers are great, but Google itself claims that several years old phones running Oreo are safe and secure. They also extended the time for vendors to bring patches to the new vulnerabilities, they themselves slowed down - compare timeframe between patches released by GrapheneOS and patches released by Google - the latest GOS release provides patches for vulnerabilities that will be fixed by Google in.... October 2026: https://grapheneos.org/releases#2026040300
I do get that that's not exactly impressive. It isn't.
It's not necessary to provide the functionality and enforces the dependency onto he potentially hostile actor (case in point: Microsoft disabling email account of Chief Prosecutor of ICC because US requested so).
It stifles innovation in the future and hurts GrapheneOS right now.
Let me turn the question back at you: why do you think adding unnecessary dependency is better than not adding it?
Does it serve users, governments, service?
Does it anything good for the interested parties or does it only serve Apple, Goggle and the US government?
Its the same as with bicycle paths. Initially - those make no sense, leading from nowhere to nowhere. Give it a few years, and a usable network emerges.
Right now there is serious money and brainpower being poured into sovereign cloud tech. Thanks to the gift of open source and standards, its actually not impossible to create modern systems with zero US dependency.
I fear, though, that as with everything else Microsoft Excel will be the hardest dependency to deal with.
These are expensive products, you need depth of expertise and experience to create a system that could compete with the likes of gmail and Microsoft and ... so it's not a wonder that this hasn't happened yet. But pretending like this can be a public service is foolish (too high stakes ~~if~~ when it gets hacked), and pretending like existing providers that offer identity and email are sufficient is equally foolish. Google and ms and apple etc all offer the basics for free, and this is necessary for mass adoption. It will be an expensive project. But necessary, if the eu wants strategic autonomy.
---
Oh and requiring a us based account is not even the most egregious part of this proposal, ffs
We're currently paying a small tax to the US for each card transaction we have.
A paper or certificate can prove an entity trusts your identity to be <firstname, lastname, etc...> but that shouldn't be your identity.
You just are. Not your google Id, not your Apple Id either of course.
Governments are lame.
>You just are/I just am
Is not an acceptable thing to say to a bar tender when being served an alcoholic drink when you're 22. You hand them government issued ID.
In 2019, the EU created an eIDAS compatible European Self-Sovereign Identity Framework (ESSIF).
How is the government lame, here? We've had the infrastructure for 7 years now.
If you have a FIDO device on your (physical) keyring or a keyboard with a smart card reader or some kind of NFC transceiver connected to your PC, the problem is technically solved - just not practically.
Adding to this: anyone older than 12 years old is required by law to have their government issued ID on them at all times when in public. If your ID is suddenly your smartphone, you're essentially required to have that on you 24/7. Dystopian spyware.
Tragedy of the commons, nobody seems to have bothered to work on it. It's not like Chromium or Firefox wouldn't accept contributions.
Around a decade ago I was working at a company that used smartcard login for authenticating to internal sites. I've heard of many others doing the same. USB card reader worked fine in both IE and Firefox at the time, so I take your statement to mean that we've somehow regressed since then (not surprising) or this was an isolated instance of success (less likely, considering the US government also uses this: https://en.wikipedia.org/wiki/Common_Access_Card).
> MEETS_STRONG_INTEGRITY also includes the requirement that the device has received a security patch _within the last 12 months_
Good luck with that.
Please prove me wrong, I genuinely want to understand the implication of the linked document.
The initial limitation to Google/Android is not great, we know that, and we have support for other OSs on our list (like, e.g., GrapheneOS). It is simply a matter of where we focus our energy at the moment, not that we don't see the issues.
As a separate device, it should be offline always IMO, and perhaps the size of a passkey. Or one of those banking devices with a display that show an authenticated text saying what you are confirming.
....wow, that would be reinventing the existing model of the leading ID cards....
Crazy if you think about it :)
Private smartphones are excluded already.
Companies and providers (like banks) have to support it, but use is voluntary.
Check out the spec and legal framework, it actually makes sense and is open to different implementations, though you might need to certify it.
Kinda like the discrimination DB does for people using paper tickets vs those using the DB Navigator app.
And personally as a software developer myself i know that nothing is more permanent than a temporary solution. No one will prioritize or give budget to change it later "because it works"
Let me get this straight: you can be a defender of human rights, aligned with the country you live in, but if you fall in disgrace with the American government, _you can't even do transactions with your own country_.
So this is fundamentally flawed, and violates the fundamental rights of German citizens in Germany.
[1] https://www.lbc.co.uk/article/british-icc-chief-prosecutor-l...
Imagine cheering for the company that will block the criminal prosecutors investigating war crimes and genocide from having the ID at all(1) once the supporter of the investigated sanctions the law-abiding persons: https://www.whitehouse.gov/presidential-actions/2025/02/impo...
But anyway - why the requirement in the first place?
(1) because sanctioned person must not be allowed to create another account.
Provided you know the secret key to a government-issued certificate. Making it impossible to copy said certificate is not really a requirement for identity verification.
I think we need some fingerpointing that EU officials strive to avoid.
Authorities/anyone could verify that it's not counterfeit. And photo should be checked anyways to match the person.
So I also don't see the need for attestation. For ID check it should be ok without. For signing stuff ofc it is not resistant to copying. But EID smartcard function already exists.
Rooted, wildly insecure devices can pass the attestation easily: https://magisk.dev/modules/play-integrity-fix-inject/
Safe, updated devices cannot unless they permit Google to run their surveillance services in the privileged, unconstrained mode.
While it's dramatically worse than devices Google refuses to certify (ie these not running their spyware as privileged services).
What is your fallback for such an important vital service?
Edit: but as pointed out elsewhere in the thread, Play Integrity is not the only way to do hardware attestation on Android. GrapheneOS devs have a guide: https://grapheneos.org/articles/attestation-compatibility-gu...
So avoiding proprietary Google stuff altogether is possible and we should encourage it.
Banks are giving out QR Tan. Optical TAN devices which work with credit cards and it has been going pretty well. Why can eiDAS not have something similar. Distribute hardware tokens. Get rid of dependency on any OS.
The issue then becomes the UI/UX. If the legal mandate is not strong enough the solution will not gain enough ground. You can see this if you start comparing those countries with an eID rolled out.
https://grapheneos.org/articles/attestation-compatibility-gu...
I know someone who happily codes "verifiable credentials" in Elixir, disregarding all externalities.
> We have to use some kind of attestation mechanism per the eIDAS implementing acts.
What does this attestation need to prove? Is this only about ensuring that private keys are managed by a secure enclave or a TPM?
> we have support for other OSs on our list (like, e.g., GrapheneOS)
I appreciate that, even though I am really not enthusiastic of eIDAS. But time will tell. Thank you.
Concerning secure enclave - what other device except iphones and Pixels have it actually safe?
It's hard for me to assess the effort needed here, but I guess that the GrapheneOS implementation will be 99% like the regular Android implementation. Supporting both systems does not seem to be that unrealistic.
And a suggestion: add external HSM support at least? (e.g. things like NitroKey/YubiKey)
[1]: https://eudi.dev/latest/architecture-and-reference-framework... I suppose?
> a local internal WSCD, which is a component within the User device, such as a SIM, e-SIM, or embedded Secure Element,
So you could issue SIM-cards / eSIM profiles that only do signatures and nothing else. The app then connects to such eSIM (and you keep your main SIM/eSIM in another slot).
The less stupid variant is, of course, to get mobile operators to issue SIM cards with e-sign capabilities. Estonia has that, for example: https://www.id.ee/en/mobile-id/
It works great. Just keep in mind that newer phones are starting to deprecate physical SIM slots. At the same time certifying eSIM implementations to the same EAL level is an absolutely crazy task.
They can be trivially rooted, then they spoof the signature and get a pass in Integrity while being wide open for malware (or cooying the ID, ID presume).
Cost saving measures.
Its funny to see that I can access the bank account through FaceID but to actually make a payment I need to use an SMS code.
Do you realize where this path is going?
Certain European governments would have greatly benefited from KYC/attestation in the late 1930s had it existed.
Personally I recently switched from an AOSP based android without Google Play to Ubuntu Touch. In the future with better hardware support I will probably switch to postmarketOS.
The usual 80/20 rule applies here as well.
And if you really are a German citizen, you know how slow the wheels of government already turn in Germany, I assume next week you would be the one complaining that "Germany is so far behind" and that "other countries are so much faster at implementing stuff" :)
Can't buy any single fare public transport tickets online here in Stuttgart? Sure, I'll use the DeutschlandTicket NFC card. Can't view the EPA? Fine then I don't. Can't pay with Wero? Fine, I don't actually need to use shops that don't offer SEPA Vorkasse or Lastschrift (only without a dodgy "identity verification" fintech startup of course.
No one wants support for toasters and washing machines. We're talking general purpose compute hardware. TCP is also supported on all these devices. Quite frankly, it's probably easier to implement, if you are not fighting a locked-down OS like iOS.
Why device attestation is required is quite well explained by this github comment [0]. I am in the industry and I agree fully with it, because it is a fact a problem for most smart phone users in terms of security.
0 - https://github.com/eu-digital-identity-wallet/eudi-app-andro...
I'm not going to replace my 1200 EUR smartphone with a device that forces me to have an account with Apple or Google. I've been issued a German identity card, which is its own computer that includes a digital identity already. I also own an expensive card reader, which together forms a system that is completely capable of supporting any attestation anyone would need. They should just stop excluding me already.
Well, in all seriousness what examples could you give me here in terms of device hardware attestation? Even GrapheneOS does use Google root certificates to attest your device. There is indeed an option for EUDI to keep a list of keys and I bet this is probably the way they are going to go for Android in the future. We shouldn't forget this is still in the planing phase.
> to have an account with Apple or Google.
True for Google, not true for Apple. Device attestation on iOS does not require you to have an iCloud account or sign into some Apple services. It works entirely using device hardware ids.
> I also own an expensive card reader, which together forms a system that is completely capable of supporting any attestation anyone would need.
Nope. This is eID and verifies your identity, it does not attest the security of your hardware. These are two different problems we talk about here.
My Librem 5 runs an FSF-endorsed OS and has a smartcard.
> True for Google, not true for Apple. Device attestation on iOS does not require you to have an iCloud account or sign into some Apple services.
This is extremely misleading. Even if true, you must have an account in order to install any app on an iPhone.
Ok, so how does that help with device attestation? If I am an app developer how does it tell me that your OS has not been tempered with or actually that my app has not been tempered with? Are there any cryptographic keys stored in a secure place on the device that the Librem vendor can verify?
> This is extremely misleading.
But it's not. It's an architectural difference between how Google and Apple implemented attestation. Apple stores the generated keys in a secure part on your device and certifies them. The rest is your job as an app developer. And as a user, you do not have your iCloud or iTunes account used for device attestation. In contrast Google and its Play services are an integral part of the attestation workflow.
For Apple it's evident from their docs. As a side note: I do try to learn more about this, because of an incoming project concerning it.
> You can’t rely on your app’s logic to perform security checks on itself because a compromised app can falsify the results. Instead, you use the shared instance of the DCAppAttestService class in your app to create a hardware-based, cryptographic key that uses Apple servers to certify that the key belongs to a valid instance of your app. Then you use the service to cryptographically sign server requests using the certified key. Your app uses these measures to assert its legitimacy with any server requests for sensitive or premium content.
Source: https://developer.apple.com/documentation/devicecheck/establ...
This is not your business to verify and control what can run on my phone. I can do it with my smart card, which securely stores cryptographic keys.
> And as a user, you do not have your iCloud or iTunes account used for device attestation.
It does not matter. An account is necessary to make the phone usable at all. The attestation is useless on a phone that can't install apps.
The reader and its firmware is already certified by the federal IT security agency BSI for use with eID and banking. Why shouldn’t I be allowed to use that for whatever digital identity wallet thing the EU is cooking up?
Then keep using it, instead of the not-mandatory app?
> I also own an expensive card reader, which together forms a system that is completely capable of supporting any attestation anyone would need.
Sure. In the mean time, do we tell the other few dozen millions that don't have an expensive card reader to go fuck themselves, or can we get to work on a solution that, even if not ideal, makes their lives easier?
> They should just stop excluding me already.
They aren't. You said it yourself, your ID is in your pocket.
Yes of course. That is one of it’s fundamental issues.
It's a pragmatic, profit-oriented point of view, but not one that makes sense when your mission is to be inclusive of everyone.
https://en.wikipedia.org/wiki/Dehomag#Holocaust
Simply put: this will never happen. Way too many devices implementations to make this a reality.
If your answer is "none", you missed the point.
Configure your phone however you want, then use your physical ID because your phone isn't supported. They're not taking it away. In the same way that you can file your taxes. Having an online filing service doesn't mean you're being "excluded" because your i386 running BeOS isn't part of the supported hardware. Send a letter. It'll still work.
If you were averse to carrots (without any health restrictions on eating them), would every government institution in Germany be required to serve you carrot-free food?
If not, why should they be forced to accommodate every smartphone brand in existence, even if there's only 3 people in Germany using it? THe list has to end somewhere.
Can't speak for Germany, but they do in the UK. It would be illegal discrimination against a belief for them not to.
UK law protects some philosophical beliefs equally to religions. (what qualifies is a bit of a mess as it's all case law)
(On a practical note, I imagine it's easier for hospitals to just serve vegan food for anyone who is vegetarian/Muslim/Jewish rather than have specific kosher/halal meals)
For it to be fair comparison, the carrots would have to be grown by a foreign company, known for using unsafe growing practices, causing contamination. Eg, poison carrots. This same company would have to be under the control of a very hostile, very actively aggressive and threatening nation.
Such as one currently threatening to annex allies, among other things.
With the US literally tapping and spying on heads of foreign states:
https://en.wikipedia.org/wiki/German_Parliamentary_Committee...
and there being lots of ways to spy, such as push notifications:
https://www.reuters.com/technology/cybersecurity/governments...
Only insane people would objectively decide to use Google or Apple anything for any form of ID. Those platforms should literally be outlawed. Any use of push notifications or identity attention should be looked at as utter fantasy.
Here's a secret for you. There really isn't any urgent requirement to have an electronic identification method. It can wait. Supporting legislation can be passed first. There are lots of ways to do so.
For example, the entire EU could pass legislation stating that all cell phones have open source code available, including all binary blobs for drivers. And that all phones are unlockable, and that (for example) the phone has a version of the rom you can download without any Google services.
(If Apple isn't able to compete here, well... too bad)
The phones would not be legal to sell, unless the open source firmware was compiled in front of regulators. The point of this is another pet-peeve of mine, it would allow people to support their own phones, for that source code would be released the day that phone was no longer supported.
And yes, it's trivial to have open source firmware blobs. There just isn't a market for it. Pass a law, and sellers of SoC and other ICs will capitulate, or maybe more punitive laws will be passed against them. As someone once said, yes companies can have a lot of sway.
But governments have police, courts, and armies.
Right now, Android and Apple devices are a literal arm of the US government's spying apparatus, even if those two companies actively work against it.
Do not trust Google Play. Do not trust Firebase. Do not trust Google. At all.
Are Germans just too trusting? I remember 15 years ago, when nuclear power plants were closing, concerns were raised about the reliance on Russian natural gas. These were waved away. Russia? What's wrong with Russia! They're almost allies, they're capitalists now!
Don't do this again.
Do NOT trust Google. Don't. Don't make it a core part of any identity management.
Imagine, needing an active Google account to even bank! Or to file your taxes, or even to prove who you are!? Google cancels accounts with no recourse, no reason why, won't help anyone, and this is to be the core of identity management for Germany?
The average person won't even be able to install any German Government designed apps, unless they are on the Play store! Are you going to teach Grandma how to use ADB to install an app? Without an active Google Account, will you even be able to use push notifications?
Why would a government even allow ID to be blocked by the requirement that a company with terrible, horrible, inane customer service, which just kills accounts without recourse, be a gatekeeper?
No Google account, no ID! Wha!?
It's literally not sane.
Germany at least seems to feel international war is only a few steps away and from how militant the Chinese and Russians have been treating their “territory” I am not sure it is a bad call.
America has likewise turned bad preferring violence over dialogue and loves tracking “hostile influences on the American way of life”. Those influences being anyone who would call out the toxic culprits making America into a cesspit.
Tying to Apple and Google? It is a terrible idea. Both are prone to freeze devices for financial or social issues.
However, a fix I would accept is to force the device makers to support multiple accounts out of box on every device to keep separate what the corporations have proven time and again they cannot be trusted to combine. Also for those companies to be forced to make a cheap credit card sized device which must be held to power on for the few that truly hate the ecosystems.
I don't understand why this is not the default to be honest, and why people are not advocating for that
What's wrong with ID cards and cash?
But to answer the question in a real way: Veganism is often regarded as just a dietary choice like any other, when in reality courts in several countries have more or less agreed to classify it as a matter of conscience, which would give adherents some right to it. Though it seems German courts have been reluctant to draw much legal consequence from it - so far at least.
So in that sense, I don't think people have been talking about digital sovereignty and abstaining from proprietary software under another country's jurisdiction much as a matter of conscience yet. We can thank Trump that it might actually become a thing though.
Sufficiently detailed telemetry is indistinguishable from surveillance because even if the goal isn't to target you right now, they will still have the secondary option of going back and inspecting all that data you sent them if they ever are interested in you. Another secondary use of telemetry is selling it to someone else to squeeze out a bit more money. There's no downside to doing this, so any business that collects a lot of varied telemetry and likes making money might as well do it. And once the data is in the hands of adtech businesses, it becomes a whole lot more like tracking you personally than just collecting some data for development. In Google's case, you don't even need to hand it over to anyone else, everything stays in-house.
I heavily doubt that.
Using smartphones with such a setup should not become required by a European government on a fundamental level.
You are copy pasting a “correct” argument against eu bureaucracy in the absolute wrong space
This is an understatement. Better phrasing would be "when it allows two unaccountable foreign companies to lock citizens out of the digital market".
There are plenty of horror stories of tech giants frivolously banning people. We shouldn't be adding state support to that. I don't want to lose access to digital banking because of some deliberately vague "community guidelines" violation, or because I got mass-reported to some "e-safety" provider that both Apple and Google outsource to.
Sibling comments see this as a good solution, just not a perfect one. I see it as making a bad problem worse.
The limited selection of attestation providers can be criticized for many other reasons, though.
Such public utilities ought to always prioritize privacy, platform-independence, and empowering market competion long- and short-term. And to achieve that you need to start at the design level.
In this case, clearly, you either have to avoid relying on app attestation or lay the foundation for an unrestricted number of independent chain of trust frameworks.
The latter, of course, is a policy-level issue, but the ones responsible for the design and development are the ones who need to pass such concerns up the chain.
If you want to be critical of the outcome on compatibility grounds, forcing a grind to increase technical compatibility is the wrong thing to ask for. That must necessarily always leave some people behind. The only honest alternative positions on that front are (a) the government issues the tech to everybody itself or (b) the government doesn't build advanced systems at all.
The German government offices rely on a lot of quaint-looking paper based processes, but they have one thing going for them: working through them can be done with pen and paper - tools that are available for cheap and broadly compatible. It's probably not such a bad thing after all?
You chose to use a non mainstream platform. Thats on you.
You can even run it on OpenBSD or TempleOS if you want to.
For those that do not know, that is the only way to get the Google account back is to use a hardware 2FA in the first place....
AND yubikeys are $60 per yubikey...and generally you want 2 including a backup
This is simply unconstitutional and should be escalated ASAP if you don't want to end it before the appropriate court in Leipzig, Karlsruhe, or maybe Luxembourg.
Or to put it another way, is a smartphone required? If not, that would already clear up a lot of issues, I think.
EDIT: Whoops, just saw the answer to another comment asking precisely this. So it's not a requirement. Good. Is there a legal framework that ensures that this remains the case? Otherwise, I fear it will become a de facto requirement over time.
If you read French:
* https://www.plus.transformation.gouv.fr/experiences/4531155_...
* https://linuxfr.org/users/jch-2/journaux/l-identite-numeriqu...
I'm also thinking of keeping an android phone purely for auth purposes, separate from my main one. The world's most overengineered (and probably also less safe) Yubikey.
> If you read French
Let's see how far my five years of French at school will get me. I'm not getting my hopes up ;)
If this is your plan, please go back to the drawing board.
https://www.heise.de/en/news/Paying-without-Google-New-conso...
Especially considering that mobile-ID has been around since 2007.
Plus, the process is something like:
- we want to do $something
- hire consultants to help us define $something and produce a document
- hire other consultants to write the specs for the project
- launch an RFP
- select a winner
- wait for the implementation to finish
All the proposed solutions will be something paid, ideally made by a really large company to lend it credibility, and with maintenance costs that justify hiring dedicated people for it.
In the end no one gets what they want.
You think if there was any will wouldn’t the whole EU use whatever the Estonians are doing very well?
Yes.
> You think if there was any will wouldn’t the whole EU use whatever the Estonians are doing very well?
Using the Estonian system would be vastly preferable.
If politics doesn’t allow that, the political environment is broken.
Instead they could have mandated the use of eIDAS 1 to all countries + extend it with attribute/credential support, and let countries choose their implementation (cards, SIM, server-side).
Instead we’re back to the drawing board with the big shortcomings highlighted in this thread.
Smart-ID sucks. It's not truly hardware-backed, it's proprietary and has fundamental flaws like not having a direct link between the site being authenticated to and the authenticating device (auth can be proxied, just like if it were just plain TOTP).
SIM-based solutions on their way out is a non-issue. For eSIM to support that use case, political will only is needed: the EU got Apple to abandon the lightning cable, this is not any different.
Fundamentally can't be, it'd be a whole new solution.
> For eSIM to support that use case, political will only is needed: the EU got Apple to abandon the lightning cable, this is not any different.
Mandate every phone vendor to EAL4(+) certify their eSIMs? I'd love to see that, but I'm not sure that's a viable approach to take.
The device chain is a classic misdirection, it seems everyone here is just following Meta’s lobbying to put this into the OS.
Even the carrier layer would be better than the mobile device layer.
Or, you know, just look at Singapore’s or Swiss National SSO - it functions on an app that layer just fine, no issues
See https://github.com/eu-digital-identity-wallet/eudi-app-andro...
Nice... so the rush is to delegate power to the large American platform?
Sounds like these "eIDAS implementing acts" are the problem, and were influenced by ulterior motives.
It’s also illegal on both accessibility grounds as well as violating the eIDAS spirit of no dependency on specific providers.
By shrugging it off as “not great”, you’re also dooming every citizen to have to comply with whatever whimsical terms of service Google and Apple have.
Have you ever tried to unban your Apple/Google account? So in effect, everyone’s access to eID services will depend on some crappy automation some intern in California setup to detect “abuse” or whatever.
There are technical solutions to avoid this dependency and you’re probably getting paid to find, research and adopt them. So … do your job?
You should be ashamed of being involved in this monopoly handover to American big tech.
Yes, I assume malicious intent, sorry, seen this happen enough tines recently.
[1] https://uattest.net/
GrapheneOS uses standard Android APIs for hardware attestation (as opposed to Google-specific ones), so why don't you just use those from the get-go?
Excellent. Massive respect to you for doing this. This attestation business is an existential threat to "other" operating systems. I'm glad to see people are putting effort into supporting them.
Translates to:
"We have to make sure citized accessing the public service have not control over the device per the eIDAS implementing acts"
There is a mixure of incompetence and big tech aggressive lobbying on gov 'standards' all over EU... making anything internet hard locked on big tech ultra-massively complex software, protocols and file formats.
In my country, it is the web: classic web support interop was actually killed 10 years ago. Now, only web apps requiring one of the gigantic and ultra complex web engines from the WHATNG cartel are working. No more "small' web engines (including their SDK) does work, and it did close the door for good to anything 'not big tech' (here the WHATNG cartel), what a bummer, oopsie!
In means in my country, to interact with the gov agencies and dependencies, you are now FORCED BY LAW to use only WHATNG cartel web engines. Wow, corruption (there is big public money there)? brain washing grade lobbying (what seems to be the case)? incompetence (always expected on complex matters)?
To add insult to injury, in my country, the ONLY person who have the power to fix that is the prime minister (then also the president). Oooof!
Of course, very simple classic web sites do work on 'smart phones' (apple did threaten to remove its browser... we know why: to force a technical hard dependency on them since they have a significant amount of the "market").
We all know their weak spot: a simple and stable in time, "good enough" to do the job, set of existing protocols/file formats (to protect the SDKs, I would include the computer languages, for instance excluding c++ and similar for plain and simple C and assembly to protect against the obviously ultra-complex SDK components): it will reduce dramatically the complexity and size of any current and future, local, implementations.
What's seems to be happening when I look at that: some people all over EU countries are trying to fight their way out of big tech because of gov officials probably being brain washed by lobbying (do not exclude the possibility of "corruption" and there is always some level) of incompetence which is expected).
Since it is happening in France and Germany, core of the EU...
Now what?
What I don't understand is: ELSTER (taxes) already uses electronic signatures, don't these signature already fulfil the requirements of eIDAS? Why do we even need Google/Apple?
Fascism is the reality.
And its global.
Global fascism is what is already the case.
So one may argue that the implementers are only taking the pragmatic approach regarding something that is out of their hands.
I don't know what the eIDAS 2.0 requires in term of security but it may make the choice the implementers made here unavoidable in practice, as hinted by @webhamster.
If so, it seems that a solution, if technically possible, might be to mandate that OSes provide the required security features without tie-in.
The outrage in the comments feels a bit like people yelling at clouds...
Now, "other" than Apple/Android is so small as to be negligible and governments also have a duty not to waste taxpayers' money, which means not spending hundreds of thousands to cater for an ultra small number of people who have an easy access to an alternative.
To have government apps work only on iOS and Android is perfectly reasonable in the current state of the world where this covers 99% of smartphones.
the fundamental flaw with that approach is that it is totally unreasonable to have government apps in anything other than open source and fully public systems. nothing else can really be trusted, and any private/closed source option should be disqualified from the get go.
the reason is simple: you can't trust private entities or opaque systems, and you can't trust government either, thus the solution has to be fully transparent or you're doing nothing.
the problem with that is that it is hard, expensive and/or inconvenient.
So you're claiming that Mobian doesn't exist? PureOS doesn't exist? PostmarketOS doesn't exist? Ubuntu Touch doesn't exist? SailfishOS doesn't exist?
If it's not possible to create such a system for mobile phones because of legal issues (as you seem to acknowledge and judges have found in the past), then the focus would have to be on creating hardware devices in the EU, ideally with open source hardware and software. These can be made reasonably secure, have been used by banks for a long time, and would enhance digital sovereignty.
What I find unacceptable is the attitude "well, it will violate the law but as a matter of practicality it's the only choice we have right now so we'll just do it."
I don't disagree. I am just pointing out that this is wishful thinking right now.
As said, Europe has zero footprint in hardware or software so the choice is either not to develop any digital services or to accept that they will run of foreign hardware/software because everything is either Android or Apple and runs on hardware that is from US/Taiwan/China.
Developping honegrown alternives is pie in the sky or a 20 year project if we are optimistic (which I am not)...
Frankly, many comments, and the reactions to mine, show how out of touch and idealistic or naive the HN crowd can be.
Also you weirdly forget all the Chinese phones. There's also some tiny European brand which will have absolutely no way to limit their users dependency on the famously hostile and unconctactable provider.
Either governments can develop (and pay for) THAT technology, or they can use Apple/Google ...
The scenario it would prevent is that a government gets a filled in form with someone requesting unemployment benefits, or reimbursement for a medical procedure on account X ... and then government finds out after payment, later, in court, that the owner of the phone never agreed to it and it needs to pay it out again (because the claim, true or not, that a scammer initiated the payment agreement in some way rather than the owner). Same for business and agreeing to a loan and ...
It is NOT to protect you, the owner of the phone, against scammers (it does not really do that at all), it is to protect companies and especially governments AGAINST the owner of the phone. It is a way to fire most EU government employees by allowing automation that currently can't work because you can't legally trust phone and internet automation to be binding in court.
So they're just going to use the Apple/Google standards and declare the job done. So it's theater from all sides. Politicians will pretend this is a good solution because they don't want to spend real money, and they really want to tempt EU kids to get loans on their smartphones because, you know, in the EU you're protected from companies exploiting you. Of course, that just means governments will have to do it instead.
Government software is usually low-quality, expensive procurement crap, often riddled with security holes, and an exercise in checkbox checking. UX and user friction can't be expressed as a verifiable clause in a procurement contract, so they're ignored.
Besides, every time EU governments tried to force smartphone manufacturers to pre-install government apps, the population freaked out over (unwarranted) surveillance concerns. This isn't something you can do without pre-installing apps (you don't want these APIs opened up because then attestation loses all meaning).
Not necessarily the company that locks out entire family because one of the family member jacked off on the chat with Gemini model.
I mean you could use Huawei and others, but the FUD campaigns against chinese manufacturers was pretty agressive in the EU.
Sometimes I wish the Germans had an island of their own somewhere up north near the american continent.
BUT government do not want sovereignty more than they want snoop on citizens.
Because you'll be stonewalled by devs because they can't really changer decisions made bu higher ups.
Edit: I'd sign it, but don't want manage and diffuse it.
Does this lock Germans out of society if they dont buy American tech?
https://en.wikipedia.org/wiki/Edward_Snowden#Revelations
The existence of eIDAS itself is already a big problem. They're going to try to gradually push laws to make it so that you'll need a government issued signature to do anything. That's when they'll have total power over you because they can simply refuse to issue.
Modern computing and communications technologies can be leveraged to build infinitely stable authoritarian regimes. It's even possible for democracies to stumble into it on their own as they attempt to regulate these new technologies. In hindsight, the Internet was built wrong. It has a top-down structure which all of human civilization is beginning to mirror.
And in the EU it's already nearly the case. The dystopian horror that KYC/AML has become for honest citizens is beyond belief. And they're of course hiding behind the excuse that "bad guys are laundering money": but going after actual drug dealers, of course they're not doing that. We now have articles wondering if Belgium (where most of the EU institutions do live and where all these totalitarian laws are passed) has become a "narco-state" (where criminals make the rules).
People's life can be ruined when some employee, somewhere, decides he wants to bumps his SAR quota (Suspicious Activity Report): you can have a real-estate transaction fail (and have hence moreover to pay a 10% penalty to the other party) if either a notary, bank employee, real-estate agency employee decided that they've got the nostalgy of the Gestapo-time and decided to act like a good little nazi (yes, Godwin's law: for we're literally talking about totalitarism).
I recently had an notary's employee bother my brother for the source of funds when he bought an apartment... A quarter of a century ago. A quarter of a century ago and he was talking to my brother as if he was a criminal for he didn't have access anymore to the bank wire transfer from 25+ years ago. It's crazy for the exact same controls had already been done 25+ years ago when he bought the apartment. And the notary's employee fully knows that. (regarding that case my brother is currently looking into the national federation of notaries and he's going to file a complaint: he's got emails from that notary's employee that are totally out of line).
The problem is way too much power over the lives of others is put into the hands of petty people: petty bank employees, petty notary employees, petty public servants. The same kind of people who were all too happy to out jews during WWII and who were making sure trains would leave on time.
I previously had a folder where every single money transfer of more than 10 K EUR was saved: I know do it for every transfer below 5 K EUR. And these are to be kept forever for I know that me or my wife or my daughter shall invariably meet motherfuckers asking them "proof of the source of funds from 30 years ago when your father bought that collectible car" (worth less than 20 K back then btw, but worth 6 digits now).
Just fuck these systems and fuck anyone working on it and fuck all the nazis participating in it.
The more this signature is necessary the harder it becomes to deny issueing it to somebody.
I don't see how this changes much compared to nowadays. You can already require an ID for all kinds of these and the government already has total control over those. So what changes? China manages to ruin the lives of the people illegally born under the 1-child-policy for decades already, all without systems like eIDAS.
You can't protect yourself from authoritarian regimes with tech or good policy since those will just get ignored. Look at Trumps war with Iran, where did Congress agree to it?
I'm not a fan of these systems either, I also think software should be open and no vendor lock-in should exist. But I don't think this will change much to be honest.
Right now, physical ID is only required for government services, for the most part. But digital signatures can be extended later to gate all services and purchases, both online and physical, including non-government ones. For example, you can't host a website without a gov approved signature for each website.
Under a system like that, you would rarely find out when the gov refuses to issue a signature, or when any kind of injustice happens, really. Websites where people can talk about bad things happening to them will simply be denied a signature to legally operate, so they're given the ultimatum to "voluntarily" censor posts, or be shut down. It becomes impossible to have this very conversation on a public platform with any kind of meaningful reach. And they already have this kind of system in China, since you brought it up. In fact, they have domestic surveillance systems that make the Snowden disclosures look cute.
GDPR good, but oh no... gotta spy on everyone now.