European digital ID wallets rely on safety services of Google and Apple

Posted by donohoe 8 hours ago

European digital ID wallets rely on safety services of Google and Apple(waag.org)

618 points | 266 commentspage 2

uyzstvqs 7 hours ago|

I really don't like how EUDI (OpenID4VP) works in the first place. IMO it should be scrapped and rebuilt from the ground up

It should be an open standard that's local first. Government issues certificate, user loads it into any supported client app on any platform (official, open-source, Google/Apple Wallet, etc). The user should then be able to selectively share data from the certificate with third-parties, directly between the client-app and the third-party, using an open standardized protocol/format. The important challenge is that we obviously shouldn't have to share the entire certificate (which would include all data in it), there shouldn't be a static subject pubkey which creates linkability between data-shares, and obviously we'd need privacy-focused data fields like {"isover18": true} in addition to full DoB.

c2bo 2 hours ago|

How exactly is OpenID4VP in your understanding different from what you describe?

peterspath 7 hours ago||

They should not make it mandatory for or expect people to have a smartphone.

sam_lowry_ 7 hours ago|

A few years ago as I was working for a local government, a similar discussion started, but quickly finished after the project owner valiantly displayed her dumbphone.

Only months later did I learn that her husband was investigated for misappropriation of funds, so keeping a minimal digital footprint was important for her.

Moral of the story: everyone has a smartphone.

TalkingCodeMonk 7 hours ago||

So, if the majority chose to get microchipped, you believe either we should force the minority to get microchipped against their will, or just exclude them from society?

"Your papers, please"

RyJones 5 hours ago||

help us help EU residents:

https://openwallet.foundation/

https://github.com/openwallet-foundation

https://github.com/openwallet-foundation-labs

vaylian 5 hours ago|

Can you elaborate?

RyJones 5 hours ago||

On the tech side, we are working closely with (for instance) Google: https://github.com/openwallet-foundation/multipaz-wallet

SPRIND: https://github.com/openwallet-foundation/eudiplo

Animo: https://github.com/openwallet-foundation-labs/mdoc-ts

and we do engage with NGOs and governments across the EU.

vaylian 1 hour ago||

Thank you for the expanded explanation. But it doesn't really explain how we should help and what you hope to achieve with our help. A bit more targeted information would be appreciated.

RobKohr 6 hours ago||

In the last 5 years so much of the legislative pressure is coming down to remove anonymous Internet access to save the children or protect us from some harm.

In the end it is all being used to track and control us.

"Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety." -Benjamin Franklin

Never truer words ever spoken. And yet we keep slipping down this slope again and again and again and it seems there is never a way to climb back out.

u1hcw9nx 6 hours ago||

This is only reflects their market share for now. The EU legally forbids member states from making a smartphone mandatory to access public services. The EU explicitly anticipated the danger of relying entirely on the iOS and Android and designed the EUDI Wallet framework to allow for other physical form factors. For example;

1. Smart Cards (The Current National ID)

2. Standalone Hardware Tokens & USB Keys

earth_tattoo 6 hours ago||

A little off topic, but does anybody else think that all these attacks on personal freedoms across the western world are very coordinated? Suddenly all countries are making social media ban under 16 laws. Same goes for centralized digital currency push.

antirez 6 hours ago||

Europeans do a lot of stupid things, but I believe in light of all the scandals we saw in recent times, you can't explain EU behavior and choices without accounting for corruption. EU division and different level among the different countries of wealth, integrity of political sphere, and different cultural biases make us the perfect target for bribes in order to control votes and choices. Not just promoted by external actors. The Chat Control is a great example: everybody understands how bad this is, the arguments are mostly a shield to avoid revealing the real agenda.

MyMemoryfails 3 hours ago||

Everytime EUID mentioned, people forget that EUID is not anonymous!

EUID has "provider/verifier" endpoint which communicates with your website to inform you are indeed 18+ age.

Link: https://github.com/eu-digital-identity-wallet/eudi-srv-verif...

The github page has graph how it works.

So Government can track your accounts via IP,Timestamps, Token (if website saves it).

Just incase you dont bother visiting the github page the simplified flow works like this:

1) You scan QR code 2) Verification 3) Provider/Verifier informs website +18 age

So if i verify my age then watch some material which doesn't agree with with my government values like females with male genitals. I'd be royally screwed if government wishes to pursue.

naveensky 6 hours ago||

Why cant EU have something like Adhar (ID-verification for Indians) https://uidai.gov.in/en/

It captures biometrics and is used across India to easily verify identification using OTP on mobile. Used across almost every sphere - bank accounts, passport, financial services like stocks/mutual funds etc.

You get a unique adhar-id (or can generate virtual IDs if sharing temporarily) to verify your identity across any service.

bell-cot 6 hours ago|

To paraphrase Napoleon - because India has the will to do it, and the EU does not.

edukite 5 hours ago|

So as an EU citizen and owner of Fairphone 6 with e/OS I'm banned from using apps I should be allowed to use?

More comments...