https://bmi.usercontent.opencode.de/eudi-wallet/wallet-development-documentation-public/latest/architecture-concept/06-mobile-devices/02-mdvm/

ww@xyzzy.link

@pojntfx @tdelmas as long as age checks are anonymous and allow a generous ratelimit, remote attestation is required to maintain the integrity of the system, that's probably why

like, if i can make a custom android rom and automate issuing age proofs, then transmit them anywhere i want, then i can also create a fake miniwallet that would allow anyone to pass the age verification flow using my proofs. for a low price of 5 euros!

i personally don't think that age verification is a good idea, and even if it has to happen, remote attestation creates more problems than it solves. people will find ways to bypass age checks regardless, so this only closes one of the gaps, while excluding a fair amount of people. but i imagine this was one of the concerns that led to the decision to make it a requirement.

pavel@social.kernel.org

@pojntfx So Apple/Google can collect your data? And so Trump can shut you down? That is ... not good. That should not be legal.

zombiecide@polyglot.city

@ahasty any reasonably advanced stupidity is indistinguishable from malice

ww@xyzzy.link

@pojntfx i wonder if they'll do anything to support huawei phones. according to statcounter, that's 1.6% of the german market!

ahasty@techhub.social

@zombiecide the real malice is how society seems to give the most power to the stupidest people

scatty_hannah@federation.network

@pojntfx@mastodon.social this is what I feared and anticipated.

I'm a nerd and early adoptor usually but I'm going more and more offline when it comes to state sanctioned digitalisation efforts as they try to cage me in.

I'm running GrapheneOS - I already can't use most of the mandated apps from my public health insurance as they insist on Google/Apple lock-in.

It's pathetic especially since it is entirely possible to get the same security guarantees using Android APIs alone.

maj@raphus.social

@pojntfx That kind of is already the case. Try getting important apps without an apple or Google account... You can for android at the moment because of apks and third party mirrors. or using something like aurora store who have a bunch of Google accounts setup. But with app store age verification looming globally I think it is only a matter of time before that comes to and end. On top of that it seems like google is killing sideloading which won't help

zombiecide@polyglot.city

@ahasty I gave you a light-hearted way out of that direction, would've been nice if you took it

Hanlon's razor, while considered philosophical, is basically an emotional coping skill used to counteract certain types of rumination (caused by seeing current negative interaction as threat because of past trauma or learned behaviour)

emotional coping on its own, however, is of little use when dealing with current threats

and Hanlon's razor is not actually a very good emotional coping skill either

zombiecide@polyglot.city

@ahasty so while I empathize with the resignation and despair I would feel if I said what you said (and I might've said at one time), I also think society isn't in itself an entity that can think and give power to anybody, it's people who looked at the laws and the media and who decided to play as dirty as they could to gain power, and they're self-serving and some, actively malicious, and I need to do what I can to counteract this - in this case, help ensure access to services without eIDAS

tobes@social.zkd.id

@pojntfx thank you for sharing that important information. We’re working on a solution which may just improve this exact trust issue.

Imagine if you can bind your very own sovereign zero knowledge decentralised DNS certificate to your phone. Protecting you via the root of the OS.

Empowering every user from the very heart of the device. A global zero knowledge decentralised proof of personhood network. Owned exclusively by the people. Intended as a public good protocol

artofalexcanemed@mastodon.social

@pojntfx Imagine that your google account has been somehow hacked..
This will means, that your electronic-wallet, your bank accounts, your iban adresses, your government id also now hacked and all stolen..
Say goodbye to all of your money, maybe even say goodbye to your own flats, your own houses also..
You're been hacked. 🤮
Soon the world will understand how bad idea was this electronic-wallet system, but it will be too late to return back to good ol' days...

faoluin@chitter.xyz

@pojntfx As an American, I fucking hate this for us and for you.

ireneista@adhd.irenes.space

@pojntfx oh wow. that's horrifying. entirely to be expected because industry voices have been basically the only ones at the table in setting policy around electronic ID, but horrifying.

ireneista@adhd.irenes.space

@pojntfx it's been our personal biggest concern with all forms of electronic ID from the start, but alas we don't get to decide this stuff

gizmomathboy@mastodon.xyz

@pojntfx dafuq?

laiabautistaesc@mastodon.social

¡Interesante publicación! Si te gusta el estilo oscuro, te invito a echar un vistazo a 'Sombra y Saeta'. http://sombraysaeta.duckdns.org

ori@hj.9fs.net

Yes, but the tech companies have the ability to pay the right experts to walk by them all day and provide explanations about how this is ok, really.


CC: @pojntfx@mastodon.social @tdelmas@mamot.fr

paulk@writing.exchange

@pojntfx Why not facebook and make it even worse... ‍️

jens@social.finkhaeuser.de

@pojntfx This is going to be the way it's implemented, then someone will take them to court for some reasons, and there'll be another way around it that's undocumented but free from this shit. This will delay the project by three years, and explode the costs because nobody could have predicted this requirement, like always.