https://bmi.usercontent.opencode.de/eudi-wallet/wallet-development-documentation-public/latest/architecture-concept/06-mobile-devices/02-mdvm/
-
So, it turns out the German implementation of eIDAS (electronic ID wallet for e.g. age attestation) will require an Apple/Google account to function
Absolutely pathetic
@pojntfx
Just posted the following to the EU. No idea if they're the right recipient, but feel better for writing:I am very concerned about the Commission's plans for secure digital ID (https://bmi.usercontent.opencode.de/eudi-wallet/wallet-development-documentation-public/latest/architecture-concept/06-mobile-devices/02-mdvm/)
Where it seems that the specifications are doubling down on using US proprietary corporations to ensure the veracity of the digital ID. This is problematic on at least two counts.1. These are not EU sovereign entities (Google & Apple) and under the US' CLOUD act can be compelled to silently divulge access, data, or tap connections.
2. It is an unfair and disproportionate imposition for the EU (or even just Germany) to force citizens and visitors to get an account with companies that are proven to be untrustworthy surveillers of their customers, just to be able to participate in an EU wide digital ID scheme.Personally, I have an Android phone but have removed or disabled all unnecessary Google apps, including PlayServices & PlayStore and I use mostly Open Source apps from FDroid. With the imposition of Google's Developer Registration scheme, which will remove many of the safe and surveillance-free apps I currently rely on, I am planning to move to a custom ROM (probably Grapheme or possibly Lineage), which seem to be explicitly excluded.
Given the EU's move to recover sovereignty in office software, this move to consolidate corporate US hegemony in digital ID is a big shock.
I would expect some recognition of freedom of choice to use an EU native secure app and have a path for the likes of FDroid, Grapheme or Lineage to gain the EU's trust as a certificate issuer. I'd not participate in a digital ID, if gated on Google or Apple accounts, so I'd be interested to know the alternatives that are compatible with requesting (& getting) a visa?
I'm a big fan of Europe and a strong proponent of the UK's return to its natural place amongst its allies & friends. Please reassure me that saner heads will prevail here.
Best wishes
-
So, it turns out the German implementation of eIDAS (electronic ID wallet for e.g. age attestation) will require an Apple/Google account to function
Absolutely pathetic
@pojntfx wow. 5 years ago, this would have been naive and shortsighted. but now that we have had ample demonstration of exactly why it would have been shortsighted, i din't see how anyone in their right mind could think this acceptable.
I quite like the proposed swiss eID approach. You have verification done by the governemt and granular access to data, e.g. only "at least 16" or "at least 65" (retirement age) without having to reaveal your full identity to the server needing to verify. -
I've said it before an I'll say it again: This entire project of identity verification with Apple/Google-account bound mobile devices is going to lead the continent down a dark, dark path into full technological submission to the US
-
@hannorein @unnon89 @EloPup @pojntfx @tdelmas never attribute malice to that which can be adequately explained by stupidity.
-
@hannorein @unnon89 @EloPup @pojntfx @tdelmas There were several comments from the public to the EU about requiring google "phone home" APIs when the EU Commission published a reference implementation for digital wallets. Met with shoulder shrugs about "it's only a reference implementation, no state is forced to use it". Which is an astoundingly strange comment about a _reference_ implementation. So they knew and were told repeatedly. Either they are criminally incompetent, corrupt, or both.
-
@arjen SafetyNet checks only pass on devices with unchanged, factory-sealed, non-unlockable firmware. Google has an allowlist of devices that pass that test. The same remote attestation mechanism is also used to block downloading the app through anything other than the Google Play Store, which you need a Google Account for. And you can't use Google if you're on the US sanction list (see e.g. the ICC prosecuter case). Using any open source OS of any type is also completely impossible.
-
-
So, it turns out the German implementation of eIDAS (electronic ID wallet for e.g. age attestation) will require an Apple/Google account to function
Absolutely pathetic
@pojntfx Actual insanity.
-
If a German citizen gets sanctioned by the US government, once this is implemented (later this year), that means they will no longer be able to be a participating member of German society, e.g. to show their (digital) driver's license to traffic police
@pojntfx That's probably not just limited to persons. When Trump decides that Android phone maker X from China deserves to die (usually boosts sales in China 5-fold, so they all never die), German users of such phones are put on Google's Blacklist, and lose their wallet function.
-
@fallbackerik @pojntfx @arjen the existence of other apps which were downloaded from other stores/spurces wouldn't be an issue
But if you use a phone without Google play services (e.g. lineageOS (although play services can be added later) or grapheneOS) or a rooted phone you won't be able to use that app at all
Maybe just having an unlocked bootloader would keep you from using it (that depends on what level of the device integrity the app requires) -
So, it turns out the German implementation of eIDAS (electronic ID wallet for e.g. age attestation) will require an Apple/Google account to function
Absolutely pathetic
@pojntfx Who wants some of my money for a legal battle against this utter stupidity?
Can you even use this wallet without a smartphone? From that site it's not clear to me.
-
If a German citizen gets sanctioned by the US government, once this is implemented (later this year), that means they will no longer be able to be a participating member of German society, e.g. to show their (digital) driver's license to traffic police
@pojntfx
Regarding the "not participating in society":
The eIDAS directive includes a guarantee that identification still needs to be possibly by analog means. So it's at least a loss of comfort, but alternatives must exist.Still a bad move.
-
@pojntfx Is that what they meant for European Digital Sovereignity? nice...
-
So, it turns out the German implementation of eIDAS (electronic ID wallet for e.g. age attestation) will require an Apple/Google account to function
Absolutely pathetic
@pojntfx I read to non-duplication of the keys, so I'm now confident they are completely incompetent. This is the security approach you would use for a entry system, i.e. a digital key to open a door, and you want to keep the same rules you had before for people who were granted access: one key per person, and when you fire that person or restrict their access to that door, you get the key back.
This is not what the ID wallet is about: it's about replacing a written signature, and showing official documents that are bound to a person. It is no problem at all to have those copied on multiple devices, as long as you check that it's the right person accessing the wallet the moment it creates a signature or shows an ID card.
On the other hand, the single non-copy device still allows the Steffie Graf autograph attack, or, for key entry: you could temporarily lend your unique key to someone else who uses it to enter the secret room and takes out things or data or whatever, and afterwards returns the key to you (you can even pretend it was stolen and returned without you noticing). The actually required access control doesn't happen, but instead some bullshit happens, especially, your valuable IDs, certificates etc. are now bound to a device that can get lost or break, without easy backup.
-
So, it turns out the German implementation of eIDAS (electronic ID wallet for e.g. age attestation) will require an Apple/Google account to function
Absolutely pathetic
-
@pojntfx Oder auch @dsk @CCC @echo_pbreyer @digitalcourage :
Was haltet ihr von eID, die nur über Google/Apple funktionieren?
-
@pojntfx I read to non-duplication of the keys, so I'm now confident they are completely incompetent. This is the security approach you would use for a entry system, i.e. a digital key to open a door, and you want to keep the same rules you had before for people who were granted access: one key per person, and when you fire that person or restrict their access to that door, you get the key back.
This is not what the ID wallet is about: it's about replacing a written signature, and showing official documents that are bound to a person. It is no problem at all to have those copied on multiple devices, as long as you check that it's the right person accessing the wallet the moment it creates a signature or shows an ID card.
On the other hand, the single non-copy device still allows the Steffie Graf autograph attack, or, for key entry: you could temporarily lend your unique key to someone else who uses it to enter the secret room and takes out things or data or whatever, and afterwards returns the key to you (you can even pretend it was stolen and returned without you noticing). The actually required access control doesn't happen, but instead some bullshit happens, especially, your valuable IDs, certificates etc. are now bound to a device that can get lost or break, without easy backup.
@forthy42 @pojntfx I guess the (not-so-easy) backup method would be to acquire eIDs from multiple member states (the Estonian e-residence would probably be one of the easier additional ones to get) and then rely on the cross-border mutual recognition which I believe EIDAS guarantees? I hope the German wallet will work with other European eIDs?
Would this address the issue if one still needs some approved device with Google Play Services and some Google profile? -
So, it turns out the German implementation of eIDAS (electronic ID wallet for e.g. age attestation) will require an Apple/Google account to function
Absolutely pathetic
@pojntfx
And we shall refuse to use it! -
@fallbackerik @pojntfx @arjen the existence of other apps which were downloaded from other stores/spurces wouldn't be an issue
But if you use a phone without Google play services (e.g. lineageOS (although play services can be added later) or grapheneOS) or a rooted phone you won't be able to use that app at all
Maybe just having an unlocked bootloader would keep you from using it (that depends on what level of the device integrity the app requires)@fallbackerik @pojntfx @arjen with an unlocked bootloader (even if you didn't modify the system in any way (although having an unlocked bootloader just for fun isn't a good idea. But it is necessary if you want to install custom ROMs. So if the manufacturer of your phone adds some stuff you don't want and you just want to install vanilla android (without root and with Google play services) you need to unlock your bootloader)) you fail the play protect certification
-
@pojntfx Thing is: we must NEVER accept any digital-only solution for things like this (IDs, license etc.). Analouge/offline life must ALWAYS be possible!
...regardless of where it's hosted.
@Bebef @pojntfx yeah, i know you can take a picture of your license here in the us and give your phone to a cop in some places, but i would never. rather just hand over my physical license card i paid way too much money for and always carry with me outside the house. just like my phone, but im not handing that to anyone, nor my physical wallet.
