Comment by ggm

9 months ago

Funny you should say that. Australia is trying to launch TEx -designed on open-source models to do this kind of thing. It's hitting the usual roadblocks of public acceptance of government mandated ID, in an economy which trashed the "australia card" idea back in the 80s. We're wiser now, we've been frogs boiled slowly: the downsides of central safe ID/auth are outweighed by the risks of loss of info giving everyone 100 points information.

The government now knows what we do most of the time anyway: layer-2 logs on our phones are constant. We lost any privacy some time ago. So now, getting security back might be a net win.

https://www.abc.net.au/news/2024-08-13/trust-exchange-digita...

Except it's being implemented by the people who brought you robodebt.

So i imagine the "Number of people driven to suicide" KPI is going to be pretty high. They're not going to want to ship something that performs worse.

  • Yes. There is that. But it's only true to the extent all government things are brought to you by the government. If the underlying IMS system used for datamatching by ATO and Centerlink is the product of the same s/w development group I'd be a bit surprised. It's different code.

    But I am by tendency an optimist, and the open-source part (if they do that) means we can have eyes on their crypto assumptions behind the protocol and whats on the device.

    MyGovID, which I think they're baking into it has been pretty solid. thats distinct from your mygov account, many of which have been hacked, in part because so few people used MyGovID.

    (if you've got better info always happy to see it)

    • I mean it's literally being built by services australia with all the baggage of that organisation.

      The execs are mostly the same. the product contracts run by the same people and even the minister is now the same again. they have no interest in changing or correcting.

> layer-2 logs on our phones are constant.

Huh?

  • Every phone provider has a log of the IMEI binding to cell tower and triangulation over multiple towers. Call logs are one thing, carrier cell connect and disconnect is another.

    If your phone is on, your position in time and space to some circular error is also known, continuously.

    To say nothing of Bluetooth that's with the advertising hoardings and inside the store mainly.

    Basically, any privacy nut with a phone and simcard is in denial.

    • Someone concerned about piracy could just keep their phone in a faraday cage case and take it out only when needed, no?