It's not the assertions made that trouble me, it's the quality of any actual implementation and the scope for deliberate or accidental side leaking of knowledge that should be zero .. but likely (in a pragmatic view of a political world) is not.
Absolutely, security is entire process that needs frequent sanity checks, by nature it's hard to get right in practice no matter how sound some central component is.
To be fair my main motivation for comment was the up thread comment about physical ID checks of the past being an indicator that not much would change with digital checks.
In the event of a physical store ID check system failure you have one owner at one location having access to just the ID's checked (perhaps blackmailing underage drinkers into dubious acts).
In the event of a digital ID check failure there's potential to leak all the ID's and access patterns of all users across the board thanks to the ease of digital storage and communications.
Let's assume I'm familiar with the theory, what pragmatic open verification exists for the implementation of this EU app?
Edit: the EU asserts the app is "privacy preserving" and "Additionally, work on the integration of zero-knowledge proofs is ongoing."
~ https://digital-strategy.ec.europa.eu/en/news/commission-mak...
It's not the assertions made that trouble me, it's the quality of any actual implementation and the scope for deliberate or accidental side leaking of knowledge that should be zero .. but likely (in a pragmatic view of a political world) is not.
If it's coordinated by the browser then it would be possible to see what requests are made and where
Absolutely, security is entire process that needs frequent sanity checks, by nature it's hard to get right in practice no matter how sound some central component is.
To be fair my main motivation for comment was the up thread comment about physical ID checks of the past being an indicator that not much would change with digital checks.
In the event of a physical store ID check system failure you have one owner at one location having access to just the ID's checked (perhaps blackmailing underage drinkers into dubious acts).
In the event of a digital ID check failure there's potential to leak all the ID's and access patterns of all users across the board thanks to the ease of digital storage and communications.
1 reply →