Comment by pastage
10 days ago
You can't use device verification in production anyways. (ATM)
This has no effect, is it even used in production anywhere? It seems to be part of eIDAS which is a good thing, most countries already have their own identity systems as is stated in the README. The three or for id apps I have seen all have some kind of device check that is sent to the ID provider, it is not usually accisible for ServiceProviders though. On those apps you either get no indication or just a "seems suspicious" score.
The one in Sweden has a "return risk option". https://developers.bankid.com/api-references/auth--sign/auth
This does not make it possible to filter out people. And honestly considering the amount of shady phones people have I am not sure this will every work. Apple is sadly another issue, too many normals there.
It is nice that this is pointed out so we do not get a distopian future.
No comments yet
Contribute on Hacker News ↗