Comment by AlBugdy
1 day ago
All these requirements for specific hardware and software are ridiculous. Let every citizen use whatever computer they want. It should be up to the user to secure themselves. Authentication should only require a password or a key pair. If the user wants more security, they can set up TOTP or buy a security dongle or something.
It's also ridiculous how it seems we've forgotten computers other than smartphones exist and that not everyone even has a smartphone, let alone with an Apple or Google account.
Last week I was watching a YouTube video, talking about the EU creating payment services independent of VISA and MasterCard. What struck me is that they are all apps, which will require an app store.
Great, I can pay with a digital Euro, Wero or something else, without routing my payments via VISA. I just can't do it without an account with Apple or Google. I'm absolutely baffled by politicians, regulators, banks, merchants and implementors lack of ability to think more than one or two steps out.
Sure, the EU is forcing 3rd. party app store, but no one is using them, so no one is pushing apps to them, especially not governments, banks or payment services, they'll be the last to use them.
The digital Euro seems still in early planning stages. It seems people want to plan a physical card for it, but whether online payments will work without a platform dependent app is unclear for now.
Wero however is currently only planned as an android/ios app period. There are rumors that a card will come but that's only rumors for now.
In your list of groups to be baffled about I would add journalists. You see many articles about Wero mentioning digital sovereignty, but have you seen any that criticize the required banking apps only being available in google's and apple's app stores?
The current policy trend in the EU is definitely not based on the principle of each user evaluating their own risk. On the contrary, service providers like financial institutes and identity providers have the responsibility to keep users safe, and more and more regulation will be made. The natural consequence is restricting which platforms are supported.
"Legislation will continue until morale improves."
The regulations sometimes feel like additional burden of the user, but not for the manufacturers (aside for the attestation logic); consider:
> (MEETS_STRONG_INTEGRITY requires a security patch in the last 12 months)
Think about how this essentially codifies planned obsolescence due to not forcing the manufacturers to maintain the devices for life.
> The current policy trend in the EU is definitely not based on the principle of each user evaluating their own risk.
Yes and if you look back this is not new. Just look at the extraordinary restrictions that apply to:
- What houses you can build,
- What vehicle you can drive,
- What food you can grow and sell.
The result is real estate has become unaffordable for younger people, our car industry is being annihilated, and the agriculture sector hold by a string.
The digital realm enjoyed an unusual level freedom until now because the silent and boomer generations in charge in the EU understood nothing about it.
Now that the EU is getting involved in "computers" we are starting to understand why peasants have been protesting in Brussels and calling those people insane for decades.
I really have to wonder where in the EU you live. In Vienna, I got to buy an apartment in my mid-twenties by just saving up, which was easy, as many apartments are rent-capped and there's lots of cheap social housing. I got to enjoy free university, allowing me to get a high paying job. I get to use very cheap all electric state-subsidized rental car offerings if I need them, which is rare since we have federally good rail and bus coverage. And I enjoy affordable meat, dairy and vegetables all sourced from inside my country.
Austria's courts also ruled ages ago that rooting your own device cannot be a legal reason for OEMs like Samsung to refuse warranty coverage, since you can run whatever software you want on hardware you bought.
Maybe your country sucks? Don't blame it on the EU.
6 replies →
> let every citizen use whatever computer they want.
That's just not possible, or should the system be legally required to run on an Apple II?
It should be legally required to provide enough interoperation capabilities for a compatible frontend to be written for an Apple II by whoever would like to do that, as the government can't be expected to write and maintain clients for every platform that's now in existence or that will be created in future.
If only currently popular platforms are to be supported, how could a new platform join them in the future if the use of existing ones is mandated by governments?
> If only currently popular platforms are to be supported, how could a new platform join them in the future if the use of existing ones is mandated by governments?
The viable solution for that is to provide a trusted hardware implementation that can be used with any computing platform that has a documented interface. It can't be a software-only implementation, basically.
1 reply →
No, but it should be open enough to be reasonably independent of specific services and devices.
Simple, provide a simple API, let the community build the clients for the machines they have.
That's antithetical to the goal of a secure ID. It has to be really impossible to get stolen, or as difficult as a physical card. If the ID is just a password, you can tell other people your password, and it can be stolen, and it can be cloned. Germany is a strict liability country, and you will be fined or imprisoned for anything that is done with your identity card that was cloned because your PC was infected by malware if you don't report it stolen.
4 replies →
The problem to solve is trust.
The technical solution is a hardware root of trust. This is typically a specially hardened chip in the device. A Trusted Platform Module (TPM).
Your Apple ][ does not have a TPM. It cannot run software that can assess it's identity in a trusted manner.
You can make an argument without pulling it into the ridiculous, you know?