Comment by userbinator
14 hours ago
ISO7816 (smartcard) has existed for nearly 4 decades as the standard secure identity card, widely used by the banking industry among others. Very unintrusive and not hostile beyond needing to carry a little chip. If governments want a national ID, they could just give everyone one of those.
This is exactly how we implemented eIDAS in Spain. The government-issued national ID (DNIe) is an ISO 7816-compliant smart card. Latest versions are also ISO 14443-compliant for contactless reading. To use it, you just need a simple smart card reader or an NFC-enabled phone. https://www.dnielectronico.es/PortalDNIe/PRF1_Cons02.action?...
[dead]
Already exists as biometric passport or ID card in several countries. The problem is things like authenticating online to submit your tax form. App-as-2FA is kind of the standard for example to log in to your online bank portal, though for government services the threat model and privacy implications are different.
If you have a FIDO device on your (physical) keyring or a keyboard with a smart card reader or some kind of NFC transceiver connected to your PC, the problem is technically solved - just not practically.
Note that phones also have NFC readers. Instead of requiring everyone to have a locked-down phone, they could offer day you use said phone to read the chip or use any other (USB) reader you like. I believe there's a German government app that already does this, Ausweisapp2 iirc. As someone with a different nationality who lives in Germany, I don't know more than that
Belgium has had exactly this for decades. But now they want to get on the hype train for smartphone based ID, because card reader support is still shit in browsers in 2026.
Adding to this: anyone older than 12 years old is required by law to have their government issued ID on them at all times when in public. If your ID is suddenly your smartphone, you're essentially required to have that on you 24/7. Dystopian spyware.
because card reader support is still shit in browsers in 2026
Around a decade ago I was working at a company that used smartcard login for authenticating to internal sites. I've heard of many others doing the same. USB card reader worked fine in both IE and Firefox at the time, so I take your statement to mean that we've somehow regressed since then (not surprising) or this was an isolated instance of success (less likely, considering the US government also uses this: https://en.wikipedia.org/wiki/Common_Access_Card).
> because card reader support is still shit in browsers in 2026.
Tragedy of the commons, nobody seems to have bothered to work on it. It's not like Chromium or Firefox wouldn't accept contributions.