Comment by retired
3 days ago
So with a single flip of the switch, the president of the USA can shut down our EU Digital Identity Wallet.
Why was this decision ever made?
3 days ago
So with a single flip of the switch, the president of the USA can shut down our EU Digital Identity Wallet.
Why was this decision ever made?
> Why was this decision ever made?
because it wasn't made
the decision which was made was having a digital ID wallet, that this needs hardware attestation (or something comparable) is somewhat of a direct consequence of existing laws/regulations regarding making IDs forgery safe
it also is a phone only application
the huge huge majority of phones runs Googled Android/iOS, so you support them
if there where a relevant 3rd party competition it would (most likely) supported it, too
going back to the "the president .. shut down .." argument: The US can shut down >90% of all smart phones used in the EU. I don't think the US being able to shut down something which in the end is fundamentally just a minor convenience feature is making much of a difference here.
But I also think that whole identity wallet (the regulations behind it) is approaching things from the wrong direction, carrying a credit card sized ID with you isn't really a problem or very inconvenient. So instead of having the whole attestation nonsense it would be more practical to simply not have attestation and in turn allow the digital ID only for usage where the damage it can cause is quite limited. Especially given that device attestation systems have a long history of being circumvented...
As a side note this whole app is distinct from the "use you ID with through your phone/NFC with applications" thing many EU countries have, through that solutions also tend to have attestation issues in most cases. But again most relevant use-case of it can be done just fine, without the security level attestation tries to provide, if approached pragmatically.
Have you seen our President? Minor conveniences are what trigger him into launching full blown DOJ investigations, wars, and economic disaster. If he realizes he can just "turn off" the EU, oh, he will threaten that on Truth Social tonight in a rant about how they should make a deal or else.
An open threat like that would be the best case scenario, as it would (hopefully) cause a reaction in EU countries trying to get rid of this yoke. Instead usually it happens through backroom dealings, or just the services being a nuisance to competitors while being helpful to friendly companies, and thus the target country is drained of its resources and economic independence, slow enough to not provoke retaliation.
With the exception of the current US administration, hostile countries and corporations try to appear non-hostile when possible.
I'd like to see if he can be convinced into going after Google and effectively stopping remote attestation. One can certainly dream...
[flagged]
Friendly advice: please don't capitalize random common nouns like the president does. It's a marker of one's affinity toward precision (among other things).
33 replies →
> having a digital ID wallet, that this needs hardware attestation (or something comparable) is somewhat of a direct consequence of existing laws/regulations regarding making IDs forgery safe
How do you figure? Isn't just having the digital ID be signed by a key belonging to the issuer good enough for that?
I think they are saying the signed ID can be copied to another device. Unless such ID needs to have acces to some TPM that can be trusted, which likely requires then specific trusted hardware and software
1 reply →
If something is actually important, don't put it on a computer. Don't let a computer be in the critical path of anything that actually matters. It's really quite simple. Even before "AI" this technology was not reliable enough for serious, important things--systems that need to be maintainable in adverse conditions (battle damage, etc), systems where failure is not an option (proving your identity, proving your children are yours, ...). If you care about your car, truck, tractor, or dozer being maintainable and reliable, don't get one with a computer in it. Until we can figure out how to make these things reliable and maintainable they're not to be trusted.
I feel like we need a war or something to show everyone how brittle we've built everything, and how unnecessary it all is.
> If you care about your car, truck, tractor, or dozer being maintainable and reliable, don't get one with a computer in it.
Got a list of widely available cars and trucks 'without a computer'? :D
1 reply →
Can you show an example of defeating hardware attestation? It would be useful for many 3rd party ROM users.
Gaming consoles typically have hardware attestation (as in verified software on verified hardware, sealed), and it has been broken many times in the past.
1 reply →
most times it's done by (reliably re-)rooting a attested phone in a way which bypasses detection of the attestation system
so not really useful for 3rd party ROMs
1 reply →
Is some party or coalition putting forth candidates that stand against this?
They can also shut down all European payment cards.
Maybe not all of them, but certainly a few large, popular ones. You bring up a good point though, it seems surprising that Wero/PEPSI don't have more momentum. Maybe Europeans hate their continental neighbors more than American financial conglomerates.
The EU might have slept on Russia having to urgently come up with its own payment systems after the 2014 Crimea annexation (which in turn enabled it to deal with the complete Visa/Mastercard exit in 2022) because political goals were aligned and transatlanticism was still alive and well. But they've been wide awake ever since ICC employees have been personally sanctioned by the US as well [1].
Big ships turn slowly, but I give it at most two more years until at least one pan-European retail payment scheme (cards, QR, or maybe the "digital Euro") has been regulated into existence.
[1] https://www.theguardian.com/law/2026/feb/18/international-cr...
We just don't know much about one another.
I never really thought about it until I saw this comment:
https://news.ycombinator.com/item?id=45993140
2 replies →
Just big systems having even bigger inertia
True but also most places in the EU accept IBAN which is free (for individuals at least) and now relatively fast (seconds for the same bank, minutes or hours at most otherwise) so payment can still be done without MasterCard/Visa. It's inconvenient for a croissant but for anything slightly more expensive and that you don't need within seconds it's not too bad.
Most banks in Belgium (e.g. Bancontact, Wero, Pom) or Sweden (Swish, was renting ice skates with it just this winter) have their own system but typically only nationals use that. It's still enough for shops to get instant payments without those US cards issuers.
TL;DR: yes and it's wrong, but also IBAN works.
Corruption. A taboo topic people prefer to downvote and pretend it does not exist.
But even bigger problem is that institutions designed to prevent this from happening are not doing their job.
Thousands security service and civil servants take their wages and look the other way.
I think it's actively harmful to your own cause when you suggest corruption without any evidence. Just because politicians don't take action on an issue you think is important doesn't mean they're corrupt. It's more likely that the issue you think is important is simply not important to most voters.
Suggesting politicians are corrupt without any evidence will make that worse. If people think their politicians are corrupt they will further disengage with the political process, which will ensure there's even less pressure on politicians to take action on niche issues like this.
The EU Commission was caught breaking the law in order to lobby for Chat Control: https://noyb.eu/en/gdpr-complaint-against-x-twitter-over-ill...
The EU Commission also gave a foreign tech company called Thorn (they pretend to be a charity), special access to government officials: https://netzpolitik.org/2022/dude-wheres-my-privacy-how-a-ho...
I think both of those cases would be examples of lobbying and corruption.
5 replies →
I think a hearty fuck off is warranted for responses like this. What the shit do you base the converse off? Pretend there's no corruption and there won't be any??
2 replies →
[flagged]
The EU does regulate Google and Apple through the DSA and the DMA. I don't think most EU politicians are corrupted by these companies.
I think it is far more likely that it is a lack of knowledge and incompetence. I am pretty sure that the majority of Parliament members, Council members and maybe even Commission members do not even know that there are viable alternatives outside Google (certified) Android and iOS. So they try to regulate their app stores, etc. instead.
I hope that with digital sovereignty becoming more important, there will be more interer in alternative mobile operating systems.
A lot of the suggestions do actually sound pretty good at a quick glance, but have far-reaching consequences that are not instantly obvious if you don't know your tech/security/privacy or otherwise value a specific topic highly. The average HN reader is likely more concerned about privacy and less so about crime and safety than the average guy on the street, and politicians need to handle and balance a lot many more interests than only that of privacy advocates.
"Securely signed/verified devices for accessing your bank" or "increased surveillance and tracking of criminals" sound like splendid ideas and direct solutions to immediate problems. Now, how to actually implement them and how it will affect society in the long run might seem less important when you've got increasing crime rates, a slowing economy, displeased voters or whatever looming. In short, some dilemmas have very clear answers when you (willingly or through unawareness) only concern yourself with a subset of the effects of a decision, and this goes both for politicians and special interest groups. That being said, I'm very pro-privacy and it's the job of policymakers to know the details of what they're deciding on. Reality is however usually very complex and nuanced with several things being true because they all contribute a part to what's going on.
e: what am I doing, speaking like I actually know how things work? Nothing is absolute and nuance is important, but sometimes it is also very useful to simplify and generalise to get things done. If no one had any conviction, not much would ever happen. But moderation in all things.
> I don't think most EU politicians are corrupted by these companies.
Well, of course not! They're corrupted by the other companies who benefit from the DSA and DMA.
> I think it is far more likely that it is a lack of knowledge and incompetence.
I agree with that. Reading HN comments, where people are supposed to be generally tech-savvy, I see a ton of "lack of knowledge and incompetence" (not in a negative way, just "uninformed"). Why should politicians know better than the average tech-savvy person?
But politicians get yelled at by everybody, saying everything and its contrary, while the tech-savvy people can comfortably take a condescending tone explain why "being so stupid is impossible so it has to be corruption".
6 replies →
It's more of a case of the boy who cried wolf than it is of denial.
Too many people see something they don't like, imply a nefarious motivation without evidence, then expect everyone to agree that it is corruption.
If there is corruption, show the evidence. Otherwise, be honest and state that you don't agree with something. If you want to persuade people, back up your claims with verifiable evidence without falling back to nebulous claims of corruption.
No doubt there is corruption; but it’s also momentum. There aren’t stable and good alternatives for so many reasons so the duopoly has momentum
I understand, but this is a national security matter. The focus should be on developing matching domestic capability.
3 replies →
> Thousands security service and civil servants take their wages and look the other way.
Diplomatic status tax free too.
Who is doing this corruption?
If it's Apple or Google let us know in the US because we have laws to go after them for acting corruptly in other countries.
Vaguely asserting corruption without specifics or even naming the perpetrators isn't "taboo", it's just poor form and silly. Letting such vague accusations float without evidence, motive, or even people to blame, leads to nothing good, and only vague distrust, which itself enables corruption. It leads to people believing there's no way to know the truth, therefore helplessness, and results in fascism like in Russia.
Lazy cynicism is itself a form of corruption of one's own mind.
> Lazy cynicism is itself a form of corruption of one's own mind
I love this way of thinking. I might use this quote down the road
We (America) made the decision for them. The EU's member states were either:
1. Explicitly designed as client states for the US
2. Explicitly designed as client states for the Soviet Union, with alliances switching over as the Soviet Union fell apart
3. Great Britain, a country whose electorate would probably only reconsider rejoining if the EU agreed to explicitly become British client states, because the only thing Britain hates more than France is those dastardly American upstarts[0].
The reason why this persists despite an openly hostile American president is the fact that the EU has no real alternative. The EU has a shitton of internal political distrust between member states, and the US was offering a lubricating alternative: "Just trust us." Politically distributed alternatives require balancing coalitions that are far more fragile.
[0] The history of European anti-Americanism is extremely fascinating, because it's effectively a Reactionary meme - as in, "wanting to restore the Ancien Regime" Reactionary, not "funny way to say Nazi Party member" Reactionary. And yet it's jumped across so many incompatible political ideologies that the average European probably had no clue why they hate America until Donald Trump gave them a good reason to.
I hate to beat a dead horse and have people downvote me but: the EU has always been corrupted. The knowledge and effects are not evenly distributed until it hits each niche group. Then they find out the hard way that they were useful idiots. It’s ok to be wrong/admit. Let’s just move past the infighting and see those in power for the evil that they are.
The question isn't if there's corruption, the question is who is behind the corruption.
Condescendingly and incorrectly assuming that others think that corruption is impossible is kinda rude and also dodges attempts at correcting the corruption.
Not only that, "corruption" is pretty squishy. Let's apply Hanlon's Razor for once.
Google et al go to the government and say they've got this attestation thing that can something something security. No one is taking a bribe but also no one they're hearing from is telling them that doing this is going to cement the incumbents. "Security" is good, right? So it makes it into the law.
That doesn't meet most formal definitions of corruption. It's more like incompetence than malice. But the outcome is indistinguishable from corruption. The bad thing gets into the law.
The difference is, if the politicians are taking bribes and you get mad at them, they fob you off because they're more interested in lining their pockets. But if the politicians are just misinformed bureaucrats and you get mad at them, they might actually fix it.
And attributing everything to "corruption" discourages people from doing the latter even in cases where it would be effective.
13 replies →
Exactly. I have said this for a very long time and the EU (and many other governments) are not our friends and they are just as corrupt. Remember ChatControl?
Anytime anyone criticises the EU here, you will get downvoted even after trying to warn the EU defenders that they are not our friends at all.
I was asking for evidence about the EU digital ID wallets about what the "disinformation" was around it 3 years ago [0] and not a single link of it was given.
At this point, being an EU defender and supporting the "open web" are incompatible since you will be using your EU digital identity wallet [1] with your phone to login to your bank and the internet will push age verification with it, locking you out if you don't sign up.
[0] https://eudi.dev/latest/
> Remember ChatControl?
That thing that got refused multiple times already?
Because not all politicians think like you does not mean they are corrupt. Seems like enough politicians have voted against ChatControl until now.
I always wonder what people who say stuff like "politicians discussed this topic I hate and refused it, but the mere fact that they discussed means that they must all be corrupt" understand about politics. You know that it is about people with different opinions (representing people with different opinions) discussing stuff, right?
5 replies →
(ignorant) people proposing things does not mean corruption: the fact that these things are voted down and never pass is proof that the system works, not evidence of corruption.
Corruption would be if it passed despite it being unpopular, because some corporate or rich peoples interests desired it.
> Exactly. I have said this for a very long time and the EU (and many other governments) are not our friends and they are just as corrupt. Remember ChatControl?
The EU parliament shot down ChatControl.
In fact, without the EU, most likely many member states would have ChatControl in some shape. National governments are the ones all in on this crap.
Governments are place a higher priority on controlling internal threats than external ones. In this case the EU wants to control its own people more than it wants to avoid deoendence on the US. It would like both,but the former is more important