adison verlice

y'know, I have to wonder how the UK is gonna implement onelogin when it is not secure by most standards.
#onelogin is pretty funtimentally not #secure and this was actually proven by the IA (information assurance) team that supposedly help the UK secure the onelogin portal.

watch this video to see what I mean
https://www.youtube.com/watch?v=HWuNyiYftZw
(1/2)

David Davis MP speaks at a Westminster Hall debate against the Government's digital ID plans

YouTube
Nov 8, 2025 at 5:17pmWeb
Show threadadison verliceNov 8, 2025

the only way I can see this actually having some effect is for the UK government, as stated before on behalf of the online safety act, create an intranet where the entire internet backbone is completely cut off, and the UK would be a closed network, thereby making the UK airgapped and safe from any outside attackers, but there are, of course, several problems with this.

  • it's not safe from the people on the inside of the UKs network.
  • it would be heavily fucking censored. you wouldn't even be able to use a VPN, which means people like @alexchapman would unfortunately no longer be able to post on here, and...that would of course, bring up civel rights problems moving forward.
    • I think the UK personally should faze out digital DI, or, at the very least, listen to the information assurance team they hired to protect this infrastructure. because if implemented, and I guess it kinda is already, it can be considered critical infrastructure...

    Show threadadison verliceNov 8, 2025
    @alexchapman i know even the NCSC basically said there are 4 major attacks, what did they say, a week? and with the state of the digital ID system, that is certainly fucking bad, and if digital ID onelogin portal doesn't get fixed, then that suggests wer'e probably fucked...
    Show threadadison verliceNov 8, 2025
    though I do see a small way to make this work: have a tokenized system.
    we have applications, like Google wallet and apple wallet, that can do this infrastructure because it uses the secure enclave of the phone. so my suggestion there is to have the ID stored locally where it can be protected locally on the system. then, when a person goes to verify, rather than the raw ID being exposed, it gets tokenized, verified by the user, and the user can login to their services securely. the government would knowit's you, but then your ID wouldn't be exposed to whoever is listening in on the whire.
    this is exactly how cards on tap to pay are processed
    Show threadAlex Chapman (moved to new account)Nov 8, 2025
    @adisonverlice I think Switzerland does something similar.
    Show threadJoshuaNov 8, 2025
    @adisonverlice digital id is so dum and pointless
    Show threadadison verliceNov 8, 2025
    @J3317 yea it is .especially the way they're doing it