Javier de la CuevaFeb 20

Actions speak louder than words.

I am unable to install EU Login app in my phone because I use LineageOS and not the Google Spy Android.

Thus, I cannot use the double factor authentication, mandatory from the 25-02-2026 on unless I tell Google.

A frontal attack to our #privacy.

Stupid, no?

@EUCommission

Show threadIván Sánchez OrtegaFeb 20
@jdelacueva @EUCommission So in the hypothetical case I'd like to see the source code of that application to see why and how it uses google services, what would be the appropriate bureaucratic way to request it?
Show threadGreatLakeTroutFeb 20

@IvanSanchez @jdelacueva @EUCommission

Wait I thought the EU was trying to separate itself from US tech, that is what all their politicians are saying……….oh wait I see My error now.

Show thread🍐 Perivi Yohanesburgo 🍐 Feb 20

@greatlaketrout @IvanSanchez @jdelacueva @EUCommission The European Digital Identity Wallet app for Android will require Play Integrity as well.

https://github.com/eu-digital-identity-wallet/eudi-app-android-wallet-ui/issues/287

Please remove the requirement for Google Play Integrity · Issue #287 · eu-digital-identity-wallet/eudi-app-android-wallet-ui

The developers of the digital wallet of some member countries such as Italy and France have created the app by implementing the check of the Play Integrity. Probably following the directive contain...

GitHub
Show thread🌸 Ⓐnarkitty lumi-nhac  Feb 21
@fruitchypear @greatlaketrout @IvanSanchez @jdelacueva @EUCommission requiring drm for a digital identity wallet... yikes

apps attesting the hardware and software they run on is fundamentally drm and is awful. it's also just completely backwards, apps shouldn't even have the capability to do that

the os should be attesting this, not the apps
Show threadAndréFeb 22

@lumi @jdelacueva @IvanSanchez @EUCommission @fruitchypear @greatlaketrout thas has nothing to do with "drm"

It is there because remote service needs assertion, your generated private key is bound to your device and can't be copied to another phone.

And to assert that, a trusted party (google/Apple) asserts the complete chain from hardware up to the os it is ronning on - so no MITM sits within.

Currently there is no other way, other than not using mobile os's
https://berlin.social/@asltf/116104851486148728

Show threadPaul LMar 2
@asltf @lumi @jdelacueva @IvanSanchez @EUCommission @fruitchypear @greatlaketrout
Exactly. Only after such a step is done and acted by European certifiers should such an app ever exist.
Show thread🌸 Ⓐnarkitty lumi-nhac  
@polx @asltf @jdelacueva @IvanSanchez @EUCommission @fruitchypear @greatlaketrout i would argue that we should push back to such a thing ever existing, as it is backwards to how security is done

apps should just do their thing, they should not be checking what they're running on and artificially restricting the user. this is drm

it is the operating systems job to verify the security meets the standards of the user (of course this must be completely under the users control!)

there is no security without freedom, after all
Mar 2 at 1:06pmWeb
Show threadPaul LMar 2

@lumi @jdelacueva @IvanSanchez @asltf @EUCommission @fruitchypear @greatlaketrout

I think the problem is that there is this belief that big big players will be the best to notice security breaches and thus protect we, the poor users. Once the OS is delivered, it should do its job and anyone should be allowed to decide in good faith what verification should be done, with or without big players.

Crypto-chains are a simple math steps. No big platform needed!