Saul1d ago
Neil Brown
If it is indeed the case that any country's EIDAS (electronic identification, authentication, and trust services) implementation requires an account with a third party tech company - Apple, or Google, or whatever - then that is repugnant and reprehensible.
Apr 4 at 3:00pmWeb
Show threadTroed Sångberg1d ago

@neil I think governments will require some sort of backing forum for trust. I think these might be able to be one: https://uattest.net/

It will require some sort of lobbying to get visibility in the right forums however.

Unified Attestation

Unified Attestation is a free, open-source alternative to Google Play Integrity with offline verification and simple app + server integration.

Show threadGreg1d ago
@neil
Is this US (don't care, never going again) or is this a wider trend?
Show threadGreg1d ago
@neil
If it's US, then perhaps insisting US visitors have paid up membership of the Monster Raving Loony party or some pagan EU sect could be our quid pro quo before getting a visa?
Show threadGreg1d ago
@neil
Rather balatedly found the post you were responding to. Soz. Germany!
Who'd have thought?
Show threaddoboprobodyne1d ago

@neil Haha reminds me of that time in 2007 when the NHS Medical Training Application Service, the entity with the monopoly on doctors applying for specialty training jobs, openly published online personal details, including telephone numbers and sexual orientation, of applicants. I'm given to understand that the firm to whom the job had been contracted was er... rewarded with more government contracts.

Which is to say, even an account with a second party has a significant possibility of getting contracted out to a third party. Argh!

#medicine #privacy #infoSec #NHS #juniorDoctors #medmastodon #cyberSecurity #healthcare

Show threadP. S. F.1d ago

@neil Not in Spain at least.

IIRC it's managed by the Goverment using cl@ve, an internal development.

https://clave.gob.es/en/clave/usabilidad

Cl@ve | Where can I use it?

Show threaddecibyte1d ago
@neil that's how it's done here in Denmark :(
Show threadWilliam Oldwin1d ago
@neil If I were a gambler, I'd bet generously that most if not all of them will so require.
Show threadElric1d ago
@neil That is certainly the way I interpret all of the EIDAS news I've read during the last year or two.
Show thread13 barn owls in a trenchcoat1d ago
@neil can't install the Carte Vitale dématérialisée (digital social security card for access to state funded healthcare) under the French /e/OS ( @murena ) unless I was prepared to use microG to stand in for Google's app framework.
Show threadMitch1d ago
@HauntedOwlbear @neil @murena It's the same for our healthcare app in Australia. You can access the website though
Show threadluna the doggie  1d ago
@neil I remember the technical spec for some proposed age verification app based on EIDAS explicitly recommended (or required?) SafetyNet and whatever Apple has as part of the implementations, and it's indeed repugnant and reprehensible.

So much for the talk of digital sovereignty when there's a legally mandated duopoly for government apps.

And of course, desktop computers are just not secure enough to do this according to regulators. Well if you have a desktop computer that can run a web browser and receive SMS that's suddenly fine for most of the use cases actually.
Show threadNeil Brown1d ago
@lunareclipse Infuriating isn't it!
Show threadAlex16h ago

@neil I'm reminded of Germany's BSI being compromised by Putin for years and years.

The entire world has been compromised by the US Cloud Act.