Felicitas Pojtinger 🌅So, it turns out the German implementation of eIDAS (electronic ID wallet for e.g. age attestation) will require an Apple/Google account to function
Absolutely pathetic
Arjen P. de Vries Timmers 🕊️@pojntfx that would be terrible design, completely outrageous even. I'm not enough of a specialist to grasp that document fully, could you be so kind to teach us how you did conclude that google/apple would be a *requirement* from this document?
@arjen SafetyNet checks only pass on devices with unchanged, factory-sealed, non-unlockable firmware. Google has an allowlist of devices that pass that test. The same remote attestation mechanism is also used to block downloading the app through anything other than the Google Play Store, which you need a Google Account for. And you can't use Google if you're on the US sanction list (see e.g. the ICC prosecuter case). Using any open source OS of any type is also completely impossible.
Erik Play2Learn
sprouting Ske-Lil-ton 🌱@fallbackerik @pojntfx @arjen the existence of other apps which were downloaded from other stores/spurces wouldn't be an issue
But if you use a phone without Google play services (e.g. lineageOS (although play services can be added later) or grapheneOS) or a rooted phone you won't be able to use that app at all
Maybe just having an unlocked bootloader would keep you from using it (that depends on what level of the device integrity the app requires)
But if you use a phone without Google play services (e.g. lineageOS (although play services can be added later) or grapheneOS) or a rooted phone you won't be able to use that app at all
Maybe just having an unlocked bootloader would keep you from using it (that depends on what level of the device integrity the app requires)
@fallbackerik @pojntfx @arjen
Ah, you were talking about *that* app being installed via fdroid, got it
I'm not sure if it follows from that document that they will require installation via the play store but they mention the check for that ("accountDetails.appLicensingVerdict") so they collect it at least
OP only mentions that you need a Google account to install the app from Google play, I'm not sure if the play integrity checks work without an account or if it is needed for that
@fallbackerik @pojntfx @arjen so yeah, good point, maybe you don't need an account, but it still wouldn't work an a degoogled phone
So maybe it's not as bad, but still bad
And I'm not sure if people who are banned from having a Google account are also forbidden from using those other Google services (without an account)
(Of course you could still just use them, how will they know it's you? But we shouldn't expect people to break end user agreements)
@Larymir @fallbackerik @pojntfx it is bad because this is meant for you to identify yourself (in Germany? even wider?) eg to prove your age, using eIDAS (electronic ID wallet).
If such tech depends on US Big Tech infra, we should not want it.
(I don't know enough myself about this scenario and background docs, so asked for more info. Does not look good though.)
Mix Mistress Alice@arjen @Larymir @fallbackerik @pojntfx Nor if it's depending on the EU politburo, China or the Iranian governement.
Statism and mass citizen surveillance infrastructures are a breach privacy rights.
Period.
Statism and mass citizen surveillance infrastructures are a breach privacy rights.
Period.