Felicitas Pojtinger 🌅So, it turns out the German implementation of eIDAS (electronic ID wallet for e.g. age attestation) will require an Apple/Google account to function
Absolutely pathetic
If a German citizen gets sanctioned by the US government, once this is implemented (later this year), that means they will no longer be able to be a participating member of German society, e.g. to show their (digital) driver's license to traffic police
I've said it before an I'll say it again: This entire project of identity verification with Apple/Google-account bound mobile devices is going to lead the continent down a dark, dark path into full technological submission to the US
https://mastodon.social/@pojntfx/116345725515845020
A bit of an explanation
Tom@pojntfx that Google dependency is unacceptable. That said, there is no reason (other than "they want to") to require a Google account to use the Play store (to download free apps). From a GDPR perspective, that is already a breach of the law, and already should have been fixed.
@tdelmas The whole remote attestation thing should be dropped from the proposal. The rest of it is unfortunate (no ZKs at all, just signed credentials), but the remote attestation part is truly asinine. I have no idea how and why that decision was made. The people behind this are adding a path dependency on Google/Apple on something as simple as showing your ID to buy alcohol.
ww 🩶@pojntfx @tdelmas as long as age checks are anonymous and allow a generous ratelimit, remote attestation is required to maintain the integrity of the system, that's probably why
like, if i can make a custom android rom and automate issuing age proofs, then transmit them anywhere i want, then i can also create a fake miniwallet that would allow anyone to pass the age verification flow using my proofs. for a low price of 5 euros!
i personally don't think that age verification is a good idea, and even if it has to happen, remote attestation creates more problems than it solves. people will find ways to bypass age checks regardless, so this only closes one of the gaps, while excluding a fair amount of people. but i imagine this was one of the concerns that led to the decision to make it a requirement.
like, if i can make a custom android rom and automate issuing age proofs, then transmit them anywhere i want, then i can also create a fake miniwallet that would allow anyone to pass the age verification flow using my proofs. for a low price of 5 euros!
i personally don't think that age verification is a good idea, and even if it has to happen, remote attestation creates more problems than it solves. people will find ways to bypass age checks regardless, so this only closes one of the gaps, while excluding a fair amount of people. but i imagine this was one of the concerns that led to the decision to make it a requirement.