Jaroslav Svoboda
Felicitas Pojtinger ๐
So, it turns out the German implementation of eIDAS (electronic ID wallet for e.g. age attestation) will require an Apple/Google account to function
Absolutely pathetic
If a German citizen gets sanctioned by the US government, once this is implemented (later this year), that means they will no longer be able to be a participating member of German society, e.g. to show their (digital) driver's license to traffic police
I've said it before an I'll say it again: This entire project of identity verification with Apple/Google-account bound mobile devices is going to lead the continent down a dark, dark path into full technological submission to the US
https://mastodon.social/@pojntfx/116345725515845020
A bit of an explanation
Sjoerd Stendahl@pojntfx Honestly I will remain off the opinion the digital wallets are by itself a good idea, and could potentially be more privacy-friendly than traditional methods (thanks to granular sharing of information) and lessen dependence on big tech (the alternative is namely that the private market will do this).
Having said that, thatโs only if implemented right. A dependency on Google Play services is worrying, and shows we still havenโt learned anything from the past years.
@sstendahl Yeah, if they used ZKs I can see a way to make it great. But nobody - not one single country, anywhere on earth - is doing that.
And it's not just Play Services here. Those we can emulate with e.g. the EU-funded microG. It's specifically SafetyNet/remote attestation. That one can't be swapped out in any way we currently know. It's a hard dependency on Google.
David Heijkamp@pojntfx @sstendahl not sure if this is what you meant, but in the Netherlands the municipality of Nijmegen introduced initial support for Yivi, also available on F-Droid. That seems close, or am I missing something? See: https://docs.yivi.app/
Yivi documentation | Yivi docs
Yivi is a privacy-first identity wallet solution designed to empower individuals with secure and seamless access to digital services. With Yivi, you are in full control of your personal information, sharing only what is necessary while safeguarding your privacy at every step.
@david @pojntfx I was mostly thinking of NLWallet, which is actually government backed/owned. As far as I know itโs ZKP, and itโs even open-ish (not GPL, but at least source-available). You can build it from source yourself.
But Iโm not as knowledgeable on the matter as @pojntfx, so I could absolutely be missing something here on the implementation of zero knowledge here.
See their GitHub page here: https://github.com/MinBZK/nl-wallet
Patrick Zauner 
Misuse Case@pojntfx @sstendahl Part of the reason itโs being done like this, or at all, is that tech companies are lobbying for it!
Dragon
Strypey(1/2)
@pojntfx
> the German implementation of eIDAS (electronic ID wallet for e.g. age attestation) will require an Apple/Google account to function
There are so many layers of WTF? in all this. The path dependence on offshore tech corporations being only the most surface one (although I agree this is a very bad idea).
(2/2)
At a deeper level is the critique implied by the phrase 'papers please, comrade'. It's traditionally understood that in democracies, people have an inalienable right to privacy, and ought not to be expected to carry ID or prove who they are. *Unless* they are claiming powers under a position of authority, proving their right to use those powers to other citizens.
The creeping normalisation of people being asked for papers - online and off - is the more difficult problem to grapple with.
Dagnabbit, Pascaline ! ๐ฅIt's completely crazy to order the world to submit to Apple/Google.
But by now, America has been doing all sorts of things that were unheard of before. They just push to get their way, if necessary start with absurd demands that they will 'tone down' so the others think they reached a compromise but that really gives America what it really wanted.
I think most politicians by now turned into profit and ego-driven maniacs, real Wannahaves who adore the Haves.
Sepia Fan
Democracy Matters :verified: (@[email protected])
Attached: 1 image I just noticed that BOTH Apple and Google have capitulated to the fever dreams of a dictator who shits himself and rapes children.
Martin
maya_b ๐จ๐ฆit'll probably be even more fun for non-resident (dual) citizens who don't (for whatever reason) have a based in Germany mobile phone account - and thus have no access to install whatever authentication mechanism is required.
Gerard Cunningham โ๏ธ@pojntfx All data eventually ends up with the palantir stasi
Pino Carafa@pojntfx It's a logical extension of phones running Apple or Google Operating Systems.
To remove that dependency we need to foster the development of an independent EU focused OS that can be installed on existing hardware or even subsidise EU based hardware. Not sure whether that could be, say, Nokia or a new player.
@pojntfx PS - sorry I thought you were based in the EU; not sure how I got that impression.
craignicol@pojntfx you'd think they'd look at how Apple, Google, Meta have responded to EU demands in the past, restricting functionality, removing features. Why would anyone choose to hand them a killswitch for fundamental access to society?
yak
mjarteaga@pojntfx This scenario raises two main conflicts:
Availability and Access: The GDPR and EU principles require that access to fundamental rights not depend on third countries. Forcing a citizen to accept the terms and conditions of a private U.S. company in order to use their state-issued identity is viewed by many regulators as coercion that invalidates the โfree consentโ required by the GDPR. 1/2
Availability and Access: The GDPR and EU principles require that access to fundamental rights not depend on third countries. Forcing a citizen to accept the terms and conditions of a private U.S. company in order to use their state-issued identity is viewed by many regulators as coercion that invalidates the โfree consentโ required by the GDPR. 1/2
refraction 
@mjarteaga @pojntfx and who's gonna enforce the law of the state decides they won't? GDPR enforcement is already bad.
The Vampire Fish Queen@pojntfx Mitigation Measures in Germany and the EU 1/3
To prevent this technological โlock-in,โ several measures are being implemented:
Alternatives Outside Official Stores: The EU is exerting pressure through the Digital Markets Act (DMA) to compel Apple and Google to allow the installation of apps from alternative sources (โsideloadingโ) and open access to their security chips without going through their accounts.
@pojntfx Mitigation Measures in Germany and the EU 2/3
Interoperability between Member States: According to the regulation, if the German wallet fails due to a lockout, citizens should be able to legally use any other certified wallet from another EU country to identify themselves for German services.
Richard Wonka@mjarteaga id be e interested in a list of those alternatives - and their details
@richardwonka Interoperability is at the heart of the new eIDAS 2.0 Regulation (EU 2024/1183). Its aim is to ensure that any citizen of the European Union can use their national digital wallet to identify themselves and carry out administrative procedures in any other Member State without difficulty...1/4
@richardwonka Pillars of Interoperability
Mandatory Mutual Recognition: Unlike previous regulations, where recognition was voluntary in many cases, the new framework requires all Member States to accept electronic identification means issued by other countries that meet "substantial" or "high" assurance levels. 2/4
@richardwonka Pillars of Interoperability
Architecture Reference Framework (ARF): To prevent each country from creating an incompatible system, the European Commission has established a set of common technical specifications (ARF) that all e-wallets, including the German one, must follow. 3/4
@richardwonka Pillars of Interoperability
eIDAS Nodes: These are technological infrastructures that act as โbridgesโ between countries. If a German citizen wishes to access a public service in Spain (such as the Tax Agency), the Spanish eIDAS node communicates with the German one to validate the identity without Spain needing direct access to Germanyโs databases. 4/4
@pojntfx Mitigation Measures in Germany and the EU 3/3
Physical media as a backup: Germany maintains the physical ID card with a chip (nPA) as the primary โsource of truth.โ The wallet is only a digital representation; if the phone fails or is locked, the citizen can always use their physical card and a standard NFC reader to identify themselves. https://ec.europa.eu/commission/presscorner/detail/en/ip_24_3433
https://www.vzbv.de/en/digital-markets-act-apple-and-google-fail-comply-certain-regulations
https://www.reddit.com/r/europrivacy/s/mgTR3gEoAr
@pojntfx Extraterritorial Surveillance:
There is a theoretical risk that, because it is integrated into the OS ecosystem, the manufacturer (under laws such as the U.S. Cloud Act) could be compelled to provide metadata on when and where the wallet is used, which conflicts with the GDPRโs prohibition on tracking. 2/2
Dลบwiedziu@pojntfx
You don't need to wait, nor for the US to be involved.
Sassinake! แ โช โฉ โ
Bebef has moved@pojntfx As much as I am with you on the whole "account needed" thing, I think not being able to show a digital license on my phone will imepede my ability of being a functional member of society.
Or, to put it another way, you basically wrote "Everyone without a digital license no longer is a functioning member of society", which is just plain wrong.
@pojntfx Thing is: we must NEVER accept any digital-only solution for things like this (IDs, license etc.). Analouge/offline life must ALWAYS be possible!
...regardless of where it's hosted.
contranym@Bebef @pojntfx yeah, i know you can take a picture of your license here in the us and give your phone to a cop in some places, but i would never. rather just hand over my physical license card i paid way too much money for and always carry with me outside the house. just like my phone, but im not handing that to anyone, nor my physical wallet.
@makeitmythic @pojntfx "Too much money" is a funny thing to say for a US driving license. German prices are in the $4k ball park.
Not trying to diminish anything, just giving a point of reference.
Mr. Lance E Sloan (IRL) ๐ค@pojntfx
It seems like *compatibility* with Apple or Google services for the German electronic ID wallet would be fine, but *dependence* on them is a *huge* mistake.
It seems like *compatibility* with Apple or Google services for the German electronic ID wallet would be fine, but *dependence* on them is a *huge* mistake.
Trolli Schmittlauch ๐ฆฅ@pojntfx
Regarding the "not participating in society":
The eIDAS directive includes a guarantee that identification still needs to be possibly by analog means. So it's at least a loss of comfort, but alternatives must exist.
Still a bad move.
Benjamin@schmittlauch @pojntfx Yeah, and that'll likely be something like Persona, who literally forward your ID directly to OpenAI and others like them.
I feel were getting all the worst of Cyberpunk SciFi (dystopian Tech-Overlords), without any of the cool hackable implants.
I feel were getting all the worst of Cyberpunk SciFi (dystopian Tech-Overlords), without any of the cool hackable implants.
Wiebke FreySorry, digital drivers license and Germany? I cannot make these ends meet.
Felicitas Pojtinger ๐
@pojntfx
If a German citizen gets sanctioned by the US government, once this is implemented (later this year), that means they will no longer be able to be a participating member of German society, e.g. to show their (digital) driver's license to traffic police
Saupreiss #Prรคparat500 ๐
๐ฅ๐ฅIt is TOTALLY unrealistic this project even works by end of the year. And then itโs gonna been shutdown five to 20 times because of mostly naive yet fundamental design flaws.
Ntropic
Mitch@pojntfx That kind of is already the case. Try getting important apps without an apple or Google account... You can for android at the moment because of apks and third party mirrors. or using something like aurora store who have a bunch of Google accounts setup. But with app store age verification looming globally I think it is only a matter of time before that comes to and end. On top of that it seems like google is killing sideloading which won't help
PixelHamster@pojntfx what the hell.. unacceptable
UddelhexeAs long as analog papers do not vanish, one can technically still participate normally.
The problem will be when having the digital document/ wallet becomes a reqiurement for basic things or basic usage of the internet.
I've never paid with my phone, use no wallets whatsoever, do online banking without my phone.
That is why organisations like @digitalcourage fight for the important right to be able to function in society without being forced to own a Smartphone
R.L. Dane 
๐ต 
Just curious, what does it mean for a citizen of another country to be sanctioned by the U.S. government? How do governments "sanction" individual citizens (of other countries)?
This is very confusing to me.
Arjen P. de Vries Timmers ๐๏ธ@pojntfx that would be terrible design, completely outrageous even. I'm not enough of a specialist to grasp that document fully, could you be so kind to teach us how you did conclude that google/apple would be a *requirement* from this document?
@arjen SafetyNet checks only pass on devices with unchanged, factory-sealed, non-unlockable firmware. Google has an allowlist of devices that pass that test. The same remote attestation mechanism is also used to block downloading the app through anything other than the Google Play Store, which you need a Google Account for. And you can't use Google if you're on the US sanction list (see e.g. the ICC prosecuter case). Using any open source OS of any type is also completely impossible.
Only 9.6% backed Reform
Erik Play2Learn
sprouting Ske-Lil-ton ๐ฑ@fallbackerik @pojntfx @arjen the existence of other apps which were downloaded from other stores/spurces wouldn't be an issue
But if you use a phone without Google play services (e.g. lineageOS (although play services can be added later) or grapheneOS) or a rooted phone you won't be able to use that app at all
Maybe just having an unlocked bootloader would keep you from using it (that depends on what level of the device integrity the app requires)
But if you use a phone without Google play services (e.g. lineageOS (although play services can be added later) or grapheneOS) or a rooted phone you won't be able to use that app at all
Maybe just having an unlocked bootloader would keep you from using it (that depends on what level of the device integrity the app requires)
@fallbackerik @pojntfx @arjen with an unlocked bootloader (even if you didn't modify the system in any way (although having an unlocked bootloader just for fun isn't a good idea. But it is necessary if you want to install custom ROMs. So if the manufacturer of your phone adds some stuff you don't want and you just want to install vanilla android (without root and with Google play services) you need to unlock your bootloader)) you fail the play protect certification
@fallbackerik @pojntfx @arjen
Ah, you were talking about *that* app being installed via fdroid, got it
I'm not sure if it follows from that document that they will require installation via the play store but they mention the check for that ("accountDetails.appLicensingVerdict") so they collect it at least
OP only mentions that you need a Google account to install the app from Google play, I'm not sure if the play integrity checks work without an account or if it is needed for that