Comment by hhh

I don’t think MitID supports physical analog codes, but they have these for people that don’t want to rely on smartphones: https://www.mitid.dk/en-gb/get-started-with-mitid/how-to-use...

> Guarantee? Not by law but it will be hard for them to take that away.

Last year they removed the ability to register[0] yubikey FIDO2 tokens affected by the EUCLEAK 'vulnerability', despite it not posing any security risk even by their own admission, and nobody seems to have cared. The whole thing screams security theater, they require the much more expensive FIDO2 Level 2 keys for no reason (which limited you to just Trustkeys at the time after yubikeys got banned) while their own sites crashes[1] if you give it a secure password.

At the end of the day, if not it's required by law the only other guarantee you have is a broad userbase that will complain if it's taken away and at least at the moment it's clear that no such userbase exists.

[0] https://www.a-trust.at/de/%C3%BCber_uns/newsbereich/20240905...

[1] https://imgur.com/a/Uyjaoa7

It won't be hard at all to take it away if only few people are using it. And I assume the vast majority is using smartphones and won't understand the need for anything else.

If smartphones are to be a requirement for participation in civil society, privacy- and freedom-preserving smartphones are needed at the very least. People shouldn't be required to submit to some company's Terms of Service in order to participate in society.

Not everybody wants to carry a smartphone around all the time.

If the ID becomes about more than proving right to work, and becomes a daily carry, it's not hard to see the appeal of a government down the line tapping into an always on-hand microphone, GPS, internet enabled device.

Even putting the tin foil hat aside, I and many people like me enjoy leaving the phone at home, and want as little time spent on the thing as possible.

Not everyone has a smartphone with the latest OS and a fully charged battery.

> i can tell that living in a country with great digital services is a lot less stressful

For everyone who deserves to participate in society?

Falsehoods programmers believe about society.

The vast majority of people after 65 or so are incapable of using modern smartphones beyond extremely simple things like calling.

Perhaps if you never think about what the state and corporations can do with that surveillance and the amount of control and violence it enables.

Digital is more convenient at the loss of privacy. And no, absolutely not, NOT everyone has a smartphone nor can use one. Go read the thread on teaching iPhones to seniors.

Not everyone has a smartphone. A substantial number of especially older people don't. Plus poor people, and just.. well, offline people whose lives are much more communal than ours. The requirement for a hundreds-of-units-of-currency device to prove who you are is bonkers.

For Spain at least, most banks have foreigner accounts you can open with a passport, and convert into a normal account once you have local id later. It's a mildly unusual setup (and a bit confusing when you're new) but it's pretty widely available and it's not a significant blocker. There's plenty of other challenges and structural disadvantages as an immigrant, but this one at least isn't too bad.

If anything, there's really a big advantage to it for the banks - most locals already have banking, immigrants are the one market where you can get new customers without having to push them past the effort/laziness of switching from their existing setup.

Absolutely, it’s a major problem. I would think this system needs to hand out ID cards to everyone who needs one (student, work visa, alongside NI number, etc.) to break that loop.

Some do, some don't. Traditional banks will ask for a proof of address (and only accept a council tax bill, utility bill or rental contract). Some new online banks like Revolut will allow you to get around that step.

As the parent said, you need proof of address to open a current account that can be used for day-to-day payments.

A savings account you don't need proof of address but I think most will ask for your NI (social security) number. Some will send snail mail to the address you provide to enable withdrawals.

That's not the case in the UK. You need a utility bill (gas, electric, council tax, bank statement) or an existing bank customer to verify your identity. It's only in the past 5-10 years that electronic statements have been accepted. Meeting customers in person is becoming less common, so I worry for, say, women whose husbands handle all the bills.

At the end of the day, somebody has to take your word for it and type it into the computer. The only questions is who has access to the records of which computer to cross-verify them.

The fact that the system is not 100% consistent 100% of the time is a feature, not a bug.

Except they will? We require multiple proofs because there’s no central place a bank or company, etc, can go to prove that you live in the UK. The excessive requirements to provide multiple proofs to your employer of your right to work are explicitly because there’s no single proof of your right to work in the UK.

If you don’t have a passport, for instance, it’s much harder for a UK citizen to prove their right to work in the UK, for which your employer is liable if they get it wrong.

So please, tell me again how having a clear proof of identity tied to your right to work, and other things, will “not change anything.”

For Spain, for online stuff signatures & verification it's mtls, with a client certificate issued by the government. You can sign documents with it or authenticate with it entirely offline (effectively nobody does the latter, but you could, and signing documents with it is very common). Government has no idea how it's used. 3rd party just verifies the government has signed the cert and it's got a valid date.

There's other issues (UX, privacy to the 3rd parties) and further improvements here coming with better wallets (EU-wide) soon, but even today it's absolutely possible to have digital id that doesn't tell the government every time you use it.

They can definitely track when and where you log in.

I can't say if there are backdoors in place for them to log in, and if that is (currently) legal.

Hospitals and libraries are government run, I would assume even if they had their own login, they could manage to snoop the data, no?

These are all online service. So it's not even a wallet argument. But we recently got digital drivers license, which can be used in the "real" world. That is one card less you need to carry around. Only in DK and only for DK citizens though.

The provider is the government by the way, and SSO doesn’t give them the ability to track activities beyond where I signed in.

It is possible, to trust the government in other parts of world.

No, it does not mean that. In Germany the card holds the information, which is signed. So trust is established via certificate. The government has no idea when or where I use the card.

Digital ID is fine if it is a choice of citizen if to use it or not, without any consequences - soft or hard. It is convenient to use, and can streamline processes.

If physical ID gets heavily discouraged and Digital ID gets mandated for everything, you basically have to keep a tracking device(a phone, which already fulfills that role) that is now tied to government records. Location, who do you meet, your contacts, when do you access your bank etc - all of that can be exposed extremely easily. The ease of access is the problem - as normally law enforcement needs to go through lengthy process to access such data across multiple vendors - but now all it takes is just storing metadata about access to Id Portal, and can do so in bulk.

Now they have it in single place - and in most cases - no code is open source, with no way to verify if it even does what it promised to even if it was open source.

The issue is that even if you have 100% trust in current government, you are one election away from a change to something vastly different. Always ask yourself this question when a law is proposed:

- would I be fine with this legislation if the government in charge represented everything I hate?

I can explain the logic behind it.

The first step you need to take is view a government as a hostile entity. It's not your government, it's occupational government. It's unjust by default and you don't agree with the rules it makes, including immigration and taxes.

Now imagine there are three arms of the government -- the one that collects taxes, the one that administers unemployment benefits and the other, which gives out visa, including family reunification permits.

You, as natural born citizen want to bring another person from the outside as a partner and for that you need to sponsor their visa. Government in their infinite wisdom decided you need to earn a certain amount of income for a certain time to be able to sponsor a partner (otherwise you both will be able to claim benefits). To do so you get a list of unemployment premiums paid from one agency and submit to the other.

Now here is the kicker -- if the government is able to aggregate the data from all the agencies mentioned above, they can better implement their policy, i.e. deny you family reunification visa AND bust your for not paying taxes. To aggregate the data they need to have the primary key to join datasets, including data sets from the governments from other countries (see CRS).

In this imaginary situation you can get your partner a visa and immediately stop working. If the government is able to join datasets, something will automatically trigger and you will get the letter saying visa is revoked.

You can disagree or agree with any specific policy, or you can deny government the capability to implement privacy invading policies.

Think of it as a backslash against tracking by google on all the sites with ad sense, algorithmic feeds and the rest. Maybe gestapo is not sending you gulash tomorrow, but it's symptomatically not great.

Add:

Can the government ask Palantir to join datasets without the primary key? Sure they can and they do, that goes against the same principle as above. Is it better to have civil freedoms and privacy protection that come from literally doing Holocaust? It's better, but it's not on menu yet.

But no one should use sign in with google.

Are you saying that it's 100% garanteed optional in all situations? It has no power to be used to control or even coerce you or discriminate against you or build a profile and track you which can be used at a later date by a different party when a new political wind decides it finds you inconvenient? I find all of that hard to believe while still performing the convenience function let alone any legitimate law enforcement function.

I didn't say this specific system does, some systems might, and those are the ones I'm against. If it's just a login (we have the same in Greece), I'm fine with it.

The ID checks in the UK are an example of something I'm against.

The main concern here is that it will create a narrow bridge (i.e, the digital ID system) between people and various services and opportunities which will make it an easy target for people who wish to wield power against someone.

Perhaps your digital ID is needed to open a bank account, get a phone number, sign up for insurance, etc. Now, suppose some fascist government comes into power. They could start cancelling the digital ID's of people or groups they do not like or are bigotted against. These people start losing access to critical infrastructure.

Now, this could already happen, even with imperfect paper IDs, of course. But by making everything digital, we are reducing societal resilience towards such kind of hostility.

Here in the UK, the government wants:

* ID checks for social media (to protect children)

* A digital ID card, allowing ID check records to be provably linked to the original ID document (to prevent illegal working)

* The police arresting people for posting unfashionable takes on human sexuality to social media

And even if you trust the current government, there are very real fears the next government will be Trump-admiring right wing populists who are eager to upend the status quo.

So if a future government decides you are or have done something undesirable, they have a one-stop shop to remove you from societal participation.

You don't even have to go back to Nazis. Just mention Toeslagenaffair of 2004-2019.

> When the Nazis took over the Netherlands, they relied on the state's exceptional record keeping of individuals to hunt down the undesirables. Many people died that didn't have to die because the bad guys were enabled by the data systems built by the good guys.

In many cases, they looked at the census records; something that most western nations have today anyway.

Let's be real: if your government decides to slaughter an entire class of people in its own borders, there's nothing you as a citizen can do except flee and hope to get out without being caught (or sent back).

We're also seeing how this plays out with ICE in the US: they're doing random street sweeps, and then the burden of proof is on the victim. They're not stopped by the lack of an ID system.

Therefore resistance is always useless?

You kinda prove the point with it. Nazis killed more Jews in places with more complete and accurate population registers too. If the municipality already has a list of all the people in one table and records their faith or ethnic origin you just need to get it.

Depends which sort of government you live under obviously. Luckily in the UK we do have control over our government.

If people got off the internet they might realise they have all the tools needed to make their country a better place.

Oh man, you probably never used it. You cannot register digid without paper documents being sent by post to your registered address in the Netherlands.

Also, once you go beyond very basic services you might discover digid only works if you are a citizen. Otherwise you are back to papers.

Germany as a whole has become a total disaster sadly. From public transportation to schools over retirement homes to rent prices. Everything is crumbling and its depressing. I wished we could at least have good technical infrastructure, as its relatively cost efficient, but no, we lack competence and old people are blocking every modernization there is (in public offices). Its honestly extremely frustrating.

Not my experience unfortunately