Comment by Mashimo

Comment by Mashimo 10 hours ago

9 replies

View on Hacker News

Same in Denmark.

It acts as a SSO for Banks, library, 2fa for debit card, hospital websites, all kinds of government services.

Makes it easy, because you don't need a new or different account.

graemep 10 hours ago

Which means the provider can track you across all those. What you spend, what you read, what medical treatment you have.

All just to save carrying a wallet?

Reply View 8 replies
  • buildfocus 9 hours ago

    For Spain, for online stuff signatures & verification it's mtls, with a client certificate issued by the government. You can sign documents with it or authenticate with it entirely offline (effectively nobody does the latter, but you could, and signing documents with it is very common). Government has no idea how it's used. 3rd party just verifies the government has signed the cert and it's got a valid date.

    There's other issues (UX, privacy to the 3rd parties) and further improvements here coming with better wallets (EU-wide) soon, but even today it's absolutely possible to have digital id that doesn't tell the government every time you use it.

    Reply View 0 replies
  • Mashimo 9 hours ago

    They can definitely track when and where you log in.

    I can't say if there are backdoors in place for them to log in, and if that is (currently) legal.

    Hospitals and libraries are government run, I would assume even if they had their own login, they could manage to snoop the data, no?

    These are all online service. So it's not even a wallet argument. But we recently got digital drivers license, which can be used in the "real" world. That is one card less you need to carry around. Only in DK and only for DK citizens though.

    Reply View 1 reply
    • graemep 8 hours ago

      > Hospitals and libraries are government run

      A lot more effort. In the UK public libraries are run by local authorities who do not seem to routinely share that information with other government bodies.

      Libraries and hospitals are not purely online services though. I do carry a library card. I do not need one for hospital or doctors appointments.

      Reply View 0 replies
  • vachina 10 hours ago

    The provider is the government by the way, and SSO doesn’t give them the ability to track activities beyond where I signed in.

    It is possible, to trust the government in other parts of world.

    Reply View 3 replies
    • graemep 8 hours ago

      > It is possible, to trust the government in other parts of world.

      That means trusting all future governments, all layers of government, all govt organisations with access to the data, and all governments they might share data with, and all other organisations they share data with.

      You have to trust them to both use data correctly, AND to have sufficient security to keep the data safe while greatly increasing the attack surface.

      Reply View 0 replies
    • closewith 10 hours ago

      Can you imagine a scenario where this might become a problem?

      Reply View 1 reply
      • Muromec 9 hours ago

        That entirely depends on how hostile you believe both parties of SSO exchange are towards you.

        Reply View 0 replies
  • 7bit 9 hours ago

    No, it does not mean that. In Germany the card holds the information, which is signed. So trust is established via certificate. The government has no idea when or where I use the card.

    Reply View 0 replies