Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
lxgr 3 hours ago

The lack of digital ID is a huge problem in many domains and enables a lot of scams and crime in the first place.

Requiring identification in situations that don't need it is where the problems start, but that's possible with analog IDs as well, and is often even worse there (since these provide neither security against digital copies, nor privacy, which digital ID can, e.g. via zero knowledge proofs).

nextos 2 hours ago | parent | next [-]

Personally, I liked the low-tech solution of code cards + password (2FA), used by e.g. Denmark as digital ID, now discontinued. I am aware that it is imperfect, and if you are not careful with MITM attacks you can get in trouble, but it was a good compromise to avoid the temptation to track citizens. Something like a hardware TAN generator, but with protection against MITM, would be an ideal compromise. The current trend of moving towards mobile apps that require hardware attestation is worrying.

lxgr an hour ago | parent [-]

Definitely, requiring the entire smartphone to be "trusted" is way too much.

Small external signers with a display and confirmation button are a nice compromise (and also largely solve MITM!), since I don't mind an external device being under somebody else's administrative control as long as I can run what I want on my smartphone or computer.

But people don't want to carry two things... Hopefully we can at least have both as alternatives going forward.

phatfish an hour ago | parent | prev [-]

It's like people want to hand over scans of their passport and/or driving license to random businesses again and again, every time the need to prove who they are; and have their ID documents littered in Outlook mailboxes or company file shares with zero permissions.

Or be forced to install yet another ID app from a private service that requires you have an iPhone or "compatible" Android.

The debate about this in the UK is just crazy. Notwithstanding the current "febrile" state of politics. It has always received weirdly vitriolic push back.

What really is the Government going to do with a digital ID service that they can't do already?

I just want to be able to give estate agents, solicitors, a bank, etc my ID number and a time-limited code that proves I am in control of that ID (or however that might work), and be done with it.