Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
kuon 3 days ago

I treat apple ID and google ID like throwaway accounts. I would never trust anything valuable to either. The problem is that it is very hard for "usual people" to do that.

I will also never have an electronic ID. We (Switzerland) were dumb enough to vote yes for it but we are giving away our freedoms eventually.

We need regulations to ensure vendor cannot lock in users and cannot threaten them. Everything should work like if you have your own domain and use email. If your provider go nuts, move your hosting and change your MX and point your local copy to it.

This should not be reserved to some nerd like me, it should be an universal right.

It is already late, but it can be reversed. We need for more sotires like this one to errupt, so people understand.

lwkl 3 days ago | parent | next [-]

The digital ID in Switzerland [1] is literally the best case scenario from a privacy standpoint. It is basically an ID that is stored on your phone that can send a signed copy of your data to someone verifying it. But instead of sharing all your data everytime it can also only share part of your data or only verify that you are above a certain age.

I personally prefer this to sending a copy of your ID and a video with my face to someone verifying service provider that verifies my identity for a bank or some website.

[1] https://www.eid.admin.ch/en/technology

seszett 3 days ago | parent | prev | next [-]

> I will also never have an electronic ID. We (Switzerland) were dumb enough to vote yes for it but we are giving away our freedoms eventually.

What's the link with the rest though? Your government already knows you, whether your id has your information printed with ink or stored on a chip.

Belgium has had electronic id for decades now and I fail to see how it has taken away any freedom, but it has enabled people to get their official documents online without having to make appointments in person in most cases.

jeroenhd 3 days ago | parent | next [-]

I think the fear many people have is that digital ID will be required for non-government services as well. I can easily see that happen in the USA and Switzerland is the kind of weird that may also let that sort of thing happen.

With things like age verification becoming mandatory just about everywhere and actual privacy-conscious digital age verification being very difficult, there's definitely a risk towards abuse and badly designed authorization mechanisms (although the EU's open source backend and frontends should make it easy for other countries if they do actually care about privacy).

nullfield 2 days ago | parent [-]

The kinds of things you want here, and that I think we all do, are hard.

Yes, ideally a trusted intermediary would do something like… read your digital ID (which stiLL doesn’t guarantee it’s you providing it, up to a point), examine a birthdate, and sign an attestation to a liquor store that “this user is 21 or older” without you ever having to fork over your name, address, or biometric details.

The will to enforce such measures, at least in the US, seems low.

jeroenhd a day ago | parent [-]

This is why the EU is going the app route. You load your ID into an app, and can review on-the-fly what data you're sharing (including a simple "older than 18" token to buy liquor). The app also allows keeping a log of who requested what data, so if you find out in hindsight that your grocery store requested your full name illegally, you can report them.

Enforcement chances in the US, maybe outside of California, do seem low, but at least the "we cannot do it" argument is off the table when the EU has a ready-to-deploy suite on Github for anyone to access. If you don't like the EU, the Yivi (previously IRMA) project implements pretty much the same ecosystem, but in a slightly different way.

kuon 3 days ago | parent | prev [-]

Because it will be used by other services. Like google requiring one for you to use their services. That's the problem.

seszett 3 days ago | parent | next [-]

It seems to me as if it would get used by the same services that already require an id, except they would now not require a physical check of the id anymore.

9dev 3 days ago | parent | prev [-]

I don’t see that happening in Belgium, though?

duskdozer 3 days ago | parent [-]

You don't? Google already requires ID for developers in Belgium [0], and it's complying with regional laws for age verification [1]. The EU is also starting to look at age verification [2]. I don't see how it's such a stretch that Google may want to expand this further even in the absence of government demands, considering the huge ad/data incentive for them to directly link accounts to IRL identities.

[0]https://support.google.com/googleplay/android-developer/answ...

[1]https://www.digitaltrends.com/phones/google-play-store-wants...

[2]https://digital-strategy.ec.europa.eu/en/factpages/blueprint...

seszett 3 days ago | parent [-]

> Google already requires ID for developers in Belgium

But it also requires id in France, even for people who don't have an eid. Or in the US, and most likely just about everywhere in the world.

I don't see how this is related in any way to having a chip on an id document.

cube00 3 days ago | parent | prev [-]

> The problem is that it is very hard for "usual people" to do that.

Exactly, for all the victim blaming in other comments, try to explain 3-2-1 backup to non-technical people and you'll be met with glazed eyes.

Sadly I think it's going to take more people losing their irreplaceable data and for the network effect of having it happen to someone close to actually see any change.

There's a surge of people losing their Google accounts with hackers abusing parental controls at the moment, although I suspect a lot of those people will just move to Microsoft or Apple thinking they're safer until they get burnt there too.

As more non-deterministic AI is built into abuse systems it's inevitable that there'll be more false positives, couple that with impossible to access human support to override the decisions, it's a risky time to trust your irreplaceable data with anyone but yourself.

You could do everything right and still get locked out.