Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
EmbarrassedHelp 4 hours ago

> This is not true, the law requires core apps to be opensource. Polish EUDI wallet has been even decompiled by a youtuber to compare it with sources and check if the rumors about spying are true. So you can check yourself if the app tracks you.

The "open source" apps connect to proprietary backends run by a third party that you have to blindly trust. If EUDI wallets were truly open source and free from blindly trusting any authority, then you could simply remove that requirement and issue your own tokens without the use of potentially malicious third party.

hiciu 4 hours ago | parent [-]

> issue your own tokens

I mean, you can. It's like with TLS certificates. The standard is there. The code is there. You can issue your own.

The question is, who will trust you?

summm 2 hours ago | parent [-]

It is not at all like TLS. With TLS you at least can get your own certificate signed by an official CA, and use that private key on whatever system you want.

hiciu 2 hours ago | parent [-]

It is literally TLS in a trench coat with some json sprinkled on top.

Where I think we are not in agreement the question of "who to trust" and "for what purposes".

Are you going to trust me when I tell you that I'm over 18 if I provide you with the document signed by my cousin, Honest Ahmed?

Are you going to trust me when I show you the document signed by my government?

(this is the trick question, you don't have a choice, law says you must; there's a list of who you need to trust and for what purposes; like a certificate root store in your browser)

summm 13 minutes ago | parent [-]

You forgot to mention the additional remote attestation shackles you put on that trenchcoat.

Note that I - as opposed to the posts parent - used an official trusted CA as an example.

TLS: I see your ID with some governments signature in your hand, I trust you to be you. EUDI: I see a note you wrote and I see some signed documents that you have just been to the government brain scanner, which attests you are not faking that note, and as a nice side effect the scanner scans other things in your brain, e.g. that you watch every advert diligently, send your current location regularly to your local police office and other things.

The problem is you are not creating a government issued single purpose device but you are confiscating something many user experience as a brain extension to be under the government's control as a whole.