| ▲ | 0x_rs 17 hours ago |
| Does this mean sanctioned individuals, such as those in the International Criminal Court, would be unable to access eIDAS, among other things? As it requires, from my understanding, installing app(s) from the play store, thus requiring an account there and being able to access it, which isn't happening if you're among those or really, in any group that might get the same treatment in the future. |
|
| ▲ | iamnothere 16 hours ago | parent | next [-] |
| If an account is required, then yes. Good catch. This may not be unwelcome for authorities considering the recent extrajudicial “unpersoning” of many political enemies in the EU. |
| |
| ▲ | comex 12 hours ago | parent [-] | | It definitely would be unwelcome for EU authorities in cases like the recent US sanctions against ICC officials. | | |
| ▲ | OgsyedIE 11 hours ago | parent | next [-] | | Not to mention the German debanking and account closing of a few middle eastern journalists living in Germany, their spouses and in one case their children. | |
| ▲ | iamnothere 2 hours ago | parent | prev [-] | | Fair... they should think about this then |
|
|
|
| ▲ | raverbashing 12 hours ago | parent | prev [-] |
| Yes? I don't think it's a bad idea though. If only for bringing the issue to the public And while I do think an alternative would be good, the fact is that protecting the private key is the most important part (for example by keeping it on a smartcard with NFD) - hence why the need for a secure device "but I want to install alternative Android etc etc" yes that's fine - but you know this is a non-secure-(enough) env. |
| |
| ▲ | fpoling 10 hours ago | parent | next [-] | | Physical SIM cards are just as secure as the security enclave on the phone. In Norway few years ago banks even used that for secure authentication that worked on dumb phones with local mobile network providers pre-installing the required software on their SIM cards. But then to save cost including the support cost banks stopped and instead started to require a non-rooted Android/iPhone. | | |
| ▲ | raverbashing 10 hours ago | parent [-] | | Yup, it would be so much better to have it tied to simcard (though it might not help so much with anonymity) But I think there are still cell operators without sim card |
| |
| ▲ | AnthonyMouse 11 hours ago | parent | prev | next [-] | | > "but I want to install alternative Android etc etc" yes that's fine - but you know this is a non-secure-(enough) env. I feel like this is getting to the point of gaslighting. Many of the allowed devices are bargain bin Android phones running out of date software with known vulnerabilities in both the operating system and the hardware which is supposed to be protecting the keys. Meanwhile you could be using a hardware security module in a bank vault in a nuclear bunker surrounded by armed guards and the excuse would be that this "isn't secure" because it hasn't been approved by Google or Apple. Governments shouldn't be requiring you to use any specific vendor or set of vendors. They should be publishing standards so that anyone who implements the standard can interact with the system. | | |
| ▲ | raverbashing 10 hours ago | parent [-] | | > Meanwhile you could be using a hardware security module in a bank vault Yeah you could, but most people won't Should they allow for a yubikey on a non-google phone? Or your own private key? Yes they should. But then there's the issue of enrollment, etc. | | |
| ▲ | AnthonyMouse 10 hours ago | parent [-] | | > Yeah you could, but most people won't When something is required by law, it needs to work for all people. It also specifically needs to not entrench incumbents by impeding the ability of challengers that don't currently have market share from ever getting any. > Should they allow for a yubikey on a non-google phone? Or your own private key? Yes they should. But then there's the issue of enrollment, etc. There is no such issue because enrollment should be part of the standard so any device that implements the standard can be enrolled. |
|
| |
| ▲ | Dylan16807 9 hours ago | parent | prev [-] | | > but you know this is a non-secure-(enough) env. No I do not. It is plenty secure compared to a corporate version and nobody should be legally able to deny service over me having control over my own computer. Needing the entire OS to be secure to protect a key is also a dumb idea in general. | | |
|
