| ▲ | stingraycharles 9 hours ago |
| Why would this be? Bureaucracy / inability to change? |
|
| ▲ | miki123211 5 hours ago | parent | next [-] |
| Several reasons I can think of: 1. Google and Apple have a much larger ecosystem and are entrenched in their OSes, which means that they have a much better picture of the user than any government app ever will. They also have surveillance mechanisms that government apps are unable or unwilling to implement. This helps detect and prevent fraud (fraud prevention is mostly just mass surveillance used for good). 2. The eIDAS standards enable anonymous assertions about your identity. This lets you prove your age to a website / app without revealing any other information. There needs to be a way to prevent you from generating millions of such assertions using one ID and giving them out online to anybody who wants them, verified or not. The way you do that is by limiting their generation to trusted hardware, using hardware attestation mechanisms. Google and Apple provide those. 3. Pure laziness. It's an issue that <1% of the population cares about (which is hard to notice if you're in the HN bubble). Almost nobody uses a modern, eIDAS capable smartphone without a Google or Apple account. They may have decided that the part of the population who cares about this just isn't worth pandering to (just like some government institutions may decide that vegans aren't a part of the population they're interested in pandering to). |
| |
| ▲ | ethbr1 3 hours ago | parent | next [-] | | Appreciate you taking the time to write out the steel man. Ascribing motive to others without an honest appraisal of the benefits of choices one might not like is lazy. There can be good reasons for a bad thing, and it's important to factor them in when having a discussion. | |
| ▲ | sneak 3 hours ago | parent | prev [-] | | The issue is that correctly implementing #2 means that your publishing can be censored at the rate at which you can buy discrete iPhones. Anonymity isn’t anonymity if you can’t generate millions of them cheaply. |
|
|
| ▲ | spwa4 6 hours ago | parent | prev | next [-] |
| It is to move the burden of securing payments ("did the user actually, willingly, to the satisfaction of a court of law, initiate this payment?") onto Google and Apple. Either the government secures internet payments themselves, which means spending now to do so, coming up with a plan, ... or they can have Apple/Google do it. |
| |
| ▲ | stingraycharles 5 hours ago | parent [-] | | I thought this was about identity, though, not securing payments. Isn’t that sufficiently tackled with the digital signature? | | |
| ▲ | spwa4 3 hours ago | parent [-] | | It is about supporting "online cross-border transactions", in other words for providing a legally binding way for agreements to be made. This will be the basis for VISAs, proving you hold credentials (initially driving license, but will extend further), proving you've signed a contract. This MAY include a central-bank wallet with "digital Euro", or it may not, but even without, it's about money. You can smell where this is going, no? This is how the EU is looking to make any kind of internet authentication go through them. By providing companies like telcos with an online identity that says "if a customer clicks 'buy' logged in through eIDAS and they don't pay, EU courts will if needed get the money from their homes, their mothers, sell their dog to make sure you get paid". Then things like forcing kids off the internet, the always returning porn and copyright regulations rules and so on will follow. | | |
| ▲ | taejo 2 hours ago | parent [-] | | Btw a visa is a document allowing entry into a country, while VISA is a word mark used by Visa, inc. for their payment cards and network. I think you're referring to the travel document, but since the context also includes payment networks, I'm not 100% sure. |
|
|
|
|
| ▲ | archerx 9 hours ago | parent | prev [-] |
| Or someone could be getting kickbacks on the down low. |
| |
| ▲ | rafaelmn 7 hours ago | parent [-] | | Or it's just way easier to implement this way and they don't want to waste time on stuff only HN crowd cares about ? | | |
| ▲ | bakugo 7 hours ago | parent [-] | | Implementing Play Integrity is something developers have to go out of their way to do. Not implementing it requires literally zero effort. So no, it's not easier to do it this way. | | |
| ▲ | kackerlacker 4 hours ago | parent [-] | | One could say the same thing about virus scanners. They are obviously too little too late "security" so standards that require them have given up on real requirements like a way to achieve actual assurance of no buffer overflows. Nonetheless, an implementation to such a standard that chooses any off the shelf scanner is a lot less work than implementing a new scanner. |
|
|
|
