Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
nilslindemann 3 days ago

What about users with no smart phone?

pjmlp 3 days ago | parent | next [-]

No smartphnone and dependent on two US companies, is there an official complaint form?

EDIT: A possible way, https://european-union.europa.eu/contact-eu/write-us_en

techcode 3 days ago | parent | prev | next [-]

In The Netherlands I wouldn't be able to login to any government or adjecent websites (e.g. portal of my local health center/GP, health insurance, retirement/pension insurance) without a smart phone running DigiD app for 2FA.

The non-EU Serbia has the equivalent app, but also you might be able to get individual/personal e-certificate (for logging into e-government or signing e-documents) added into smart card chip of your ID. But in practice it seems thats only used for business purposes, like CEO/Accountants/etc to sign/submit business records/taxes.

tmtvl 3 days ago | parent | next [-]

In Belgium the eID software runs on GNU/Linux, so I can log in to government websites using my ID card and a card reader. In my experience it even works better on GNU/Linux than on MS Windows.

It's one of the only things that Belgium does right.

closuregarden 3 days ago | parent | prev | next [-]

The DigiD app isn't required. You can log-in with DigiD using SMS 2FA. This is what I currently do, because I don't want to install closed-source software on my device.

mcv 3 days ago | parent | prev | next [-]

DigiD used to work fine without an app. I think it still does, because I have to explicitly select using the app to log in.

exceptione 3 days ago | parent | prev [-]

Dumb phone works as well with sms verification.

techcode 2 days ago | parent [-]

I used to work for a GSM messaging gateway/SMSC. And seeing first hand how most of those SMS messages (2FA, password reset, bank transaction/balance ...etc) are usually routed (sure over SSL but stored/forwarded as unencrypted GSM packets) through several different companies around the world - before reaching your mobile operator ...

And on top of that you add stuff like sim cloning, and all the other things that one gets by having a direct SS7 connection (there were blog posts/YouTube videos - IIRC Linus Tech Tips calls/SMS got routed to Australia).

Using SMS for 2FA or anything similar is my last resort.

Granted I stopped working there 15+ years ago - but I imagine that the basic economy reasoning where it's impractical for every mobile operator to have a direct peering contract with every other operator in the world - is still the same.

And messages originating from non mobile users/operators (like DigiD 2FA) always start at one of these messaging gateways/SMSCs (e.g. InfoBip.com), and often go through a few different ones before reaching your mobile operator.

Someone 3 days ago | parent | prev [-]

From skimming the texts, I don’t see a 100% hard requirement of using a smart phone.

Yes, in https://ageverification.dev/av-doc-technical-specification/d..., section 2.3 User Journey says

“To enable online age verification, the User is required to install an AV app on their mobile device”

but section 3 Architecture says

“The solution relies on a device-based proof of age model, leveraging widely available mobile devices such as smartphones and tablets to store age attestations. This approach supports the goal of rapid deployment and broad accessibility. Alternative mechanisms for storing and presenting proof of age may be considered for future versions of the solution.”

and

“It is also recognised that devices may be shared among multiple users, for example, when a child has access to a parent’s mobile phone”

That indicates the child may not need to have a smartphone.

I think the vast majority of cases where this will be used it with users wanting to run smartphone or tablet apps, though. For those cases, requiring the user to own a smartphone isn’t problematic.

jampekka 3 days ago | parent [-]

The app is available only on Android (and maybe iOS) and requires Google/Apple attestation.

There's been extensive discussion about this, but the developers refuse to even fully acknowledge the problem.

Someone 2 days ago | parent [-]

Is there a “the App”? The text I referenced talks of “a Reference Implementation”. That suggests, to me, that there will be multiple apps, leaving open ones for other platforms than smartphones.

And yes, it remains to be seen whether, as they say “alternative mechanisms for storing and presenting proof of age” that “may be considered for future versions of the solution” actually will actually surface, but their argument “The solution relies on a device-based proof of age model, leveraging widely available mobile devices such as smartphones and tablets to store age attestations. This approach supports the goal of rapid deployment and broad accessibility.” has merit.

jampekka 2 days ago | parent [-]

There are Android and iOS apps. It's advertised as a "white label solution", meaning productized apps should be built on it.

https://ageverification.dev/Setup