Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
much thanks to @gary_host_laptop for the logo design :)
private ids where always the scope of the privacy movement. However, it may as such present other challenges which can include age based discrimination. It as such must be implemented wisely.
Age is already being weaponised against us (child protection, etc), this shouldn't be like that - We can already see what kind of power governments hold. Ageism is what will ultimately destroy us.
I have not yet looked into it.
I will vote in favour if:
If any of these points are not fulfilled with the planned implementation I will have to weigh the risks.
Its not fully open source actually. Just the App, not the infrastructure or what and who's behind .
https://github.com/swiyu-admin-ch contains far more than just the client. Only a certain component where they had to rely on a proprietary solution is closed source. Everything else is in the open.
In Belgium we do have e-ID and we had it for years.
If in any of the circles there is only BigTech then indeed you are right it is a threat.
In Belgium though I can access my official document with some of these (honestly I don't remember which, but AFAIR It'sMe is one option) but more importantly there are some options with some decoupling, e.g. SMS (arguable as one must have a phone number usually via BigTelco) but, last and not least :
which means as long as at least one of these alternative is available then IMHO we can get some of the benefits without the centralization risk.
Those aren't eID. They are a way to authenticate using CSAM.
There are different weights tied an authentication method, card reader scores highest.
From the top of my head there's email, sms, totp, card reader, eiDAS and itsme® (which I avoid because it's proprietary and controlled by a 3rd party).
There's a list of properties a service can request when accessing data via ACM/IDM, for example your ssn, name, etc.
You can read your eID with local software too, with the aptly named eid viewer. Click on the picture in the overview and drag it into a text editor to see the entire exportable xml.
If I'm not mistaken, it's up to the the service that's using the Belgian e-id to enable some of the options or not. For example, the website where I check my payroll only works through itsme or with a card reader — no TOTP or SMS 2FA. It's a big issue because itsme refuses to run when you don't pass Google's safety net.
I'm talking about public services. For private services I have no idea what they all do and, as importantly, what they are legally bound to do. I would hope that obviously they would have to provide at least 1 solution that doesn't rely on any third party, e.g at least provide the card reader with legal Belgian ID option (which seems to be what they offer you, so IMHO that's good enough), but I don't know.
ItsMe not running is pretty good in terms of privacy because their entire business model is, and correct me if I am wrong, to be an intermediary. I didn't check what data they share but I'd be pleasantly shocked if it was none.
The card reader might seem slightly inconvenient or outdated but there is no intermediary and it is, AFAICT, secure because it's based on well established cryptography.
PS: it's also fun because you can play with PAM and thus, I didn't try that, login or get su and sudo with your ID card.
It doesn't matter whether it's a private or public service if they both use the same auth provider (beId). I wouldn't be surprised if the SMS/TOTP options went away completely at some point for our "security".
A different issue is that itsme is often the only option when doing things on mobile. Sure, you can avoid it for now, but it's getting increasingly inconvenient to do so, unfortunately. I try to express my disappointment to itsme every now and then about the fact that they require Google's SafetyNet and that the Connective Plugin needed to activate itsme in the first place doesn't even work on Linux, but to no avail. They sent me a detailed email about setting up a Windows VM to get it working so credit where it's due for the effort, but the situation is still bad...
itsme is often the only option when doing things on mobile
Indeed that's why TOTP, via e.g. Ente Auth, was a good surprise. I didn't see it until now and I believe that's the mobile alternative to ItsMe.
That's what I was saying — sometimes the TOTP option is not available at all for certain services. Ente, Aegis, Bitwarden, etc won't save you there and itsme remains the only option on mobile when that's the case.
You can not just say that it is a threat to privacy. Its design improves privacy as we finally can ID ourselves, where it has always been required, without actually giving our identity to online services.
I think avoiding functioneren creep will be a certain issue.
Belgium has such an e-id for nearly 10 years now. It works pretty good and acces to your personalia data is granular.
If only age verification is needed, the request will only grant you birth date.
Comanies that want to use it need to be vetted and their acces to your data is centrally regulated.
centrally regulated.
Any privacy freak who did a review on ItsMe? I just shared minutes ago https://lemmy.ml/post/36346569/21174131 that I don't trust them but maybe I'm just paranoid. The fact that they are regulated means little, Meta and Google also are and they legally siphon everything we let them.
If only age verification is needed, the request will only grant you birth date.
I always wonder why they don't minimize data further. "Age of Majority reached: Yes" seems like it should be good enough.
The German one supports that. It will also tell you exactly what data is transferred to the service in question.
But because Germany is Germany, the eID is rarely even implemented.
Am I witnessing democracy right now ? Wow it's like people collectively decide about key topics, amazing. Go Switzerland !
I'm in favour of it.
Contrary to the last time this was proposed, the government is in control of it instead of private corporations.
This will also be an alternative to any of the current online ID verification, which involve sending photos of your ID, videos of it and videos of yourself to some random third party for verification.
My point of views is it will be used more broadly, in every services. So, even if it will be "optional",there will be no option to choose not to use it.
There is an article in the proposed law that e-ID is only allowed to be required for actions, where the law explicitly requires authentication.
In this proposed law there is no article that explicitly forces services to require a ID
So it only applies to services that used to require identification since a long time, lime buying alcohol, money laundering protection, some government stuff you had to do physically prior etc.
But there is a new law coming which sadly did mot get a referendum, that requires age verification for 18+ media like video and games. But this law will take effect no matter if e-ID is accepted or not. So if e-ID was declined, you would have to scan the compete ID, do a liveness selfie and send it to private companies like Netflix to watch 18+ stuff there.
With e-ID, you can proof you’re old enough without revealing name, gender, body hight etc.
Please inform yourself correctly before spreading nonsense
Mm yes the law, a thing that can never be changed, that big tech definitely doesn't have power to influence, and a concept that other countries definitely won't be "inspired" by
In Switzerland, any law changes can be prevented by a referendum
So, no, in Switzerland, the law can not just be changed.
Switserland is quite unique. They have referenda for big changes and are pretty conservative. Besides from that, they're all armed and battle ready ;-)
