Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The app this discussion is about is a reference implementation that is part of a long-term process for building a digital identity app. Specifically, this discussion is about the age verification part of the app, which is the first part expected to be finished but is also only a small part of a much wider ideal.

Europe's dependence on American tech is a major pain point but realistically, there are only two smartphone vendors. If a European vendor does rise up, I'm sure whatever app comes out of this process will happily hook into the hardware attestation API for that OS as well.

https://github.com/eu-digital-identity-wallet



But you could do attestation on GrapheneOS, no need to require the users to have Google spyware preinstalled. Google is abusing its position here, attestation should be to verify the security model, not Google's business model..


Attestation is fundamentally incompatible with software freedom.


When scoped to attest the full software stack down to the kernel, yes, because it takes control away from the general purpose computing device that the user supposedly owns. I don't however have a problem with attestation scoped to dedicated hardware security devices such as Yubi Keys.


And if such dedicated hardware is ever required by the law, the manufacturer should be prohibited from bundling any business-related functionality there (such as displaying ads) that can't be turned off without breaking the certification.

Google's ad business model should never be mandated by law, unfortunately lawmakers seem to be unaware that this is what requiring Play Integrity effectively means.


Yes, and remote attestation should be illegal on any general purpose computing device, for some reasonable definition of what that is. General purpose computing should be a human right, in particular the right to change the software running on devices that you own.


This "identity wallet" is such a hostile idea, require identification for everything instead of thinking about how to remove identification (for example, allow anonymous banking, traveling).


Wait until you find out that in some places in the EU it's a crime to not carry a physical ID on your person when you leave the house.


Is it just me, or are nation-states getting way too uppity?


In post Soviet countries it’s a relic of the past, obviously still useful if you’re looking for a reason to arrest someone.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: