- cross-posted to:
- hackernews@derp.foo
- cross-posted to:
- hackernews@derp.foo
Here’s why
Human rights
Nah, they’re dropping chat control for something bigger: breaking SSL.
And this is why having true ownership over our own devices is so important, so that they can’t force this on everyone and if they try, we just replace the root certs.
This is why “trusted computing” has been pushed for so long, to remove control from the user specifically to enable bullshit like this
Even if it’s as simple as choosing which Root CA’s we want to trust, how many people will know to do that and be able to do that? A couple percent at most.
Of course we need full ownership of our devices, and trusted computing has always referred to the trust of for-profit corporations, but this in itself doesn’t help the vast majority of people who either don’t know that they’re compromised, think they have nothing to hide, are unable to do anything about it, or a mix of all three.
Privacy and security are already a privilege. Proposals like eIDAS only make it even more unaccessible.
Shockedpicachu.jpg
This is a win indeed, but what people don’t see is that most times “exaggerated and abrasive” regulation like that is only proposed to hide up other clauses and proposals that are equally bad or even worse - get the public distracted and thinking they made a difference and that the EU listens to them.
At the end of the day they’re still pushing for installing mandatory SSL root certificates in browsers (allowing for traffic interception) as part of the eIDAS upcoming regulation.
Another thing that people miss, and that most Americans folks would lose their minds about while reading this, is the fact that eIDAS also brings an unique electronic identification for each European citizen company, “a digital solution for proof of identity of citizens or organizations” backed by asymmetric cryptography with the end game of replacing paper documents.
To be fair this isn’t a new thing, most countries in Europe already provide standardized smartcards as citizen identity cards that use asymmetric cryptography so you can electronically sign documents and login to gov services with them. Said signatures have legal value and in some cases - such as lawyers and doctors - you’re required to sign documents and prescriptions with the card. eIDAS just pushed it even further.
Just imagine the potential for a govt/EU to revoke your oficial / legal identity at any time :)
Just imagine the potential for a govt/EU to revoke your oficial / legal identity at any time :)
A government doesn’t need to take away your papers to deny you its services.
A government doesn’t need to take away your papers to deny you its services.
Yes, people just need to be dumb enough to vote the typical half communist and half socialist parties to power and they’ll take care of ruining public services for everyone in equal measure. :)
Good analysis, thanks.
regulation like that is only proposed to hide up other clauses and proposals that are equally bad or even worse - get the public distracted and thinking they made a difference
But IMO this bit was superfluous POV. An alternative theory is that nobody is secretly scheming to do anything, least of all the chaotic EU apparatus, and that most politicians are not experts and they are simply responding to various competing stimuli, as humans do. Notably elections and media hype and lobbyists. Personally I don’t get why so many people attribute to malice what can easily be explained by incompetence, but whatever, I’m in the minority and that’s fine.
Interesting detail about the eID certificates. You’re right that Americans will find this crazy in the way that we Europeans might not. Perhaps Americans are right.
An alternative theory is that nobody is secretly scheming to do anything, least of all the chaotic EU apparatus, and that most politicians are not experts and they are simply responding to various competing stimuli, as humans do. Notably elections and media hype and lobbyists.
Yeah that’s a very big possibility for the state of the EU, I’m not gonna deny it.
You’re right that Americans will find this crazy in the way that we Europeans might not. Perhaps Americans are right.
Yes, I’ve seen a TON of American propaganda and people flipping out about central / govt issued IDs, driving licenses and whatnot. I also know that most US states use still use rudimentary paper-only documents to identify citizens… I mean the situation is so bad that even Apple is trying to digitize them.
Meanwhile here in Europe most countries / people have smartcards (that in some cases combine multiple documents, like the actual ID, social security ID, tax number, driving license etc.) and are using it to login to govt websites and to sign documents. It’s just crazy fun to see that in the US there are tons of companies offering ways to digitally sign documents in “a safe way” and even again, Apple, creating the means to scan a signature while here those things have little to no value and people are required to actually use their identity cards to sign docs. lol
Yes the PDF-“signing” mascarade is beyond ridiculous but that’s definitely a thing in Europe too, certainly France and Germany. Maybe only for private businesses at this point, yeah. Personally I have a whole production line up and ready for photoshopping sigs and initials and even handwritten dates onto PDFs in order to comply with dumb instructions. It’s as if a handwritten signature, even in PNG form, has a magical superpower to make a document authentic. A bit like the security theater at entrances to buildings and transport. What’s important is to go through the motions of securing something, to prove that you really want it to be secure, rather than actually to secure it. A rite, basically.
But yes, having said all that, the alternative is maybe even worse! We’re gonna find out.
It’s as if a handwritten signature, even in PNG form, has a magical superpower to make a document authentic. A bit like the security theater at entrances to buildings and transport.
While Germany cards doesn’t seem to have a digital / smartcard component, French ones do. In Portugal and Spain at least you’re required to sign digital documents with your identity card, using a smartcard reader + a small utility app provided by the gov. Only those have legal value and this is enforced. Scanned handwritten signatures have zero value, and I know this also applied for other EU countries.
- https://www.thalesgroup.com/en/markets/digital-identity-and-security/government/customer-cases/portugal-id
- https://www.mobbeel.com/en/blog/new-national-id-card-in-spain-dni-4-0/
- https://alchetron.com/Estonian-ID-card and https://e-estonia.com/solutions/e-identity/id-card/
- https://en.wikipedia.org/wiki/Croatian_identity_card