What if you „lose“ your google / apple account, like this sanctioned judge of the international criminal court? Crazy to imagine that we are still baking in dependency on US providers in european societies, even though there is clear indications we should be doing the opposite?
I am shocked that there isn’t more opposition from the general public to policies like this that erode privacy and freedom. I am a parent and can appreciate the need to control what children do on the internet, but at some point parents need to parent. I fear we’re giving up a lot of freedom and adding unneeded complexity under the guise of keeping children safe.
Germany is distracted with its version of “the gun debate” aka speed limits.
Like every school shooting, every energy crisis brings opportunity to
saturate the airwaves with shallow noise that gets people overly
upset and they’ll ignore everything else.
Every player on both sides is abusing this mechanic for all eternity.
As far as I can tell, people are getting blitzed. People I know are incredibly deep in their personalized bubble and genuinely aren't even hearing about it. It's genuinely distressing. In general and for the future of democracy.
It feels like this era of hyper-individualism requires too much attention from each individual and favors those that can afford to outsource the work. While that stabilizes the role of society as a system, I feel like this is most worrisome for the less privileged in any low-trust environment.
I think because most people, even tech savvy ones don’t understand how this might effect their lives. It’s too abstract. At least how it’s portrayed here.
Contrast that with chat control.
My government can read my WhatsApp messages? Not good!
But there is nothing abstract here. A private entity, situated in a country that is very hostile and pro-Russia, controls parts of the software stack and implementation here. That's a law written by lobbyists.
I think the point is rather what percentage of people will continue to need to have a phone that is Apple or Google, due to death by a million decisions like these.
This feels like arguing that people wouldn't object to having a shock collar padlocked around their neck because it's not currently shocking them. You don't have to see very many moves ahead to guess what happens if you don't object.
You write it as if companies provided tons of help to parents and children. Meanwhile, they spend a lot of money to make it as hard as possible.
Second, kids in Germany have generally a lot more freedom and there is less of knee jerk impulse to blame parents for every accident. Expectation is that adults dont harm them without parents having perfect control every sevond.
The age verification sniffing laws will come to the EU and Germany too, so your assessment is, in my opinion, too limited and incomplete. It's not really about parenting, it is about grabbing more and more data from people.
All these requirements for specific hardware and software are ridiculous. Let every citizen use whatever computer they want. It should be up to the user to secure themselves. Authentication should only require a password or a key pair. If the user wants more security, they can set up TOTP or buy a security dongle or something.
It's also ridiculous how it seems we've forgotten computers other than smartphones exist and that not everyone even has a smartphone, let alone with an Apple or Google account.
The current policy trend in the EU is definitely not based on the principle of each user evaluating their own risk. On the contrary, service providers like financial institutes and identity providers have the responsibility to keep users safe. The natural consequence is restricting which platforms are supported.
It should be legally required to provide enough interoperation capabilities for a compatible frontend to be written for an Apple II by whoever would like to do that, as the government can't be expected to write and maintain clients for every platform that's now in existence or that will be created in future.
Does this mean sanctioned individuals, such as those in the International Criminal Court, would be unable to access eIDAS, among other things? As it requires, from my understanding, installing app(s) from the play store, thus requiring an account there and being able to access it, which isn't happening if you're among those or really, in any group that might get the same treatment in the future.
Not to mention the German debanking and account closing of a few middle eastern journalists living in Germany, their spouses and in one case their children.
I don't think it's a bad idea though. If only for bringing the issue to the public
And while I do think an alternative would be good, the fact is that protecting the private key is the most important part (for example by keeping it on a smartcard with NFD) - hence why the need for a secure device
"but I want to install alternative Android etc etc" yes that's fine - but you know this is a non-secure-(enough) env.
> "but I want to install alternative Android etc etc" yes that's fine - but you know this is a non-secure-(enough) env.
I feel like this is getting to the point of gaslighting. Many of the allowed devices are bargain bin Android phones running out of date software with known vulnerabilities in both the operating system and the hardware which is supposed to be protecting the keys.
Meanwhile you could be using a hardware security module in a bank vault in a nuclear bunker surrounded by armed guards and the excuse would be that this "isn't secure" because it hasn't been approved by Google or Apple.
Governments shouldn't be requiring you to use any specific vendor or set of vendors. They should be publishing standards so that anyone who implements the standard can interact with the system.
AFAICT, there is no mention of an Apple or Google account being required in general - the documentation just lists "signals" that are used to securely authenticate a person - such as Google's/Apple's security ecosystems.
I am not sure what this means in practice.
Can anybody with deeper understanding explain the actual implications and possible outcomes?
(Note: BMI is the German Federal Ministry for the Interior)
That sounds like a very smart move at the time where Europe realize the US isn't such a gray partner and it's trying to reduce it's critical dependencies on foreign nations tech and infra. Good job.
I'm actually very surprised to see this from the germans who have this reputation of great engineering culture
Nor in the physical world either. Crumbling planes, trains and automobile infrastructure. Collapsed bridges, airports that don't function properly etc.
As someone who has experienced a Migration to SAP, no it is quite hard to say it is good. Doesn't work on mobile (unless you toggle on "desktop" mode, at which point if kinda works), is slower than the preceding PHP solution and generally functions like a POS. Other SAP implementations did not seem to behave much better.
They might have some great software _somewhere_ but I have yet to see it.
SAP software is the bane of most people, who have to use it, except for expensive consultants, who make bank preying on hapless clueless companies opting to use SAP software.
You're linking to a bugtracker. I doubt they're inviting people to spam it with duplicate entries — valid as I think the concern is. But maybe it says somewhere that you can leave feedback here and I just haven't seen it?
I spent months designing a system, exactly like this. An account is not needed, at least for Apple.
Play Integrity could the worst offender here, as it can be leveraged to force a user to have installed the app through the Play Store. Indirectly, requiring a Google account.
Works for me in Germany. I wonder if it's some overzealous bot protection that's cutting off humans again, in this case from what looks like a government website, but without further testing that's hard to say. You could check if it works from another network, or if other people on your network range have the same issue (like if you're in 13.37.0.0/16 then maybe someone else at the ISP is also in that range and could check if it got blocked outright)
App attestation does not require an Apple account nor a google account. For Android, it does limit the ROMs to Google certified ones and requires GMS to be installed if Play Integrity is used. An alternative option, would be to use the Hardware Attestation API directly, GrapheneOS would be thanking you.
I've spent a good amount of time implementing exactly this type of system for a backup service.
his document specifies a way to cryptographically attest the integrity of a HTTP request hitting a server.
The attestation proves the request came from a device and attest the legitimacy of the bootloader, OS and app.
Google and Apple are in a privileged position to be able to bypass the app attestation though, so depending on the threat model, it's not bulletproof.
edit: Play Integrity could the worst offender here, as it can be leveraged to force a user to have installed the app through the Play Store. Indirectly, requiring a Google account.
There's no such thing as "legitimacy of the bootloader, OS" that can be verified by someone who isn't the device's user. The bootloader that booted the phone I type this on is patched by me, which makes it more "legitimate" than any other bootloader that could be placed there.
The reason (or, depending on your inclinations, the excuse) for trusted computing to exist is not to guarantee that I didn’t patch the bootloader of the phone on which I type my comment; it’s to guarantee I didn’t patch the bootloader of the phone on which your grandma logs in to her bank without her knowledge.
You can bicker about the words all day long. Legitimacy, or perhaps better: authenticity, in this context, would be a bootloader or OS that doesn't allow tampering with the execution of an app.
Sorry but this is nonsense - most users, even the Linux toting power users - don't have the time, ability or knowledge to verify the contents of their OS in a way that would catch issues prevented by attestation.
The problem with modified phones containing malware is very real and unless you want a full on Apple "you're not allowed to touch the OS" model you need some kind of audited OS verification that you as a user or a security sensitive software can depend on.
No, what you're saying is nonsense. I can burn a key into efuses of this phone to make it only boot things signed by me and make the whole boot path verified, OS image immutable etc. and all of this can provide me some value, but it's absolutely not in my interest to let applications be picky on what can or can't happen in the OS (even if they would accept my key being there rather than Google's, which they won't). The only thing it manages to do is to prevent me from using the device the way I want or need it to be used.
> App attestation does not require an Apple account nor a google account. For Android, it does limit the ROMs to Google certified ones and requires GMS to be installed.
To me, there is no difference between your sentences. You require the blessing of an American company to be able use eIDAS. Google has the power to disable eIDAS at a national scale by making the attestation services treat all devices as not certified.
There should be NO reliance whatsoever on a private company not under the control (direct or indirect) of the government let alone a foreign private company.
Edit: I just noticed your username and the fact that your account is very new. Are you astroturfing?
I made an account because I'm qualified to talk about this topic :-) I've spent a considerable time testing every corner case of UX, and DX of an app attested service.
App attestation can fail on simulators, Graphene OS, dev builds, I've seen it all. There is one check you can do to see if an app was side loaded, so indirectly, can require Google account.
Title is still misleading though, as it explicitly mentions accounts.
I agree, there is still a reliance on the tech giants that produce the phones, who are the o'es embedding the cryptographic keys, to make this end to end attestation work.
But in pure technical & UX terms, you don't need to be logged in.
Your whole point is orthogonal to what I said too.
I said the title is misleading, which it is.
Your argument that app attestation should be avoided because big tech company can withhold it is garbage. It holds no water. They can cut off access to the app in general by removing it from the app stores and the devices that have it installed.
American big tech has Europe in a stranglehold, I agree with your sentiment there.
eIDAS can be used with the ID reader on Linux even, there's no lock out. They want to offer a convenient alternative for the normies, in a secure manner, I don't mind.
Edit: my 70 y/o mother even eIDAS authenticates (not germany, other EU country) on Linux Mint. There's no argument for lockout in my anecdotal perspective.
EU digital identity law to make inter-EU signatures (And authentication) work.
As an example, an EU citizen working in Sweden should be able to submit Swedish tax forms whilst living here by using a digital identity from the originating nation.
There are also some standards in place like ETSI standardized extensions to PDF signatures so that you can verify that a signature inside the PDF was actually signed by a specific physical person (the standard is there but it's not fully used throughout the EU yet due to some legacies).
Implementation is a bit of a mess still but things are converging.
Is there a reason this user-hostile mess is preferred over an X.509 certificate (besides big tech lobbying)?
Slovenia hands out certificates for online government services, including document signing, and it seems to be going fine, with the added benefit that Google can't take away my access.
In the end it's mostly x509 certificates, an ETSI pADES PDF signature for example contains the signing x509 certificate (ETSI specifies extension OID's to the x509 certificates to contain personal numbers, country, etc).
The big question is how to let users properly handle their certificates so they won't get abused into being useless.
If I understood it correctly, the German current Ausweissapp seems to require NFC to read it from your personal id card together with a PIN code you got with the card, it's not entirely user-friendly since aligning the card with your phone seems to be prickly.
Swedish BankID handles it internally in their app (unlocked via PIN's) but they don't have a good way to use it to sign things (It all relies on the infrastructure even if they give out signature documents it's not compatible with pADES).
There's a new govt sponsored one that I assume will piggyback on the personal cards/passes that are readable via NFC.
Norway and Denmark iirc supports proper signatures but I don't think the certificates are under user control (someone correct me if I'm wrong here).
Now these things are mostly issues for document signatures, authentication is often handled via other flows.
What I skimmed from the article, it seems to be more in line with Swedish BankID and is actually fairly smooth for end users even if less secure than what they have now with Ausweissapp.
Most people wouldn't know what to do with a certificate, so governments build some stuff on top (like an official mobile app) which makes auth easier. It's usually just certificates underneath (not exposed to the user).
Eidas tries to harmonize these implementations across EU member states.
eIDAS is about making the electronic IDs emitted by the different EU governments intercompatible, so you can use a Slovenian certificate to authenticate into the German tax system, if you want to.
Do you happen to know if German citizens can obtain a certificate to sign PDFs (from the government / for free)?
Several paid providers for X.509 certificates exist but document signing certificates cost around 80 € per year [0]. And if I want duplicate X.509 certificates for my redundant Yubikeys then the cost doubles.
Other providers require an initial deposit and then charge per signature [1], which leads to intransparent pricing. In the interest of open commerce, I strongly believe that securely signing an electronic document should cost the same as my manual signature, i.e. nothing.
A partial solution already exists because I can use my electronic ID card with the AusweisApp to prove my identity when interacting with German authorities. This feature is generally useful because I live outside of the EU, but I especially appreciate that I can have my OpenPGP key signed by Governikus (a government provider) to prove the key belongs to my name [2].
Technically, I should be able to use my certified PGP key to sign documents, but in practice most non techies don't know how to validate my signature. For the average user opening my signed PDF in Adobe Reader, I would need an X.509 certificate from a trusted Certificate Authority for users to see the green check mark.
I assume this should be "intra-EU"? I'm not very familiar with eidas so I'm not sure, but afaik it's about signatures within the EU, not between different EUs (as there is only one in this world). (I hate this inter/intra wording, always have to translate it in my head to understand whether it's like internet (between networks) or like intranet (within a network). Would recommend using "within-" instead of intra whenever it's not already a well-established word, like intranet)
Theres a dispute? Well it was going to end up in court no matter how you signed it anyway.
This has all the hallmarks of a design by committee project by people whose salary is paid regardless of demonstrating market fit, productivity, usage, plain sensibleness...
Can I use Docusign to provide my identity in Estonia online via my phone when I move there to buy a SIM card or open a bank account or file a document with the local authority?
Can I also send the Docusign document via Signal without Docusign knowing the person who signs it?
Because that is what the eIDAS is supposed to deliver on top of cryptographic validation of signatures.
Made me laugh then cry. I’m willing to bet your comment still stands in 2030 unless someone like Apple allows FaceID to be used to sign too (this seems like an obvious and easy thing to do as they already got more than half of the infrastructure in place)
> Theres a dispute? Well it was going to end up in court no matter how you signed it anyway.
The fact that it's ALWAYS a docusign is the ridiculous part. It is just a glorified where you enter your name and email. No need to pretend otherwise. Any other service would be just as good. This is basic human sheep-like behavior?
So what was the point of putting a crypto chip into every ID if you are gonna try and reinvent the entire trusted environment in the fucking smartphone?
Like every school shooting, every energy crisis brings opportunity to saturate the airwaves with shallow noise that gets people overly upset and they’ll ignore everything else.
Every player on both sides is abusing this mechanic for all eternity.
At least their version has an obvious solution: Make electric cars and solar panels and then stop having oil problems.
Contrast that with chat control.
My government can read my WhatsApp messages? Not good!
What’s the non-technical narrative here?
When you realize the tiny tiny percentage of people that have a phone that is not apple or google, you understand why few people are up in arms.
It simply doesn’t affect many people.
You write it as if companies provided tons of help to parents and children. Meanwhile, they spend a lot of money to make it as hard as possible.
Second, kids in Germany have generally a lot more freedom and there is less of knee jerk impulse to blame parents for every accident. Expectation is that adults dont harm them without parents having perfect control every sevond.
It's also ridiculous how it seems we've forgotten computers other than smartphones exist and that not everyone even has a smartphone, let alone with an Apple or Google account.
That's just not possible, or should the system be legally required to run on an Apple II?
This may not be unwelcome for authorities considering the recent extrajudicial “unpersoning” of many political enemies in the EU.
I don't think it's a bad idea though. If only for bringing the issue to the public
And while I do think an alternative would be good, the fact is that protecting the private key is the most important part (for example by keeping it on a smartcard with NFD) - hence why the need for a secure device
"but I want to install alternative Android etc etc" yes that's fine - but you know this is a non-secure-(enough) env.
I feel like this is getting to the point of gaslighting. Many of the allowed devices are bargain bin Android phones running out of date software with known vulnerabilities in both the operating system and the hardware which is supposed to be protecting the keys.
Meanwhile you could be using a hardware security module in a bank vault in a nuclear bunker surrounded by armed guards and the excuse would be that this "isn't secure" because it hasn't been approved by Google or Apple.
Governments shouldn't be requiring you to use any specific vendor or set of vendors. They should be publishing standards so that anyone who implements the standard can interact with the system.
If you don’t have an iPhone or an android, you can get a physical one time password device.
See also this issue from 2025 where the developers responded: https://gitlab.opencode.de/bmi/eudi-wallet/wallet-developmen...
AFAICT, there is no mention of an Apple or Google account being required in general - the documentation just lists "signals" that are used to securely authenticate a person - such as Google's/Apple's security ecosystems. I am not sure what this means in practice. Can anybody with deeper understanding explain the actual implications and possible outcomes?
(Note: BMI is the German Federal Ministry for the Interior)
Explanation: https://mastodon.social/@pojntfx/116345725515845020
There is in practice no known way around it for now, and even less so one for regular people, to use this on a device without a Google account
They might have some great software _somewhere_ but I have yet to see it.
You're linking to a bugtracker. I doubt they're inviting people to spam it with duplicate entries — valid as I think the concern is. But maybe it says somewhere that you can leave feedback here and I just haven't seen it?
From their README:
> We are interested to receive feedback on all aspects described in the document. To provide feedback, please file an Issue on OpenCoDE.
https://gitlab.opencode.de/bmi/eudi-wallet/wallet-developmen...
It is so clear how lobbyists operate here. I'd call it undermining national sovereignty.
Play Integrity could the worst offender here, as it can be leveraged to force a user to have installed the app through the Play Store. Indirectly, requiring a Google account.
App attestation does not require an Apple account nor a google account. For Android, it does limit the ROMs to Google certified ones and requires GMS to be installed if Play Integrity is used. An alternative option, would be to use the Hardware Attestation API directly, GrapheneOS would be thanking you.
I've spent a good amount of time implementing exactly this type of system for a backup service.
his document specifies a way to cryptographically attest the integrity of a HTTP request hitting a server.
The attestation proves the request came from a device and attest the legitimacy of the bootloader, OS and app.
Google and Apple are in a privileged position to be able to bypass the app attestation though, so depending on the threat model, it's not bulletproof.
edit: Play Integrity could the worst offender here, as it can be leveraged to force a user to have installed the app through the Play Store. Indirectly, requiring a Google account.
The problem with modified phones containing malware is very real and unless you want a full on Apple "you're not allowed to touch the OS" model you need some kind of audited OS verification that you as a user or a security sensitive software can depend on.
To me, there is no difference between your sentences. You require the blessing of an American company to be able use eIDAS. Google has the power to disable eIDAS at a national scale by making the attestation services treat all devices as not certified.
There should be NO reliance whatsoever on a private company not under the control (direct or indirect) of the government let alone a foreign private company.
Edit: I just noticed your username and the fact that your account is very new. Are you astroturfing?
App attestation can fail on simulators, Graphene OS, dev builds, I've seen it all. There is one check you can do to see if an app was side loaded, so indirectly, can require Google account.
Title is still misleading though, as it explicitly mentions accounts.
Google details new 24-hour process to sideload unverified Android apps (1196 points, 16 days ago, 1262 comments) https://news.ycombinator.com/item?id=47442690
But in pure technical & UX terms, you don't need to be logged in.
"But in pure technical & UX terms, you don't need to be logged in." this is orthogonal to my point.
I said the title is misleading, which it is.
Your argument that app attestation should be avoided because big tech company can withhold it is garbage. It holds no water. They can cut off access to the app in general by removing it from the app stores and the devices that have it installed.
American big tech has Europe in a stranglehold, I agree with your sentiment there.
eIDAS can be used with the ID reader on Linux even, there's no lock out. They want to offer a convenient alternative for the normies, in a secure manner, I don't mind.
Edit: my 70 y/o mother even eIDAS authenticates (not germany, other EU country) on Linux Mint. There's no argument for lockout in my anecdotal perspective.
As an example, an EU citizen working in Sweden should be able to submit Swedish tax forms whilst living here by using a digital identity from the originating nation.
There are also some standards in place like ETSI standardized extensions to PDF signatures so that you can verify that a signature inside the PDF was actually signed by a specific physical person (the standard is there but it's not fully used throughout the EU yet due to some legacies).
Implementation is a bit of a mess still but things are converging.
Slovenia hands out certificates for online government services, including document signing, and it seems to be going fine, with the added benefit that Google can't take away my access.
The big question is how to let users properly handle their certificates so they won't get abused into being useless.
If I understood it correctly, the German current Ausweissapp seems to require NFC to read it from your personal id card together with a PIN code you got with the card, it's not entirely user-friendly since aligning the card with your phone seems to be prickly.
Swedish BankID handles it internally in their app (unlocked via PIN's) but they don't have a good way to use it to sign things (It all relies on the infrastructure even if they give out signature documents it's not compatible with pADES).
There's a new govt sponsored one that I assume will piggyback on the personal cards/passes that are readable via NFC.
Norway and Denmark iirc supports proper signatures but I don't think the certificates are under user control (someone correct me if I'm wrong here).
Now these things are mostly issues for document signatures, authentication is often handled via other flows.
What I skimmed from the article, it seems to be more in line with Swedish BankID and is actually fairly smooth for end users even if less secure than what they have now with Ausweissapp.
Eidas tries to harmonize these implementations across EU member states.
Several paid providers for X.509 certificates exist but document signing certificates cost around 80 € per year [0]. And if I want duplicate X.509 certificates for my redundant Yubikeys then the cost doubles.
Other providers require an initial deposit and then charge per signature [1], which leads to intransparent pricing. In the interest of open commerce, I strongly believe that securely signing an electronic document should cost the same as my manual signature, i.e. nothing.
A partial solution already exists because I can use my electronic ID card with the AusweisApp to prove my identity when interacting with German authorities. This feature is generally useful because I live outside of the EU, but I especially appreciate that I can have my OpenPGP key signed by Governikus (a government provider) to prove the key belongs to my name [2].
Technically, I should be able to use my certified PGP key to sign documents, but in practice most non techies don't know how to validate my signature. For the average user opening my signed PDF in Adobe Reader, I would need an X.509 certificate from a trusted Certificate Authority for users to see the green check mark.
[0] https://shop.certum.eu/documentsigning-certifcates.html
[1] https://www.entrust.com/products/electronic-digital-signing
[2] https://pgp.governikus.de/wizard/requirements
I assume this should be "intra-EU"? I'm not very familiar with eidas so I'm not sure, but afaik it's about signatures within the EU, not between different EUs (as there is only one in this world). (I hate this inter/intra wording, always have to translate it in my head to understand whether it's like internet (between networks) or like intranet (within a network). Would recommend using "within-" instead of intra whenever it's not already a well-established word, like intranet)
- someone sends you a docusign link
- you sign up with your email
- you sign with your name in a cutesy font
Theres a dispute? Well it was going to end up in court no matter how you signed it anyway. This has all the hallmarks of a design by committee project by people whose salary is paid regardless of demonstrating market fit, productivity, usage, plain sensibleness...
Can I also send the Docusign document via Signal without Docusign knowing the person who signs it?
Because that is what the eIDAS is supposed to deliver on top of cryptographic validation of signatures.
The fact that it's ALWAYS a docusign is the ridiculous part. It is just a glorified where you enter your name and email. No need to pretend otherwise. Any other service would be just as good. This is basic human sheep-like behavior?
electronic IDentification, Authentication and trust Services
> unknown system image (e.g. custom ROM)
Oh no, what a horrible crime, somebody dared to modify operating system on their own device..