upvote

points

by ulrikrasmussen13 hours ago |
comments
upvoteby guerrilla13 hours ago|
next
[-]
> This is symbolism

I don't think so. It's more complicated than that. The state is not a monolith. Different heads are doing different things and it's a enormous bureaucracy. The divisions pumping out Android will eventually catch up to what's going on and the vulnerability they're exposing themselves to. These things take time. It doesn't all happen at once. People (who are not very technical, barely knowing what a computer is) need to understand what's going on and that can take a while. Let's just hope they figure it out before it matters.

reply
upvoteby Aeglaecia13 hours ago|
parent|
[-]
denmark spearheads the EU push for chat control , this is a bit of an impediment to the good will argument
reply
upvoteby guerrilla13 hours ago|
parent|
[-]
There is no "good will" argument being made here. The state doesn't care about good, it cares about it's own survival. Being independent from foreign interference in the software they use and having deep insight into what residents within the territory of that state are talking about are critical to that mission. It has nothing to do with morals. It is a machine.
reply
upvoteby steinvakt211 hours ago|
parent|
[-]
EU chat control is also better than American government spying on American tech companies (which is effectively a kind of EU Chat Control, except its USA who gets to spy). Both are bad, but one is less bad.
reply
upvoteby tick_tock_tick6 hours ago|
parent|
next
[-]
For the average citizen absolutely not there is no free speech in the EU any form of EU chat control will result in constant arrests for what should be perfectly legal speech.
reply
upvoteby wolvoleo11 hours ago|
parent|
prev|
[-]
True, at least the EU does it above board. No secret court backroom shenanigans.

I'm still super opposed to chatcontrol but at least it's in the open for us to fight.

reply
upvoteby guerrilla11 hours ago|
parent|
[-]
Yeah, I agree with you both. Lesser evils do exist. At least there's some pretense of democracy and not just spy on everyone without limit without telling anyone. If it wasn't for Snowden, it'd still just be us "conspiracy theorists". (Anyone remember the 90s?)
reply
upvoteby berkes12 hours ago|
prev|
next
[-]
> This is symbolism

It is probably unintentional. I work and worked in such projects (in The Netherlands), and the process is -rightfully- chaotic.

Governments typically don't have a central single team that builds all their android apps. They usually write a tender with loads of requirements and app-agencies will then build it. Or freelancers. Or volunteer teams. Or all of that. So there's no central team governed by one minister who can dictate what should happen today. There's hundreds of companies, teams, freelancers, interims, running around trying to make deadlines

Between writing a spec and the delivered app, there's chasms: could be a year between the specs are written and the first app pushed onto a phone. In a (trump)year a lot can change. But also between how specs are requirements or wishes in real life. "No user data may ever reach a google server" (actual specs are far vaguer and broader) may sound good, but will conflict directly with "user must receive push notifications of Foo and Bar". Or "passport NFC data must be attested for login", requiring a non-rooted, android, signed-by-google hardware attestation thingymajick.

So no, this is not malice. Nor incompetence. This is a sad reality, where we've allowed the monopoly to dictate what we, and users, expect, and to have that monopoly be the only option to provide those expectations.

reply
upvoteby teekert12 hours ago|
parent|
[-]
As someone in the Netherlands, and also with a company in this space, could you point me to some relevant resources (like ongoing projects)? I'd love to help our country get more sovereign (in small steps).

Btw, NRC has a nice podcast series on the topic. One thing hampering the sovereignty effort is the enormous amounts of Azure/AWS/GCP certified people. Their career is build on these platforms.

reply
upvoteby berkes12 hours ago|
parent|
next
[-]
I'm not familiar with all current ongoing projects. Because of the situation mentioned above.

Currently I'm involved in projects surrounding https://developer.overheid.nl/kennisbank/security/standaarde... . Have a look there. It's not FLOSS in the way that you can just provide PRs of things you'd like different, but FLOSS in the way that you can get in touch and with enough expertise, have people listen to you.

reply
upvoteby electrosphere9 hours ago|
parent|
prev|
[-]
Upvote for wanting to help with digital soverign effort (UK national here).
reply
upvoteby isodev13 hours ago|
prev|
next
[-]
I think it has more to do with ignorance. Device attestation is not trivial to adopt while both Apple and Google promise you a very simple abstraction. So it takes being informed and having leverage in the process to be able to make a difference.

For me the blame is squarely on the technical “experts” who are behind the architecture and implementation of such apps.

reply
upvoteby azalemeth13 hours ago|
parent|
next
[-]
Device attestation is precisely the thing I do not want my government to ever adopt. I have a Danish CPR number. They've given me a FIDO secure token generator as my phone is degoogled for MitID. Most Danes don't know what those words mean, and if they did, wouldn't understand why I distrust (all) governments (and indeed things! Three default scientific position is scepticism, albeit with varying degrees of priors)
reply
upvoteby ulrikrasmussen12 hours ago|
parent|
prev|
[-]
The thing is, device attestation is fundamentally incompatible with digital freedom so governments should never adopt it to begin with. We lived without digital solutions that depended on device attestation and we will continue to do so.
reply
upvoteby simonh12 hours ago|
prev|
[-]
Because if they were serious about it, they'd have replatformed completely in 5 minutes.
reply