Great, I can pay with a digital Euro, Wero or something else, without routing my payments via VISA. I just can't do it without an account with Apple or Google. I'm absolutely baffled by politicians, regulators, banks, merchants and implementors lack of ability to think more than one or two steps out.
Sure, the EU is forcing 3rd. party app store, but no one is using them, so no one is pushing apps to them, especially not governments, banks or payment services, they'll be the last to use them.
Wero however is currently only planned as an android/ios app period. There are rumors that a card will come but that's only rumors for now.
In your list of groups to be baffled about I would add journalists. You see many articles about Wero mentioning digital sovereignty, but have you seen any that criticize the required banking apps only being available in google's and apple's app stores?
The regulations sometimes feel like additional burden of the user, but not for the manufacturers (aside for the attestation logic); consider:
> (MEETS_STRONG_INTEGRITY requires a security patch in the last 12 months)
Think about how this essentially codifies planned obsolescence due to not forcing the manufacturers to maintain the devices for life.
Yes and if you look back this is not new. Just look at the extraordinary restrictions that apply to:
- What houses you can build,
- What vehicle you can drive,
- What food you can grow and sell.
The result is real estate has become unaffordable for younger people, our car industry is being annihilated, and the agriculture sector hold by a string.
The digital realm enjoyed an unusual level freedom until now because the silent and boomer generations in charge in the EU understood nothing about it.
Now that the EU is getting involved in "computers" we are starting to understand why peasants have been protesting in Brussels and calling those people insane for decades.
Austria's courts also ruled ages ago that rooting your own device cannot be a legal reason for OEMs like Samsung to refuse warranty coverage, since you can run whatever software you want on hardware you bought.
Maybe your country sucks? Don't blame it on the EU.
And here we can simply examine the tax structure and conclude that the problem isn't whether the country sucks, but whether the side you're on sucks.
After all, how can housing be affordable for ordinary workers if they have to subsidize from their own pocket free university, cheap housing, electric cars, high wages, and everything else for the privileged class?
> Maybe your country sucks?
And maybe your country sucks too. It is just North Korea is also the best country to live in (if you're Kim Jong Un).
While enjoying a high paying job in probably a still very unregulated domain (computers/internet related).
This is not about one country vs another.
The problem is you cannot have a society with everybody winning on both fronts unfortunately. You also need people making, cleaning stuff, growing food, cooking, etc. Not everybody can live in the capital with "very cheap all electric state-subsidized rental car" and Vienna is probably not food self sufficient...
No, but Austria is. And our farmers enjoy much support through subsidies - from the EU and our own budget - and social protections, often having better and cheaper health care than most other Austrians, since they are insured under their very own social insurance law (BSVG), contrary to other employees (ASVG) and self-employed (GSVG).
Farmers also enjoy very high levels of respect and appreciation here, even in Vienna.
> While enjoying a high paying job in probably a still very unregulated domain (computers/internet related).
Calling Information Technology an 'unregulated domain' in the EU when we're all busy implementing NIS2 regulation and preparing for the Cyber Resilience Act entering into force soon seems disingenuous.
Yes, thanks. This was my original point "the agriculture sector hold by a string". It is by design unsustainable and if you cut those "high levels of subsidies" it collapses.
> Calling Information Technology an 'unregulated domain' in the EU when we're all busy implementing NIS2 regulation and preparing for the Cyber Resilience Act entering into force soon seems disingenuous.
Yes this is why I said "still"
This is no different to subsidizing public transport, because having this infrastructure local and autonomous is just strategically important enough for the tax payer to finance it. Would you say that public transport in EU capitals is "holding on by a string"?
That's just not possible, or should the system be legally required to run on an Apple II?
If only currently popular platforms are to be supported, how could a new platform join them in the future if the use of existing ones is mandated by governments?
The viable solution for that is to provide a trusted hardware implementation that can be used with any computing platform that has a documented interface. It can't be a software-only implementation, basically.
Countries have centuries of experience providing attestation services through notaries. Germany is even infamous for requiring them for things that would sound ridiculous even in Brazil (both movie and country)
I can’t see why governments couldn’t incorporate this existing infrastructure into the digital world. Make them sell hardware ID wallets, enforce the real identity owner to be present to invalidate a previous ID or whatever, and add legal restrictions for the government not be able to alter these registries
You can give your physical cards to other people or give them access to your computers, too.
> Germany is a strict liability country, and you will be fined or imprisoned for anything that is done with your identity card that was cloned because your PC was infected by malware if you don't report it stolen.
I don't see an issue with this.
If we are given the option to choose from doing everything in person in a government office or via a computer of our choosing, it would be up to each of us to decide the tradeoff between security and convenience, price, privacy, ethics and other factors.
I can use an old laptop I keep in a drawer only for things related to IDs, banking and taxes.
I can use my main desktop and choose to rely on the security provided by virtualization, not installing random crap and having a hardened system. I can choose to keep my desktop inside my building that has multiple security measures - a doorman, an alarm system, multiple cameras inside and outside and a kill switch for shutting off power if someone enters using brute force. That desktop may be booted up, but it will have a long random password on the lockscreen with timeouts for wrong guesses. Unless you're an extremely good social engineer and don't care about being recorded, or if you're a master ninja who can crawl the ceiling and somehow get in without being noticed, good luck. Even then, you'd have to manage not triggering any alarms or kill switches. You'd then have to use a cold boot attack to extract my LUKS keys.
I can also choose to use a XingDong smartphone with a Google account where I have TikTok, Meta apps, LinkedIn, Tinder, Grindr, 100s of random games and a whole lot of other shady weather apps, news apps and so on. I can choose to bring that smartphone with me everywhere I go and leave it on the table in a restaurant when I go to take a shit with a common pattern lock (I've unlocked 4 or 5 locked smartphones by just searching for "most common patterns lockscreen android") or with irrevocable easily-spoofed biometrics.
In both cases (and in the infinite other cases) it's my responsibility. If I'm unsure of my security posture, I can buy a security dongle or rely on Google's attestation mechanisms for Android or decide that I don't understand enough - in which case I'd have to drive an hour to my government office once in a while to file my taxes or to the bank once in a while to move around some money.
In the ideal scenario, nothing would prevent the uneducated people from using their smartphone. They might even get prompted by the government or banks - "You're using/downloading this app on a smartphone. Would you like to use whatever attestation is available to be more secure?".
Citizens are not brain dead morons. They're not cats or dogs. They're not mentally retarded (those who are can receive assistance). They're not 13. We have education. We've had computers for decades. Computer security is not a novel idea. If a citizen wants the convenience of online banking or online tax filing or of any other online participation with the government, they should be able to do so on a computer of their choice. If they install Windows XP and random spyware, it should be on them if and when they get hacked. It's a choice they made. Even the proverbial grandma should be aware of computer security by now. It's not 1990.
To say Android or iOS can't get viruses is plain wrong. They do and will continue to do so. Even if you restrict the smartphones to the latest models with the latest OSes, you'll still get viruses.
About 2FA/MFA - I can setup TOTP on another VM or physical computer. It's prone to phishing, but I am an educated adult who can accept the risk of being phished. Put me in jail if I get phished. I most likely won't. I'm the one who knocks. It's more likely someone will come to you with a gun and make you wire them money from your own smartphone.
I don't need a smartphone. I have enough desktops and laptops much more powerful than any smartphone on the market. If I have a smartphone, it won't be with a Google or Apple account. It might not even be with iOS or Android. There are many options and they will hopefully grow in the future.
I'm getting tired from editing this comment, but finally - I have a few friends who are completely illiterate wrt computers. They somehow manage to install Temu and other crap. They don't know what an "app" is, what a "browser" is, what an "OS" is and so on. They've been scammed a few times. They know they don't know anything, though. Or even if they haven't considered it before, if they do, they'd admit they don't know anything. They are not mentally retarded otherwise. An analogy would be that I'm offered to go to the moon for free so I can file my taxes there if I can pilot the rocket. I am 100% illiterate about rockets. I haven't even flown a drone. I don't know the first thing about yaw and pitch and whatnot. I am not retarded otherwise so I'll say "I don't know enough about flying rockets so I won't risk going to the moon on my own. Can I achieve the same things by coming to your office or by riding in a rocket piloted by someone else?".
The technical solution is a hardware root of trust. This is typically a specially hardened chip in the device. A Trusted Platform Module (TPM).
Your Apple ][ does not have a TPM. It cannot run software that can assess it's identity in a trusted manner.