If only currently popular platforms are to be supported, how could a new platform join them in the future if the use of existing ones is mandated by governments?
The viable solution for that is to provide a trusted hardware implementation that can be used with any computing platform that has a documented interface. It can't be a software-only implementation, basically.
Countries have centuries of experience providing attestation services through notaries. Germany is even infamous for requiring them for things that would sound ridiculous even in Brazil (both movie and country)
I can’t see why governments couldn’t incorporate this existing infrastructure into the digital world. Make them sell hardware ID wallets, enforce the real identity owner to be present to invalidate a previous ID or whatever, and add legal restrictions for the government not be able to alter these registries
You can give your physical cards to other people or give them access to your computers, too.
> Germany is a strict liability country, and you will be fined or imprisoned for anything that is done with your identity card that was cloned because your PC was infected by malware if you don't report it stolen.
I don't see an issue with this.
If we are given the option to choose from doing everything in person in a government office or via a computer of our choosing, it would be up to each of us to decide the tradeoff between security and convenience, price, privacy, ethics and other factors.
I can use an old laptop I keep in a drawer only for things related to IDs, banking and taxes.
I can use my main desktop and choose to rely on the security provided by virtualization, not installing random crap and having a hardened system. I can choose to keep my desktop inside my building that has multiple security measures - a doorman, an alarm system, multiple cameras inside and outside and a kill switch for shutting off power if someone enters using brute force. That desktop may be booted up, but it will have a long random password on the lockscreen with timeouts for wrong guesses. Unless you're an extremely good social engineer and don't care about being recorded, or if you're a master ninja who can crawl the ceiling and somehow get in without being noticed, good luck. Even then, you'd have to manage not triggering any alarms or kill switches. You'd then have to use a cold boot attack to extract my LUKS keys.
I can also choose to use a XingDong smartphone with a Google account where I have TikTok, Meta apps, LinkedIn, Tinder, Grindr, 100s of random games and a whole lot of other shady weather apps, news apps and so on. I can choose to bring that smartphone with me everywhere I go and leave it on the table in a restaurant when I go to take a shit with a common pattern lock (I've unlocked 4 or 5 locked smartphones by just searching for "most common patterns lockscreen android") or with irrevocable easily-spoofed biometrics.
In both cases (and in the infinite other cases) it's my responsibility. If I'm unsure of my security posture, I can buy a security dongle or rely on Google's attestation mechanisms for Android or decide that I don't understand enough - in which case I'd have to drive an hour to my government office once in a while to file my taxes or to the bank once in a while to move around some money.
In the ideal scenario, nothing would prevent the uneducated people from using their smartphone. They might even get prompted by the government or banks - "You're using/downloading this app on a smartphone. Would you like to use whatever attestation is available to be more secure?".
Citizens are not brain dead morons. They're not cats or dogs. They're not mentally retarded (those who are can receive assistance). They're not 13. We have education. We've had computers for decades. Computer security is not a novel idea. If a citizen wants the convenience of online banking or online tax filing or of any other online participation with the government, they should be able to do so on a computer of their choice. If they install Windows XP and random spyware, it should be on them if and when they get hacked. It's a choice they made. Even the proverbial grandma should be aware of computer security by now. It's not 1990.
To say Android or iOS can't get viruses is plain wrong. They do and will continue to do so. Even if you restrict the smartphones to the latest models with the latest OSes, you'll still get viruses.
About 2FA/MFA - I can setup TOTP on another VM or physical computer. It's prone to phishing, but I am an educated adult who can accept the risk of being phished. Put me in jail if I get phished. I most likely won't. I'm the one who knocks. It's more likely someone will come to you with a gun and make you wire them money from your own smartphone.
I don't need a smartphone. I have enough desktops and laptops much more powerful than any smartphone on the market. If I have a smartphone, it won't be with a Google or Apple account. It might not even be with iOS or Android. There are many options and they will hopefully grow in the future.
I'm getting tired from editing this comment, but finally - I have a few friends who are completely illiterate wrt computers. They somehow manage to install Temu and other crap. They don't know what an "app" is, what a "browser" is, what an "OS" is and so on. They've been scammed a few times. They know they don't know anything, though. Or even if they haven't considered it before, if they do, they'd admit they don't know anything. They are not mentally retarded otherwise. An analogy would be that I'm offered to go to the moon for free so I can file my taxes there if I can pilot the rocket. I am 100% illiterate about rockets. I haven't even flown a drone. I don't know the first thing about yaw and pitch and whatnot. I am not retarded otherwise so I'll say "I don't know enough about flying rockets so I won't risk going to the moon on my own. Can I achieve the same things by coming to your office or by riding in a rocket piloted by someone else?".
The technical solution is a hardware root of trust. This is typically a specially hardened chip in the device. A Trusted Platform Module (TPM).
Your Apple ][ does not have a TPM. It cannot run software that can assess it's identity in a trusted manner.