Why was this decision ever made?
because it wasn't made
the decision which was made was having a digital ID wallet, that this needs hardware attestation (or something comparable) is somewhat of a direct consequence of existing laws/regulations regarding making IDs forgery safe
it also is a phone only application
the huge huge majority of phones runs Googled Android/iOS, so you support them
if there where a relevant 3rd party competition it would (most likely) supported it, too
going back to the "the president .. shut down .." argument: The US can shut down >90% of all smart phones used in the EU. I don't think the US being able to shut down something which in the end is fundamentally just a minor convenience feature is making much of a difference here.
But I also think that whole identity wallet (the regulations behind it) is approaching things from the wrong direction, carrying a credit card sized ID with you isn't really a problem or very inconvenient. So instead of having the whole attestation nonsense it would be more practical to simply not have attestation and in turn allow the digital ID only for usage where the damage it can cause is quite limited. Especially given that device attestation systems have a long history of being circumvented...
As a side note this whole app is distinct from the "use you ID with through your phone/NFC with applications" thing many EU countries have, through that solutions also tend to have attestation issues in most cases. But again most relevant use-case of it can be done just fine, without the security level attestation tries to provide, if approached pragmatically.
With the exception of the current US administration, hostile countries and corporations try to appear non-hostile when possible.
The President, within this context, identifies a single entity. As such, it is a proper noun.
Analogy: there are many continents. But if we're discussing Brexit, the Continent is a proper noun. I don't think it's incorrect to not capitalise. But it's certainly gramatically okay, and not in the same bucket as The Nutters who capitalise Random words it Looks like Legalese.
Yeah, no. You're just making things up to suit your position like the president does.
...this isn't a counterargument. I can similarly assert you're justing making stuff up, which isn't untrue, either way, since we're talking about language, a wholly made-up enterprise.
What's your contention that the President, within the context of the American presidency, does not refer to a single entity? Is this a preference? Or something you actually believe is incorrect?
I have an internal convention to not capitalise LLMs when talking about them as if they were people; so claude is not capitalised, and the internal LLM-based service agent we're building, rex, is not capitalised.
I realise this breaks the capitalisation of proper nouns; claude is a name and therefore a proper noun and therefore should be capitalised. But I like that there's a signal in here that the thing I'm talking about is not a person and so we don't capitalise the name (I realise that cities or companies or other things that we capitalise are also not people).
Digression, but then so was the entire discussion on capitalisation.
Countries, companies, religions; hell, planets and galaxies–none of these are sapient. Yet we capitalise them.
I'll go out into the deep end for a second with a hypothesis: I think we capitalise because it makes printed text easier to scan. The words you need to spend more time on are capitalised because they aren't ones you can just roll through. This is also why the nutter affect of capitalising random words is so distracting–it drives attention to non-standard words that are, with minimum thought, being used perfectly standardly.
My additional hypothesis is that capitalisation accords respect, something along the lines of "this is a thing apart, something with a name, so we capitalise it". Not capitalising an actual human's name would seem disrespectful to me.
I still like ‘em!
Your bio contains comma splice, by the way.
How do you figure? Isn't just having the digital ID be signed by a key belonging to the issuer good enough for that?
But that's not what a forgery is.
so not really useful for 3rd party ROMs
Big ships turn slowly, but I give it at most two more years until at least one pan-European retail payment scheme (cards, QR, or maybe the "digital Euro") has been regulated into existence.
[1] https://www.theguardian.com/law/2026/feb/18/international-cr...
I never really thought about it until I saw this comment:
Swish in Sweden, MobilePay in Denmark/Finland, iDEAL in the Netherlands, etc. Of course you can't sign up to a specific country payment system if you're not a resident there. And systems from different countries don't work with each other.
Luckily, there's now an initiative called EPI [1], which is an alliance that wants to make all these apps interoperable and call them "Wero" [2].
There are two problem with this system though:
- Wero insists on making you use your own bank app to send/receive payments. That's a terrible choice, because most bank apps are huge behemoths that are slow and heavy. People don't want to use them: PayPal is so much quicker and easier. They should develop a new, lightweight app that only does payments.
- The Italian member of EPI is "BancomatPay", which nobody uses. Sure, Bancomat is a huge company in the debit cards world, but no sane person uses BancomatPay in their daily life (also, BancomatPay forces you to use your bank app). In Italy, Satispay is way bigger and widely accepted, especially in the North (i.e. richest) part of the country. I'm surprised Satispay didn't get into EPI.
Most banks in Belgium (e.g. Bancontact, Wero, Pom) or Sweden (Swish, was renting ice skates with it just this winter) have their own system but typically only nationals use that. It's still enough for shops to get instant payments without those US cards issuers.
TL;DR: yes and it's wrong, but also IBAN works.
Condescendingly and incorrectly assuming that others think that corruption is impossible is kinda rude and also dodges attempts at correcting the corruption.
Google et al go to the government and say they've got this attestation thing that can something something security. No one is taking a bribe but also no one they're hearing from is telling them that doing this is going to cement the incumbents. "Security" is good, right? So it makes it into the law.
That doesn't meet most formal definitions of corruption. It's more like incompetence than malice. But the outcome is indistinguishable from corruption. The bad thing gets into the law.
The difference is, if the politicians are taking bribes and you get mad at them, they fob you off because they're more interested in lining their pockets. But if the politicians are just misinformed bureaucrats and you get mad at them, they might actually fix it.
And attributing everything to "corruption" discourages people from doing the latter even in cases where it would be effective.
It's not a given that it's incompetence.
I don't think that's even true, unless you're using "trust" as a synonym for centralization.
Suppose you had actual competing app stores. Google doesn't control which ones you use; you can use Google Play or F-Droid or Amazon or all three at once and anyone can make a new one. You could get Android apps through Apple's store and vice versa. And then you choose who you trust; maybe you only trust F-Droid and Apple and you think Google and Amazon stink. Maybe you install 90% of your apps through F-Droid but are willing to install your bank app on GrapheneOS from Google Play because you trust your bank and you also trust Google enough to at least verify that the bank app is actually from your bank.
This is the thing that doesn't help the incumbents, right? The bank and the customer both trust Google to distribute the bank app but Google isn't allowed to prevent the user from trusting F-Droid for other apps as a condition for getting the bank app from Google Play. You can have trust without centralization.
Consider how Linux distributions work. Every distribution is distributing variants on the same kernel and utilities, but there are hundreds of distributions and dozens of popular ones each with their own repositories. You can choose whichever you like, and make a different choice than someone else.
Coming in at #31 on DistroWatch is a lightweight distribution called Alpine Linux. It's popular on things like firewalls and VoIP servers but is rarely recommended to ordinary users because that isn't its niche. It doesn't matter that most people haven't heard of it because the people relevant to it have. It's fine for things to have a niche, and the people in that niche are the only ones who need to be familiar with it.
Meanwhile around half of Linux users use Debian derivatives. Debian and Ubuntu are very similar, but their repositories are maintained by different organizations, so even when choosing between two things that are nearly the same, you have different options.
And the distribution is not the only place to get software. Maybe you like a stable distribution in general but you want the bleeding edge drivers for your GPU. You can add the repository for the hardware vendor and still get everything else from the distribution. The vendor doesn't even need to maintain their own full distribution to have enough of a reputation for people to make an informed choice about where they want to get their drivers.
> Building broad trust requires scale on some dimension.
The flaw is in assuming that broad trust is a requirement. Narrow trust is good.
Broad trust is required in lots of situations. Hardware attestation, financial clearing networks, or even physical supply chains. Ie, you have multiple independent parties who need mutual, verifiable trust to operate. Establishing that requires transaction costs like audits, SLAs, legal liability, and cryptographic integration. The economics don't work for 30 different players to cross-verify each other. So, we have oligopolies...
Regardless of which distribution you use, the distribution itself controls code that runs as root on your machine, and the users are by and large not reading all of the code themselves. It works entirely by reputation. If you ship trash, most people aren't looking, but if even one person is, they point it out to everyone else and then no one trusts you anymore. This works perfectly fine with 30+ distributors.
> Hardware attestation, financial clearing networks, or even physical supply chains. Ie, you have multiple independent parties who need mutual, verifiable trust to operate.
There are large numbers of financial clearing networks. The reason Visa and Mastercard are an effective duopoly for credit cards isn't the trust issue, it's the network effect. A lot of people have a Visa, so merchants want to accept Visa, and then customers want the card which is accepted at many merchants. It's essentially regulatory capture that they're allowed to get away with this, i.e. that the networks are allowed to force you to use their card in order to use their protocol. The way this should work is closer to how checks work, i.e. Alice tells her bank that she wants to transfer money to Bob, Bob's bank routing number is on the check and the banks just talk to each other using a standard protocol to work out how much money to transfer from one bank to the other on net, with no for-profit middle man taking a cut.
Supply chains are a pretty weird example to pick because they're actually a huge counter-example. When Walmart wants to stock some USB cables or camping stoves they're going to vet the supplier so they don't get sued for selling a fire hazard but there are still dozens or hundreds of suppliers, because they have to vet the ones they use, but they don't have to be the same ones Amazon or Target or Costco uses and frequently aren't.
Hardware attestation is a dumpster fire. It keeps getting pushed because it's excellent at monopolizing a market but anyone actually trying to rely on it has had nothing but a series of swift kicks between the legs. People should stop even attempting it. It should simply be banned.
> Establishing that requires transaction costs like audits, SLAs, legal liability, and cryptographic integration.
Most of that stuff scales really well to large numbers of entities. The entire point of things like SLAs and legal liability is that they operate by preventing you from needing to enforce them. No company wants to get sued so they meet the SLA and satisfy the contract in order to minimize their legal costs, which is what allows you to contract with smaller companies as long as they're not so small you're concerned they'll go out of business, and the threshold for that is far smaller than any of these oligopolists.
> The economics don't work for 30 different players to cross-verify each other.
Which is why it's not supposed to be fully meshed. You don't need everyone to verify everyone, you only need the pairings that actually exist. If there are 1000 companies that make shoes and Walmart contracts with 10 of them then they need to verify 10 rather than 1000. Meanwhile the 1000 shoe companies each only have to contract with a dozen retailers, they're just not the same dozen retailers for every manufacturer.
The money that goes into lobbying in order to have that say is, depending on who you ask, corruption. I, as a random citizen, don't get the same say that a multi billion dollar international corporation does.
It's also kind of weird to propose it as an asymmetry. Google's parent company spends around $4M on lobbying in the US:
https://www.opensecrets.org/federal-lobbying/clients/summary...
That's around $0.01 per capita. Your per capita contribution for individuals to out-spend Google on lobbying is two cents.
Anytime anyone criticises the EU here, you will get downvoted even after trying to warn the EU defenders that they are not our friends at all.
I was asking for evidence about the EU digital ID wallets about what the "disinformation" was around it 3 years ago [0] and not a single link of it was given.
At this point, being an EU defender and supporting the "open web" are incompatible since you will be using your EU digital identity wallet [1] with your phone to login to your bank and the internet will push age verification with it, locking you out if you don't sign up.
That thing that got refused multiple times already?
Because not all politicians think like you does not mean they are corrupt. Seems like enough politicians have voted against ChatControl until now.
I always wonder what people who say stuff like "politicians discussed this topic I hate and refused it, but the mere fact that they discussed means that they must all be corrupt" understand about politics. You know that it is about people with different opinions (representing people with different opinions) discussing stuff, right?
Source:
https://www.patrick-breyer.de/wp-content/uploads/2026/05/861...
Do you have a list of other things that shouldn't be brought in front of the elected parliament?
Corruption would be if it passed despite it being unpopular, because some corporate or rich peoples interests desired it.
The EU parliament shot down ChatControl.
In fact, without the EU, most likely many member states would have ChatControl in some shape. National governments are the ones all in on this crap.
But even bigger problem is that institutions designed to prevent this from happening are not doing their job.
Thousands security service and civil servants take their wages and look the other way.
Suggesting politicians are corrupt without any evidence will make that worse. If people think their politicians are corrupt they will further disengage with the political process, which will ensure there's even less pressure on politicians to take action on niche issues like this.
The EU Commission also gave a foreign tech company called Thorn (they pretend to be a charity), special access to government officials: https://netzpolitik.org/2022/dude-wheres-my-privacy-how-a-ho...
I think both of those cases would be examples of lobbying and corruption.
It's little coincidence that national governments want Chat Control (laundering that through EU), and the EU parliament is the entity that shots it down (coincidentally the entity that is most beholden to the public).
It would be nice to learn which comissioners are lobbying for it.
$600K+ went to kickbacks, er… “lobbying”, and thorn was hit with some pretty nasty scandals involving sex crimes.
If you look at that person's responses to others in this thread, that is exactly what they are doing. I do hope they have proper health and safety training for moving the goalposts so much.
What I'm saying is that if there's no evidence of corruption, then simply assuming corruption will harm your cause because it will make it seem like political activism is futile in the face of supposedly hidden corruption.
I think it is far more likely that it is a lack of knowledge and incompetence. I am pretty sure that the majority of Parliament members, Council members and maybe even Commission members do not even know that there are viable alternatives outside Google (certified) Android and iOS. So they try to regulate their app stores, etc. instead.
I hope that with digital sovereignty becoming more important, there will be more interer in alternative mobile operating systems.
"Securely signed/verified devices for accessing your bank" or "increased surveillance and tracking of criminals" sound like splendid ideas and direct solutions to immediate problems. Now, how to actually implement them and how it will affect society in the long run might seem less important when you've got increasing crime rates, a slowing economy, displeased voters or whatever looming. In short, some dilemmas have very clear answers when you (willingly or through unawareness) only concern yourself with a subset of the effects of a decision, and this goes both for politicians and special interest groups. That being said, I'm very pro-privacy and it's the job of policymakers to know the details of what they're deciding on. Reality is however usually very complex and nuanced with several things being true because they all contribute a part to what's going on.
e: what am I doing, speaking like I actually know how things work? Nothing is absolute and nuance is important, but sometimes it is also very useful to simplify and generalise to get things done. If no one had any conviction, not much would ever happen. But moderation in all things.
Well, of course not! They're corrupted by the other companies who benefit from the DSA and DMA.
I agree with that. Reading HN comments, where people are supposed to be generally tech-savvy, I see a ton of "lack of knowledge and incompetence" (not in a negative way, just "uninformed"). Why should politicians know better than the average tech-savvy person?
But politicians get yelled at by everybody, saying everything and its contrary, while the tech-savvy people can comfortably take a condescending tone explain why "being so stupid is impossible so it has to be corruption".
In a functioning democracy, politicians represent the people. Meaning that some politicians will be on one end of the spectrum, and some will be on the other. If there are no politicians you disagree with, then probably you are not living in a functioning democracy.
> despite strong pushback
That is my point: look at the pushback! It's many people with very different opinions saying everything and its contrary, with a lot of technically incorrect takes.
Do you realise that when you say "they must be corrupt, because they don't share my opinion, and my opinion is absolutely the best", and you are not the only one saying that, then either everybody saying it should share your opinion or at least some of you are wrong, right?
Everybody wants to believe that they are right and everybody else is wrong, and therefore everybody else is either stupid or corrupt. I want to believe that sometimes, the world is actually nuanced, and people may have different opinions. I may have a strong opinion (and knowledge) about hardware attestation, but it doesn't mean that every politician does and hence has to be corrupt in order to not agree with me.
Too many people see something they don't like, imply a nefarious motivation without evidence, then expect everyone to agree that it is corruption.
If there is corruption, show the evidence. Otherwise, be honest and state that you don't agree with something. If you want to persuade people, back up your claims with verifiable evidence without falling back to nebulous claims of corruption.
Diplomatic status tax free too.
If it's Apple or Google let us know in the US because we have laws to go after them for acting corruptly in other countries.
Vaguely asserting corruption without specifics or even naming the perpetrators isn't "taboo", it's just poor form and silly. Letting such vague accusations float without evidence, motive, or even people to blame, leads to nothing good, and only vague distrust, which itself enables corruption. It leads to people believing there's no way to know the truth, therefore helplessness, and results in fascism like in Russia.
Lazy cynicism is itself a form of corruption of one's own mind.
I love this way of thinking. I might use this quote down the road
1. Explicitly designed as client states for the US
2. Explicitly designed as client states for the Soviet Union, with alliances switching over as the Soviet Union fell apart
3. Great Britain, a country whose electorate would probably only reconsider rejoining if the EU agreed to explicitly become British client states, because the only thing Britain hates more than France is those dastardly American upstarts[0].
The reason why this persists despite an openly hostile American president is the fact that the EU has no real alternative. The EU has a shitton of internal political distrust between member states, and the US was offering a lubricating alternative: "Just trust us." Politically distributed alternatives require balancing coalitions that are far more fragile.
[0] The history of European anti-Americanism is extremely fascinating, because it's effectively a Reactionary meme - as in, "wanting to restore the Ancien Regime" Reactionary, not "funny way to say Nazi Party member" Reactionary. And yet it's jumped across so many incompatible political ideologies that the average European probably had no clue why they hate America until Donald Trump gave them a good reason to.
Clearly tailored to the regular normie without technical skills.
I’ve written to politicians over the years about technical matters and it’s uniformly either a clearly form response or an inaccurate summation of the technical risks, if I’m been charitable because they don’t understand them either.
At a certain point it begins to feel pointless.
I think you're right that they are incompetent. The point is not to make them understand it, but rather to make them see that enough people care. The problem is that most people don't write, so the politicians don't see that they care. Same thing for companies. How many GrapheneOS users say "well when it stops working, I just move to another service, and if there is none, then I live without the service entirely". That way the companies never see that there is a need.
Being prepared to be this voice is one of the reasons I'm a Graphene OS user. Another is that it helps me avoid accidentally writing code that depends on google play services. When you've got an agent doing most of the driving, it's easy to not realize that your app is broken without google, unless you're testing it on a degoogle'd device.
If enough people write, they may start finding it relevant.
1. Most people don't write.
2. The people who write are not always competent.
3. The people who write often have an agenda, too.
What's the consequence of that? Imagine what the politicians receive: tons of messages of people complaining, most of which are factually wrong. What to do then? How to know who is right? It's genuinely hard.
EDIT: please write here: https://european-union.europa.eu/contact-eu/write-us_en
Example: https://www.lrb.co.uk/blog/2021/july/information-sovereignty
It only makes sense they'll prioritize big-business interests over those of the common folk.
It's a bit odd that Europe prioritizes American big-business interests I guess? Idk, as an American it does seem kinda like an odd choice.
How many European countries buy American weapons because they are scared of what would happen if they pissed off the US? And then they still get tariffs and threats of military invasion.
Google certifies devices unpatched for the last 10 years, rooted, riddled with the malware, because the keys have leaked.
Google knows and still sells the lie.
But you should know better. Google is not selling the actual security, it's just protecting its business.
There is also the problem that most external hardware is less secure than things like Apple's SEP. (But on the other hand, probably more secure than the long tail of cheap Android phones, which use virtualization rather than real hardware.)
That's how it works in Germany: You tap your national ID card (as a citizen) or eID card (as a non-citizen) on any NFC-capable iPhone or Android device. I personally much prefer that solution over one that requires a specifically trusted device.
The big gap is trusted user confirmation, though: Users need to see what they sign by tapping their card, and then you're usually back to some form of attestation.
Practically, they also completely botched the rollout; literally everyone I know managed to somehow lock themselves out of their card at the first attempted use (assuming they've even bothered to set it up).
To me, it seems like just the right amount of friction, and user expectations can work in favor of privacy here: People will hopefully refuse to tap their ID on their phone for a service where they want to remain completely anonymous, even if the protocol technically might support anonymous assertions.
It's like handing a loaded gun to a kid, and saying "just don't take the safety off".
Of course kids are going to find ways around it. They are going to take the safety off.
If anyone wants to assert control they have to be where the puck is going instead.
They're basically saying they have no choice but will evaluate better options.
So the follow up question is: Are you going to push the EU & Governments to do the logical thing and start developing, with your tax dollars, the necessary software & hardware to make it into the public domain so they arn't reliant.
Mostly it seems like few people see the need for brining government into software, no matter how much software & hardware are becoming essential utilities.
It's especially ironic to name China when the whole reason the US bought TikTok is because it showed people the reality of the genocide in Gaza, which the far right nationalists hated.
These are true. They also don't have much to do with what I replied to, which was about "the propaganda efforts driving a large amount of far right nationalists into violent uprising."
You're simply misinformed if you believe that Russia-originated propaganda has played a bigger role in the rise of right-wing extremism in Europe over the last 10 years than Rupert Murdoch (and yes, I'm aware News Corp's assets are all in English), the Anglo manosphere including the likes of Andrew Tate, and Meta, Google (Youtube) and X intentionally designing their algorithms for outrage/engagement at all costs.
Russia wishes it would have as much influence as the above.
Are you just not paying attention to the dissolution of democracy or are youjust like, cool with money being the only protected thing.
Capital remains sovereign in Europe.
Being a highly skilled lawyer, UN official, can get you banned from all government EU services of the Drumpf doesn't like the fact you're investigating war crimes.
A part of that has already happened.