upvote

points

by applfanboysbgon6 hours ago |
comments
upvoteby wolvoleo3 hours ago|
next
[-]
At the same time they're allowing the tax office to migrate completely from a self hosted solution to office 365 do there's that.

They had to be dragged kicking and screaming into doing this. Several attempts were made to force them to block the takeover. Not sure what caused their latest turnaround.

reply
upvoteby spwa46 hours ago|
prev|
[-]
All governments are "doing something". It just isn't at all effective and mostly because they're unwilling to invest even marginal amounts.

Like in this case. The technology here utterly depends on Google Play Services on Android or App Attest on Apple (or "secure enclave"), and that is in fact essentially the only functionality.

This could have been solved instead switching to a standard (switching to OATH, RFC 4226 and RFC 6238), thus killing the dependency on Google/Apple while still allowing those devices to work smoothly, but also allowing a Linux implementation, allowing anyone . Plenty of European companies provide implementations for this, some with and some without the dependency on Google/Apple attestation.

reply
upvoteby applfanboysbgon5 hours ago|
parent|
next
[-]
I'm not talking about some abstract sense of "did the government do anything at all today", I am saying "good on the government for doing something in this specific case instead of doing nothing and letting it be sold", which was a possible outcome, and in fact the default outcome of the vast, vast majority of acquisitions is that the government does nothing to intervene.

Could they do something better, sure. I am still glad to see they did something at all.

reply
upvoteby Vinnl6 hours ago|
parent|
prev|
next
[-]
I can sign in to DigID without using my phone, except sometimes with an SMS verification code. (Of course they want to, and should, phase that out. Hopefully that won't be replaced by app store dependence.)
reply
upvoteby lxgr3 hours ago|
parent|
next
[-]
What alternative is there, today, that would allow securely doing this without an app store dependency?

Only a few EU countries have rolled out NFC-based eID functionality (as only physical ICAO-based ID verification via NFC is a mandatory part of the EU ID card standard); those are the only ones with a viable path forward in the short term.

reply
upvoteby jeroenhd3 hours ago|
parent|
prev|
[-]
The default will likely be the app, but if you have an NFC reader you should be able to use your passport or ID to authenticate as well.

The app has the benefit of being free, getting a working reader costs 60-90 euros last time I checked and Linux driver support isn't great.

reply
upvoteby microtonal5 hours ago|
parent|
prev|
next
[-]
Uhm, no, DigiD works without Play Services:

https://www.logius.nl/actueel/qr-code-scanner-digid-app-werk...

(Also works fine on my GrapheneOS phone with only basic integrity, also worked on microG when I tested.)

reply
upvoteby 6 hours ago|
parent|
prev|
[-]
deleted
reply