Hi PostmarketOS community!
I’m sharing this link because I’m curious to hear if any PostmarketOS devs or users have looked into the European Digital Identity Wallet (EUDI)?
In the worst case the EUDI could be stepping stone towards a police state. Just look at the heavily critiqued Digital ID proposed in the UK. Excerpt from the EFF:
This [Digital ID] would create a rich environment for hackers or hostile agencies to obtain swathes of personal information on those based in the UK. And if previous schemes in the country are anything to go by, the government’s ability to handle giant databases is questionable.
In contrast, the EUDI looks to be designed in such a way where various attestations to prove your age or other things is meant to be presentable without being tracked by a third party, or always having to “phone home”. See: 4.2.4 Privacy by design.. Overall, this isn’t immune to scope creep towards surveillance. But it is a strong start nonetheless.
I’m bringing this up because I’m curious about building a digital wallet implementation for PostmarketOS. If the EU would support this implementation it would make it easier to be a digital citizen in the EU without being forced to have access to the Google Play Store or the iOS App Store.
Thanks for the input. Are there concrete parts of the EUDI design that’s fascistic or just the whole thing?
There’s certainly bad ways to do a digital ID like in the UK where it looks like the design “phones home”, see EFF link above. However, the EUDI relies on cryptographically signed certificates and a Certificate Authority chain of trust. Whether you’re offline/online your phone would only present cryptographically signed files for authentication. Quote: “Finally, measures are taken to prevent Users from being tracked by Relying Parties, PID Providers, or Attestation Providers.”
As mentioned I’m already forced to use a couple of identification apps on Android. An alternative for me would be to have a twin sim setup and leave my proprietary phone at home and roam around with my PostmarketOS phone instead. That works fine. But might make it harder to recruit new users.
Finally I’ll say that I agree we shouldn’t blindly trust the government.
“Overall, this isn’t immune to scope creep towards surveillance” in your original post sums up my fears.
As soon as the majority of population goes digital-only, the nice privacy properties can be thrown out of the window, because there will be no alternative. What will you do, claim you’re too old for a phone ID? But you just used the previous one without any problems.
Valid concern. This does not make the current system fascist though.