- cross-posted to:
- hackernews@derp.foo
- cross-posted to:
- hackernews@derp.foo
This article isn’t completely genuine. And it is important to understand that.
eIDAS came into effect in 2016 and was around the oversight of online identification. This PROPOSED change is around allowing the EU to impersonate anyone getting a CA that is valid in the EU.
Now this is concerning but will never pass. Your bank needs to be assured that their CA can only be validated by them. Your insurance agency, your ecommerce sites…
It won’t work, it breaks network trust by definition.
As soon as they try to push this through, banks, insurance and tech companies will push back and this will die.
Banks don’t want the security model to be undermined because it will have a massive impact on the escrow services which underpin the digital economy.
If the CA owner can be impersonated then your bank can be impersonated, your online vendor can be impersonated and your e-commerce is dead.
Dumb idea and won’t happen.
Considering that this has been in the works for
a yeartwo years already and there haven’t been any reports of banks and insurance agencies objecting, your version of “it can’t happen here” seems less than fully convincing.The fact it has been in the works for two years and not passed tells me that the powers that be are working to stop it in the background.
I could be wrong, we will have to wait and see. But this is not the first or last time I have seen governments try to break authentication without success.
Mozilla says that it’s fairly close to passing though: https://last-chance-for-eidas.org/
Well I’ll eat my words if this passes. But I don’t see it happening.
I hope you’re right!
I can only hope that this is what is going to happen. It’s a stupid idea and I have no clue why noone things about the consequences and evaluates if it’s for the better or worse…
Agreed. PwC, big banks and the internet as a whole would stand against such policy, giving institutions the power to destroy the very basis of internet trust is simply asking for the entire system to become discredited
Sorry, but this is on the level where I’ll never trust EU… I rather liked this organization but this makes no sense.
Like, which children to protect are going to be manufactured this time?
If it is any reassurance, not even the EU trusts the EU to control internet security: Parliament voted this down in its position, but member states are trying to bring it back. MEPs are fighting to ensure control remains with browsers.
I think the EP voted down Chat Control for now, but this is a different thing.
It did, but we are also fighting against eIDAS. I’m told last night’s deal supposedly solves the problem, but I’m waiting for the text myself. (I worked on eIDAS in Parliament, my committee (Legal Affairs) recommended the complete deletion of Art45.
Let’s hope so, feels like orgs were able to build up a reasonable amount of pressure in such a short amount of time.
It does kinda depend on whether this manages to actually pass…
You can’t trust your govt and you can’t even trust the World Bank. Digital ID is being pushed globally, their excuse is to help people to get jobs and financing.
https://www.weforum.org/agenda/2021/04/digital-id-is-the-catalyst-of-our-digital-future/
I’m not an expert on this, but you should not make a one-sided argument on a topic that people are not familiar with.
I’m trying to tell how bad it’s. Since there’s no article/news on internet that talk about Digital ID being pushed and how it will eroding our privacy, so most people have no idea there’s a bigger issue than eIDAS.
Recently our government started asking people to register for the National Digital ID system by using an app on the phone.
I can imagine it can be a problem, but pasting a barely related topic with a warning on conspiracy, backing the ideas with URLs from unheard sources doesn’t help.
You sound paranoid
boiling frog spotted.
Digital ID isn’t the problem here. No system is risk free and we should always think critical but the concept of digital id is a huge plus for privacy.
Most people receive important documents in their mailbox while a Mailaccount is actually very unsecure to keep your data safe. In some places in Europe official/important documentation goes to a special mailbox that can only be opened using a digital id. Its miles safer then a password.
The issue at hand could be a problem For digital id safety but that would be just one of many more negative effects from this bill. Id or not europeans be screwed.
I think physical keys would be better
Interesting ideas but still half baked
This is the best summary I could come up with:
Lawmakers in Europe are expected to adopt digital identity rules that civil society groups say will make the internet less secure and open up citizens to online surveillance.
Thus, using a proxy in a man-in-the-middle attack, that government can intercept and decrypt the encrypted HTTPS traffic between the website and its users, allowing the regime to monitor exactly what people are doing with that site at any time.
How that compares to today’s surveillance laws and powers isn’t clear right now, but that’s the basically what browser makers and others are worried about: government-controlled CAs being abused to issue certificates to websites that allow for interception.
An authority purge of this sort occurred last December when Mozilla, Microsoft, Apple, and later Google removed Panama-based TrustCor from their respective lists of trusted certificate providers.
“Article 45 forbids browsers from enforcing modern security requirements on certain CAs without the approval of an EU member government,” the Electronic Frontier Foundation (EFF) warned on Tuesday.
Mozilla and a collection of some 400 cyber security experts and non-governmental organizations published an open letter last week urging EU lawmakers to clarify that Article 45 cannot be used to disallow browser trust decisions.
The original article contains 965 words, the summary contains 196 words. Saved 80%. I’m a bot and I’m open source!
https://nitter.cz/Rob_Roos/status/1722304545676497141?t=SDb1qsGpMC8CtZmNdc70mQ&s=19
The European Parliament and Member States just reached an agreement on introducing the Digital Identity, #eID.
Directly afterwards, #EU Commissioner Breton said: “Now that we have a Digital Identity Wallet, we have to put something in it…”, suggesting a connection between #CBDC and eID.
They ignored all the privacy experts and security specialists. They’re pushing it all through.
CBDCs are one of the greatest threats to freedom and liberty over the next 50 years. People should be very skeptical about giving this much control and surveillance power over to the government.
deleted by creator
Are we doomed? After 08/11/23, yes we are.
As far as I understand, the parliament must vote now, but it doesn’t look good. You may write to your MEP.
We should organize manifestations in streets and make it visible if we don’t agree. Writing an email that just gets ignored seems polite but it hasn’t worked so far.