Due to a lack of any reliable way of backing that up, I cannot convince anyone else using the opinions of a random on the internet. I was looking for a place I can show them with evidence, so I don’t look like a conspiracy theorist with a pinboard full of string and coloured paper.
It’s proprietary software. You can’t know what they’re actually doing without getting a job there and getting assigned to that project. But given Facebook’s long history of user hostile behavior, the statements from Zuckerberg that people who trust him are idiots, and the class action lawsuits against them for violating consumer trust and straight-up selling user data, I wouldn’t believe anything they say. Why use a 3rd party app run by a user hostile company whose entire business model revolves around capturing user data, when there are better alternatives out there? I understand that I’m preaching to the choir and I apologize. I’ve had the same argument with my two best friends trying to get them to use literally anything other than Whatsapp and they won’t. So we still communicate with a group sms on our phones. That’s better than Whatsapp as far as I’m concerned. You have my sympathies since your group is probably too big to just refuse to participate in and still get communications from.
This is in the UK, and about all benefits, not just pensions, but yeah, your hunch isn't far off - this is being implemented out of sheer cruelty, not out of any justifiable financial reason.
I’m sure that this won’t primarily impact the most vulnerable in society, whilst the fraction of actual fraudsters just change tact. I’m also sure that’s not the point of this legislation.
Every phone is practically a spying device. Artificial intelligence is also currently being developed to be able to process that much data because it’s impossible for humans to review it all
And this is why having true ownership over our own devices is so important, so that they can’t force this on everyone and if they try, we just replace the root certs.
This is why “trusted computing” has been pushed for so long, to remove control from the user specifically to enable bullshit like this
Even if it’s as simple as choosing which Root CA’s we want to trust, how many people will know to do that and be able to do that? A couple percent at most.
Of course we need full ownership of our devices, and trusted computing has always referred to the trust of for-profit corporations, but this in itself doesn’t help the vast majority of people who either don’t know that they’re compromised, think they have nothing to hide, are unable to do anything about it, or a mix of all three.
Privacy and security are already a privilege. Proposals like eIDAS only make it even more unaccessible.
This is a win indeed, but what people don’t see is that most times “exaggerated and abrasive” regulation like that is only proposed to hide up other clauses and proposals that are equally bad or even worse - get the public distracted and thinking they made a difference and that the EU listens to them.
Another thing that people miss, and that most Americans folks would lose their minds about while reading this, is the fact that eIDAS also brings an unique electronic identification for each European citizen company, “a digital solution for proof of identity of citizens or organizations” backed by asymmetric cryptography with the end game of replacing paper documents.
To be fair this isn’t a new thing, most countries in Europe already provide standardized smartcards as citizen identity cards that use asymmetric cryptography so you can electronically sign documents and login to gov services with them. Said signatures have legal value and in some cases - such as lawyers and doctors - you’re required to sign documents and prescriptions with the card. eIDAS just pushed it even further.
Just imagine the potential for a govt/EU to revoke your oficial / legal identity at any time :)
regulation like that is only proposed to hide up other clauses and proposals that are equally bad or even worse - get the public distracted and thinking they made a difference
But IMO this bit was superfluous POV. An alternative theory is that nobody is secretly scheming to do anything, least of all the chaotic EU apparatus, and that most politicians are not experts and they are simply responding to various competing stimuli, as humans do. Notably elections and media hype and lobbyists. Personally I don’t get why so many people attribute to malice what can easily be explained by incompetence, but whatever, I’m in the minority and that’s fine.
Interesting detail about the eID certificates. You’re right that Americans will find this crazy in the way that we Europeans might not. Perhaps Americans are right.
An alternative theory is that nobody is secretly scheming to do anything, least of all the chaotic EU apparatus, and that most politicians are not experts and they are simply responding to various competing stimuli, as humans do. Notably elections and media hype and lobbyists.
Yeah that’s a very big possibility for the state of the EU, I’m not gonna deny it.
You’re right that Americans will find this crazy in the way that we Europeans might not. Perhaps Americans are right.
Yes, I’ve seen a TON of American propaganda and people flipping out about central / govt issued IDs, driving licenses and whatnot. I also know that most US states use still use rudimentary paper-only documents to identify citizens… I mean the situation is so bad that even Apple is trying to digitize them.
Meanwhile here in Europe most countries / people have smartcards (that in some cases combine multiple documents, like the actual ID, social security ID, tax number, driving license etc.) and are using it to login to govt websites and to sign documents. It’s just crazy fun to see that in the US there are tons of companies offering ways to digitally sign documents in “a safe way” and even again, Apple, creating the means to scan a signature while here those things have little to no value and people are required to actually use their identity cards to sign docs. lol
Yes the PDF-“signing” mascarade is beyond ridiculous but that’s definitely a thing in Europe too, certainly France and Germany. Maybe only for private businesses at this point, yeah. Personally I have a whole production line up and ready for photoshopping sigs and initials and even handwritten dates onto PDFs in order to comply with dumb instructions. It’s as if a handwritten signature, even in PNG form, has a magical superpower to make a document authentic. A bit like the security theater at entrances to buildings and transport. What’s important is to go through the motions of securing something, to prove that you really want it to be secure, rather than actually to secure it. A rite, basically.
But yes, having said all that, the alternative is maybe even worse! We’re gonna find out.
It’s as if a handwritten signature, even in PNG form, has a magical superpower to make a document authentic. A bit like the security theater at entrances to buildings and transport.
While Germany cards doesn’t seem to have a digital / smartcard component, French ones do. In Portugal and Spain at least you’re required to sign digital documents with your identity card, using a smartcard reader + a small utility app provided by the gov. Only those have legal value and this is enforced. Scanned handwritten signatures have zero value, and I know this also applied for other EU countries.
A government doesn’t need to take away your papers to deny you its services.
Yes, people just need to be dumb enough to vote the typical half communist and half socialist parties to power and they’ll take care of ruining public services for everyone in equal measure. :)
Do people not know this? No ones heard of project echelon and the Five Eyes? Not to even mention the numerous other programs each of these countries have for monitoring. Every tech device you own monitors you and every cloud service has a back door.
One you have a business relationship with. You can sign up for a paid account with google or Microsoft. Use your own domain. Disable what ever adware options you’d like, and use that as your identity provider.
While you can roll your own, many services if they even support custom saml federation only do so for enterprise customers. You’re much more likely to find useful federated services with google or MS.
Advocating for using some of the biggest privacy violators to log in to all your accounts! Business relationship or not this is not good advice for your privacy.
The biggest reason not to use a single account like this is that you lose everything if you lose the owning account. It’s bad advice to say you should absolutely do one or the other. It’s good advice to consider the risks.
Do I use an aliasing service that allows me to change the account emails point to? Yes. Can I access those accounts with access to my email? Yes.
The issue here is that if you lose access to social network that logs you into those things, you lose the account. If you have an actual account, not delegated access, you can still access the account with the social account.
I’m struggling to find some good article examples because Google is rolling out inactive account deletion and that’s polluting my search results. So go test this out yourself: go try to change the account name/email, password, or MFA for any of those accounts you use social auth for. Try figure out how you would log into without that social account. Next do the same thing with an account you don’t use social auth for.
Same but this basically puts all the trust in your mail provider which also sucks.
We should have logins with security keys and/or local biometric unlocking. I think that would already increase security and ease of use a lot. But these things are so expensive and not well supported yet
In theory, my email only serves as a way to verify me and spam me. A good account may require an email for communication and should allow that email to be changed without losing the account, in the same way the good account will let me change the password, the MFA, and ideally even the username (looking at you Steam). Same as a phone number. We’re beginning to see a move toward that flexibility. Most accounts with MFA allow it.
First - mail server might literally be on a box in your home under your full control. Second - if it’s not the case, you don’t need to stick to a single provider. I have mailboxes tied to different platforms on different providers, so I cannot lose all at once.
They handle it better and your options to respond are better.
You can immediately invalidate all associations for instance. You can revalidate them too once your identity provider is back up and running. Okta is going through this right now I believe, but I haven’t been paying a whole lot of attention to it.
There’s no password with federated sites. It’s certificates to prove the connection is valid, and tokens.
The federated website could chose to save nothing about you. It would make it a lot easier for them to do so, as it means less resources to manage, and less PII to be concerned about storing.
privacy
Oldest
This magazine is from a federated server and may be incomplete. Browse more on the original instance.