Privacy

32400 readers

170 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

398

I realized why governments are so fast in approving digital ID cards on smartphones (feddit.it)

submitted 1 week ago by Moonrise2473@feddit.it to c/privacy@lemmy.ml

149 comments fedilink hide all child comments

In my (European) country now we can have a digital copy of the driving license on the phone. It specifically says that it's valid to be presented to law enforcement officers during a check.

I saw amazed in the beginning. They went from limited beta testing to full scale nationwide launch in just two months. Unbelievable. And I even thought "wow this is so convenient I won't need to take the wallet with me anymore". I installed the government app and signed up with my government id and I got my digital driving license.

Then yesterday I got stopped by a random roadblock check and police asked me my id card. I was eager to immediately try the new app and show them the digital version, but then because music was playing via Bluetooth and I didn't want to pause it, i just gave the real one.

They took it and went back to their patrol for a full five minutes while they were doing background checks on me.

That means if I used the digital version, they would had unlimited access to all my digital life. Photos, emails, chats, from decades ago.

What are you are going to do, you expect that they just scan the qr code on the window, but they take the phone from your hand. Are you going to complain raising doubts? Or even say "wait I pin the app with a lock so you can't see the content?"

"I have nothing to hide" but surely when searching for some keywords something is going to pop-up. Maybe you did some ironic statement and now they want to know more about that.

And this is a godsend for the secret services. They no longer need to buy zero day exploits for infecting their targets, they can just cosplay as a patrol and have the victim hand the unlocked phone, for easy malware installation

Immediately uninstalled the government app, went back to traditional documents.

you are viewing a single comment's thread
view the rest of the comments

[–] pkill@programming.dev 0 points 1 week ago (2 children)

But they have one advantage: They are way easier to counterfeit. Meaning that with a few months of programming at most, if you ever find yourself on a run, you'll be able to ID yourself on trains or buses or check in to hotels with fake personal info.

[–] brian@programming.dev 9 points 1 week ago (1 children)

you realize they're more than just your picture on a screen, right? there's a whole public key private key verification process that happens, which covers your photo and personal info, at least from what I understand of ISO 18013-5.

if anything it should be almost impossible to make a fake mobile id, barring exploits in reader software or the govt leaking their private key.

[–] pkill@programming.dev 0 points 1 week ago (2 children)

Yes I do. Therefore I would never use it in front of state authorities, but I doubt a hotel receptionist would make use of a pubkey cryptography.

[–] brian@programming.dev 2 points 1 week ago

you don't think they'll just use some app to verify it? my state's mdl doesn't even show any personal info other than name, if they want birthday they have to scan it

[–] UnderpantsWeevil@lemmy.world 1 points 1 week ago* (last edited 1 week ago)

I doubt a hotel receptionist would make use of a pubkey cryptography.

If you're just flashing an ID like a badge, maybe not. But as soon as the hotel tries to use the information to do anything (even as trivial as adding it to their local systems) there's a good chance it'll get bounced or hung up. A fake digital id is worse than none at all. Its a big red flag saying "Look harder at this person, they're suspicious!"

[–] Moonrise2473@feddit.it 1 points 1 week ago

i don't think that there's no check at all. There's either a server side check or a digital signature to verify, or both. You can trick the train ticket check (here they don't even scan the qr code, they see the screen on the phone and continue) or the lazy airbnb landlord, but that can be done also today