[elric]

eID and okish in the same sentence? Yikes. It's a terrible experience for me. It doesn't work well on non-Windows operating systems. It doesn't work at all on many operating systems. Which is silly, because it's just a smart card which should work everywhere, but somehow that isn't the case.

The "itsme" SSO app is even worse. You can't use it without using an iOS or Android smartphone (and even then it probably won't work if it's rooted). And it's got this really weird requirements of being secured by a 5-digit pin (no more, no less last I checked..).

[CyberThijs]

Using the PKCS11 certificates on a Belgian eID is cumbersome because the whole 'client certificate' workflow has always been a pain in the butt UX-wise. Many workarounds have been implemented to improve on this, making it less platform-independent than theoretically possible.

The itsme app works totally fine for me, and my less tech-literate family members. It strikes a good balance in UX and security.

All in all, I think that the Belgian government is doing a good job in this. It needs to work well for the average user, which it does! I don't expect my government to spend time and money to support all fringe cases like smartphones that don't run iOS or Android.

[elric]

> I don't expect my government to spend time and money to support all fringe cases like smartphones that don't run iOS or Android.

I expect my government to create solutions that work for everyone. Including "fringe cases". Including people in poverty. The marginalised. The contrarians. The smartphoneless. Everyone.

Edit: and I especially expect them not to further the de-facto duopoly of Google & Apple.

[JW_00000]

Note that itsme is not a requirement for anything, so the smartphoneless still have alternatives available. To file your taxes in Belgium, you have the option to file on paper, or online by logging in through one of: eID reader, itsme, 2FA using an app (e.g. Google Auth, Authy), e-mail, text message, or a EU-wide ID system. Who exactly is being excluded here? Also, which other smartphone OSes do you expect them to support?

[sam_lowry_]

> Belgian eID works (almost) flawlessly on Linux.

The software stack is pretty much standardized. I am a bit worried about aarch64 platforms, but hopefully they will also be supported.

OTOH, the itsme application is a huge security issue aside of being a serious vendor lock-in over passwords, 2FA and OTP. It is tivoising logins like OKTA, except that here, it is mandated by the state.

[elric]

It's not just about working on various platforms. The whole thing is just ... weird. When you're signing something with eID, you have no idea what you're signing. It could be anything. You have to trust that's signing what you think it's signing. Even the difference between signing and authenticating isn't always clear. It would be super easy to trick a user into signing a document while pretending to present a login form.

[ipatec]

that's why I said "okish". I think "itsme" works fine for most people. But yes, the system is far from perfect. However, do you have trust that the EU Commission will design something better?

[hyperman1]

We have different experiences then, mine are fine. I've been filing my taxes with eID on linux debian stable + firefox for years, maybe even decades. Had to add the apt repository for eid.