[ko27]

Your own example proves how digital ID can be more private and secure. You go to a nightclub, you look a bit younger, person on the entrance asks proof of your age:

Option 1 - You give him your ID card and you expose a wealth of data, including your full name, address and SSN/OIB to that person

Option 2 - He scans your phone app, gets a big green mark which proves your exact age, or even just that you are 18+ and nothing more

[bboygravity]

Option 1: one guy gets to see all of your ID data, but most likely won't keep a record of it and will forget all he saw within 10 seconds.

Option 2: the same guy has no idea who you are. Instead: your ID gets scanned, the scan hits a government server for verification. A record is now kept forever of where you went, when and with whom and this information is added to create a profile of you (and your friends/partners). They can know if you were cheating on your partner, whether you where dating, if you went out "with the boys" that night, what political flavor the people you party with prefer, and so on and so forth. 100's of people and algorithms can access these records in the future in secret, including: the NSA (even if you're European, all secret service data is shared with the NSA), local secret services, the police if they want access, the tax-man, any future dictator(s) that rises up and his subordinates, same for others in other countries that are friendly to him, anybody in politics interested in you for whatever reason that may develop in the future when data access rules get weaker (or remain unpoliced), and so on and so forth. Furthermore, if for whatever reason your political preference becomes unwanted in the future, you can fully automatically be banned from public life at the press of a button with 100% efficiency (this already happens in countries such as China as we speak, Canada CAN'T WAIT to have such a system as well).

I pick option 1.

It blows my mind that people don't see where this is going after Snowden.

[tokinonagare]

> It blows my mind that people don't see where this is going after Snowden.

The majority may actually approves it, instead of turning a blind eye. During the covid crisis, how much of the population was ok with the government (taking France as example here) excluding from social life, and in some case professional life, 10% of people, on the ground of them not pumping Pfizer et al. stock price? I bet on something like 70%. Those people think because there are in the "winner" side they'll always stay there, and don't realize how fast the wind turns, and the same method will apply to them soon for whatever reason.

[collyw]

I don't think the majority approves of it at all. Most were just to weak to speak out. There were massive protests in many cities, but this was not reported at all by the mainstream media. Meanwhile in the UK they reported on a handful of eco protestors gluing themselves to the road. Subsequently the government used that as justification for bringing in more anti-protest laws.

Similar with Johhny Depp and Amber Herd trial being heavily publicized, while they were silent on the Ghislaine Maxwell trial. Whoever said that the mainstream media are the enemy of the people are correct.

[gumby]

Increasingly, in the US, bars and stores swipe your DL to validate your age. This is in the name of making sure the id was checked and not requiring the bouncer/clerk to recognize all sorts of state IDs.

Really, all the info goes to the establishment and/or the company providing the reader.

The old fashioned “bouncer will forget all the info” doesn’t apply any more.

[switch007]

I've never had my id "swiped" in Europe. I'm sorry but your US experience has no relevance to the topic.

[toofy]

we’ve had it here in the us for long time.

privacy forums were recommending people run magnets over the stripes on id’s at least 10 years ago when companies started swiping them.

is the new digital id terrifying? probably. but honestly from a privacy perspective, the way companies and government working together suck up all of our digital movements is terrifying if privacy matters at all to us.

to me, this was an obvious next step considering the world we’ve decided to build. we’re doing this. government employees. corporation employees.

we’re allowing power to consolidate at a rapid pace. we can’t decimate the separation of governments and companies, then build company after company after company which heavily rely on human data for their profits, and then simultaneously be shocked when this happens.

either we have privacy from both governments and companies or we don’t. particularly in a world where we refuse to hold power to any sort of reasonable standards (and by “power” i mean governments, corporations, wealthy individuals, individuals with power backing them, organizations, etc…)

i guess my ramble really boils down to this: many of us on this exact forum are building the tools. many of us on this forum are directly enabling power of all kinds to consolidate. it isn’t clear to me how we can complain about it too.

[blitzar]

https://www.nightclub.co.uk/ https://www.gbgplc.com/en/industry/nightclubs-and-bars/

Know exactly who is using your venue, using ID card scanner technology to find out if an ID is genuine in a matter of seconds. Scanner has operated in every major city in the UK since 2003

https://www.brixtonbuzz.com/2013/04/concerns-grow-over-the-r...

[fmajid]

Er, the UK does not and has never had a national ID card system, and the British like it just so.

[M2Ys4U]

I have. The bouncer at a karaoke bar scanned my driving license. This was in the UK when we were still an EU member.

[petre]

I've had it at border control But this is normal.

Plus you will have an EU digital ID just like your credit card soon. I already have a biometric passport. Checking it is way faster than checking an ID. In Bergamo they had separate priority queues for biometric passports.

[ellopoppit]

I'm in the US and have never had my ID scanned like that person is claiming

[toomuchtodo]

I have my Florida drivers license scanned (barcode on the back) every time I purchase alcohol at Publix or ABC Fine Spirits. I’ve also had it scanned at bars.

https://www.flhsmv.gov/pdf/newdl/fl_2dbarcodecalibration.pdf

http://www.leg.state.fl.us/Statutes/index.cfm?App_mode=Displ...

[tluyben2]

We proposed a way of doing option 2 with the green checkmark without hitting a server and with your private info encrypted on a device you own and it doesn’t leave the device unencrypted unless you approve parts of it; for instance passing your address for buying a house. But of course we are not Thales so it was not chosen.

[leeroyjenkins11]

It reminds me of a section from the gulag archipelago where the KGB would accuse you by taking a picture of you with someone who was thought to be a spy because they were seen with someone accused of being a spy by someone who was accused of being a spy. They came in with circumstantial evidence to take people away.

Follow anyone for long enough and they will look guilty of something. And with the 1000s of laws, does anyone think they won't break one?

[daniel-cussen]

Right so there you just say, "As long as you didn't give them the picture of us together." And that stops the bullshit just enough for the next sentence: "If you want cheap labor just tell me where to sign to be exploited, a real communist wants to be exploited to understand it first hand." Look the guy in the eye, as long as it takes. Four minutes at least. He'll tell you..."you know..." and then he will either desist, because under the right circumstances he must, or he will put you in for ten years.

Win-win.

[roblabla]

> your ID gets scanned, the scan hits a government server for verification.

I mean, you're already assuming things work a certain way that is not necessarily true. The ID card could just have all the information stored and signed by the govt. Then a scanner would only have to check that the signature is valid, no need to actually ping the govt server.

I haven't checked the technical details, so I've got no clue. But this is how the EU COVID-19 vaccine verification works IIRC. No pinging of a central server is ever done - the mobile app just checks that the message in the QR code is properly signed with the expected root of trust.

[dane-pgp]

> No pinging of a central server is ever done

Until the next time there is a terrorist attack or other scary event, and the opportunistic politicians say "We could have stopped this if only we had been keeping these pings in a database, just like we keep logs of everyone's internet metadata[0]. Don't worry, the database would only be looked at by AI, so it's not even a breach of your privacy."

Then everyone is just a single firmware update away from a completely different regime, and it's too late to boycott the app because everyone assumes you have it and requires you to run the latest version. Of course, you could always try protesting, but you might not get very far.[1]

[0] https://aboutintel.eu/european-metadata-retention/

[1] https://www.reuters.com/world/china/china-bank-protest-stopp...

[burntwater]

All of the data in option 2 is already free available even without the ID, because our smartphones are broadcasting our every move.

[moffkalast]

Not to mention the fact that they will find a lame excuse to roll this into the credit score system sooner or later, so they can know if you are a "responsible" citizen or something.

And also that government employees are incompenent so they'll send the entire thing through wetransfer or something and it'll be leaked sooner or later.

[lobocinza]

Option 2 has all the problems from Option 1 multiplied.

Bouncer can ask for more information and you can't even lie about it. Asking for phone number and address is somewhat reasonable in our current dystopic present on the basis of KYC and "what if there's an emergency". And you can be sure that the data will be stored in local DB with poor oversight and security and it will be used for marketing and eventually leaked.

[kettleballroll]

The question here is whether option 2 is implemented on the edge device (which in turn makes it more likely that someone can steal your identity) or goes over a government owned server (which means the government could soy on you)

[proc0]

I think "private and secure" mean two different things here. It may be private and secure from malicious actors trying to steal your ID, but it's probably not private or secure when government decides it needs to coerce you into doing something you don't want to do.

Option 2 is more convenient, but at what cost? I would think the probabilities of the cost being high is proportional to the probability that government will have corruption and abuse the system, which seems high in history and even today in many countries.