[vintagedave]

I'm an Australian living in Estonia. The short answer: absolutely amazing.

The long answer: eID was originally through an ID card, and you'd have a USB chip reader you'd plug into your computer and a browser plugin and digital signature software (open source, I believe.) You could use this to authenticate on government, bank, etc websites, and sign documents, very easily: you just remembered a PIN code.

These days many people use Mobile ID which has the same signature functionality on your SIM card, and you sign by entering a PIN on your phone. This is very convenient but I do worry about security a lot more. In the past, there have been security issues, such as flaws in the signatures, and once this caused a large number of ID cards to be reissued. It's not without problems but all problems so far seem to be caught. I don't wholly trust it and I am waiting for the situation where a document is "signed" and the owner of the ID denies signing it.

Almost everything is accessible online, and you do not need to visit offices for the vast majority of government and often other business/bank interaction. I think there are only three things you cannot do online: get married, buy property, and I think deal with deaths. Everything else you can. The famous example is starting a company, which takes about fifteen minutes and even has a customisable template for company documents (in English!) for you, you just pick the options on the website, sign it digitally through the website, establish a holding bank account if necessary (through the website - bit of an echo here!) and done.

Most data about you is digital - your tax, medical etc. For background, I'm someone this scares. I see huge value behind an attack here. I also worry about access by the government or others. But in practice, it seems to work well. Data is stored in different enclaves: the tax department can't see medical data, for example, and access is logged. There are cyber-attacks, most commonly from Russia, but the Estonian IT team is top-notch. If this same system were in Australia I'd have no confidence, because Australia outsources everything and the government cannot run good IT systems. But Estonia does it well.

[skeletal88]

What makes it secure is that by law government entities (ministries, departments, etc) should not store data that can be queried from other available registries. So when I go to some official then they look at personal number, look up where I live, and don't have to ask me to fill forms about where I live and what car I have or whatever, data that is already stored in one place. The advantage is this: it is a lot easier to keep data secure when it's in one place (for example.. your address), than when every department had their own databases about addresses of people who have interacted with it.

Why do you think our current system is scarier than the alternative that exists in most other countries? Where every ministry has their own random databases, with data that is probably outdated.

Also, the cyber attacks by russia are always DDOS attacks, they can't achieve anything else.

[ricardobayes]

I always found the infatuation with Estonian company setup a bit weird. For this convenience you pay 20% company tax. In Europe several countries offer a better rate - for example Ireland is at 12.5% with a similarly easy company setup system - in English. Or Hungary at 9%. At an 11% difference I'd gladly pay for a local accountant. If you earn 100k through your company you leave 10k in the hat just for the PR & marketing Estonia has. No thanks.

[alberth]

So is there no biometric for verification? Just physical enrollment and then for all subsequent use, you just use a PIN (no biometric)?

[skeletal88]

No, there is no biometry. To do anything with your electronic id you need your id card with the chip or your phone with a sim that stores your private key, and you need to know your PIN-s. What other kinds of verification do you need?

It is assumed that whoever is using the id card to sign in somewhere or sign something is the owner of the card. Since.. the pin is also required, stealing someone's card doesn't give the thief any benefit.