[jeroenhd]

Digital ID exists and is widely used, yet I only need to use my digital ID to authenticate with government services. Remote attestation is the norm for many types of apps already yet I can use my bank app on my rooted phone just fine, or use my phone to authenticate with my government's SSO system.

I'm no fan of the modern dependence on Play Services or Google's attempts to kill adblockers through remote attestation, but none of these technologies are inherently bad. Business devices authenticating to business websites should allow remote attestation to verify that their hardware has not been tempered with just as an extra security measure.

Maybe your government is more evil or incompetent than mine, but bad governments aren't going to he limited by technological concepts like these.

[heavyset_go]

I'm not worried about the government, I'm more worried about inscrutable decisions made by companies like Google, where their automated systems decide that you're an anomaly, and thus malicious, and choose to ban you.

Instead of just losing your account, you (or at least both your machine and your digital ID) are banned for good. This already happens with phones, where the entire device gets banned by apps for good, adding a layer of digital ID on top of it worsens the consequences of such decisions by platform owners against users.

> Remote attestation is the norm for many types of apps already yet I can use my bank app on my rooted phone just fine,

Many people can't on their rooted phones, and this cat-and-mouse game will eventually be won by the parties with million/billions to throw at it.

[usrusr]

Digital ID is safe from abuse by our ad overlords as long as it only happens in insular implementations for markets smaller than California. Things would look wildly different if digital ID was a thing in the USA (I find it rather amusing how they claim to have no ID at all, yet a decade in Europe seems to involve less presenting of ID than a month in the US involves presenting their driver's license ID substitute)

But I don't disagree, I'd rather have a rooted phone with a few islands out of my (and the software that I run!) control for sensitive authentication use cases than a phone where I'm not in control at all. Or than two phones, because only one of them can be rooted.