[dathinab]

> Why was this decision ever made?

because it wasn't made

the decision which was made was having a digital ID wallet, that this needs hardware attestation (or something comparable) is somewhat of a direct consequence of existing laws/regulations regarding making IDs forgery safe

it also is a phone only application

the huge huge majority of phones runs Googled Android/iOS, so you support them

if there where a relevant 3rd party competition it would (most likely) supported it, too

going back to the "the president .. shut down .." argument: The US can shut down >90% of all smart phones used in the EU. I don't think the US being able to shut down something which in the end is fundamentally just a minor convenience feature is making much of a difference here.

But I also think that whole identity wallet (the regulations behind it) is approaching things from the wrong direction, carrying a credit card sized ID with you isn't really a problem or very inconvenient. So instead of having the whole attestation nonsense it would be more practical to simply not have attestation and in turn allow the digital ID only for usage where the damage it can cause is quite limited. Especially given that device attestation systems have a long history of being circumvented...

As a side note this whole app is distinct from the "use you ID with through your phone/NFC with applications" thing many EU countries have, through that solutions also tend to have attestation issues in most cases. But again most relevant use-case of it can be done just fine, without the security level attestation tries to provide, if approached pragmatically.

[reactordev]

Have you seen our President? Minor conveniences are what trigger him into launching full blown DOJ investigations, wars, and economic disaster. If he realizes he can just "turn off" the EU, oh, he will threaten that on Truth Social tonight in a rant about how they should make a deal or else.

[like_any_other]

An open threat like that would be the best case scenario, as it would (hopefully) cause a reaction in EU countries trying to get rid of this yoke. Instead usually it happens through backroom dealings, or just the services being a nuisance to competitors while being helpful to friendly companies, and thus the target country is drained of its resources and economic independence, slow enough to not provoke retaliation.

With the exception of the current US administration, hostile countries and corporations try to appear non-hostile when possible.

[userbinator]

I'd like to see if he can be convinced into going after Google and effectively stopping remote attestation. One can certainly dream...

[nickburns]

Friendly advice: please don't capitalize random common nouns like the president does. It's a marker of one's affinity toward precision (among other things).

[danaw]

you're being this pedantic about someone capitalizing "President"?

[altairprime]

It’s not a proper noun, and this is HN: pedantry is par. “The president of Xyz” capitalizes the X in Xyz(pn) but not the P in president(n). However, the P in President(pn) is capitalized when it’s a Title suffixed to a Name - but that varies per country by what they title their president-equivalent locally and isn’t always translated, while the concept-slash-role label of ‘president’ in English generally does not (and is often used interchangeably, albeit somewhat wrongly, for ‘monarch’ and other such single-person executive-leader roles). (That we use the same spelling for both title and concept is annoying, as usual :)

[JumpCrisscross]

> It’s not a proper noun

The President, within this context, identifies a single entity. As such, it is a proper noun.

Analogy: there are many continents. But if we're discussing Brexit, the Continent is a proper noun. I don't think it's incorrect to not capitalise. But it's certainly gramatically okay, and not in the same bucket as The Nutters who capitalise Random words it Looks like Legalese.

[nickburns]

> The President, within this context, identifies a single entity. As such, it is a proper noun

Yeah, no. You're just making things up to suit your position like the president does.

[marcus_holmes]

I was just talking about this today:

I have an internal convention to not capitalise LLMs when talking about them as if they were people; so claude is not capitalised, and the internal LLM-based service agent we're building, rex, is not capitalised.

I realise this breaks the capitalisation of proper nouns; claude is a name and therefore a proper noun and therefore should be capitalised. But I like that there's a signal in here that the thing I'm talking about is not a person and so we don't capitalise the name (I realise that cities or companies or other things that we capitalise are also not people).

Digression, but then so was the entire discussion on capitalisation.

[JumpCrisscross]

> the thing I'm talking about is not a person

Countries, companies, religions; hell, planets and galaxies–none of these are sapient. Yet we capitalise them.

I'll go out into the deep end for a second with a hypothesis: I think we capitalise because it makes printed text easier to scan. The words you need to spend more time on are capitalised because they aren't ones you can just roll through. This is also why the nutter affect of capitalising random words is so distracting–it drives attention to non-standard words that are, with minimum thought, being used perfectly standardly.

[reactordev]

President is a title here so Capitalization is correct use. That last one wasn’t. To be pedantic, we all know which one I was referring to.

[JumpCrisscross]

They’re trolling.

[nickburns]

The word 'president' being a potential title doesn't make it a title nor a proper noun in all contexts.

Your bio contains comma splice, by the way.

[nickburns]

Yes. But mostly just because it's in reference to this particular president who's a dullard and displays it regularly in this particular way.

[yawaramin]

What does 'marker of affinity toward precision' mean?

[fouc]

indicator of being detail oriented

[josephcsible]

> having a digital ID wallet, that this needs hardware attestation (or something comparable) is somewhat of a direct consequence of existing laws/regulations regarding making IDs forgery safe

How do you figure? Isn't just having the digital ID be signed by a key belonging to the issuer good enough for that?

[rahkiin]

I think they are saying the signed ID can be copied to another device. Unless such ID needs to have acces to some TPM that can be trusted, which likely requires then specific trusted hardware and software

[josephcsible]

> I think they are saying the signed ID can be copied to another device.

But that's not what a forgery is.

[jcgrillo]

If something is actually important, don't put it on a computer. Don't let a computer be in the critical path of anything that actually matters. It's really quite simple. Even before "AI" this technology was not reliable enough for serious, important things--systems that need to be maintainable in adverse conditions (battle damage, etc), systems where failure is not an option (proving your identity, proving your children are yours, ...). If you care about your car, truck, tractor, or dozer being maintainable and reliable, don't get one with a computer in it. Until we can figure out how to make these things reliable and maintainable they're not to be trusted.

[marcus_holmes]

I feel like we need a war or something to show everyone how brittle we've built everything, and how unnecessary it all is.

[nullc]

> If you care about your car, truck, tractor, or dozer being maintainable and reliable, don't get one with a computer in it.

Got a list of widely available cars and trucks 'without a computer'? :D

[jcgrillo]

Anything older than about 1990, some as new as early 2000s.

[izacus]

Can you show an example of defeating hardware attestation? It would be useful for many 3rd party ROM users.

[nine_k]

Gaming consoles typically have hardware attestation (as in verified software on verified hardware, sealed), and it has been broken many times in the past.

[izacus]

I'm interested in phones.

[dathinab]

most times it's done by (reliably re-)rooting a attested phone in a way which bypasses detection of the attestation system

so not really useful for 3rd party ROMs

[trollbridge]

Quite useful for scammers, though, which is why this is so irritating with regards to digital IDs.