• TheLurker@lemmy.world
    link
    fedilink
    English
    arrow-up
    81
    arrow-down
    2
    ·
    1 year ago

    This article isn’t completely genuine. And it is important to understand that.

    eIDAS came into effect in 2016 and was around the oversight of online identification. This PROPOSED change is around allowing the EU to impersonate anyone getting a CA that is valid in the EU.

    Now this is concerning but will never pass. Your bank needs to be assured that their CA can only be validated by them. Your insurance agency, your ecommerce sites…

    It won’t work, it breaks network trust by definition.

    As soon as they try to push this through, banks, insurance and tech companies will push back and this will die.

    Banks don’t want the security model to be undermined because it will have a massive impact on the escrow services which underpin the digital economy.

    If the CA owner can be impersonated then your bank can be impersonated, your online vendor can be impersonated and your e-commerce is dead.

    Dumb idea and won’t happen.

    • kbal@fedia.io
      link
      fedilink
      arrow-up
      20
      arrow-down
      1
      ·
      edit-2
      1 year ago

      Considering that this has been in the works for a year two years already and there haven’t been any reports of banks and insurance agencies objecting, your version of “it can’t happen here” seems less than fully convincing.

      • TheLurker@lemmy.world
        link
        fedilink
        English
        arrow-up
        9
        ·
        edit-2
        1 year ago

        The fact it has been in the works for two years and not passed tells me that the powers that be are working to stop it in the background.

        I could be wrong, we will have to wait and see. But this is not the first or last time I have seen governments try to break authentication without success.

    • Mixel@feddit.de
      link
      fedilink
      English
      arrow-up
      7
      ·
      1 year ago

      I can only hope that this is what is going to happen. It’s a stupid idea and I have no clue why noone things about the consequences and evaluates if it’s for the better or worse…

    • cannache@slrpnk.net
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      Agreed. PwC, big banks and the internet as a whole would stand against such policy, giving institutions the power to destroy the very basis of internet trust is simply asking for the entire system to become discredited

  • bedrooms@kbin.social
    link
    fedilink
    arrow-up
    48
    arrow-down
    4
    ·
    1 year ago

    Sorry, but this is on the level where I’ll never trust EU… I rather liked this organization but this makes no sense.

    Like, which children to protect are going to be manufactured this time?

    • jman6495@lemmy.ml
      link
      fedilink
      English
      arrow-up
      24
      ·
      1 year ago

      If it is any reassurance, not even the EU trusts the EU to control internet security: Parliament voted this down in its position, but member states are trying to bring it back. MEPs are fighting to ensure control remains with browsers.

        • jman6495@lemmy.ml
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 year ago

          It did, but we are also fighting against eIDAS. I’m told last night’s deal supposedly solves the problem, but I’m waiting for the text myself. (I worked on eIDAS in Parliament, my committee (Legal Affairs) recommended the complete deletion of Art45.

          • Vincent@kbin.social
            link
            fedilink
            arrow-up
            3
            ·
            1 year ago

            Let’s hope so, feels like orgs were able to build up a reasonable amount of pressure in such a short amount of time.

      • bedrooms@kbin.social
        link
        fedilink
        arrow-up
        15
        arrow-down
        3
        ·
        1 year ago

        I’m not an expert on this, but you should not make a one-sided argument on a topic that people are not familiar with.

        • Lee Duna@lemmy.nzOP
          link
          fedilink
          English
          arrow-up
          6
          arrow-down
          12
          ·
          edit-2
          1 year ago

          I’m trying to tell how bad it’s. Since there’s no article/news on internet that talk about Digital ID being pushed and how it will eroding our privacy, so most people have no idea there’s a bigger issue than eIDAS.

          Recently our government started asking people to register for the National Digital ID system by using an app on the phone.

      • webghost0101
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        Digital ID isn’t the problem here. No system is risk free and we should always think critical but the concept of digital id is a huge plus for privacy.

        Most people receive important documents in their mailbox while a Mailaccount is actually very unsecure to keep your data safe. In some places in Europe official/important documentation goes to a special mailbox that can only be opened using a digital id. Its miles safer then a password.

        The issue at hand could be a problem For digital id safety but that would be just one of many more negative effects from this bill. Id or not europeans be screwed.

  • AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    This is the best summary I could come up with:


    Lawmakers in Europe are expected to adopt digital identity rules that civil society groups say will make the internet less secure and open up citizens to online surveillance.

    Thus, using a proxy in a man-in-the-middle attack, that government can intercept and decrypt the encrypted HTTPS traffic between the website and its users, allowing the regime to monitor exactly what people are doing with that site at any time.

    How that compares to today’s surveillance laws and powers isn’t clear right now, but that’s the basically what browser makers and others are worried about: government-controlled CAs being abused to issue certificates to websites that allow for interception.

    An authority purge of this sort occurred last December when Mozilla, Microsoft, Apple, and later Google removed Panama-based TrustCor from their respective lists of trusted certificate providers.

    “Article 45 forbids browsers from enforcing modern security requirements on certain CAs without the approval of an EU member government,” the Electronic Frontier Foundation (EFF) warned on Tuesday.

    Mozilla and a collection of some 400 cyber security experts and non-governmental organizations published an open letter last week urging EU lawmakers to clarify that Article 45 cannot be used to disallow browser trust decisions.


    The original article contains 965 words, the summary contains 196 words. Saved 80%. I’m a bot and I’m open source!

  • 0x815@feddit.de
    link
    fedilink
    English
    arrow-up
    5
    ·
    1 year ago

    https://nitter.cz/Rob_Roos/status/1722304545676497141?t=SDb1qsGpMC8CtZmNdc70mQ&s=19

    The European Parliament and Member States just reached an agreement on introducing the Digital Identity, #eID.

    Directly afterwards, #EU Commissioner Breton said: “Now that we have a Digital Identity Wallet, we have to put something in it…”, suggesting a connection between #CBDC and eID.

    They ignored all the privacy experts and security specialists. They’re pushing it all through.

    • makeasnek@lemmy.ml
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      1 year ago

      CBDCs are one of the greatest threats to freedom and liberty over the next 50 years. People should be very skeptical about giving this much control and surveillance power over to the government.

    • 0x815@feddit.de
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      As far as I understand, the parliament must vote now, but it doesn’t look good. You may write to your MEP.

      • DieguiTux8623@feddit.it
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        We should organize manifestations in streets and make it visible if we don’t agree. Writing an email that just gets ignored seems polite but it hasn’t worked so far.