this post was submitted on 30 Jun 2024
52 points (100.0% liked)

Technology

56105 readers
2879 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
L4s@lemmy.world
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
52
New technical framework for the European Digital Identity Wallet (eIDAS) reveals severe shortcomings, threatening user privacy and contradicting the regulation's intent, rights group says (epicenter.works)
submitted 3 weeks ago by 0x815@feddit.org to c/technology@lemmy.world
13 comments fedilink hide all child comments
 

cross-posted from: https://feddit.org/post/317047

in February 2024, the EU Parliament adopted the eIDAS regulation, creating the framework for a "European Digital Identity Wallet". This digital Wallet will enable citizens to identify themselves in a legally binding manner, both online and offline, sign documents, login into websites and share personal data about them with others. Recently, the European Commission published the Architectural Reference Framework (ARF) 1.4 for the technical implementation of the Wallet.

The success of the EU Digital Identity Wallet depends on its ability to gain citizens' trust and establish a resilient infrastructure in our current data-driven economy.

"However, after our analysis, we believe that this goal has been missed," says the digital rights group Epicenter Works.

"We see severe shortcomings in the ARF that either contradict the regulation or ignore important elements of it. These issues, if left unaddressed, could significantly undermine user rights and privacy."

top 13 comments
sorted by: hot top controversial new old
[–] MajorHavoc@programming.dev 9 points 3 weeks ago (1 children)

I can't say I'm shocked. But I am disappointed.

[–] zweieuro@lemmy.world 5 points 3 weeks ago* (last edited 3 weeks ago)

I would be very worried if this was 'final, and now we will do it as written' but it seems to be just another iteration.the critique is great and I just hope they listen.

I am not shocked, but i'd save disappointed for when they try to do it and noone uses it because of these reasons.

[–] hperrin@lemmy.world 5 points 3 weeks ago (2 children)

I’m not gonna trust the headline of an article with an AI image from a place called epicenter.works.

[–] 0x815@feddit.org 4 points 3 weeks ago (1 children)

Epicenter Works is a digital rights organizations based in Austria.

[–] hperrin@lemmy.world 2 points 3 weeks ago (2 children)

Yeah, I read their about page. I wouldn’t trust them as a lone voice on something, but if other groups come to the same conclusion, sure. But mostly, I don’t trust articles with AI image headers. It makes it seem like the article is written by a bot.

[–] MajorHavoc@programming.dev 3 points 3 weeks ago

I wouldn’t trust them as a lone voice on something, but if other groups come to the same conclusion, sure.

As a Privacy nerd, I agree with the conclusions in the article, for what it's worth. We do see a lot of "privacy" law proposals lately that are anything but.

I don't think things will get better, on this front, until the average person better understands privacy rights and risks.

[–] 0x815@feddit.org 2 points 3 weeks ago

Yeah, they work in a huge network mainly in Europe. As always, we should never trust blindly, but Epicenter appears to do a solid work. I have been disagreeing with what they said in the last years on some incidents, but all in all they do a good work. At least that's my opinion.

[–] sunzu@kbin.run 0 points 3 weeks ago (1 children)

Would you trust this "wallet" tho lol

[–] MajorHavoc@programming.dev 1 points 3 weeks ago

Would you trust this "wallet" tho lol

Hell no. I just kicked Google out of my life for the same crap. Ugh. But I'll laugh too, because it's either that or cry.

[–] themurphy@lemmy.ml -1 points 3 weeks ago (1 children)

We have this in Denmark, and when it works, you'll all love it.

It's soooo easy to use, and it's also a very secure way it's implemented, because we have 2FA for everything important.

[–] unexposedhazard@discuss.tchncs.de 2 points 3 weeks ago (1 children)

2FA doesnt prevent the institutions, that you use it with, from collecting your data tho.

[–] themurphy@lemmy.ml 1 points 3 weeks ago (1 children)

You do. They can only collect data you allow.

Are you familiar with the Danish system tho?

[–] unexposedhazard@discuss.tchncs.de 1 points 3 weeks ago

Im not, but the german one works the same. This doesnt change what i said tho, because if you are only allowed to use something by offering that information then its not really given "freely".