In my (European) country now we can have a digital copy of the driving license on the phone. It specifically says that it’s valid to be presented to law enforcement officers during a check.

I saw amazed in the beginning. They went from limited beta testing to full scale nationwide launch in just two months. Unbelievable. And I even thought “wow this is so convenient I won’t need to take the wallet with me anymore”. I installed the government app and signed up with my government id and I got my digital driving license.

Then yesterday I got stopped by a random roadblock check and police asked me my id card. I was eager to immediately try the new app and show them the digital version, but then because music was playing via Bluetooth and I didn’t want to pause it, i just gave the real one.

They took it and went back to their patrol for a full five minutes while they were doing background checks on me.

That means if I used the digital version, they would had unlimited access to all my digital life. Photos, emails, chats, from decades ago.

What are you are going to do, you expect that they just scan the qr code on the window, but they take the phone from your hand. Are you going to complain raising doubts? Or even say “wait I pin the app with a lock so you can’t see the content?”

“I have nothing to hide” but surely when searching for some keywords something is going to pop-up. Maybe you did some ironic statement and now they want to know more about that.

And this is a godsend for the secret services. They no longer need to buy zero day exploits for infecting their targets, they can just cosplay as a patrol and have the victim hand the unlocked phone, for easy malware installation

Immediately uninstalled the government app, went back to traditional documents.

For the most surface level concerns like risking them accessing any app on your phone, you can enable app lock on those that support it. Usually the most sensitive do: WhatsApp, Signal, banking apps and others.
If they don’t, take advantage of the private space which locks apps until you unlock, and you can relock whenever you want

I’m thinking of going stoic and dropping anything Android, but this would require setting up an emulator working good enough for WhatsApp, Google Authenticator, MS Authenticator and probably something else.

I’ve always just shown a scan of my ID on my phone. It’s just a picture?

@Moonrise2473@feddit.it
creator
link
fedilink
114d

and they accept that as a valid id? I mean in a store ok, but a public official? It’s incredibly easy to make a fake screenshot

the digital version of id cards are glorified qr codes: they scan it and their device downloads from the government servers the official version. Or, for offline usage: the qr code contains all the data, signed with their key, they check if the signature is valid

If you use an android phone, just create a separate account on your phone just with the apps you want the police to see. No email, photos, social media, or anything. This way you can switch to the restricted user before giving the cop your phone.

What’s the possibility and legality of something like getting implemented in the US?

drivers licensees are by state and my only federal id is my ss card which doesnt have my picture or any current information. i dont think it would work as well here since you would need 50 different apps

Google wallet has begun implementing state IDs depending on the state.

That means if I used the digital version, they would had unlimited access to all my digital life. Photos, emails, chats, from decades ago.

Bare minimum, it would take a substantial amount of time and resources to harvest data from every phone of every driver passing through a particular checkpoint. Not that I’d ever recommend handing over my phone to a cop, but this kind of data transfer isn’t trivial. And its not clear what a street cop is going to do with 10 GB of accumulated vacation photos.

On the flip side, if you have an Automatic Backup feature on your phone, its going to a cloud computer somewhere. And that cloud computer is almost certainly compromised by the state digital security agency (and probably a number of foreign security agencies). At that point, it doesn’t matter if you’ve got a physical id or a digital one, just knowing who you are is enough to tie you back to that digital archive.

But… again, what is it that front-line state agents are planning to do with all this data? That’s never been made particularly clear.

@Moonrise2473@feddit.it
creator
link
fedilink
114d

it’s more like searching messages for some keywords, then use the result to justify a full car search

  1. Do not have a mobile device
  2. Do not install anything proprietary or governmental on that device you don’t have
  3. Use borderline secure (GrapheneOS) OS on that device you don’t have and don’t unlock it if demanded unless your health and/or life is in danger

But they have one advantage: They are way easier to counterfeit. Meaning that with a few months of programming at most, if you ever find yourself on a run, you’ll be able to ID yourself on trains or buses or check in to hotels with fake personal info.

@Moonrise2473@feddit.it
creator
link
fedilink
114d

i don’t think that there’s no check at all. There’s either a server side check or a digital signature to verify, or both. You can trick the train ticket check (here they don’t even scan the qr code, they see the screen on the phone and continue) or the lazy airbnb landlord, but that can be done also today

you realize they’re more than just your picture on a screen, right? there’s a whole public key private key verification process that happens, which covers your photo and personal info, at least from what I understand of ISO 18013-5.

if anything it should be almost impossible to make a fake mobile id, barring exploits in reader software or the govt leaking their private key.

Yes I do. Therefore I would never use it in front of state authorities, but I doubt a hotel receptionist would make use of a pubkey cryptography.

I doubt a hotel receptionist would make use of a pubkey cryptography.

If you’re just flashing an ID like a badge, maybe not. But as soon as the hotel tries to use the information to do anything (even as trivial as adding it to their local systems) there’s a good chance it’ll get bounced or hung up. A fake digital id is worse than none at all. Its a big red flag saying “Look harder at this person, they’re suspicious!”

you don’t think they’ll just use some app to verify it? my state’s mdl doesn’t even show any personal info other than name, if they want birthday they have to scan it

anti-idpol action
link
fedilink
8
edit-2
15d

deleted by creator

That’s cute but as a rule when dealing with the government, physical access is root access

your phone isn’t safe from anyone unless it’s been restarted since last unlocked, and is reasonably new. they have exploits for after it’s been unlocked incl while things are pinned

@JoeKrogan@lemmy.world
link
fedilink
4
edit-2
15d

Either have a cheap second hand sim less phone just for that or carry the physical Id or perhaps a copy of the physical id.

Containerized apps on Android when?

There’s already a containerized Personal / Work split in the OS. You’d think the partitions could be made smaller.

But then Google is as deep into the NatSec industry as any other tech company. Even if you have containerization, there’s little reason to believe Five Eyes doesn’t have a back door.

Matt
link
fedilink
1516d

Nah, I’ll just carry my ID card around.

Shimitar
link
fedilink
-116d

No, se facessero cosi basterebbe che tu toccassi il bottone di blocco mentre glielo passi… A ripetere fino alla nausea.

No credo che la realtà sia differente: cosi ti invogliano ad avere l’app IO installata sul telefono… Semmai è quello il cavallo di troia.

You can pin the app (android) or have it in guided access mode (ios). Although, yeah, I wouldn’t be surprised if there’s an exploit to get out and access memory it shouldn’t. Maybe if you install the govt spyware app in a different user profile (Android) then it will be restricted to that certain memory.

that’s odd. in south africa while we don’t have a digital license the physical ones do have a code. they scan the code and that’s it. they never take the license unless they asking for a bribe.

Create a post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 57 users / day
  • 383 users / week
  • 1.5K users / month
  • 5.7K users / 6 months
  • 1 subscriber
  • 3.13K Posts
  • 78.2K Comments
  • Modlog