It’s impossible to do without exposing a private signing cert to everyone, yes. That’s the issue.
You can’t do asymmetric key signing anonymously and with a central issuer.
So either you have to just trust the assertions (0 security) or you have to have a trusted issuer (not anonymous)
A pseudonym issuer is a trusted issuer. There’s no way to do it otherwise. You have to trust someone to make this kind of system work.
Most of these make sense and are definitely blockers for this ever releasing but -
Remove the concept of the Pseudonym Provider and ensure pseudonyms are generated and stored locally without the possibility of linking back to real identities.
Correct me if I’m wrong but this data all has to be signed somewhere right? Like the eID contains cryptographically signed assertions about the user in some standard (JWT?) format.
What use is signing the assertions locally? There would be no way to tell if the citizen actually had any valid id at all. A pseudonym provider is the privacy layer that allows for signing of new tokens after ensuring the validity of the old.
How could you sign an anonymous token using a valid one without it being linked back to the valid one? It seems like impossible constraints.
Am I totally off base here?
Not just Europe either. 172 countries use NFC passports, all of which have your full biometric info (including a high res headshot) encoded onto the chip.
If you’ve ever had a passport your face is known to the government of your country and searchable in a database.
Android 15 solves your issues -
https://www.androidauthority.com/android-15-private-space-hands-on-3432113/
Private Spaces when they come to Fairphone will be perfect for this.
Expensive engineers is a category dipshit.
You add an S to a noun in English to show it’s a category or grouping instead of a specific individual.
Learn to fucking read. https://en.m.wikipedia.org/wiki/Grammatical_category
That’s not what I said or even remotely implied.
If you want a good back end that isn’t bloated you can’t use cheap contractors or junior engineers - you need someone who knows what they’re doing.
It’s a fight I’m constantly fighting at work. They finally dropped all the super cheap contractors that were trying to hard code a list of 20 identical entries that differed only by a single field. The contractors who thought the peak of architectural design was decomposition of any method more than 5 lines long into confusingly named functions that had an additional 10 layers of decomposition to them. The cheap contractors who thought that documentation was a waste of time and that the code was “self documenting”.
These contractors weren’t paid to care - I don’t blame them for phoning it in. But if you want a system to work well and be cheap to run you pay your engineers well or inspire such devotion that FOSS is possible.
But the fact is the overwhelming majority of large, optimized and successful FOSS is funded by megacorps
It’s great that you’re focused in on privacy but that’s not what’s happening.
You can examine every byte of traffic off your phone. There isn’t an open audio stream: it’d be too obvious. On phone analysis is too computationally intensive to be inobtrusive.
You’re experiencing some combination of frequency illusion and priming when you experience these “phone listening in”.
It is far more likely that you had seen the product advertised before but not consciously considered it (priming) followed by a discussion which made you more aware of it so you noticed the ads more (frequency bias).
The fact is companies don’t even need to record your conversations to know how to get you to buy what they want you to buy.
As a professional mobile app developer most of these lines are bullshit anyways.
Purchase history? Yeah that’s just if you’ve bought subscriptions to the service. Of course we fucking know your purchase history: if we didn’t how would you get anything with a purchase?
Crash analytics? Cool we get a stack trace of what happened when it crashed. Half the time it’s not even helpful because it’s buried deep in some fucking Java library.
Things like coarse location are getting more specific and a few lines here can be used to deanonymize you when used together but (or an advertising I’d which can be used to track you no matter what) but the majority of data passed to phone devs is us frantically trying to figure out what combination of make & model of android device combined with android version caused your app to crash.
Anonymity is important and we should all take it seriously. Most of this has jack shit to do with being anonymous.
Besides: ewa is listed as a paragon here when they collect advertising data, the most targeted and least anonymous of all data gathering.
Man the comments section on the tor project blog are just as smooth brained as YouTube comments sections.
I kinda expected better of the average reader than commenting “hmm another captcha” 6 hours after they explicitly clarified this isn’t visible to the user (which was also implicit in the whole 30ms time specified).
Like 10 points for reading the article but -30 for reading comprehension.
Tiktok is a company comparable in scale to Google. 130Bn in revenue last year.
Patreon is nowhere near the scale of YouTube. But I also think it’s the only viable solution to privacy and supporting creators.