Terrifying to live in a digital economy when something like this happens.
You're usually about 1 service away from realising that the "money you have" is just an int32, that, if everything works properly, you can modify.
Otherwise you have nothing except a pretty little plastic card.
(I'm aware that payments systems are not affected, but it's a sobering realisation that I've had a couple of times, but it works enough of the time that I forget about it... it's a bit like the meme about backups where a computer takes too long to boot, the person slowly builds panic and starts wishing they had backed up and published all their important work - then when the computer works they say "*phew*, thank god I don't have to do any of that".
Imagine someone "enthusiastically digitized" (as much as possible) in a foreign country alone and then they lose their iPhone Plane tickets, all hotel reservations, they don't remember any phone numbers. They use ApplePay and other mobile payments. Cards may be in the same wallet case.
Without a trusted device or Recovery Key, Apple may impose a security delay (24 hours to several days) before allowing a password reset. Getting new SIM and re-authenticating our life will be pain.
Temporarily losing access is just inconvenience. Imagine the same but you lost the wallet with your only cash and your passport in pre-digital times, you are far from the nearest embassy and nobody understands your language. You are fully at the mercy of the locals and your money aren‘t coming back.
With Digital passports and ID's the route to recovery starts to get hairy.
1. You need to verify yourself in person to get id or passport. You may need someone you know with you and have real interview.
3. But government gives only digital ID's so you need a phone to get it.
4. You can't buy a new phone or get a new SIM unless you can pay for it. You can't pay for it unless you have a phone and credit cards there. But neither bank does not recognize you without digital ID.
You need friends to bootstrap your life, but you are also in the middle of loneliness epidemic and have no friends, you parents have died. What do you do?
You are overthinking it. The physical cards to pay and identify yourself are not going anywhere. In fact, the same places that have the digital id rolled out are the places where having one issued is mandatory and often times it's also mandatory to have one in case the police asks you to identify yourself.
When I wanted to get a replacement id to be issued in the year 2019, I had to book an appointment, get to the place and by the time I got the desk, the clerk had the thing open with my face photo from the last time I had a passport issued.
There are less fortunate people, who have the hardcopy id present, but no digital file exists for it (because it was issued before the digital files became a thing) and the paper trail leads to the occupied territory. That is usually months long story where secondary sources are involved and sometimes you have to find a friend who can confirm your identity.
So yeah. Make sure that the issuing CA doesn't get overrun by orcs before the replica thinks and you a hardcopy that is trustworthy enough.
It's probably not a great idea to depend on friends or family to remotely bootstrap you out of a situation like that anyway, given deepfake impersonation scams.
What's the difference to losing your backpack containing all these separate items? And conversely, it's very possible to carry a recovery Yubikey, a single-use login code etc. in a separate bag.
Getting a new (e)SIM abroad can be very annoying, depending on the mobile network, which is why I try to avoid mandatory SMS authentication as much as possible.
Was at a checkout the other day, forgot my wallet in my bag, thoughts went through my mind: tap to pay? (not setup), crypto? (need USD, tap to pay). Had bad internet in that one spot, faster to run outside to my car and get my wallet.
well, luckily, that's not how money is stored, but instead, they're transaction based. Aka, that number you have is a calculated value, not a stored, arbitrary value.
Except...perhaps the central bank's, where they could really just generate that money as an arbitrary value to lend out to other banks.
footnote: of course, your account balance is cached, so that it is not recalculated over and over again...
Alas, no matter how the bits that makes up my bank balance looks, in practice its still a single point of failure where I might simply lose access to my money if the right service is down.
Cash has much better uptime stats, even if it can be inconvenient to carry around.
Regular banks create new money all the time (loans). There’s no difference to the central bank conceptually as far as I understand, they both record debits/credits to accounts (double entry).
Do you know of any resources where I can read about how banks store digital currency? Would be interesting to see how international transactions are handled, if they chunk data into months/periods, etc.
I'm a banker. What you're looking for here is called "interbank clearing". In europe that would be SEPA[1]
But yes, most clearing is done daily. Each bank basically submits their daily flow of money to each other participating bank, and the central ACH (Automated Clearing House) keeps track of the balances. There's some processes in there by which banks can dispute charges, which is super interesting, but also way to complicated for me to detail here.
Seems like a distinction without difference in this context. The result of the "what is account x's current/available balance" is still some integer or decimal number.
But the GP implied that the bank (or someone) could just alter that number, and it would become reality.
I'm saying that this can't be done - at least, not without leaving such a large trail behind that it would be easily reverted, and relevant people prosecuted.
> well, luckily, that's not how money is stored, but instead, they're transaction based.
Not really. That's how the accounting works. It's the gold standard, and what we guarantee our customers, it's not universally how we store it though. Plenty of bank systems store just singular balances and infer that back into "transactions" in other systems to make the balance even out. Then the errors in those balances are manually corrected by looking at the sums.
IT systems only rarely match the legal frameworks they operate within.
I remember hearing that Zimbabwe, during its period of hyperinflation, had problems because the databases for the banking system couldn't handle a time with $100 trillion banknotes, and ATMs didn't work because of overflow errors.
I respectfully disagree, but each with their own personal annoyances.
Strips of paper and metal coins have a huge problem with forgery. Metal coins in particular can get very heavy very quickly.
Goats have this issue that they can get sick and die. They also need to be fed. Goats have a massive advantage that while heavy, they can move around on their own. Not easily fractionable though.
Salt is probably the best one in that list. Easily fractionable, not easy to forge. Can be used as seasoning and to dry things. It can get wet though.
But anything you can touch has the risk of being forged or destroyed.
The whole point of bank notes was that they're centrally backed- someone would take the responsibility of ensuring that it's hard to forge and backed by something "real".
But centralising it so completely has pretty concrete drawbacks, which is fine, if your infrastructure is perfectly reliable and your banks are trustworthy.
History has shown us that infrastructure is never perfect, and banks are not perfectly trustworthy. So, hedge your own risks.
A personal tragedy (losing some money) is materially different than the entire economy being screwed because of a programming issue, or a city being screwed because of an internet outage, or a person and their family being (additionally) screwed because they offended a politician.
It's just.. different levels, and the centralised convenience becomes a pretty catastrophic impact in the worst case; and on a long enough timeline, the worst case is inevitable.
I still disagree. I personally welcome the move to less physical money.
> A personal tragedy (losing some money) is materially different than the entire economy being screwed because of a programming issue, or a city being screwed because of an internet outage, or a person and their family being (additionally) screwed because they offended a politician.
If you live in a place where you can be financially screwed because you offended a politician, you have a lot more problems than if money is physical or not.
Also, you are disproportionately overstating the issues with digital money (I am still to see an example of a city being screwed because of Internet outage or programming issue). And you are also disproportionately shrugging away issues with physical money (it makes forgery and criminal activity much easier in many levels, to huge damage to society).
fair enough that you prefer it, but personal preference isn't really the point is it?
you said you're "still to see an example of a city being screwed because of an internet outage or programming issue"- so let me help you out there.
july 2024: CHAPS goes down in the UK. that's the system that moves about £345 billion per day between high street banks. same week, crowdstrike takes out banking systems globally. two separate issues, one week, absolute chaos.
2018: visa has a hardware failure across europe. 5 million transactions just.. fail. ten hours. nothing. people standing at tills with money in their accounts and absolutely nothing to show for it.
square, fiserv, tsys - all had outages in the last few years, each one leaving tens of thousands of merchants dead in the water.
last i checked, payment outages cost US retail alone something like $44 billion a year. not a theoretical risk, just tuesday.
oh, and there's currently a ransomware attack on a payment processor called bridgepay that's knocked out card payments for multiple cities in texas, michigan, wisconsin.. still ongoing. https://cybersecuritynews.com/bridgepay-ransomware-attack/
you're right that i'm overstating nothing. these things happen constantly, and when they do, the blast radius is enormous compared to your wallet getting nicked.
the forgery point is fine, i already said physical money has problems too. but a forged tenner affects one person. a downed payment processor affects a country. those aren't comparable problems and treating them as such is what i'm pushing back on.
Given reliability and security of payment systems - simple credit card (chip/nfc) should be enough for identity. You could pull off entire election using payment terminals.
I'm a British expat with a Danish job. I really dislike MitID and the Danish centralised world of (very good) public services that come with it. Each person has a number, CPR, which effectively defines your life solely to the state. Visit a library, doctor, tax man, anything official, and your ID is recorded. Buy alcohol online, go grocery shopping, use your bank card -- and sign in with it. This undoubtedly makes things easier for the state -- and I've seen produce some pretty good epidemiology work where the government can link purchasing habits and health outcomes(!) -- but it's a privacy nightmare.
MitID doesn't work on rooted android phones, or those running a custom rom. Reports from others who have disassembled it indicate that in fact a hard coded list of custom roms is checked against. It's a highly obsfucated binary, and by design is a single point of failure. If you sign in with an unauthorized device it helpfully centrally blacklists your IMEI. It's hard (but not impossible) to get a phone contract on Denmark without indirectly giving over your CPR number, so I imagine trying to get around this is frustrating. I didn't try and have a hardware dongle. One. By design, this whole system is a massive centralised single point of failure. It's absolutely key to Danish life.
That all said, most Danes would vigorously defend privacy, say that the state doesn't abuse its powers, and they're probably right. It's a very vivid vision of the 1960s Nanny State, where Nanny knows best and has your best interests at heart. Most of the time, she does. They're frequently voted as some of the happiest people on earth, so clearly the recipe of pay a ton of tax and get things from it works well. I find the privacy lack rather shocking and I've never got used to it -- in quite some ways it's an incredibly authoritarian society although no Dane would ever say that, and tell me to drink more øl and get off the internet and go for a walk in a forest. They point out that the UK has far more CCTV cameras and that we have more prosecutions for bent policemen and politicians. There's truth in all of this.
Either way, I'd be interested in seeing if they issue a post mortem on this. It'll cause a lot of issues for many, many people.
Italian living in Sweden, Malmö, and lived in the UK in the past.
I don't get the obsession you Brits have against IDs, in Europe you are pretty much the only ones. But a lot of what you say resonates with my observations:
- single point of failure: absolutely, but so is the "sign in with Google" or equivalent. It's just too convenient. I'd rather have a public service do it than a private company that can cut you out at any time without any explanation.
- Nanny State: 100% also in Sweden, actually worse here. But historically they have been pretty good at protecting freedoms, so far. The UK (or Italy) may be less nanny, but have got some very illiberal things going on these days (left or right government doesn't really matter, it seems).
- Happiest people on earth: I really doubt the surveys measure happiness. They tend to measure trust in institutions, which is very high in Scandinavia.
- It's an incredibly authoritarian society although no Dane would ever say that: exactly the same in Sweden! They would NEVER admit any failure in their society, no matter the hard evidence in front of their eyes. I guess that it's the other side of the same trust of the previous point.
- Drink more øl and get off the internet and go for a walk in a forest: At least you've got øl, in Sweden alcohol is taboo. Forests are nice, but become boring quite quickly :)
> They would NEVER admit any failure in their society, no matter the hard evidence in front of their eyes.
That must be the swedes. Danes complain constantly, about everything.
Edit: if you need examples.. DSB trains are slow/never on time/bad service/..; Post Nord takes WEEKS to get a letter out/too expensive. Well we switched to another provider now, Dao, so we’ll complain they are even worse! And complain why they are not doing it like in the good old days (see Post Nord); taxes are too high; public service is too bad/slow/low quality; too many cars in the city; never any parking space when I take MY car; the paid first child sick day is not enough we need at least a week (just for child sick days mind you, we need the 5 weeks paid vaca for relaxing on a Beach in Spain); btw our weather sucks; unacceptable that garbage collection service is not functioning during show storms; .. i can keep going all day
Denmark is like the Netherlands - where I'm originally from - and in some ways like Sweden - where I live. More like the Netherlands, really, Swedes are less likely to vocalise their dissatisfaction because they're more 'konflikträdd' or 'scared of conflicts'. Descartes may have claimed that 'Cogito, ergo sum' is one of the foundations of western philosophy but as far as the Dutch go 'Queror, ergo sum' often seems just as fitting.
I would recommend getting the hardware dongle. I don't have the app, never did, and I've had none of the issues others have been complaining. The dongle is, generally, a much better experience from what I can tell, except if you need to do any authorizations on the go.
Your other complaints: 100% agree, the whole thing is a privacy nightmare.
I wouldn't count on a post mortem of any value. They still refuse to explain how the system has been abused in the past. Regardless of how hard I try, I fail to understand how it has been abused after QR codes was added to ensure presence at the device you're trying to authenticate at. The system feels secure, but has been abused a number of times and we're almost never told how.
Also British, living across the bridge in Malmö, Sweden.
I really like the centralised system, it makes navigating society surprisingly easy when compared to say, Germany or the UK.
The difference is that I sort of trust the Swedish government, they've never really done anything to breach that trust - up to and including their handling of COVID (while controversial, they took the stance of individual liberty and a "collective responsibility" over mandatory top-down systems).
The UK in contrast has a much more heavy handed relationship with the population, up to and including incarcerating people for saying the phrase "we love bacon" at a construction site or typing the letter "n" on social media. It's a different context entirely.
Also, BankID, the central system is a definite weakness, but you can have a card/pin device that still works, and it does work on grapheneOS, though it will complain a bit if you don't have google services installed... which I find hilariously awful...
BankID is not a government thing, it's developed by a company founded by a bank consortium. Once upon a time the state aimed to build an public good in this space but bank representatives in the committee responsible managed to block it.
I was under the impression that it doesn't work under GrapheneOS, great news that it does. Other than that it shares some of the characteristics detailed above, refusing to run if it notices rooting and the like. Also no Linux support.
Edit: I agree that it has a convenience to it, but I strongly suspect it has a latent tyrannical potential and that future governments will exploit this to a further degree.
BankID also doesn't have Windows support. There's a defunct app that used smart-cards but it's fully deprecated and does not function.
But yes, it's owned by the banks not the state; if anything though this increases its weakness.
You can use BankID to identify with the tax agency, the public health services and police. (and more: this is just what I'm aware of) and there's an expectation that you have a BankID.
Also to identify with the banks, which was the original purpose, and many other services. It's somewhat expensive to run an integration but many customers and other users have a feeling that it is especially trustworthy as a method of authentication. One use I've had is with a file storage platform, they have an integration so that one can create shares against 'personal number' through BankID, which our customers in the public sector really liked. No need for them to juggle some account, they just share a 'personal number' and we were good to go.
The main competitor is Freja+, or just Freja, or Freja eID. It's particularly popular among immigrants, as I understand it, though not as commonly supported, especially in the private sector. There is also a semi-public electronic ID, "Skatteverkets ID-kort", issued by the same company that produces swedish passports, which is owned by the french defense corporation Thales.
I've gone the other way from Denmark to UK. And I've often had to mail copies of my passport or other identity documents via email. And my bank requires me to regular scan my face to check that it aligns with the picture in my passport.
It's the same in the US. We're really lucky that it's technically impossible for fraudsters to email pictures of stolen passports (or stolen pictures of passports) to banks and other companies for fraudulent purposes.
Weird, I'm in the USA and I've never emailed my picture or passport to a bank, or provided it in any other way. I suppose they might have a very old scan of my driver's license, certainly nothing newer than about 20 years. If they have any other photo of me it's without my knowledge.
I have experienced the same privacy culture shock in Denmark. Generally, I think the people’s trust in their government is the greatest social asset of the danish society, as well as their biggest blind spot.
Is the trust naive? Have there been instances of a government violating that trust? Were they held accountable?
The US was a much higher trust society before repeated governments from opposing parties violated that trust with little or no consequences. This left people with no realistic competitive party that was trustworthy, and first past the poles elections ensures they only have to be slightly less despicable than their opponent. This also drives polarization.
Having a multiple party system with something approximating proportional representation, an independent press and judiciary, and a smaller population and land area all make a large difference. The US was the last nation to use first past the poles for something besides a house of commons that was ranked a democracy by vdem I think? Definitely the last one to be ranked a full democracy. The largest remaining population ranked as a full democracy is Japan, it doesn't look too likely to change from the outside. Germany is next in size and we'll see how that goes. SK was next and they passed a rough test so lets hope. Large populations are easier to polarize apparently? I wonder if that will hold true with social media eroding the rural urban ideological divide.
Last year, I think, I saw someone talk about trust in Danish society and how it works. As a Dane it's not something I really think about, but I their conclusions where at least interesting. In Denmark you're given implicit trust, that's the default. Trust is given, not earned. That poses a problem for people coming from the outside, because trust can be lost, but because it's something that was given to you, there's not really any way to earn it back. If you don't understand that social contract, you can mess up your life pretty quickly, with no means of recovery.
This is a topic that frequently comes up in our multicultural Danish company. In many countries people have adversarial relationship with their government, which is completely unlike Denmark. This mindset requires time and effort to change for the newcomers, and is also difficult to understand for people who haven’t lived outside of Denmark.
Having lived in Germany it's quite different, but I'd argue the centralized handling of the CPR is actually quite convenient and doesn't meaningfully impact privacy. In Germany every authority has its own ID for you anyway (my password manager has a category "Government Primary Keys" for this), however that means that you have to provide all your information from scratch to every authority. This would theoretically lead to more privacy if we lived in 1926, but now computers are ubiquitous and a rogue government (like Germany is close to electing) can just correlate these keys together. Relational databases have existed for decades and JOINS are cheap. Thanks to surveillance capitalism by now we have very sophisticated ways to deanonymize people, the government can just hire someone to do it.
So the privacy in Germany is most often inconvenience for the citizen paired with hardly any privacy gain from a potentially hostile government. At this point I think the better solution is to avoid electing hostile governments. To Denmarks credit, they're currently doing that better than many other European countries.
It works just fine, but every time you open the app you have to dismiss a dialog saying that the app doesn't work without Google Play Services installed.
>MitID doesn't work on rooted android phones, or those running a custom rom.
I find these arguments quite strange. A big part of MitID and similar services is to protect you against fraud. The most vulnerable in society (e.g. old people) aren't running these kinds of devices, and I'd rather we optimize for the general population and the people most at risk, rather than people running some weird setup that is almost identical to setups a scammer would run.
What privacy aspects are you lacking here? For all the services that MitID connects you to, there are government required responsibilities for these companies to track all of this information anyways and be able to provide it to the government if needed. That goes for banking, public services, telecom, etc. And this is in no way unique to Denmark, it's how most countries operate. Denmark has just acknowledged this and decided to make it easier.
Did you expect your UK bank to not be required to know who you are and be able to track and keep records of literally all financial interactions you have with them and their services? I'm a bit confused on what society you are comparing against.
WeChat effectively is all of this but does work on rooted phones. There are far too many brands and variations of phones all over China running various forks of Android for them to keep track of.
The Netherlands had a similar system with BSN and DigiD.
I personally prefer it, and I wish the country I live in right now had a better centralized system to deal with the government. It massively reduces bureaucracy and the need for me to produce all sorts of extremely privacy-invasive documents (such as bank statements, utility bills, scans of my driver license and passport) when dealing with the government. Sometimes I even need to mail those things, like, with an envelope.
The government can and will collect all data it needs about you at any given time, no matter if there's a centralized ID or not. It just spares everyone time and effort by removing friction.
Also, I have a very hard time to take seriously someone that unironically says the words "nanny state". It says a lot about your stance on the role of governments and society in general. What it says, to me, is very unflattering.
I see a few people here complaining about the idea of a central digital identity service.
As a Dane, having lived in other countries, MitID is an insanely superior to anything I've ever tried. It simplifies so many touchpoints with the government, and is honestly such a good upgrade going from nothing -> physical NemID card with codes -> digital MitID (literally "My ID").
The only real disruption I'd say is if you happen to be buying something online that triggers the 3DS prompt (an additional security layer to prevent cards getting stolen/scam). In Denmark the 3DS prompt for VISA at least uses MitID to verify you are the owner of the card, so that'll obviously not work when MitID is down.
I'll say, it has been surprisingly stable though otherwise, and disruptions usually aren't a big impact (I literally wouldn't have known unless I saw this HackerNews post).
As for a centralized identity system: I personally see this as an acceptable contract for living in a society. Most countries have SSNs anyways, your taxes and many other things are tied to this. Centralizing this identity allows the government to streamline so many things to give a better service to their citizens. For example, all official communication goes to your "DigitalPost" email inbox, your verify identity with "MitID", and every person or company has a registered "NemKonto" tied to them for any salary or government payouts.
I maybe see people get tripped up at the concept that your government should actually care about the service they deliver. That's probably already the point where we diverge when talking about if these things are a good idea or not.
> The only real disruption I'd say is if you happen to be buying something online that triggers the 3DS prompt (an additional security layer to prevent cards getting stolen/scam). In Denmark the 3DS prompt for VISA at least uses MitID to verify you are the owner of the card, so that'll obviously not work when MitID is down.
If you use Lunar, the 3DS prompt uses the Lunar app and not MitID.
> I see a few people here complaining about the idea of a central digital identity service.
Digital identity service is fine for gov services. It’s not OK as a hard requirement for anything else such as banking.
Digital ID in my country is down for about 7 days and counting. iOS app no longer opens after the recent update. I cannot pay tax without digital id app working but i can do banking and everything else.
> It’s not OK as a hard requirement for anything else such as banking.
What’s the alternative that you think is okay for that then?
Certain businesses have regulatory requirements to know and verify your identity (banking, telco).
A UK poster gave an example of how they need to mail the bank a copy of their passport and other private information.
I’d certainly much prefer simply using a digital login solution as an alternative to that. They can verify I am who I say I am, without needing my passport which I would consider a much bigger privacy invasion to hand out.
I have an electronic certificate for sign and verify on my physical national identity chip card. You either use it physically or online but only at times when identity confirmation is required.
> It’s not OK as a hard requirement for anything else such as banking.
It is in fact not a hard requirement. It just happens that when you have a relatively cheap and efficient digital identity, which is by definition trusted by the government, banks will use that to reduce risk. It's not that they can't verify your identity any other way, this is just the obvious and easy one.
Dane by choice (refugee).
Would just add as a counterweight to the negative views from people outside the country.
From a technical and user point of view, MitID have had less outages than Cloudflare, AWS and MS Azure in the last year. While I agree with the single point of failure, I also like that I setup my startup with all government and banking online via a login I had the last decade, painless and faster than most places without having to upload a single document in many a unsecured ways I heard from my US and Other European friends (outside the Nordic countries).
Yes we Danes trust our institutions more than others and trust is given by default and then lost, rather then "earned" (I would argue bought) in other places.
Can anyone tell us the current status? I put "was down" in the title to be conservative, since usually these things get resolved after a few hours.
I converted this to a Tell HN post since there didn't seem to be a good 3rd party article about it in English (yet, at least). The submitted link is in the toptext. (Submitted title was "MitID, Denmarks sole digital ID, has been down for over an hour and counting".)
(p.s. In case anyone is wondering, I think this was a good submission with aspects worth discussing. It set off the flamewar detector, so I turned that off and re-upped the post a bit.)
In Sweden there’s at least one more competitor to BankID called Freja. There’s also some kind of EU-level system.
Would be cool if multiple actors were allowed and shared the same kind of auth signing method so that there aren’t just one point of failure. Or something distributed like a blockchain type of signing method, at least I don’t think Bitcoin or Ethereum have downtime that often, and authorization should probably be read heavy only to check if some identity is still allowed
Meanwhile the Netherlands is selling the DigiD system to foreign companies and today it came out that we are also are going to outsource of of our key tax systems to an American company.
The Swedish BankID has the same potential weak point. Any centralised system does.
The way TLS on the Web works is better: as long as the CA is up some time during the period I need to renew it is fine. Digital IDs should really work that way (probably with relatively short life spans just like let's encrypt: the digital ID could need to be renewed once a week for example, and it would opportunisticly renew when less than half the time is left).
Italy's digital ID (SPID) works by having multiple trusted providers that can attest your identity. You can sign up with multiple of them, and if one is not available you could use another one. Not perfect (it's still centralized in the hand of 10-20 providers) but better than nothing. Unfortunately most people only ever signed up with one provider, and the government is now pushing for a more centralized digital ID istead (CieID).
All of these IDs in the EEA are based on a common set of EU requirements, and in theory that means multiple providers, but in practice in many countries the set of providers is small and with feature gaps. E.g. Norway has several providers, but they provide different levels of security and features, which means in practice most people rely on BankID...
10-20 is fantastic in comparison. Even if people don't have more than one it at least reduces the blast radius..
Agreed, there should not be a tight (temporal) couple.
But it's a trade off. Long-lived TLS certificates have always had the cert revocation problem. OCSP stapling never took off, so in the end the consensus seems to have been to decrease expiry date. (Mostly fueled by Let's Encrypt / ACME).
Relying on expiration rather than explicit revocation of course also assumes (somewhat) accurately synchronized clocks which is never trivial in distributed systems. In practice it put's pressure on NTP, which itself is susceptible to all kinds of hairy security issue.
I like to think of the temporal aspect as a fail-open / fail-close balance. These centralized solutions favour the former, and that's why we see this resulting outage.
For all countries? I was always wondering about that when doing one of these wonderful "take a selfie of you holding your passport" "authentication" procedures...
But does that propagate to every entity worldwide using passports for identification, including all non-government-affiliated companies and KYC providers?
At least they exist. I've tried looking into this in the past, and I haven't really found any public passport revocation list, even of just numbers (i.e. without disclosing associated names or any other sensitive data).
Yes, but under the assumption that downtime is typically short (a few hours), that small risk seems better than a foreign nation state actor being able to block essential services like identifying with healthcare, or sending transactions.
You can have a mixed system, such that revocation lists are downloaded and cached every hour or so, and you can even try to check online more often than that, but fall back to the downloaded lists if the system is down.
when your sole digital identity provider goes down, it's not a service disruption. it's a national infrastructure outage. the blast radius of a single authentication system is the entire country.
Don't banks have their own id:s as well? At least in another nordic country, you have quite many login possibilities to many services. Banks even provide cross-login.
As I understand it, BankID in Sweden is still run by one organisation co-owned by the big banks, and banks handle verification for issuance. There is still a single point of failure for the operation of the system.
I was under the impression that all of those services and login methods rely on suomi.fi in the end, but I admit that I don't understand the system terribly well.
No. As I understand it the previous system, NemID was actually (co?)designed by the banks so this is what they all use. Likewise MitID is another unholy alliance of Nets (a Danish payment provider) and Danish banks.
Given the Swedish version of it is called BankID I assume the situation is nearly the same in Sweden.
No. Many/most of them support login through hardware ID on your smartphone (i.e fingerprint/TPM-style pin), but the actual authorization of transfers or any privileged access is entirely MitID
this is not big news in dk, it will be up again soon - i dont know of any mitid services that are life-or-death enough to have people panicing about an hours downtime
This is a tech site, not a news site. Threads posted here are rarely if ever "big news" nor is that the point.
The topic is an opener to discuss MitID, electronic ID's in general, the protocols behind them, what happens when they fail, privacy, societies reliance on them or something similar.
Really FAANG can stop a solar-storm? A war on infrastructure?
Remember that your website not just needs running computers but energy too, and a net that brings that information to the peoples, and those peoples devices need power too.
Just look at the Berlin outage where people had to go to hotpots with generators to load the phone:
nah, i generally agree with you on single points of failure, i just don't agree that it would go on as long as 2 weeks. 24-48 hours i can believe, but at the absolute worst case I'd also expect anyone with minimal competence to have a plan to spin things up from the latest offsite backup somewhere else. (minimal competence is a big statement though). Even redundant setups can go down altogether from a fatfinger or automation gone wrong (see almost any outage from FAANG)
> stop a solar-storm
never heard of those taking out a data center, but i'm not highly educated on that one.
> A war on infrastructure
government datacenter will be first in line for fuel, generators, etc. A destroyed gov. datacenter would be the start of much more serious things to worry about.
> Just look at the Berlin outage where people had to go to hotpots
yeah, this one _is_ a little embarassing, but people who have to go to hotspots != datacenters
Not a cryptobro but... The only acceptable digital identity is or local (smart-card) or a blockchain kept by any connected citizen on his/her own iron. The Orwellian dream of the nazi will cause pain also to those who push it.
Should have stuck with NemID a previous paper alternative or only offered MitID as a digital alternative. The rush to go all digital is coming back to bite them in the .....
One of the flaws of that system was exactly that you didn't know which domains where allowed to issue the requests for a one-time key.
Each service would serve the authenticator snippet from their own domain, with their own certificate. MitID, for all it's centralization flaws, solved that by only being valid under the mitid.dk domain. I doubt that most people check the domain and the certificate, but they could.
How would you use a paper ID online? (Securely, i.e. not the insane thing of taking a selfie holding it or something similarly bizarre in an age of powerful GenAI.)
NemID, the previous national 2-factor solution, used a small card with rows of pre-printed single-use codes. When you logged in to a bank or a public sector website, it would ask for a random code at a specific row and column number. Once the system registered that you had just a handful of codes left, a new card would be sent to you via snailmail. It worked fine for the time.
The current system, MitID, depends on smartphones, though you can get an an external key generator as a backup too.
The big drawback of one time passwords is that it doesn't protect against man-in-the-middle attacks such as phishing, which is in practice one of the most common attacks on systems of this scale.
The logistics operation involved in distributing codes is also very expensive and inflexible. You may need to authenticate payments a dozen times in an hour one day, when you are on a farmers market which doesn't take card payments or you are out dining with friends, and another day not at all.
Given all this, a good old public key infrastructure makes sense. But that is unfortunately also usually the first step to a complexity explosion.
> The logistics operation involved in distributing codes is also very expensive and inflexible. You may need to authenticate payments a dozen times in an hour one day, when you are on a farmers market which doesn't take card payments or you are out dining with friends, and another day not at all.
Neither of the scenarios you describe would require you to authenticate using MitID: Peer-to-peer payments in Denmark are typically done using the app MobilePay, which only requires MitID authentication during setup. And you never need MitID authentication when paying in person, at most you'll need your card's pin-code
> You may need to authenticate payments a dozen times in an hour one day, when you are on a farmers market which doesn't take card payments or you are out dining with friends, and another day not at all.
It's very unlikely people would need to mess about with MittId/BankID if they can't use card payments at a market. Firstly, if they're doing the almost-unheard-of clunky approach of using their mobile banking app to make a bank transfer, it would probably be authorised using their touch/face ID instead of BankID/MittID. But far more likely, they'd use one of the ubiquitous mobile payment apps: Vipps (Norway), Swish (Sweden) or MobilePay (Denmark).
> The big drawback of one time passwords is that it doesn't protect against man-in-the-middle attacks such as phishing, which is in practice one of the most common attacks on systems of this scale.
This is true and was definitely a criticism of the old system, where websites would open the NemID iframe and ask you for your username, password and a specific indexed OTP code, without providing any authentication to you. You only notice something weird if it asks you for an the index of a code that is not on your card but maybe the scammer is lucky and guesses an index that you have and then they can use that phished username/password/OTP triple to perform an unauthorized action.
The new system is slightly different, because if you use the mobile phone authentication it will send you a notification to your phone, but if you use the (bespoke, non-standard) OTP dongle it still does not authenticate itself towards the user. However the codes are now time-based so if they collect an OTP code they can only use it in a ~30s window, so the phished credentials have to be used immediately.
The way it worked before was that you had basically a piece of paper with OTP codes and the website would prompt you for a very specific one.
How that would've prevented this issue: not at all. If the login service is down, having the piece of paper with OTP codes is worthless as the problem is not getting the codes (I can still get MitID codes with the OTP dongle) but the authentication website. The previous system was just as centralized.
Too many people appear to be lacking the ability to grasp that, if they hadn't spent decades reacting like mindless, programmed bots to anything that might require more than two braincells to think about, most of the things revealed by the EpStein files would have surfaced a lot sooner.
160 comments:
Terrifying to live in a digital economy when something like this happens.
You're usually about 1 service away from realising that the "money you have" is just an int32, that, if everything works properly, you can modify.
Otherwise you have nothing except a pretty little plastic card.
(I'm aware that payments systems are not affected, but it's a sobering realisation that I've had a couple of times, but it works enough of the time that I forget about it... it's a bit like the meme about backups where a computer takes too long to boot, the person slowly builds panic and starts wishing they had backed up and published all their important work - then when the computer works they say "*phew*, thank god I don't have to do any of that".
Imagine someone "enthusiastically digitized" (as much as possible) in a foreign country alone and then they lose their iPhone Plane tickets, all hotel reservations, they don't remember any phone numbers. They use ApplePay and other mobile payments. Cards may be in the same wallet case.
Without a trusted device or Recovery Key, Apple may impose a security delay (24 hours to several days) before allowing a password reset. Getting new SIM and re-authenticating our life will be pain.
Temporarily losing access is just inconvenience. Imagine the same but you lost the wallet with your only cash and your passport in pre-digital times, you are far from the nearest embassy and nobody understands your language. You are fully at the mercy of the locals and your money aren‘t coming back.
With Digital passports and ID's the route to recovery starts to get hairy.
1. You need to verify yourself in person to get id or passport. You may need someone you know with you and have real interview.
3. But government gives only digital ID's so you need a phone to get it.
4. You can't buy a new phone or get a new SIM unless you can pay for it. You can't pay for it unless you have a phone and credit cards there. But neither bank does not recognize you without digital ID.
You need friends to bootstrap your life, but you are also in the middle of loneliness epidemic and have no friends, you parents have died. What do you do?
You are overthinking it. The physical cards to pay and identify yourself are not going anywhere. In fact, the same places that have the digital id rolled out are the places where having one issued is mandatory and often times it's also mandatory to have one in case the police asks you to identify yourself.
When I wanted to get a replacement id to be issued in the year 2019, I had to book an appointment, get to the place and by the time I got the desk, the clerk had the thing open with my face photo from the last time I had a passport issued.
There are less fortunate people, who have the hardcopy id present, but no digital file exists for it (because it was issued before the digital files became a thing) and the paper trail leads to the occupied territory. That is usually months long story where secondary sources are involved and sometimes you have to find a friend who can confirm your identity.
So yeah. Make sure that the issuing CA doesn't get overrun by orcs before the replica thinks and you a hardcopy that is trustworthy enough.
Does any government in the world issue only digital IDs?
There‘s always possibility to have your travel passport as a backup (and when traveling abroad your domestic ID is suitable for recovering passport).
Not yet. Soon.
Considering the actual physical id cards have an nfc chip which is used as the second factor for the digital id, this seems unlikely.
Any governments announced the plans already? I somehow missed that, but you say it like it's a decided thing.
It's probably not a great idea to depend on friends or family to remotely bootstrap you out of a situation like that anyway, given deepfake impersonation scams.
For that kind of a thing you usually have to be present, for which deepfakes are not a threat yet.
A wallet is a wonderful invention that allows you to lose all your important items in one fell swoop
I keep ID+money separate from passport+cards.
I just have one paper passport, the only passport that will be accepted abroad.
What's the difference to losing your backpack containing all these separate items? And conversely, it's very possible to carry a recovery Yubikey, a single-use login code etc. in a separate bag.
Getting a new (e)SIM abroad can be very annoying, depending on the mobile network, which is why I try to avoid mandatory SMS authentication as much as possible.
Yeah losing is maybe a bad example. What about a software update bricking the device, or a hardware problem?
Was at a checkout the other day, forgot my wallet in my bag, thoughts went through my mind: tap to pay? (not setup), crypto? (need USD, tap to pay). Had bad internet in that one spot, faster to run outside to my car and get my wallet.
> the "money you have" is just an int32
If only it was a uint32
My money is a boolean at this point.
Still better than half of uint32 possibilities.
Wanna take another stab at that? :)
Lol, I just wrote a bug.
> that the "money you have" is just an int32
well, luckily, that's not how money is stored, but instead, they're transaction based. Aka, that number you have is a calculated value, not a stored, arbitrary value.
Except...perhaps the central bank's, where they could really just generate that money as an arbitrary value to lend out to other banks.
footnote: of course, your account balance is cached, so that it is not recalculated over and over again...
Alas, no matter how the bits that makes up my bank balance looks, in practice its still a single point of failure where I might simply lose access to my money if the right service is down. Cash has much better uptime stats, even if it can be inconvenient to carry around.
Regular banks create new money all the time (loans). There’s no difference to the central bank conceptually as far as I understand, they both record debits/credits to accounts (double entry).
Ah yes, who needs the Federal Reserve when you have Kansas' own Emprise Bank.
Do you know of any resources where I can read about how banks store digital currency? Would be interesting to see how international transactions are handled, if they chunk data into months/periods, etc.
I can't say this is exactly what you're after, but this article is really interesting https://calpaterson.com/bank-python.html
Similar to what the author describes, I wouldn't be surprised if a lot of this information is generally not public.
I'm a banker. What you're looking for here is called "interbank clearing". In europe that would be SEPA[1]
But yes, most clearing is done daily. Each bank basically submits their daily flow of money to each other participating bank, and the central ACH (Automated Clearing House) keeps track of the balances. There's some processes in there by which banks can dispute charges, which is super interesting, but also way to complicated for me to detail here.
[1]: https://www.europeanpaymentscouncil.eu/what-we-do/epc-paymen...
Seems like a distinction without difference in this context. The result of the "what is account x's current/available balance" is still some integer or decimal number.
But the GP implied that the bank (or someone) could just alter that number, and it would become reality.
I'm saying that this can't be done - at least, not without leaving such a large trail behind that it would be easily reverted, and relevant people prosecuted.
> well, luckily, that's not how money is stored, but instead, they're transaction based.
Not really. That's how the accounting works. It's the gold standard, and what we guarantee our customers, it's not universally how we store it though. Plenty of bank systems store just singular balances and infer that back into "transactions" in other systems to make the balance even out. Then the errors in those balances are manually corrected by looking at the sums.
IT systems only rarely match the legal frameworks they operate within.
More like a float with a precision of 18.
Most of us who work in payment systems care a lot about precision and reliability.
Okay... but a float? High precision sounds great but uh... got a lot of issues. If you know what I mean.
Witnessing this or Texas floods, politicians in my country dare to say that `We don't need cash'
"just an int32"
I remember hearing that Zimbabwe, during its period of hyperinflation, had problems because the databases for the banking system couldn't handle a time with $100 trillion banknotes, and ATMs didn't work because of overflow errors.
If only they had used int128. :)
Now go read about fractional reserve banking
Now that the money is gone
What are we supposed to do?
After all that we've been through
When everything that felt so right is wrong
Now that the money is gone (money is gone)
Not an int32, but a BigDecimal.
Isn't it handled by COBOL or some other ancient language that only supports strings?
It's Struts 1.0 running on J2EE 1.5 hosted on WebSphere which does the talking to COBOL.
COBOL serializes everything to strings in a flat file.
We're currently planning on migrating the flat files to a Sybase DB.
Is it in anyway worse when the money you had was some strips of paper, or metal coins, or goats, or salt?
All of those have some very annoying fail scenarios too.
yeah, it's worse.
Someone trips over a cable and now your region of the world can't recognise that you have any wealth of any kind.
Or, you can get debanked by the state. :)
Hard to do that with coinage- but you can have your coinage destroyed in a fire (or via theft, of course).
I respectfully disagree, but each with their own personal annoyances.
Strips of paper and metal coins have a huge problem with forgery. Metal coins in particular can get very heavy very quickly.
Goats have this issue that they can get sick and die. They also need to be fed. Goats have a massive advantage that while heavy, they can move around on their own. Not easily fractionable though.
Salt is probably the best one in that list. Easily fractionable, not easy to forge. Can be used as seasoning and to dry things. It can get wet though.
You can disagree, that's fine.
But anything you can touch has the risk of being forged or destroyed.
The whole point of bank notes was that they're centrally backed- someone would take the responsibility of ensuring that it's hard to forge and backed by something "real".
But centralising it so completely has pretty concrete drawbacks, which is fine, if your infrastructure is perfectly reliable and your banks are trustworthy.
History has shown us that infrastructure is never perfect, and banks are not perfectly trustworthy. So, hedge your own risks.
A personal tragedy (losing some money) is materially different than the entire economy being screwed because of a programming issue, or a city being screwed because of an internet outage, or a person and their family being (additionally) screwed because they offended a politician.
It's just.. different levels, and the centralised convenience becomes a pretty catastrophic impact in the worst case; and on a long enough timeline, the worst case is inevitable.
I still disagree. I personally welcome the move to less physical money.
> A personal tragedy (losing some money) is materially different than the entire economy being screwed because of a programming issue, or a city being screwed because of an internet outage, or a person and their family being (additionally) screwed because they offended a politician.
If you live in a place where you can be financially screwed because you offended a politician, you have a lot more problems than if money is physical or not.
Also, you are disproportionately overstating the issues with digital money (I am still to see an example of a city being screwed because of Internet outage or programming issue). And you are also disproportionately shrugging away issues with physical money (it makes forgery and criminal activity much easier in many levels, to huge damage to society).
fair enough that you prefer it, but personal preference isn't really the point is it?
you said you're "still to see an example of a city being screwed because of an internet outage or programming issue"- so let me help you out there.
july 2024: CHAPS goes down in the UK. that's the system that moves about £345 billion per day between high street banks. same week, crowdstrike takes out banking systems globally. two separate issues, one week, absolute chaos.
2018: visa has a hardware failure across europe. 5 million transactions just.. fail. ten hours. nothing. people standing at tills with money in their accounts and absolutely nothing to show for it.
square, fiserv, tsys - all had outages in the last few years, each one leaving tens of thousands of merchants dead in the water.
last i checked, payment outages cost US retail alone something like $44 billion a year. not a theoretical risk, just tuesday.
oh, and there's currently a ransomware attack on a payment processor called bridgepay that's knocked out card payments for multiple cities in texas, michigan, wisconsin.. still ongoing. https://cybersecuritynews.com/bridgepay-ransomware-attack/
you're right that i'm overstating nothing. these things happen constantly, and when they do, the blast radius is enormous compared to your wallet getting nicked.
the forgery point is fine, i already said physical money has problems too. but a forged tenner affects one person. a downed payment processor affects a country. those aren't comparable problems and treating them as such is what i'm pushing back on.
Given reliability and security of payment systems - simple credit card (chip/nfc) should be enough for identity. You could pull off entire election using payment terminals.
I'm a British expat with a Danish job. I really dislike MitID and the Danish centralised world of (very good) public services that come with it. Each person has a number, CPR, which effectively defines your life solely to the state. Visit a library, doctor, tax man, anything official, and your ID is recorded. Buy alcohol online, go grocery shopping, use your bank card -- and sign in with it. This undoubtedly makes things easier for the state -- and I've seen produce some pretty good epidemiology work where the government can link purchasing habits and health outcomes(!) -- but it's a privacy nightmare.
MitID doesn't work on rooted android phones, or those running a custom rom. Reports from others who have disassembled it indicate that in fact a hard coded list of custom roms is checked against. It's a highly obsfucated binary, and by design is a single point of failure. If you sign in with an unauthorized device it helpfully centrally blacklists your IMEI. It's hard (but not impossible) to get a phone contract on Denmark without indirectly giving over your CPR number, so I imagine trying to get around this is frustrating. I didn't try and have a hardware dongle. One. By design, this whole system is a massive centralised single point of failure. It's absolutely key to Danish life.
That all said, most Danes would vigorously defend privacy, say that the state doesn't abuse its powers, and they're probably right. It's a very vivid vision of the 1960s Nanny State, where Nanny knows best and has your best interests at heart. Most of the time, she does. They're frequently voted as some of the happiest people on earth, so clearly the recipe of pay a ton of tax and get things from it works well. I find the privacy lack rather shocking and I've never got used to it -- in quite some ways it's an incredibly authoritarian society although no Dane would ever say that, and tell me to drink more øl and get off the internet and go for a walk in a forest. They point out that the UK has far more CCTV cameras and that we have more prosecutions for bent policemen and politicians. There's truth in all of this.
Either way, I'd be interested in seeing if they issue a post mortem on this. It'll cause a lot of issues for many, many people.
Italian living in Sweden, Malmö, and lived in the UK in the past.
I don't get the obsession you Brits have against IDs, in Europe you are pretty much the only ones. But a lot of what you say resonates with my observations:
- single point of failure: absolutely, but so is the "sign in with Google" or equivalent. It's just too convenient. I'd rather have a public service do it than a private company that can cut you out at any time without any explanation.
- Nanny State: 100% also in Sweden, actually worse here. But historically they have been pretty good at protecting freedoms, so far. The UK (or Italy) may be less nanny, but have got some very illiberal things going on these days (left or right government doesn't really matter, it seems).
- Happiest people on earth: I really doubt the surveys measure happiness. They tend to measure trust in institutions, which is very high in Scandinavia.
- It's an incredibly authoritarian society although no Dane would ever say that: exactly the same in Sweden! They would NEVER admit any failure in their society, no matter the hard evidence in front of their eyes. I guess that it's the other side of the same trust of the previous point.
- Drink more øl and get off the internet and go for a walk in a forest: At least you've got øl, in Sweden alcohol is taboo. Forests are nice, but become boring quite quickly :)
> They would NEVER admit any failure in their society, no matter the hard evidence in front of their eyes.
That must be the swedes. Danes complain constantly, about everything.
Edit: if you need examples.. DSB trains are slow/never on time/bad service/..; Post Nord takes WEEKS to get a letter out/too expensive. Well we switched to another provider now, Dao, so we’ll complain they are even worse! And complain why they are not doing it like in the good old days (see Post Nord); taxes are too high; public service is too bad/slow/low quality; too many cars in the city; never any parking space when I take MY car; the paid first child sick day is not enough we need at least a week (just for child sick days mind you, we need the 5 weeks paid vaca for relaxing on a Beach in Spain); btw our weather sucks; unacceptable that garbage collection service is not functioning during show storms; .. i can keep going all day
> i can keep going all day
Denmark is like the Netherlands - where I'm originally from - and in some ways like Sweden - where I live. More like the Netherlands, really, Swedes are less likely to vocalise their dissatisfaction because they're more 'konflikträdd' or 'scared of conflicts'. Descartes may have claimed that 'Cogito, ergo sum' is one of the foundations of western philosophy but as far as the Dutch go 'Queror, ergo sum' often seems just as fitting.
I would recommend getting the hardware dongle. I don't have the app, never did, and I've had none of the issues others have been complaining. The dongle is, generally, a much better experience from what I can tell, except if you need to do any authorizations on the go.
Your other complaints: 100% agree, the whole thing is a privacy nightmare.
I wouldn't count on a post mortem of any value. They still refuse to explain how the system has been abused in the past. Regardless of how hard I try, I fail to understand how it has been abused after QR codes was added to ensure presence at the device you're trying to authenticate at. The system feels secure, but has been abused a number of times and we're almost never told how.
Also British, living across the bridge in Malmö, Sweden.
I really like the centralised system, it makes navigating society surprisingly easy when compared to say, Germany or the UK.
The difference is that I sort of trust the Swedish government, they've never really done anything to breach that trust - up to and including their handling of COVID (while controversial, they took the stance of individual liberty and a "collective responsibility" over mandatory top-down systems).
The UK in contrast has a much more heavy handed relationship with the population, up to and including incarcerating people for saying the phrase "we love bacon" at a construction site or typing the letter "n" on social media. It's a different context entirely.
Also, BankID, the central system is a definite weakness, but you can have a card/pin device that still works, and it does work on grapheneOS, though it will complain a bit if you don't have google services installed... which I find hilariously awful...
>incarcerating people for saying the phrase "we love bacon" at a construction site
You conveniently neglected to mention that it was the site where a _mosque_ was being constructed.
Changes things a bit.
You’re right, it’s totally acceptable to arrest someone for saying we love bacon at the vacant construction site of a potential mosque.
I’m sure the construction equipment was very unhappy.
>Changes things a bit.
No, I don't think it does.
BankID is not a government thing, it's developed by a company founded by a bank consortium. Once upon a time the state aimed to build an public good in this space but bank representatives in the committee responsible managed to block it.
I was under the impression that it doesn't work under GrapheneOS, great news that it does. Other than that it shares some of the characteristics detailed above, refusing to run if it notices rooting and the like. Also no Linux support.
Edit: I agree that it has a convenience to it, but I strongly suspect it has a latent tyrannical potential and that future governments will exploit this to a further degree.
BankID also doesn't have Windows support. There's a defunct app that used smart-cards but it's fully deprecated and does not function.
But yes, it's owned by the banks not the state; if anything though this increases its weakness.
You can use BankID to identify with the tax agency, the public health services and police. (and more: this is just what I'm aware of) and there's an expectation that you have a BankID.
Also to identify with the banks, which was the original purpose, and many other services. It's somewhat expensive to run an integration but many customers and other users have a feeling that it is especially trustworthy as a method of authentication. One use I've had is with a file storage platform, they have an integration so that one can create shares against 'personal number' through BankID, which our customers in the public sector really liked. No need for them to juggle some account, they just share a 'personal number' and we were good to go.
The main competitor is Freja+, or just Freja, or Freja eID. It's particularly popular among immigrants, as I understand it, though not as commonly supported, especially in the private sector. There is also a semi-public electronic ID, "Skatteverkets ID-kort", issued by the same company that produces swedish passports, which is owned by the french defense corporation Thales.
> but it's a privacy nightmare.
I've gone the other way from Denmark to UK. And I've often had to mail copies of my passport or other identity documents via email. And my bank requires me to regular scan my face to check that it aligns with the picture in my passport.
It's the same in the US. We're really lucky that it's technically impossible for fraudsters to email pictures of stolen passports (or stolen pictures of passports) to banks and other companies for fraudulent purposes.
Weird, I'm in the USA and I've never emailed my picture or passport to a bank, or provided it in any other way. I suppose they might have a very old scan of my driver's license, certainly nothing newer than about 20 years. If they have any other photo of me it's without my knowledge.
What do you mean indirectly handing over your car for a phone contract?
I have experienced the same privacy culture shock in Denmark. Generally, I think the people’s trust in their government is the greatest social asset of the danish society, as well as their biggest blind spot.
Is the trust naive? Have there been instances of a government violating that trust? Were they held accountable?
The US was a much higher trust society before repeated governments from opposing parties violated that trust with little or no consequences. This left people with no realistic competitive party that was trustworthy, and first past the poles elections ensures they only have to be slightly less despicable than their opponent. This also drives polarization.
Having a multiple party system with something approximating proportional representation, an independent press and judiciary, and a smaller population and land area all make a large difference. The US was the last nation to use first past the poles for something besides a house of commons that was ranked a democracy by vdem I think? Definitely the last one to be ranked a full democracy. The largest remaining population ranked as a full democracy is Japan, it doesn't look too likely to change from the outside. Germany is next in size and we'll see how that goes. SK was next and they passed a rough test so lets hope. Large populations are easier to polarize apparently? I wonder if that will hold true with social media eroding the rural urban ideological divide.
Last year, I think, I saw someone talk about trust in Danish society and how it works. As a Dane it's not something I really think about, but I their conclusions where at least interesting. In Denmark you're given implicit trust, that's the default. Trust is given, not earned. That poses a problem for people coming from the outside, because trust can be lost, but because it's something that was given to you, there's not really any way to earn it back. If you don't understand that social contract, you can mess up your life pretty quickly, with no means of recovery.
This is a topic that frequently comes up in our multicultural Danish company. In many countries people have adversarial relationship with their government, which is completely unlike Denmark. This mindset requires time and effort to change for the newcomers, and is also difficult to understand for people who haven’t lived outside of Denmark.
Can you explain the social contract? Is it explicit and people find loopholes, or is it based on intent and the spirit in which an action was taken?
> in quite some ways it's an incredibly authoritarian society although no Dane would ever say that
Did they collectively close their eyes while Denmark was the latest, at EU presidency, in charge of pushing chat control?
All of this is true.
Having lived in Germany it's quite different, but I'd argue the centralized handling of the CPR is actually quite convenient and doesn't meaningfully impact privacy. In Germany every authority has its own ID for you anyway (my password manager has a category "Government Primary Keys" for this), however that means that you have to provide all your information from scratch to every authority. This would theoretically lead to more privacy if we lived in 1926, but now computers are ubiquitous and a rogue government (like Germany is close to electing) can just correlate these keys together. Relational databases have existed for decades and JOINS are cheap. Thanks to surveillance capitalism by now we have very sophisticated ways to deanonymize people, the government can just hire someone to do it.
So the privacy in Germany is most often inconvenience for the citizen paired with hardly any privacy gain from a potentially hostile government. At this point I think the better solution is to avoid electing hostile governments. To Denmarks credit, they're currently doing that better than many other European countries.
Interesting. Swedish BankID, that I'd guess serves the same purpose, works just fine on GrapheneOS, as well as nation wide payment system Swish.
It works just fine, but every time you open the app you have to dismiss a dialog saying that the app doesn't work without Google Play Services installed.
>MitID doesn't work on rooted android phones, or those running a custom rom.
I find these arguments quite strange. A big part of MitID and similar services is to protect you against fraud. The most vulnerable in society (e.g. old people) aren't running these kinds of devices, and I'd rather we optimize for the general population and the people most at risk, rather than people running some weird setup that is almost identical to setups a scammer would run.
What privacy aspects are you lacking here? For all the services that MitID connects you to, there are government required responsibilities for these companies to track all of this information anyways and be able to provide it to the government if needed. That goes for banking, public services, telecom, etc. And this is in no way unique to Denmark, it's how most countries operate. Denmark has just acknowledged this and decided to make it easier.
Did you expect your UK bank to not be required to know who you are and be able to track and keep records of literally all financial interactions you have with them and their services? I'm a bit confused on what society you are comparing against.
WeChat effectively is all of this but does work on rooted phones. There are far too many brands and variations of phones all over China running various forks of Android for them to keep track of.
The Netherlands had a similar system with BSN and DigiD.
I personally prefer it, and I wish the country I live in right now had a better centralized system to deal with the government. It massively reduces bureaucracy and the need for me to produce all sorts of extremely privacy-invasive documents (such as bank statements, utility bills, scans of my driver license and passport) when dealing with the government. Sometimes I even need to mail those things, like, with an envelope.
The government can and will collect all data it needs about you at any given time, no matter if there's a centralized ID or not. It just spares everyone time and effort by removing friction.
Also, I have a very hard time to take seriously someone that unironically says the words "nanny state". It says a lot about your stance on the role of governments and society in general. What it says, to me, is very unflattering.
I see a few people here complaining about the idea of a central digital identity service.
As a Dane, having lived in other countries, MitID is an insanely superior to anything I've ever tried. It simplifies so many touchpoints with the government, and is honestly such a good upgrade going from nothing -> physical NemID card with codes -> digital MitID (literally "My ID").
The only real disruption I'd say is if you happen to be buying something online that triggers the 3DS prompt (an additional security layer to prevent cards getting stolen/scam). In Denmark the 3DS prompt for VISA at least uses MitID to verify you are the owner of the card, so that'll obviously not work when MitID is down.
I'll say, it has been surprisingly stable though otherwise, and disruptions usually aren't a big impact (I literally wouldn't have known unless I saw this HackerNews post).
As for a centralized identity system: I personally see this as an acceptable contract for living in a society. Most countries have SSNs anyways, your taxes and many other things are tied to this. Centralizing this identity allows the government to streamline so many things to give a better service to their citizens. For example, all official communication goes to your "DigitalPost" email inbox, your verify identity with "MitID", and every person or company has a registered "NemKonto" tied to them for any salary or government payouts.
I maybe see people get tripped up at the concept that your government should actually care about the service they deliver. That's probably already the point where we diverge when talking about if these things are a good idea or not.
> The only real disruption I'd say is if you happen to be buying something online that triggers the 3DS prompt (an additional security layer to prevent cards getting stolen/scam). In Denmark the 3DS prompt for VISA at least uses MitID to verify you are the owner of the card, so that'll obviously not work when MitID is down.
If you use Lunar, the 3DS prompt uses the Lunar app and not MitID.
> I see a few people here complaining about the idea of a central digital identity service.
Digital identity service is fine for gov services. It’s not OK as a hard requirement for anything else such as banking.
Digital ID in my country is down for about 7 days and counting. iOS app no longer opens after the recent update. I cannot pay tax without digital id app working but i can do banking and everything else.
> It’s not OK as a hard requirement for anything else such as banking.
What’s the alternative that you think is okay for that then?
Certain businesses have regulatory requirements to know and verify your identity (banking, telco).
A UK poster gave an example of how they need to mail the bank a copy of their passport and other private information.
I’d certainly much prefer simply using a digital login solution as an alternative to that. They can verify I am who I say I am, without needing my passport which I would consider a much bigger privacy invasion to hand out.
I have an electronic certificate for sign and verify on my physical national identity chip card. You either use it physically or online but only at times when identity confirmation is required.
> It’s not OK as a hard requirement for anything else such as banking.
It is in fact not a hard requirement. It just happens that when you have a relatively cheap and efficient digital identity, which is by definition trusted by the government, banks will use that to reduce risk. It's not that they can't verify your identity any other way, this is just the obvious and easy one.
Dane by choice (refugee). Would just add as a counterweight to the negative views from people outside the country.
From a technical and user point of view, MitID have had less outages than Cloudflare, AWS and MS Azure in the last year. While I agree with the single point of failure, I also like that I setup my startup with all government and banking online via a login I had the last decade, painless and faster than most places without having to upload a single document in many a unsecured ways I heard from my US and Other European friends (outside the Nordic countries).
Yes we Danes trust our institutions more than others and trust is given by default and then lost, rather then "earned" (I would argue bought) in other places.
Can anyone tell us the current status? I put "was down" in the title to be conservative, since usually these things get resolved after a few hours.
I converted this to a Tell HN post since there didn't seem to be a good 3rd party article about it in English (yet, at least). The submitted link is in the toptext. (Submitted title was "MitID, Denmarks sole digital ID, has been down for over an hour and counting".)
(p.s. In case anyone is wondering, I think this was a good submission with aspects worth discussing. It set off the flamewar detector, so I turned that off and re-upped the post a bit.)
Hi dang, Thanks for the edit.
It is indeed up again, and I appreciate you recognizing that the thread had/have some great discussion aspects about e-ID in general.
It was completely down from 10:40 to 12:17 GMT+1
The linked page has 3 down updates, then says it's back up again after the 3rd one. So presumably resolved.
In Sweden there’s at least one more competitor to BankID called Freja. There’s also some kind of EU-level system.
Would be cool if multiple actors were allowed and shared the same kind of auth signing method so that there aren’t just one point of failure. Or something distributed like a blockchain type of signing method, at least I don’t think Bitcoin or Ethereum have downtime that often, and authorization should probably be read heavy only to check if some identity is still allowed
Meanwhile the Netherlands is selling the DigiD system to foreign companies and today it came out that we are also are going to outsource of of our key tax systems to an American company.
Finland did that + lot more. Tax system from Gentax, EHR from Epic and social benefits from Salesforce.
> …today it came out that we are also are going to outsource of of our key tax systems to an American company.
That’s a remarkable failure to read the room, given the digital sovereignty initiatives across Europe.
There is even the digital sovereignty strategy of the Dutch government itself to migrate off the azure.
Isn't it the hosting provide and not digid itself?
The Swedish BankID has the same potential weak point. Any centralised system does.
The way TLS on the Web works is better: as long as the CA is up some time during the period I need to renew it is fine. Digital IDs should really work that way (probably with relatively short life spans just like let's encrypt: the digital ID could need to be renewed once a week for example, and it would opportunisticly renew when less than half the time is left).
Italy's digital ID (SPID) works by having multiple trusted providers that can attest your identity. You can sign up with multiple of them, and if one is not available you could use another one. Not perfect (it's still centralized in the hand of 10-20 providers) but better than nothing. Unfortunately most people only ever signed up with one provider, and the government is now pushing for a more centralized digital ID istead (CieID).
All of these IDs in the EEA are based on a common set of EU requirements, and in theory that means multiple providers, but in practice in many countries the set of providers is small and with feature gaps. E.g. Norway has several providers, but they provide different levels of security and features, which means in practice most people rely on BankID...
10-20 is fantastic in comparison. Even if people don't have more than one it at least reduces the blast radius..
Agreed, there should not be a tight (temporal) couple.
But it's a trade off. Long-lived TLS certificates have always had the cert revocation problem. OCSP stapling never took off, so in the end the consensus seems to have been to decrease expiry date. (Mostly fueled by Let's Encrypt / ACME).
Relying on expiration rather than explicit revocation of course also assumes (somewhat) accurately synchronized clocks which is never trivial in distributed systems. In practice it put's pressure on NTP, which itself is susceptible to all kinds of hairy security issue.
I like to think of the temporal aspect as a fail-open / fail-close balance. These centralized solutions favour the former, and that's why we see this resulting outage.
For anything as high stakes as eID you need real-time revocation checks, which brings you back to at least some level of centralization.
I don't understand. We don't have real time revocation for passports, do we?
In fact, we don't have real time revocation of any document until very recently...
We do. There are centralized databases of passport serial number, for blacklisting (revocation) or just persons of interest.
For all countries? I was always wondering about that when doing one of these wonderful "take a selfie of you holding your passport" "authentication" procedures...
don't we? We call somewhere and revoke the Passport, atleast in Germany.
But does that propagate to every entity worldwide using passports for identification, including all non-government-affiliated companies and KYC providers?
That's very true for a lot of PKI systems too. The revocation lists are published, but nobody is reading them.
At least they exist. I've tried looking into this in the past, and I haven't really found any public passport revocation list, even of just numbers (i.e. without disclosing associated names or any other sensitive data).
Sure... but it should degrade to work when the central services are down.
You should still be able to authenticate with each individual service when the centralised service is down.
There is no reason why you shouldn't be able to login to your bank under these circumstances.
Finnish system works like that. If central system is down I can still log in to bank. But I can not log into say tax or healthcare system.
Revocation lists can be distributed.
Yes, but they still originate somewhere, and if that source goes offline, you're still at risk of accepting stolen credentials.
Yes, but under the assumption that downtime is typically short (a few hours), that small risk seems better than a foreign nation state actor being able to block essential services like identifying with healthcare, or sending transactions.
BankID is not government backed, and most governmental agencies have alternatives to BankID as well.
Makes me appreciate that my government gives me like 17 different ways to authenticate including every bank that exists.
These things should be offline / resilient first right?
Smartcards / YubiKeys.
Never understood the logic for these to be centralised / online.
PKI works offline until you realize you need to handle revocations.
For this and related reasons, such as enforcing protocol upgrades, most smartcard systems end up permanently online.
You can have a mixed system, such that revocation lists are downloaded and cached every hour or so, and you can even try to check online more often than that, but fall back to the downloaded lists if the system is down.
Revocation.
can be solved with a hybrid model that degrades when the central service is down. No?
Well they provide that if you want. they have both a OTP dongle, a OTP loud speaker and one that uses FIDO U2F (though you need to pay for that one).
https://www.mitid.dk/en-gb/get-started-with-mitid/how-to-use...
when your sole digital identity provider goes down, it's not a service disruption. it's a national infrastructure outage. the blast radius of a single authentication system is the entire country.
I guess that's the one thing you don't want to be down and yet it's down..
Don't banks have their own id:s as well? At least in another nordic country, you have quite many login possibilities to many services. Banks even provide cross-login.
As I understand it, BankID in Sweden is still run by one organisation co-owned by the big banks, and banks handle verification for issuance. There is still a single point of failure for the operation of the system.
There is technically a second provider, Freja, but that is basically only supported by government agencies, and even that is spotty.
There are talks about a state-provided one coming soon, because of EU E-ID laws.
Well I'm in Finland and seems the system here has multiple independent services and is thus potentially more resilient.
I was under the impression that all of those services and login methods rely on suomi.fi in the end, but I admit that I don't understand the system terribly well.
Same in Norway.
No. As I understand it the previous system, NemID was actually (co?)designed by the banks so this is what they all use. Likewise MitID is another unholy alliance of Nets (a Danish payment provider) and Danish banks.
Given the Swedish version of it is called BankID I assume the situation is nearly the same in Sweden.
Sweden have one other viable alternative that is Freja ID, it does not have at all the coverage as BankID but it's something.
Another one just popped up recently though it does not have a lot of coverage if anywhere yet: https://corporate.e-boks.com/loesninger/e-wallet/e-boks-id/
No. Many/most of them support login through hardware ID on your smartphone (i.e fingerprint/TPM-style pin), but the actual authorization of transfers or any privileged access is entirely MitID
this is not big news in dk, it will be up again soon - i dont know of any mitid services that are life-or-death enough to have people panicing about an hours downtime
This is a tech site, not a news site. Threads posted here are rarely if ever "big news" nor is that the point.
The topic is an opener to discuss MitID, electronic ID's in general, the protocols behind them, what happens when they fail, privacy, societies reliance on them or something similar.
>this is not big news in dk
Yep let's not learn from that incident and wait until is offline for like 2 weeks, and be assured that will happen.
yeah, everyone knows every European website is eventually down for 2 weeks. only the FAANG know how to keep websites up.
>only the FAANG know how to keep websites up
Really FAANG can stop a solar-storm? A war on infrastructure?
Remember that your website not just needs running computers but energy too, and a net that brings that information to the peoples, and those peoples devices need power too.
Just look at the Berlin outage where people had to go to hotpots with generators to load the phone:
https://edition.cnn.com/2026/01/07/europe/berlin-power-outag...
And that was a small attack on infra but 100'000 where affected.
But sorry if i touched any of your sensitive areas...because it's Europe and not FAANG ;)
nah, i generally agree with you on single points of failure, i just don't agree that it would go on as long as 2 weeks. 24-48 hours i can believe, but at the absolute worst case I'd also expect anyone with minimal competence to have a plan to spin things up from the latest offsite backup somewhere else. (minimal competence is a big statement though). Even redundant setups can go down altogether from a fatfinger or automation gone wrong (see almost any outage from FAANG)
> stop a solar-storm
never heard of those taking out a data center, but i'm not highly educated on that one.
> A war on infrastructure
government datacenter will be first in line for fuel, generators, etc. A destroyed gov. datacenter would be the start of much more serious things to worry about.
> Just look at the Berlin outage where people had to go to hotpots
yeah, this one _is_ a little embarassing, but people who have to go to hotspots != datacenters
The original statement stands.
> hotspots != datacenters
A running data-center without a net or consumers is nothing worth.
>The original statement stands.
Well true, the Website runs but no one can access it.
How ironic to see "MitID remains inaccessible" and "You are in charge of your data" cookie banner on the same page.
At a more basic level, before software issues, digital wallets can run out of batteries. As can infrastructure.
Electricity isn't guaranteed.
Supposedly up again now
Just one of a dozen reasons to resist digital id.
They went to Linux recently didn't they?
And who is the happy monopolistic receiver of this constant and unending stream of taxpayer money?
The french company IN Groupe.
IN Groupe is fully owned by the French state.
Not a cryptobro but... The only acceptable digital identity is or local (smart-card) or a blockchain kept by any connected citizen on his/her own iron. The Orwellian dream of the nazi will cause pain also to those who push it.
The primary reason this is down is usally because of certificates running out, that has to be manually replaced
Should have stuck with NemID a previous paper alternative or only offered MitID as a digital alternative. The rush to go all digital is coming back to bite them in the .....
One of the flaws of that system was exactly that you didn't know which domains where allowed to issue the requests for a one-time key.
Each service would serve the authenticator snippet from their own domain, with their own certificate. MitID, for all it's centralization flaws, solved that by only being valid under the mitid.dk domain. I doubt that most people check the domain and the certificate, but they could.
How would you use a paper ID online? (Securely, i.e. not the insane thing of taking a selfie holding it or something similarly bizarre in an age of powerful GenAI.)
NemID, the previous national 2-factor solution, used a small card with rows of pre-printed single-use codes. When you logged in to a bank or a public sector website, it would ask for a random code at a specific row and column number. Once the system registered that you had just a handful of codes left, a new card would be sent to you via snailmail. It worked fine for the time.
The current system, MitID, depends on smartphones, though you can get an an external key generator as a backup too.
The big drawback of one time passwords is that it doesn't protect against man-in-the-middle attacks such as phishing, which is in practice one of the most common attacks on systems of this scale.
The logistics operation involved in distributing codes is also very expensive and inflexible. You may need to authenticate payments a dozen times in an hour one day, when you are on a farmers market which doesn't take card payments or you are out dining with friends, and another day not at all.
Given all this, a good old public key infrastructure makes sense. But that is unfortunately also usually the first step to a complexity explosion.
> The logistics operation involved in distributing codes is also very expensive and inflexible. You may need to authenticate payments a dozen times in an hour one day, when you are on a farmers market which doesn't take card payments or you are out dining with friends, and another day not at all.
Neither of the scenarios you describe would require you to authenticate using MitID: Peer-to-peer payments in Denmark are typically done using the app MobilePay, which only requires MitID authentication during setup. And you never need MitID authentication when paying in person, at most you'll need your card's pin-code
> You may need to authenticate payments a dozen times in an hour one day, when you are on a farmers market which doesn't take card payments or you are out dining with friends, and another day not at all.
It's very unlikely people would need to mess about with MittId/BankID if they can't use card payments at a market. Firstly, if they're doing the almost-unheard-of clunky approach of using their mobile banking app to make a bank transfer, it would probably be authorised using their touch/face ID instead of BankID/MittID. But far more likely, they'd use one of the ubiquitous mobile payment apps: Vipps (Norway), Swish (Sweden) or MobilePay (Denmark).
> The big drawback of one time passwords is that it doesn't protect against man-in-the-middle attacks such as phishing, which is in practice one of the most common attacks on systems of this scale.
This is true and was definitely a criticism of the old system, where websites would open the NemID iframe and ask you for your username, password and a specific indexed OTP code, without providing any authentication to you. You only notice something weird if it asks you for an the index of a code that is not on your card but maybe the scammer is lucky and guesses an index that you have and then they can use that phished username/password/OTP triple to perform an unauthorized action.
The new system is slightly different, because if you use the mobile phone authentication it will send you a notification to your phone, but if you use the (bespoke, non-standard) OTP dongle it still does not authenticate itself towards the user. However the codes are now time-based so if they collect an OTP code they can only use it in a ~30s window, so the phished credentials have to be used immediately.
Yeah but functionally it is the same. If the website is down it doesn't matter if I got the OTP code from a piece of paper or the dongle.
The way it worked before was that you had basically a piece of paper with OTP codes and the website would prompt you for a very specific one.
How that would've prevented this issue: not at all. If the login service is down, having the piece of paper with OTP codes is worthless as the problem is not getting the codes (I can still get MitID codes with the OTP dongle) but the authentication website. The previous system was just as centralized.
First, we saw Russian hacking campaigns in Ukraine before the invasion of the country. [1][2]
Are we seeing the same in Denmark/Greenland with the USA?
[1] https://www.europarl.europa.eu/RegData/etudes/BRIE/2022/7335... [2] https://en.wikipedia.org/wiki/2022_Ukraine_cyberattacks
given the very sparse info on the actual problem i find it suspicious as well.
Tin foil is aisle ten friend.
This is a completely mindless, canned reaction.
Too many people appear to be lacking the ability to grasp that, if they hadn't spent decades reacting like mindless, programmed bots to anything that might require more than two braincells to think about, most of the things revealed by the EpStein files would have surfaced a lot sooner.
And that's just the tip of the ice berg.