I think it's best to ignore this kind of user feedback and focus on the users who really want the service or product and are willing download an app if necessary or use the web version if necessary. Popular opinions on apps/web and desktop/mobile change every few years. I remember when Facebook became deeply unpopular and was afraid of going under because they didn't manage to provide a native app.
Because of the walled gardens, duplication of efforts, and waste of resources I'd personally favor if apps died out but that is never going to happen because they always have better platform integration.
We're talking about an essential government service, not just another weather app. You have to look at this through the lense of national security, the debate about EU digital sovereignty, and the requirements of the GDPR in light of the US CLOUD Act, as well as prior decisions of EU courts about these issues.
Yes all that you wrote is true. But that does not magically change anything to what I previously stated: in the real world all smartphones are either Apple or Android...
I don't know what the eIDAS 2.0 requires in term of security but it may make the choice the implementers made here unavoidable in practice, as hinted by @webhamster.
If so, it seems that a solution, if technically possible, might be to mandate that OSes provide the required security features without tie-in.
The outrage in the comments feels a bit like people yelling at clouds...
Right, because "you can't use an unpopular OS if you want your full rights as a citizen, and access to those rights must be additionally subject to a foreign corporation's opinion of you" is totally acceptable. I would go so far as to say that a government requiring any particular technology or private service to be a functioning member of society is hostile to all citizens. If your OS vendor / phone carrier / ISP all close your accounts despite no illegal activity, and your government has no alternatives you can use for essential services, then your government has sold your citizenship.
correction. in the real world all smartphones are either apple, android or none/other. in terms of legals, you really do have to cater to all three, which is why we don't have one world government.
This is about a digital wallet, so people who don't have a smartphone are out of scope.
Now, "other" than Apple/Android is so small as to be negligible and governments also have a duty not to waste taxpayers' money, which means not spending hundreds of thousands to cater for an ultra small number of people who have an easy access to an alternative.
To have government apps work only on iOS and Android is perfectly reasonable in the current state of the world where this covers 99% of smartphones.
> To have government apps work only on iOS and Android is perfectly reasonable in the current state of the world where this covers 99% of smartphones.
the fundamental flaw with that approach is that it is totally unreasonable to have government apps in anything other than open source and fully public systems. nothing else can really be trusted, and any private/closed source option should be disqualified from the get go.
the reason is simple: you can't trust private entities or opaque systems, and you can't trust government either, thus the solution has to be fully transparent or you're doing nothing.
the problem with that is that it is hard, expensive and/or inconvenient.
Why should I have to have a smartphone to have a digital wallet? Smart watches, tablets, laptops, portable game consoles, etc, are all perfectly cromulent hardware for running a digital wallet.
Essential EU government services cannot be devised on the hope that US companies will invent something that - contrary to current US legislation - will somehow provide the attestation services needed in a GDPR-compliant way without forcing EU citizens to provide personal data to US companies.
If it's not possible to create such a system for mobile phones because of legal issues (as you seem to acknowledge and judges have found in the past), then the focus would have to be on creating hardware devices in the EU, ideally with open source hardware and software. These can be made reasonably secure, have been used by banks for a long time, and would enhance digital sovereignty.
What I find unacceptable is the attitude "well, it will violate the law but as a matter of practicality it's the only choice we have right now so we'll just do it."
> Essential EU government services cannot be devised on the hope that US companies...
I don't disagree. I am just pointing out that this is wishful thinking right now.
As said, Europe has zero footprint in hardware or software so the choice is either not to develop any digital services or to accept that they will run of foreign hardware/software because everything is either Android or Apple and runs on hardware that is from US/Taiwan/China.
Developping honegrown alternives is pie in the sky or a 20 year project if we are optimistic (which I am not)...
Frankly, many comments, and the reactions to mine, show how out of touch and idealistic or naive the HN crowd can be.
EU can build token-generation hardware and that's the solution to the perceived problem. Such approaches have been used by banks for decades. It's not a "20 years project" to issue similar hardware to what my German bank issued 10+ years ago. I've explicitly stated in my post that the EU should not build a software solution for smartphones with US operating systems since this approach violates the GDPR and other laws because of a fundamental incompatibility of EU law with the US CLOUD Act that has been recognized by judges already. The proposed solution you seem to favor is illegal.
If I'm right, you're the person ignoring reality and basing their judgment on wishful thinking, not me. I understand why you want to have a smartphone solution ("practicality") but AFAIK that's currently not a viable approach. I might be wrong about the legal situation but that's what I've claimed. Just repeating your talking point is not a reasonable reply to these legal concerns. In addition to this, there are also serious national security concerns, of course.
The alternative is a secure physical device and that's also the correct way to go if you insist on having online ID checks and take digital sovereignty seriously instead of making it a joke lip service like these implementers do.
I've never obfuscated my mail and do not use server-side spam filters, yet have never had a problem with spam. Yes, I get maybe twice or three times as much spam than legitimate mail (if we include spam that was once (semi-)authorized when clicking the wrong option). However, it's all filtered reliably client-side.
I think the damage is there even if you don't see the ads. News outlets and organizations that used to be magazine publishers focus on lowest common denominator stories they know will get the highest engagement. That usually means sexy anger-bait.
Sure we had that in the print times, but we had a lot more "slow" content that you could sit with and contemplate over a day, week or month.
Even those of us who don't see ads see the structure that the ad-driven internet economy creates. Listicles, clickbait and AI-generated slop web pages, just trying to get more ad impressions. Sure, with an ad blocker I can see the low-quality content without an ad, but without the ad economy hopefully there'd be less incentive to create low-quality content to begin with.
It's possible they are safeguarding for possible future changes of copyright law that would give Microsoft copyright over all Copilot contributions. This may sound paranoid but, as far as I know, exactly who counts as an "AI operator", how much authorship an "AI operator" has, and who gets copyright, or whether AI contributions are even in the public domain, are legally untested and unclear issues.
tough luck for MS or other "AI" providers claiming any ownership, since if they can claim ownership, then it opens up the discussion of what license the AI output really is under, since it was trained on GPL licensed data.
The US Copyright Office has said that AI output from human prompting is not copyrightable. There are caveats, but iterating on prompts results in output that's nobody's IP.
Because it's nobody's IP, Microsoft is already in a position where they could just use, remix and/or distribute that output however they want to today.
Because of the walled gardens, duplication of efforts, and waste of resources I'd personally favor if apps died out but that is never going to happen because they always have better platform integration.
reply