End of September, Switzerland will vote for E-ID. A big threat for our privacy as it will widely used for tons of new use cases.
Behind the government pitch of an “open source project, completely optional” hides big tech industry… Which will make it mandatory to access their services.
What are your thoughts on that ?
#Switzerland #Privacymatters
Works for me, URL please and thanks already for the clarifications.
I can’t find the blog post that I was referring to but this might help:
From their own site: https://www.itsme-id.com/en-NL/why-itsme/security
ISO cert: https://www.itsme-id.com/en-BE/business/blog/iso27001
It’s good to point out that the system was developed by a consortium of banks to simplify identity verification en prevent fraud. Banks are held to ‘‘Know Your Customer’’. KYC entails that they need to check your identity every now and then and up until ItsMe that meant that you had to verify with your eID and a card reader. Those card readers have issues. Outdated firmware and whatnot make the proces a terible experience. I have several government websites that I use from day to day and the all need my eID for authentication.
Some figures. Nearly 1.700.000 authentications every day for 11.700.000 Belgians. 80% Of the Belgians use the app.
To clarify, I know it works. I used it years ago (2022 I guess) and found it extremely convenient then. I did even help others set it up because I found it so efficient. So that’s or popularity is not into question. How secure it is also isn’t what I’m questioning because honestly if my bank suggests to use it, and it’s not secure, they will have to pay in the end. No, the question is solely WHO gets WHICH data. For example is the bank consortium that can see my purchase? Is it “anonymized” (whatever that might in practice means) then sold to 3rd party?
Ah, you can see clearly who gets which data with every authentication. It’s logged and I can look it up on my portal.
Actually’', apart from ItsMe, I can see every time someone did any lookup on my online data with the federal government for the last 10 years. I even get to see their names.
There’s no third party watching with ItsMe because the traffic is encrypted. The data is owned by the Federal government and the party that requests authentication gets to see what the are legally allowed to see and what you clear. With every authentication you get to see what info they request.
So who gets to see then beside I guess your bank and the merchant site? You don’t have to share anything specific, can be company names but if that would reveal some of your personal preference you can share type of economical actors (e.g. other shops, advertisers, insurances, etc).