Are we seeing the same in Denmark/Greenland with the USA?
[1] https://www.europarl.europa.eu/RegData/etudes/BRIE/2022/7335... [2] https://en.wikipedia.org/wiki/2022_Ukraine_cyberattacks
Too many people appear to be lacking the ability to grasp that, if they hadn't spent decades reacting like mindless, programmed bots to anything that might require more than two braincells to think about, most of the things revealed by the EpStein files would have surfaced a lot sooner.
And that's just the tip of the ice berg.
The way TLS on the Web works is better: as long as the CA is up some time during the period I need to renew it is fine. Digital IDs should really work that way (probably with relatively short life spans just like let's encrypt: the digital ID could need to be renewed once a week for example, and it would opportunisticly renew when less than half the time is left).
You should still be able to authenticate with each individual service when the centralised service is down.
There is no reason why you shouldn't be able to login to your bank under these circumstances.
In fact, we don't have real time revocation of any document until very recently...
10-20 is fantastic in comparison. Even if people don't have more than one it at least reduces the blast radius..
But it's a trade off. Long-lived TLS certificates have always had the cert revocation problem. OCSP stapling never took off, so in the end the consensus seems to have been to decrease expiry date. (Mostly fueled by Let's Encrypt / ACME).
Relying on expiration rather than explicit revocation of course also assumes (somewhat) accurately synchronized clocks which is never trivial in distributed systems. In practice it put's pressure on NTP, which itself is susceptible to all kinds of hairy security issue.
I like to think of the temporal aspect as a fail-open / fail-close balance. These centralized solutions favour the former, and that's why we see this resulting outage.
Smartcards / YubiKeys.
Never understood the logic for these to be centralised / online.
For this and related reasons, such as enforcing protocol upgrades, most smartcard systems end up permanently online.
Yep let's not learn from that incident and wait until is offline for like 2 weeks, and be assured that will happen.
Really FAANG can stop a solar-storm? A war on infrastructure?
Remember that your website not just needs running computers but energy too, and a net that brings that information to the peoples, and those peoples devices need power too.
Just look at the Berlin outage where people had to go to hotpots with generators to load the phone:
https://edition.cnn.com/2026/01/07/europe/berlin-power-outag...
And that was a small attack on infra but 100'000 where affected.
But sorry if i touched any of your sensitive areas...because it's Europe and not FAANG ;)
The topic is an opener to discuss MitID, electronic ID's in general, the protocols behind them, what happens when they fail, privacy, societies reliance on them or something similar.
You're usually about 1 service away from realising that the "money you have" is just an int32, that, if everything works properly, you can modify.
Otherwise you have nothing except a pretty little plastic card.
(I'm aware that payments systems are not affected, but it's a sobering realisation that I've had a couple of times, but it works enough of the time that I forget about it... it's a bit like the meme about backups where a computer takes too long to boot, the person slowly builds panic and starts wishing they had backed up and published all their important work - then when the computer works they say "*phew*, thank god I don't have to do any of that".
What are we supposed to do?
After all that we've been through
When everything that felt so right is wrong
Now that the money is gone (money is gone)
Without a trusted device or Recovery Key, Apple may impose a security delay (24 hours to several days) before allowing a password reset. Getting new SIM and re-authenticating our life will be pain.
1. You need to verify yourself in person to get id or passport. You may need someone you know with you and have real interview.
3. But government gives only digital ID's so you need a phone to get it.
4. You can't buy a new phone or get a new SIM unless you can pay for it. You can't pay for it unless you have a phone and credit cards there. But neither bank does not recognize you without digital ID.
You need friends to bootstrap your life, but you are also in the middle of loneliness epidemic and have no friends, you parents have died. What do you do?
There‘s always possibility to have your travel passport as a backup (and when traveling abroad your domestic ID is suitable for recovering passport).
When I wanted to get a replacement id to be issued in the year 2019, I had to book an appointment, get to the place and by the time I got the desk, the clerk had the thing open with my face photo from the last time I had a passport issued.
There are less fortunate people, who have the hardcopy id present, but no digital file exists for it (because it was issued before the digital files became a thing) and the paper trail leads to the occupied territory. That is usually months long story where secondary sources are involved and sometimes you have to find a friend who can confirm your identity.
So yeah. Make sure that the issuing CA doesn't get overrun by orcs before the replica thinks and you a hardcopy that is trustworthy enough.
Getting a new (e)SIM abroad can be very annoying, depending on the mobile network, which is why I try to avoid mandatory SMS authentication as much as possible.
If only it was a uint32
money_in_account=false;well, luckily, that's not how money is stored, but instead, they're transaction based. Aka, that number you have is a calculated value, not a stored, arbitrary value.
Except...perhaps the central bank's, where they could really just generate that money as an arbitrary value to lend out to other banks.
footnote: of course, your account balance is cached, so that it is not recalculated over and over again...
Similar to what the author describes, I wouldn't be surprised if a lot of this information is generally not public.
I remember hearing that Zimbabwe, during its period of hyperinflation, had problems because the databases for the banking system couldn't handle a time with $100 trillion banknotes, and ATMs didn't work because of overflow errors.
If only they had used int128. :)
All of those have some very annoying fail scenarios too.
Someone trips over a cable and now your region of the world can't recognise that you have any wealth of any kind.
Or, you can get debanked by the state. :)
Hard to do that with coinage- but you can have your coinage destroyed in a fire (or via theft, of course).
Strips of paper and metal coins have a huge problem with forgery. Metal coins in particular can get very heavy very quickly.
Goats have this issue that they can get sick and die. They also need to be fed. Goats have a massive advantage that while heavy, they can move around on their own. Not easily fractionable though.
Salt is probably the best one in that list. Easily fractionable, not easy to forge. Can be used as seasoning and to dry things. It can get wet though.
But anything you can touch has the risk of being forged or destroyed.
The whole point of bank notes was that they're centrally backed- someone would take the responsibility of ensuring that it's hard to forge and backed by something "real".
But centralising it so completely has pretty concrete drawbacks, which is fine, if your infrastructure is perfectly reliable and your banks are trustworthy.
History has shown us that infrastructure is never perfect, and banks are not perfectly trustworthy. So, hedge your own risks.
A personal tragedy (losing some money) is materially different than the entire economy being screwed because of a programming issue, or a city being screwed because of an internet outage, or a person and their family being (additionally) screwed because they offended a politician.
It's just.. different levels, and the centralised convenience becomes a pretty catastrophic impact in the worst case; and on a long enough timeline, the worst case is inevitable.
MitID doesn't work on rooted android phones, or those running a custom rom. Reports from others who have disassembled it indicate that in fact a hard coded list of custom roms is checked against. It's a highly obsfucated binary, and by design is a single point of failure. If you sign in with an unauthorized device it helpfully centrally blacklists your IMEI. It's hard (but not impossible) to get a phone contract on Denmark without indirectly giving over your CPR number, so I imagine trying to get around this is frustrating. I didn't try and have a hardware dongle. One. By design, this whole system is a massive centralised single point of failure. It's absolutely key to Danish life.
That all said, most Danes would vigorously defend privacy, say that the state doesn't abuse its powers, and they're probably right. It's a very vivid vision of the 1960s Nanny State, where Nanny knows best and has your best interests at heart. Most of the time, she does. They're frequently voted as some of the happiest people on earth, so clearly the recipe of pay a ton of tax and get things from it works well. I find the privacy lack rather shocking and I've never got used to it -- in quite some ways it's an incredibly authoritarian society although no Dane would ever say that, and tell me to drink more øl and get off the internet and go for a walk in a forest. They point out that the UK has far more CCTV cameras and that we have more prosecutions for bent policemen and politicians. There's truth in all of this.
Either way, I'd be interested in seeing if they issue a post mortem on this. It'll cause a lot of issues for many, many people.
Your other complaints: 100% agree, the whole thing is a privacy nightmare.
I wouldn't count on a post mortem of any value. They still refuse to explain how the system has been abused in the past. Regardless of how hard I try, I fail to understand how it has been abused after QR codes was added to ensure presence at the device you're trying to authenticate at. The system feels secure, but has been abused a number of times and we're almost never told how.
I really like the centralised system, it makes navigating society surprisingly easy when compared to say, Germany or the UK.
The difference is that I sort of trust the Swedish government, they've never really done anything to breach that trust - up to and including their handling of COVID (while controversial, they took the stance of individual liberty and a "collective responsibility" over mandatory top-down systems).
The UK in contrast has a much more heavy handed relationship with the population, up to and including incarcerating people for saying the phrase "we love bacon" at a construction site or typing the letter "n" on social media. It's a different context entirely.
Also, BankID, the central system is a definite weakness, but you can have a card/pin device that still works, and it does work on grapheneOS, though it will complain a bit if you don't have google services installed... which I find hilariously awful...
I was under the impression that it doesn't work under GrapheneOS, great news that it does. Other than that it shares some of the characteristics detailed above, refusing to run if it notices rooting and the like. Also no Linux support.
Edit: I agree that it has a convenience to it, but I strongly suspect it has a latent tyrannical potential and that future governments will exploit this to a further degree.
But yes, it's owned by the banks not the state; if anything though this increases its weakness.
You can use BankID to identify with the tax agency, the public health services and police. (and more: this is just what I'm aware of) and there's an expectation that you have a BankID.
Having lived in Germany it's quite different, but I'd argue the centralized handling of the CPR is actually quite convenient and doesn't meaningfully impact privacy. In Germany every authority has its own ID for you anyway (my password manager has a category "Government Primary Keys" for this), however that means that you have to provide all your information from scratch to every authority. This would theoretically lead to more privacy if we lived in 1926, but now computers are ubiquitous and a rogue government (like Germany is close to electing) can just correlate these keys together. Relational databases have existed for decades and JOINS are cheap. Thanks to surveillance capitalism by now we have very sophisticated ways to deanonymize people, the government can just hire someone to do it.
So the privacy in Germany is most often inconvenience for the citizen paired with hardly any privacy gain from a potentially hostile government. At this point I think the better solution is to avoid electing hostile governments. To Denmarks credit, they're currently doing that better than many other European countries.
I've gone the other way from Denmark to UK. And I've often had to mail copies of my passport or other identity documents via email. And my bank requires me to regular scan my face to check that it aligns with the picture in my passport.
I don't get the obsession you Brits have against IDs, in Europe you are pretty much the only ones. But a lot of what you say resonates with my observations:
- single point of failure: absolutely, but so is the "sign in with Google" or equivalent. It's just too convenient. I'd rather have a public service do it than a private company that can cut you out at any time without any explanation.
- Nanny State: 100% also in Sweden, actually worse here. But historically they have been pretty good at protecting freedoms, so far. The UK (or Italy) may be less nanny, but have got some very illiberal things going on these days (left or right government doesn't really matter, it seems).
- Happiest people on earth: I really doubt the surveys measure happiness. They tend to measure trust in institutions, which is very high in Scandinavia.
- It's an incredibly authoritarian society although no Dane would ever say that: exactly the same in Sweden! They would NEVER admit any failure in their society, no matter the hard evidence in front of their eyes. I guess that it's the other side of the same trust of the previous point.
- Drink more øl and get off the internet and go for a walk in a forest: At least you've got øl, in Sweden alcohol is taboo. Forests are nice, but become boring quite quickly :)
Electricity isn't guaranteed.
Would be cool if multiple actors were allowed and shared the same kind of auth signing method so that there aren’t just one point of failure. Or something distributed like a blockchain type of signing method, at least I don’t think Bitcoin or Ethereum have downtime that often, and authorization should probably be read heavy only to check if some identity is still allowed
That’s a remarkable failure to read the room, given the digital sovereignty initiatives across Europe.
As a Dane, having lived in other countries, MitID is an insanely superior to anything I've ever tried. It simplifies so many touchpoints with the government, and is honestly such a good upgrade going from nothing -> physical NemID card with codes -> digital MitID (literally "My ID").
The only real disruption I'd say is if you happen to be buying something online that triggers the 3DS prompt (an additional security layer to prevent cards getting stolen/scam). In Denmark the 3DS prompt for VISA at least uses MitID to verify you are the owner of the card, so that'll obviously not work when MitID is down.
I'll say, it has been surprisingly stable though otherwise, and disruptions usually aren't a big impact (I literally wouldn't have known unless I saw this HackerNews post).
As for a centralized identity system: I personally see this as an acceptable contract for living in a society. Most countries have SSNs anyways, your taxes and many other things are tied to this. Centralizing this identity allows the government to streamline so many things to give a better service to their citizens. For example, all official communication goes to your "DigitalPost" email inbox, your verify identity with "MitID", and every person or company has a registered "NemKonto" tied to them for any salary or government payouts.
I maybe see people get tripped up at the concept that your government should actually care about the service they deliver. That's probably already the point where we diverge when talking about if these things are a good idea or not.
mousepad12•2h ago
aucisson_masque•1h ago
zenmac•1h ago
lxgr•1h ago
simongray•1h ago
The current system, MitID, depends on smartphones, though you can get an an external key generator as a backup too.
LeonidasXIV•1h ago
xorcist•1h ago
The logistics operation involved in distributing codes is also very expensive and inflexible. You may need to authenticate payments a dozen times in an hour one day, when you are on a farmers market which doesn't take card payments or you are out dining with friends, and another day not at all.
Given all this, a good old public key infrastructure makes sense. But that is unfortunately also usually the first step to a complexity explosion.
LeonidasXIV•1h ago
This is true and was definitely a criticism of the old system, where websites would open the NemID iframe and ask you for your username, password and a specific indexed OTP code, without providing any authentication to you. You only notice something weird if it asks you for an the index of a code that is not on your card but maybe the scammer is lucky and guesses an index that you have and then they can use that phished username/password/OTP triple to perform an unauthorized action.
The new system is slightly different, because if you use the mobile phone authentication it will send you a notification to your phone, but if you use the (bespoke, non-standard) OTP dongle it still does not authenticate itself towards the user. However the codes are now time-based so if they collect an OTP code they can only use it in a ~30s window, so the phished credentials have to be used immediately.
timoth•7m ago
It's very unlikely people would need to mess about with MittId/BankID if they can't use card payments at a market. Firstly, if they're doing the almost-unheard-of clunky approach of using their mobile banking app to make a bank transfer, it would probably be authorised using their touch/face ID instead of BankID/MittID. But far more likely, they'd use one of the ubiquitous mobile payment apps: Vipps (Norway), Swish (Sweden) or MobilePay (Denmark).
LeonidasXIV•1h ago
How that would've prevented this issue: not at all. If the login service is down, having the piece of paper with OTP codes is worthless as the problem is not getting the codes (I can still get MitID codes with the OTP dongle) but the authentication website. The previous system was just as centralized.
mrweasel•1h ago
Each service would serve the authenticator snippet from their own domain, with their own certificate. MitID, for all it's centralization flaws, solved that by only being valid under the mitid.dk domain. I doubt that most people check the domain and the certificate, but they could.
Gravityloss•1h ago
VorpalWay•1h ago
elygre•1h ago
Gravityloss•1h ago
wasmitnetzen•48m ago
There are talks about a state-provided one coming soon, because of EU E-ID laws.
mousepad12•1h ago
LeonidasXIV•1h ago
Given the Swedish version of it is called BankID I assume the situation is nearly the same in Sweden.
mingusrude•1h ago
wosined•1h ago
UebVar•1h ago
mingusrude•1h ago