Den ons 24 juli 2024 kl 08:32 skrev Björn Persson <Bjorn@rombobjörn.se>:
Kevin Kofler via devel wrote:
> And at least the German stuff (and the Italian, Portuguese, and Estonian
> ones) is Free Software. The Austrian ID Austria app is entirely proprietary.
> Though, as far as I know, you can buy physical FIDO2 hardware, then go
> register that with the ID Austria office, and then log in on the ID Austria
> website with any FIDO2 enabled browser and the hardware you bought. But the
> default workflow goes through a proprietary smartphone app.
I wish I were allowed to use FIDO2. The dominant ID protocol in Sweden
is called BankID. It's a proprietary and secretive protocol that
requires a proprietary app that requires an operating system from
either Apple or Google – or sometimes Microsoft, but in many cases not
even Windows is allowed. No FIDO2 or other open standard is allowed.
It's becoming ever more difficult to be a Fedora user in Sweden.
Several banks require BankID. Members of various associations must have
BankID to log in to membership pages. Many webshops accept payment only
through Klarna, and Klarna now requires everybody to use BankID. Thus
the BankID cartel effectively controls which operating systems have
access to the Swedish market. Users of other operating systems are
severely restricted in which banks they can have accounts in, which
shops they can buy from, et cetera.
It is not that bad if you use a specific proprietary device for Mobilt BankId. Swish payments might be problematic, but you can use debit/credit cards for most things.
/Andreas
By the way, the BankID protocol has fundamental design flaws that enable
an ongoing fraud campaign, and the more BankID becomes a routine in
people's daily lives, the easier it becomes for scammers to convince
victims to click through the BankID dialog that authorizes the scammer
to empty the victim's bank account.
There are also at least two other proprietary ID protocols, which only
government agencies accept. One of those offers a Firefox extension that
can actually be used on a GNU/Linux system. It's unfree, buggy and
unmaintained, but usually works just about well enough to be usable on
the one website I need to access that accepts it.
Government agencies seem to have some requirement to be vendor-neutral,
and they believe that means they must buy incompatible proprietary
services from all the vendors, instead of defining a standard that any
vendor can implement. Everyone who isn't required to be vendor-neutral
accepts only BankID and contributes to strengthening the Apple/Google
duopoly.
Björn Persson
--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
-- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue