this post was submitted on 08 Dec 2024
390 points (92.6% liked)

Privacy

32525 readers
344 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

In my (European) country now we can have a digital copy of the driving license on the phone. It specifically says that it's valid to be presented to law enforcement officers during a check.

I saw amazed in the beginning. They went from limited beta testing to full scale nationwide launch in just two months. Unbelievable. And I even thought "wow this is so convenient I won't need to take the wallet with me anymore". I installed the government app and signed up with my government id and I got my digital driving license.

Then yesterday I got stopped by a random roadblock check and police asked me my id card. I was eager to immediately try the new app and show them the digital version, but then because music was playing via Bluetooth and I didn't want to pause it, i just gave the real one.

They took it and went back to their patrol for a full five minutes while they were doing background checks on me.

That means if I used the digital version, they would had unlimited access to all my digital life. Photos, emails, chats, from decades ago.

What are you are going to do, you expect that they just scan the qr code on the window, but they take the phone from your hand. Are you going to complain raising doubts? Or even say "wait I pin the app with a lock so you can't see the content?"

"I have nothing to hide" but surely when searching for some keywords something is going to pop-up. Maybe you did some ironic statement and now they want to know more about that.

And this is a godsend for the secret services. They no longer need to buy zero day exploits for infecting their targets, they can just cosplay as a patrol and have the victim hand the unlocked phone, for easy malware installation

Immediately uninstalled the government app, went back to traditional documents.

(page 3) 50 comments
sorted by: hot top controversial new old
[–] jagged_circle@feddit.nl 1 points 3 weeks ago

Yeah, as a rule you should always turn off your phone before approaching any control point like that

[–] Niquarl@lemmy.ml 1 points 2 weeks ago (1 children)

I've always just shown a scan of my ID on my phone. It's just a picture?

[–] Moonrise2473@feddit.it 1 points 2 weeks ago

and they accept that as a valid id? I mean in a store ok, but a public official? It's incredibly easy to make a fake screenshot

the digital version of id cards are glorified qr codes: they scan it and their device downloads from the government servers the official version. Or, for offline usage: the qr code contains all the data, signed with their key, they check if the signature is valid

[–] rottingleaf@lemmy.world 1 points 2 weeks ago

I'm thinking of going stoic and dropping anything Android, but this would require setting up an emulator working good enough for WhatsApp, Google Authenticator, MS Authenticator and probably something else.

[–] QuazarOmega@lemy.lol 1 points 2 weeks ago

For the most surface level concerns like risking them accessing any app on your phone, you can enable app lock on those that support it. Usually the most sensitive do: WhatsApp, Signal, banking apps and others.
If they don't, take advantage of the private space which locks apps until you unlock, and you can relock whenever you want

[–] halcyoncmdr@lemmy.world 1 points 3 weeks ago* (last edited 3 weeks ago) (3 children)

This is the biggest issue I have with them. The only way this will work in modern society where the police can't be trusted, is if the ID is accessible while the rest of the device is locked down.

And that's really only possible if Apple and Google integrate that directly into the OS.

load more comments (3 replies)
[–] shortwavesurfer@lemmy.zip 1 points 3 weeks ago (1 children)

Don't get me wrong, it's great that you figured this out. But why did you not consider this sooner? Wouldn't it have been obvious that you would have to have the phone unlocked and that having a police person have any access to an unlocked device would be a real problem?

load more comments (1 replies)
[–] SpiceDealer@lemmy.world 1 points 3 weeks ago (2 children)

What's the possibility and legality of something like getting implemented in the US?

load more comments (2 replies)
[–] pkill@programming.dev 0 points 3 weeks ago (5 children)

But they have one advantage: They are way easier to counterfeit. Meaning that with a few months of programming at most, if you ever find yourself on a run, you'll be able to ID yourself on trains or buses or check in to hotels with fake personal info.

[–] Moonrise2473@feddit.it 1 points 2 weeks ago

i don't think that there's no check at all. There's either a server side check or a digital signature to verify, or both. You can trick the train ticket check (here they don't even scan the qr code, they see the screen on the phone and continue) or the lazy airbnb landlord, but that can be done also today

load more comments (4 replies)
[–] Shimitar@feddit.it -1 points 3 weeks ago

No, se facessero cosi basterebbe che tu toccassi il bottone di blocco mentre glielo passi... A ripetere fino alla nausea.

No credo che la realtà sia differente: cosi ti invogliano ad avere l'app IO installata sul telefono... Semmai è quello il cavallo di troia.

load more comments
view more: ‹ prev next ›