top | item 38164881

(no title)

agarsev | 2 years ago

I still don't get the MITM argument. To me, it feels like there is a lot of heavy lifting beneath the could in "a EU government could MITM any other EU country citizen". Can somebody walk me through an example of how could the Romanian government MITM a portuguese citizen in Portugal accessing a website hosted in Sweden? Maybe there's something I'm missing? To me it feels like it would require a lot of third party cooperation (ie ISPs).

As to the tracking potential of eIDs, I agree it could be lessened by improving the legislation as the letter proposes, but to me if feels like it adds a small risk of abuse for a lot of benefits (digital access to the administration, and better security through relying on modern practices instead of handwritten signatures). Again, what is the threat model for being tracked with this ID? Will a random t-shirt shop ask me for my ID? Will this give them better insight into my online habits than asking for my CC number?

I see a lot of security professionals warning against this law, and I tend to defer to people who know more than me, but time and again, and as with other EU legislation, the arguments seem to feel unconvincing and mired with "potentials for abuse" and slippery slopes.

discuss

No comments yet.