WingNews

digiown|19 days ago

This is really a human right issue. No one should be required to carry an attacker-controlled tracking device, especially not for interacting with the government. It's funny that the EU uses all this mobile attestation BS more than the US does. So much for sovereignty and consumer protection. No monopoly Google can build is as good as the government forcing you to accept their terms.

joe_mamba|19 days ago

>No one should be required to carry an attacker-controlled tracking device

What about being required to carry a your-own-government-controlled tracking device?

Because the US or Chine government can't harm me in Europe via the data they collect from me, But the EU authorities can if they want to, so naturally I fear them more if they were the ones hoovering my data.

What are the odds they're using this on-shore tech grab to implement their own domestic version of China's social credit score system, to easily get data on their own citizens who commit "wrong-think", without having to through the effort to twist the arm of US entities every time they want to do that?

Food for thought, but I do think we're living the last years of online anonymity, it's inevitable.

moffkalast|19 days ago

Yeah it seems that some politicians have noticed that they can enact a lot of self serving authoritarian legislation that wouldn't fly otherwise if they push it as populist independence-from-US thing. Can't let a good crisis go to waste, of course.

One only needs a few looks at what the EU Commission has been doing lately to see that if left unchecked their plan is a UK-like total surveillance state.

TimByte|18 days ago

The real human-rights issue, in my view, is optionality. If interacting with government or the financial system requires a specific proprietary device tied to a specific ecosystem, that's a problem

skeptic_ai|19 days ago

Carrying this device is the key here. Eventually we all need to carry it around, track us everywhere.

rf15|18 days ago

You are shifting the goal posts here - if we work by this argument, we will never achieve anything.

pjc50|18 days ago

There's a certain amount of conspiracy theory going on in this thread, but it it right to ask: who will be banned from this payment system, and under what rules? Can we make it a legal requirement to at least provide a justification which can be challenged?

The usual first victims are sex workers, not political minorities.

ignoramous|19 days ago

> It's funny that the EU uses all this mobile attestation BS more than the US does

Attestation in on itself isn't unwarranted which (to me) is an important security measure. Attestation as commonly implemented on Android via Play Integrity (the way banking apps are known to do) is restrictive, sure: https://grapheneos.org/articles/attestation-compatibility-gu... / https://archive.is/snGEu

Freak_NL|19 days ago

> Whatever they come up with, I hope it doesn't tie you to a Google or Apple smartphone.

The article starts with Wero right off the bat, which a pan-European rebrand and continuation of the Dutch Ideal. The Dutch have been using Ideal everywhere, and you usually use that to pay online. It redirects you to your bank to acknowledge the transaction, and most bank have auth methods where a smartphone is optional. Most often used for sure, but optional, and you can complete the transaction with a hardware reader and your debit card as well.

The only exception are the neobanks like Bunq, which actually are smartphone-only. That one in particular is great if you appreciate the CEO and staff keeping a personal eye on your transactions (no kidding).

porknbeans00|18 days ago

So... there once was a company called First data. Founded by some JPMC execs who got chased out of the bank after being caught performing espionage for Palantir.

They sold their transaction platform as a service to Apple Pay. And funneled all your transaction data to palantir.

Financial networks are side channels for intelligence gathering. And that makes the folks doing them outside of your nation an adversary.

With the US choosing to become an enemy of western democracy in Europe, the need for more investment in building trusted core infrastructure is inevitable.

Certainly none of this is ever simple. But this is just a microcosm of a much larger shift across many industries in Europe and we as tech nerds should be mindful of the tectonic shifts that are happening currently. The capital investments occurring have serious long term implications for us all.

Nasrudith|18 days ago

Really the folks doing them inside your nation are also adversaries. The worst ones in fact because they usually have the power or know somebody who has the power to jail you.

ap99|18 days ago

How has the US become an enemy of western democracy in Europe?

hiire|19 days ago

Wero is expanding around Belgium, France and Germany while Bizum has "joined" the European Payments Alliance with Bancomat and SIBS from Italy and Portugal respectively, not sure how these work exactly as I'm also located in Spain.

My point being, if these payment systems start becoming more interconnected and join within a standard, I wouldn't be surprised if we eventually saw Bizum cards around here, Wero cards in other places, and many more.

At least that's my take on it. Of course there's still a long way to go, such as developing the system, banks adopting it, businesses adopting it, then customers (which would probably take years, many people wouldn't bother switching at least until their current card expires)

Maken|18 days ago

The transition will be probably smooth and transparent for business and consumers. Banks are already deploying payment terminal able to handle both Bizum and VISA/Mastercard [1]. Since banks own these terminals, they can decide how fast they want Bizum adoption to spread. Business don't even need to opt-in into it. At some point they can simply start charging for credit/debit cards and people will naturally switch to Bizum.

[1] https://www.bbva.com/es/es/empresas/bbva-primer-banco-en-esp...

unknown|18 days ago

[deleted]

pimterry|19 days ago

> for the Android case, as you use it from your bank's app, it would typically require some Google security assurances - so no Huawei phones allowed, for example

I don't know about Huawei, but actually most (all?) of the banking apps in Spain should work on a non-Google-certified Android builds. There's an community list tracking GrapheneOS compatibility at https://privsec.dev/posts/android/banking-applications-compa... and all of them currently appear supported just fine.

microtonal|18 days ago

Same here, I'm using Dutch banking and credit card apps (and iDEAL/Wero) without issues on a GrapheneOS phone (/e/OS works as well).

nosianu|19 days ago

GrapheneOS in Spain?

https://www.androidauthority.com/why-i-use-grapheneos-on-pix...

> Police in Spain have reportedly started profiling people based on their phones; specifically, and surprisingly, those carrying Google Pixel devices. Law enforcement officials in Catalonia say they associate Pixels with crime because drug traffickers are increasingly turning to these phones. But it’s not Google’s secure Titan M2 chip that has criminals favoring the Pixel — instead, it’s GrapheneOS, a privacy-focused alternative to the default Pixel OS.

EDIT: Previously on HN: https://news.ycombinator.com/item?id=44473694

gdulli|19 days ago

I use my credit and debit cards the same way today as I did before smartphones existed. I never invited the extra surveillance middleman of Google/Apple into my transactions. And the convenience of tapping or swiping a plastic card is simpler than using my phone anyway. Is this not possible in Spain?

mig39|19 days ago

I'm with you. Low-tech works just fine. I hate the idea of having to depend on a working phone just to pay for things.

But isn't the promise of Apple Pay that you never expose your real credit card # to the merchant? So they can't track you? I know Walmart in Canada really resisted Apple Pay for a few years because it would mean no more ability to track people by their payment methods.

hearsathought|19 days ago

> I never invited the extra surveillance middleman

What's an extra layer of surveillance? Why accept the "credit and debit" surveillance middlemen but not the google/apple middlenmen?

What the world needs are "cash cards". Something equivalent to cash not tied to your identity that you can use in the real and virtual world.

I simply do not understand why governments or the private sector do not provide such options.

severino|19 days ago

Yes, but in Spain all of our cards are Visa or Mastercard, afaik, so you can't really avoid using American tech in your daily payments (unless you use cash, which remains a very convenient method, by the way).

direwolf20|19 days ago

I put my debit card in my smartphone case. Best of both worlds.

Detrytus|18 days ago

> I use my credit and debit cards the same way today as I did before smartphones existed.

How exactly are you doing that? with 3D Secure online credit card transactions now require confirmation in the mobile app (or via OTP sent by SMS, but this is being phased out, as it is insecure)

Curiositiy|19 days ago

Thanks! ANOTHER SANE voice of reason! Nothing tops the simplicity of using plastic, either via chip or NFC. Leave the friggen' phone at home!

zb3|19 days ago

This "Play Integrity" garbage is the first thing europe should break with. Instead we have Italian government app refusing to run on devices not serving Google's interest.. shame.

preisschild|19 days ago

Also often a requirement on govt digital identity apps...

pjmlp|19 days ago

On Portugal we have the Multibanco network, which already provided Internet like services for buying stuff on the terminals and eventually graduated to have online payments as well, however only in Portugal.

Likewise, in Germany we can have SEPA for most stuff.

And in Greece there is Viva.

Problem is getting something that actually works across all European countries.

margana|19 days ago

The problem isn't just getting something that works across all European countries. It's getting something that works globally.

While we may make most of our payments within EU, basically everyone still occasionally pays for something outside of EU, either online or when they travel. This means if the new thing only works in EU, every European will still need and have a MasterCard/Visa even if they use it less often than before.

This is still a massive amount of leverage - MC/Visa still have the ability to block payments made from EU citizens/companies to outside.

severino|19 days ago

I've been in Portugal sometimes, and to me MB was synonymous with "we accept credit cards", and in fact it is in the sense that you can pay using Visa or Mastercard in those shops. But, is it a standalone system that doesn't require anything outside Portugal in order to work? With their own non-Visa credit cards? And can you use them when abroad in the EU, for example?

moffkalast|19 days ago

SEPA would be a decent solution with instant QR code generation and app payments, but the transfer fees are ludicrous for daily use (~1-2€ per wire). Or maybe it's just my bank being greedy fucks as usual.

storus|19 days ago

SEPA gets blocked immediately when you try to buy something expensive, like a top-end graphics card (8k+).

bjghknggkk|19 days ago

Show me a german webshop that supports modern payment methods. It usually old school bank transfers still.

ChrisMarshallNY|19 days ago

An Indian friend of mine, constantly raves about their UPI system:

https://en.wikipedia.org/wiki/Unified_Payments_Interface

It sounds a lot like what they're discussing.

crossroadsguy|19 days ago

Oh it is good. It has its drawbacks (like everything else) but it's quite the de facto now and UPI Lite ( a wallet not on individual apps but on UPI/NCPI f/w itself) had made it even better.

skadge|19 days ago

FWIW, I'm using Bizum on a daily basis in Spain, on a de-googled android phone running e/os/, via my bank app (revolut)

fhdkweig|19 days ago

> Whatever they come up with, I hope it doesn't tie you to a Google or Apple smartphone.

I would also hope so, that is the entire point. The reason they are scrambling right now is because Starlink just shut off all of Russia. Because Starlink was so cheap and easy (and stable for the last 4 years of the war), a lot of people in Russia stopped using any other form of internet access. And while all of Europe is happy to see Russia go away, they are concerned that the same can be done to them at a whim by any number of American companies. So they are trying to quickly create alternatives to anything American including software providers like Microsoft 360.

As for credit cards, it is not as if there is something intrinsically American in credit card processing. They can just as easily create a new system that uses the same protocols as Visa and Mastercard.

Having your entire economy dependent on a company you don't control in a country you don't control was considered acceptable for as long as a concept of "allies" existed. That is not the world we are living in right now.

varjag|19 days ago

Starlink was never available in Russia due to the sanctions regime. It's only use by Russians was via grey import terminals on the frontline in Ukraine (made possible due to complications of geofencing).

grishka|19 days ago

> a lot of people in Russia stopped using any other form of internet access

What you're saying is just plain false. No one has ever used Starlink in Russia. It doesn't even work here. It never did. Russian troops were using Starlink on Ukrainian territory, that's what was shut off.

pennaMan|19 days ago

> they are trying to quickly create alternatives to anything American

They're the same bright minds that ensured no alternatives could naturally come out of the European market trough relentless bureaucratic central planning. I have zero hopes of a good outcome

abcdefg12|19 days ago

Never mind russians putting starlinks on flying bombs to blow up Ukrainians. But those poor Russian Internet users you invented. While it’s jailable offense in russia to own starlink.

YarickR2|19 days ago

> Because Starlink was so cheap and easy (and stable for the last 4 years of the war), a lot of people in Russia stopped using any other form of internet access.

What are you smoking ..err.. any source to your claim ? (Which is between bizarre and just plain wrong).

inemesitaffia|14 days ago

Where did you get "4 years"? And what makes you think people in Russia were using the service?

poilcn|19 days ago

What are you talking about, 92% of Russian population has access to internet via landlines, the government subsidised building all the infustructre. The internet access is one of the cheapest in the world($5-10 per month for 100-500mbit/s), starlink with its $50-120 price tag is not affordable at all, ignoring the fact it doesn't even work here

hkpack|19 days ago

> Starlink just shut off all of Russia

What are you talking about? Starlink never worked in russia. It worked in Ukraine, and it was shutdown in Ukraine by using a white list for which any Ukrainian can easily apply.

The goal was to shutdown Starlink usage by russian drones in Ukraine and by anyone on the occupied Ukrainian territories.

Imustaskforhelp|18 days ago

UPI in India if I remember correctly can actually work even offline by either sms/calling functionality even on dumb phones

Pasting this ddg-ai thing but I think its called UPI 123PAY

UPI 123PAY allows users to make digital payments using feature phones without needing a smartphone or internet connection. Users can set up a UPI ID by dialing *99# and can make payments through methods like IVR calls, missed calls, or sound-based technology.

https://razorpay.com/blog/what-is-upi-123-pay/

crossroadsguy|19 days ago

They should just do on the lines of what India has been doing with UPI and Brazil with Pix. Both massively successful at this point. Of course take their good parts.

By the way, since you wondered, it seems to be

> built around the digital wallet Wero

and wikipedia says its a mobile payments method. I hope not. I hope it's rather an interface/spec.

(On a side note, I also hope individual countries of EU ensure that those spec leaves an ability for them to continue internally or even externally if rest of the EU decide to cut someone off or so.)

hocuspocus|18 days ago

EPI is the interface and it's built upon SEPA and TARGET standards.

Wero is the implementation. I think it makes sense to provide a turnkey solution to all participating banks, so that we don't have 100+ versions of the same app.

Countries that don't want to trust EPI (or simply outside the Eurozone) are able to take the same path as Bizum in Spain, and make their domestic solution interoperate with EPI instead of replacing it.

kassner|18 days ago

> Brazil with Pix

Are you aware of any banks that don’t require you to use their Android/iOS app to use PIX? I’ve had accesss to maybe a dozen banks and none had that ability. Sometimes you get via web, but needs their app’s 2FA to log in.

dj0k3r|18 days ago

> Of course take their good parts.

I completely agree. Sadly UPI is now almost completely dependant on platform integrity ( google and apple).

ncruces|19 days ago

> Whatever they come up with, I hope it doesn't tie you to a Google or Apple smartphone.

Even if it does, Google won't be taking a cut from it.

Also, it's then much easier to provide a mobile web version, or something else.

My country's internal system also sells a bracelet for contactless payments, and there are obviously payment cards.

Once there's a mandatory standard, it's much more likely competition will show up. EU wide SWIFT, direct debits, instant transfers, all show this.

KellyCriterion|19 days ago

What would Google prevent from taking a similar cut as Apple is taking?

AdamN|18 days ago

Cards are really slow and expensive to distribute and (tech forward) people would also prefer to just use their phone or watch. This is the kind or project that will take years to work and almost everybody now has a smartphone on one of those two operating systems in their pocket every time they leave the house.

Cards will have a slow demise over the next 10 years but it's coming whether we like it or not.

KronisLV|18 days ago

Support both?

Like to log into e-banking services over here we either have phone apps, or a code calculator device that can be used instead of those: https://www.seb.lv/en/private/daily-banking/tools-and-online...

Seems like common sense to me, the same how I have a wallet on my phone but still carry cards for payments just in case.

severino|18 days ago

Well, at least in Spain cards typically take between 3 or 5 days to get to you via post mail when you first open your account in a bank, and when it's about to expire, from time to time, you get the new one weeks in advance.

So I don't think distribution is a problem. Of course companies would prefer to save the cost, and they also prefer that you use their applications, but I just don't think it's more convenient for the end user. Taking a card with you is not a big deal while having to use a mobile application or approved device limits your freedom to choose which smartphone you want to use or how to use it.

gvurrdon|18 days ago

Definitely. I have spent the last few days trying to get a replacement "Digipass" device for a bank account I run for a small sports club. The bank was very reluctant to issue a new one as they want to move everyone onto their app to generate codes for logging in to their website. Trying to argue that even if their app worked now on a de-Googled Android device there was no guarantee that they wouldn't require Google's safetynet etc. at some point in the future was a failure. They did not understand this and decreed that the app not working, or possibly not working, on one's phone was "not a valid reason" to be excused from using the app. Luckily because the account is a business account I was able to claim that using banking apps on phones was against company policy (I set the policy myself), which is an excuse they were willing to accept. For now.

phyzix5761|18 days ago

Any solution they come up with will benefit some company that implements the solution. Most likely there already exists a company (it could be Visa or Mastercard) that has the solution ready and they're lobbying for this to happen.

port11|19 days ago

I don’t see why they can’t just piggyback on existing, proven solutions such as Bancontact, Carte Bleu, etc., which are all based on a card running on its own network. If it’s app-based, we’re excluding quite some citizens from it.

skywal_l|19 days ago

Visa bought Carte Bleue in 2011. Yep.

hocuspocus|18 days ago

Some of these are 40+ years old.

It makes sense to build upon modern SEPA payment rails and focus on mobile wallets. Europe has always been on the forefront (Swish, Vipps, ...) and we have entire generations of consumers who barely if ever use plastic cards.

munk-a|19 days ago

Canada has the interac system and it works pretty wonderfully, it's integrated into other systems for overseas compatibility but it can operate entirely independent of VISA/Mastercard if the POS supports it.

socceroos|19 days ago

I hope they go with Taler, personally. Privacy of cash but the required traceability for merchants.

moomoo11|19 days ago

What about a implant that can be placed into your palm? It can carry everything about you and be tied to your pulse so that if you have a panic attack or something as you are being robbed it wipes everything but your name and basic information.

crossroadsguy|19 days ago

> implant that can be placed into your palm

Might as well make it to the brain while we are at it. Safe when one is brain dead or unconscious. What say?

nunoonun|18 days ago

The Portuguese alternative "MB Way" has small NFC tags that can be tied to your account and used instead of the phone. You still need to register it in the phone. But it's a small step in the right direction.

hahn-kev|19 days ago

It's true that it's a problem, but it can be easily fixed in the future. For example they could just change the app to work on any old android fork. You still get the benefit of no longer having transaction data run through the US.

ulrikrasmussen|19 days ago

But right now many of us are concerned with not being able to run e.g. GrapheneOS without locking ourselves out of all basic digital infrastructure. We shouldn't wait until it gets untenable for the EU to lock us into Google and Apple, we want independence from the start.

sylware|18 days ago

If the interfaces are simple, straight to the point, able to do a good enough job, all that in a modular fashion. It should be rather ok.

But 99.99% of the time won't be the implementation of such interfaces, but monitoring and security.

pfortuny|19 days ago

With my bank (bankinter) you can bizum from a browser (just checked).

Sorry: This is Spain (to clarify).

GuestFAUniverse|19 days ago

Logical next steps: 1. European app store that has to run on Android/iPhone 2. European phone (platform) -- maybe as a joint venture of different European players / not a single company.

TimByte|18 days ago

Real independence requires thinking about the full stack

Curiositiy|19 days ago

This. A sane voice of reason in an insane, software-tech dork driven world.

Physical cards ftw!

Btw i love simply using cash in South America when getting a taxi, no stupid "apps", no tech nonsense. Just wait at a proper spot and hail.

clawlrbot|19 days ago

[deleted]

whynotmaybe|19 days ago

What does Belgium's capital has to do with this? Do you imply Brussels = European Union?

rich_sasha|19 days ago

I think absolutely Europe needs it's own mobile OS. And thankfully they can "just" fork Android - or better still, adopt one of the existing forks.

I suspect simply stating that it must be a supported standard will do most of the work, much like standardising phone chargers.