social.noyu.me

for a long time, there's been a bit of a hole in this system: the banks check your government id when you first create your account, but after that, you can basically just use your existing bankid to create a new bankid (true for my bank at least), so long-term it's not so secure

but now we live in the glorious era of near-field communications. after recently being forced to wipe my phone, i had to set up bankid on it anew, and it seems they now require you to use your phone's nfc sensor to scan your passport or national id card. neat!

it's even possible on the iphone. this wouldn't have been possible a few years ago; the british government's brexit eu citizen registration app famously didn't work on iphones because apple didn't want it to. but i guess apple changed course on this eventually.

why did i say "nfc sensor" it's more accurate to say it's a bidirectional radio. well anyway.

however, my iphone is kind of fucked. it already had mobile network reception so unreliable that i gave up entirely on using it. perhaps for some related reason, i couldn't get the nfc scanning process to work at all over multiple attempts, and with two different documents.

so i now know what the fallback process is! and the answer is you phone up your bank, authenticate with bankid on your other phone (i'm sure there's alternatives), answer a lot of security questions, and then they walk you through it again, with the nfc step magically skipped.

what sucks about this new system is if you aren't a swedish citizen, or if your phone doesn't have nfc, it's going to be much more difficult to get bankid. the type of id card available to non-citizen residents does have nfc, but the bankid app doesn't accept it for some reason :/

@hikari It‘s really wild, in Germany we are clumsily attempting to make nfc-id verification a thing but it‘s super scuffed.
I was once forced to set up some bund-id account thing to get the student relief that was already clowned on enough for being over a year late, and it forced the id-verification, but didn‘t accept my passport, because apparently the app only works with a Personalausweis. Which I don’t have because you’re not supposed to need one if you have a passport.

@hikari I found out you can check your balance and top up a Melbourne transit card with the iPhone NFC sensor now. Seems like Apple really did open it up.

@hikari awful rather than neat

this type of "security" does not benefit citizens

@whitequark it's a mixed bag. it's an instrument of social exclusion; for the people included, though, it's sometimes more secure or more convenient

@hikari do you realize how callous you sound rn?

@whitequark @hikari that reminds me the hype in Russia around "now you can log in to sites with Gosuslugi", and "now you can get Gosuslugi with just your mobile phone number" a few years ago. And then Gosuslugi (digital government portal) started to send draft notices to people :D And it seems it's going to be used to force people to vote in the upcoming sham elections, too.

@whitequark yes. i don't want to be, but ventriloquising dril is the inevitable outcome of trying to synthesise technical appreciation with ideological revulsion without yielding to either. i'm sorry.

@whitequark in retrospect i should have simply not replied. i'm not functioning properly

@hikari yeah okay i get that

@hikari Not all devices can read NFC, so how do they handle that?

For things that actually need to be tied to your government ID (like filing taxes or other government paperwork) the "tap your government ID" thing does actually seem like a good idea (as well as functionally making said IDs impossible to fake, as long as you publish the public keys used to validate them...)

Unfortunately it also opens them up to something similar to the US's rampant misuse of "social security numbers" as a generic identifier (because we have nothing better as a "national ID number" thanks to "mark of the beast" morons...): If there's no legislation against it, and the capability is there, people will be tempted to use it even if they have no reason to. Colleges used to use the SSN as student IDs "because it was there" until we passed laws to stop that.

@becomethewaifu

Not all devices can read NFC, so how do they handle that?

see downthread

Unfortunately it also opens them up to something similar to the US's rampant misuse of "social security numbers"

oh yes, the number of online services in sweden that require your national id number and logging in with an e-id is terrible