That's antithetical to the goal of a secure ID. It has to be really impossible to get stolen, or as difficult as a physical card. If the ID is just a password, you can tell other people your password, and it can be stolen, and it can be cloned. Germany is a strict liability country, and you will be fined or imprisoned for anything that is done with your identity card that was cloned because your PC was infected by malware if you don't report it stolen.
> If the ID is just a password, you can tell other people your password, and it can be stolen, and it can be cloned.
You can give your physical cards to other people or give them access to your computers, too.
> Germany is a strict liability country, and you will be fined or imprisoned for anything that is done with your identity card that was cloned because your PC was infected by malware if you don't report it stolen.
It would be unfortunate, but we are grown adults living in a society where computers have existed for decades. Ignorance is not an excuse, especially if we have various options to choose from.
If we are given the option to choose from doing everything in person in a government office or via a computer of our choosing, it would be up to each of us to decide the tradeoff between security and convenience, price, privacy, ethics and other factors.
I can use an old laptop I keep in a drawer only for things related to IDs, banking and taxes.
I can use my main desktop and choose to rely on the security provided by virtualization, not installing random crap and having a hardened system. I can choose to keep my desktop inside my building that has multiple security measures - a doorman, an alarm system, multiple cameras inside and outside and a kill switch for shutting off power if someone enters using brute force. That desktop may be booted up, but it will have a long random password on the lockscreen with timeouts for wrong guesses. Unless you're an extremely good social engineer and don't care about being recorded, or if you're a master ninja who can crawl the ceiling and somehow get in without being noticed, good luck. Even then, you'd have to manage not triggering any alarms or kill switches. You'd then have to use a cold boot attack to extract my LUKS keys.
I can also choose to use a XingDong smartphone with a Google account where I have TikTok, Meta apps, LinkedIn, Tinder, Grindr, 100s of random games and a whole lot of other shady weather apps, news apps and so on. I can choose to bring that smartphone with me everywhere I go and leave it on the table in a restaurant when I go to take a shit with a common pattern lock (I've unlocked 4 or 5 locked smartphones by just searching for "most common patterns lockscreen android") or with irrevocable easily-spoofed biometrics.
In both cases (and in the infinite other cases) it's my responsibility. If I'm unsure of my security posture, I can buy a security dongle or rely on Google's attestation mechanisms for Android or decide that I don't understand enough - in which case I'd have to drive an hour to my government office once in a while to file my taxes or to the bank once in a while to move around some money.
In the ideal scenario, nothing would prevent the uneducated people from using their smartphone. They might even get prompted by the government or banks - "You're using/downloading this app on a smartphone. Would you like to use whatever attestation is available to be more secure?".
Citizens are not brain dead morons. They're not cats or dogs. They're not mentally retarded (those who are can receive assistance). They're not 13. We have education. We've had computers for decades. Computer security is not a novel idea. If a citizen wants the convenience of online banking or online tax filing or of any other online participation with the government, they should be able to do so on a computer of their choice. If they install Windows XP and random spyware, it should be on them if and when they get hacked. It's a choice they made. Even the proverbial grandma should be aware of computer security by now. It's not 1990.
To say Android or iOS can't get viruses is plain wrong. They do and will continue to do so. Even if you restrict the smartphones to the latest models with the latest OSes, you'll still get viruses.
About 2FA/MFA - I can setup TOTP on another VM or physical computer. It's prone to phishing, but I am an educated adult who can accept the risk of being phished. Put me in jail if I get phished. I most likely won't. I'm the one who knocks. It's more likely someone will come to you with a gun and make you wire them money from your own smartphone.
I don't need a smartphone. I have enough desktops and laptops much more powerful than any smartphone on the market. If I have a smartphone, it won't be with a Google or Apple account. It might not even be with iOS or Android. There are many options and they will hopefully grow in the future.
I'm getting tired from editing this comment, but finally - I have a few friends who are completely illiterate wrt computers. They somehow manage to install Temu and other crap. They don't know what an "app" is, what a "browser" is, what an "OS" is and so on. They've been scammed a few times. They know they don't know anything, though. Or even if they haven't considered it before, if they do, they'd admit they don't know anything. They are not mentally retarded otherwise. An analogy would be that I'm offered to go to the moon for free so I can file my taxes there if I can pilot the rocket. I am 100% illiterate about rockets. I haven't even flown a drone. I don't know the first thing about yaw and pitch and whatnot. I am not retarded otherwise so I'll say "I don't know enough about flying rockets so I won't risk going to the moon on my own. Can I achieve the same things by coming to your office or by riding in a rocket piloted by someone else?".
But I guess using the density distribution of floating points is rarely useful in a problem. Your actual distribution will almost surely be way different. Imo, the tool presented here should provide a way to manually provide a custom density function (with some common presets like uniform and normal distributions).
Author here! Yes, the float distribution isn't what you want in practice, but distribution selector isn't really the right thing either, because a low probability bad result can still be pretty bad! Hence the range selector; the float distribution is good at picking extreme values that trigger FP error.
We usually recommend looking for 90%+ accuracy or carefully examining the accuracy plot
I can give you a piece of paper with a one time pad encoded secret, where the one time is physically destroyed. You can take all the time you want but you will not crack anything…
You can extract the message the user entered/received BEFORE/AFTER the en-/decryption. eg. a keylogger, a screencapture, extracting memory from the processes, just recording the screen from behind the user, ...
I hate this point, so what? It's not like the lower class in "pick you region of interest" can take advantage of this localized price disparity. The poor person is poor based on their spending power with respect to the local economy and its pricing.
Using this example: a computer was an unlikely purchase for a lower-middle class person in the US, but it wasn't totally unattainable. Many people in the US probably did it, and some of them probably found some positive return on that investment.
That's not true of many "objectively" poor people in the world, who even if they could buy the computer, they might not have had access to electricity to run it.
Tons of programming tasks requires at least 32gb to be somewhat comfortable, think of having running databases, running tests in background, running simultaneously multiple docker images, virtual machines, have one or more code projects open in an IDE with LSP (whole code database needs to be in cache), one browser with 20 tabs, and maybe one or more heavy electron apps (Teams/Spotify). You really quickly reach 32gb when doing real development.
My work 64GB M1 Max Macbook Pro is consistently out of memory. (To be fair my $LARGE_ENTERPRISE_EMPLOYER reserves about half of it to very bad Big Brother daemons and applications I have no control over)
I have a 128GB M3 Max from my employer. Due to some IT oversight, I was able to use it for a few months without the corporate "security" crapware. Didn't even ever noticed this machine had a fan before the "security theatre" corporate rootkits were installed.
Personally I would just love Apple to be forced by governments to open up their hardware by releasing complete documentation of their hardware and allowing to install another os or dual boot. iPhones hardware is really good and would love booting Linux on theses. And then force every services company to provide an API to their services so we have an alternative to their app. I guess Motorola partnering with GrapheneOS will not change anything in this space because contactless payments and some apps will not work and fundamentally because the sales will be way below mainstream brands like Apple/Samsung. Governments need to step up here.
Not necessarily this, but a legislation mandating long-term (10 years) support for software and security updates could result in Apple offering Linux after they decide they don't want to continue releasing macOS for older hardware.
reply