this post was submitted on 08 Dec 2024
389 points (92.9% liked)

Privacy

32442 readers
727 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

In my (European) country now we can have a digital copy of the driving license on the phone. It specifically says that it's valid to be presented to law enforcement officers during a check.

I saw amazed in the beginning. They went from limited beta testing to full scale nationwide launch in just two months. Unbelievable. And I even thought "wow this is so convenient I won't need to take the wallet with me anymore". I installed the government app and signed up with my government id and I got my digital driving license.

Then yesterday I got stopped by a random roadblock check and police asked me my id card. I was eager to immediately try the new app and show them the digital version, but then because music was playing via Bluetooth and I didn't want to pause it, i just gave the real one.

They took it and went back to their patrol for a full five minutes while they were doing background checks on me.

That means if I used the digital version, they would had unlimited access to all my digital life. Photos, emails, chats, from decades ago.

What are you are going to do, you expect that they just scan the qr code on the window, but they take the phone from your hand. Are you going to complain raising doubts? Or even say "wait I pin the app with a lock so you can't see the content?"

"I have nothing to hide" but surely when searching for some keywords something is going to pop-up. Maybe you did some ironic statement and now they want to know more about that.

And this is a godsend for the secret services. They no longer need to buy zero day exploits for infecting their targets, they can just cosplay as a patrol and have the victim hand the unlocked phone, for easy malware installation

Immediately uninstalled the government app, went back to traditional documents.

(page 2) 50 comments
sorted by: hot top controversial new old
[–] [email protected] 4 points 2 weeks ago

I have the digital id in case i forget my physical one (despite not legaly being required to carry id) but its in an empty graphene os profile.

[–] [email protected] 4 points 1 week ago* (last edited 1 week ago)

Either have a cheap second hand sim less phone just for that or carry the physical Id or perhaps a copy of the physical id.

[–] [email protected] 3 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

Meanwhile, there's me who just likes paper versions of this stuff because I like to be able to order a backup hard copy just in case something happens to the first one.

 


Edit: I'm a fucking dumbass. I was 100% aware they were talking about driver's licenses, yet I was only referring to other vital documents like one's birth certificate, and yet I didn't make the connection in my brain. Apologies. :/

[–] [email protected] 3 points 2 weeks ago (1 children)

Wait, what? There are countries that let you have multiple valid copies of the same ID??

[–] [email protected] 2 points 2 weeks ago (1 children)

Sorry, my bad. I meant more stuff like the birth certificate and other vital documents. I really should've specified.

(I swear I'm not a dumbass sometimes.)

[–] [email protected] 4 points 2 weeks ago (1 children)

That stuff becomes a moot point once you have a decently working bureaucratic system (if and when). If you can ask for a digital certificate online, and get it in your email three days later, you're not too worried about losing a copy.

On the other hand... I swear to you that multiple times, I have had to present "a birth certificate that was less than 6 months old".

As if the time and circumstances of my birth might have suddenly changed in the last year.

[–] [email protected] 1 points 2 weeks ago* (last edited 2 weeks ago)

That stuff becomes a moot point once you have a decently working bureaucratic system (if and when). If you can ask for a digital certificate online, and get it in your email three days later, you’re not too worried about losing a copy.

Yeaaaaah, I see where you're coming from, but no, I'm just gonna stick with a paper copy that I know is reliable instead of a theoretical bureaucratic system that could possibly be reliable if it were to exist but in no way does exist (at least in the US).

This is the government after all. I'd like to have a paper copy in case they fuck something up during a system update and "can't find me in the system". (This is not very likely, I admit, but I wouldn't put it past them some days...)

 


Edit: Also, what if I don't have three days and I need said document(s) as soon as possible? That's where a hard copy comes in.

[–] [email protected] 3 points 1 week ago

You can pin the app (android) or have it in guided access mode (ios). Although, yeah, I wouldn't be surprised if there's an exploit to get out and access memory it shouldn't. Maybe if you install the govt spyware app in a different user profile (Android) then it will be restricted to that certain memory.

[–] [email protected] 2 points 2 weeks ago* (last edited 2 weeks ago)

That's a limitation in your countries implementation then. The owner must have full control of what data to present or at least category based requests.

[–] [email protected] 2 points 1 week ago (1 children)

Containerized apps on Android when?

load more comments (1 replies)
[–] [email protected] 2 points 1 week ago

If you use an android phone, just create a separate account on your phone just with the apps you want the police to see. No email, photos, social media, or anything. This way you can switch to the restricted user before giving the cop your phone.

[–] [email protected] 2 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

This is the biggest issue I have with them. The only way this will work in modern society where the police can't be trusted, is if the ID is accessible while the rest of the device is locked down.

And that's really only possible if Apple and Google integrate that directly into the OS.

[–] [email protected] 4 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

It is.

Apple has "guided access", android has "pin app".

I only have experience with the latter, it works by opening the task management view, and selecting "pin application" on a running app.

That then locks the device to that app. To access anything else, it has to be unlocked as if the screen were locked.

[–] [email protected] 2 points 2 weeks ago (1 children)

App Pinning DOES NOT lockdown the device, even if you have it set to require a PIN to unpin, biometrics still work to unlock the device.

It also gives you a warning that personal data may still be accessible and the pinned app can open other apps. It specifically says "Only use app pinning with people you trust"... which is the exact opposite of the use case here. And app pinning is turned off by default, you have go go searching in the settings to enable the ability.

[–] [email protected] 3 points 2 weeks ago

Was definitely on by default on my device.

Personal data is still accessible, if the app you choose to pin is something like the dialer, or your mail app, then yes, you can obviously access contacts and emails. The feature doesn't block the pinned app from accessing everything it normally accesses.

As for opening other apps, this applies to stuff like links or launchers. If the app has links somewhere, you could open your default browser app. It does not allow you to "escape" the pinned app to anywhere else in the system, unless the pinned app has a way to launch other apps the way launchers do.

The feature could certainly use improvement, but if it were only useful with people you trust, it would be pointless.

It's obviously intended for situations where you have to let someone use your phone, and don't want to give them free reign. With people you trust, you wouldn't need something like that.

It's far better than nothing, and is in fact part of android.

[–] [email protected] 1 points 2 weeks ago (1 children)

Don't get me wrong, it's great that you figured this out. But why did you not consider this sooner? Wouldn't it have been obvious that you would have to have the phone unlocked and that having a police person have any access to an unlocked device would be a real problem?

load more comments (1 replies)
[–] [email protected] 1 points 1 week ago

I'm thinking of going stoic and dropping anything Android, but this would require setting up an emulator working good enough for WhatsApp, Google Authenticator, MS Authenticator and probably something else.

load more comments
view more: ‹ prev next ›