So Italy's IO app https://github.com/pagopa/io-app (wallet, documents, age verification) continuously refuses the users' request for GrapheneOS support and requires google.
Nothing will change until the lawsuits start coming in.
The only hope is the motorola/grapheneOS collaboration and consumer associations, that might sue for anticompetitive behavior.
Make noise on any channel for the apps that require play services, it will help in the future if the lawsuits start, since it will show user support for the initiative.
There is too much corruption, nothing can be done at this point.
Atleast CIE app works on graphene for now so I can do everything else on the web.
If they block that idk what I would even do.
Honestly, as long as the architectures is fatally flawed (Even if convenient) it's just bandaids over a larger issue.
These mobile id's are too powerful, signing contracts, transfering all your funds or taking loans, regulation is also papering it over a bit by requiring high-stakes lenders,etc to do additional checks.
Germany was going in the right direction imho, they NFC enabled their ID cards (Sweden has info on them but no enablement procedures) that is then paired with the app, so the card acts as a 2nd factor that makes the app itself less of a security issue since a user will be required to physically enable it (sadly the NFC pairings are kinda fiddly.. but I'd take that as a security option for all non-trivial transfers).
> These mobile id's are too powerful, signing contracts, transfering all your funds or taking loans, regulation is also papering it over a bit by requiring high-stakes lenders,etc to do additional checks.
Many countries in the EU already have all of that just done though some national equilevant system (for example here in Finland mainly with bank credentials).
And in fact additonal checks are done when enough money is moving. For example when I signed my bank loan for an apartment I had to sign it again after 24 hours just to be really really sure that I wanted to sign it.
For smaller (but still big enough) stuff a second "second factor" usually kicks in usually in the form of a sms verification after the actual proper login with bank credentials (which has a proper 2 factor auth in itself too)
The lawsuits, sadly, won't matter. "Security" (or, rather, totalitarian control!) is more important than the 1% of nerds who care enough to tinker with their phone.
It's not 1% here though... Graphene has 300k users worldwide. There's 8 million absolutely illiterate and 150 million functionally illiterate people in Europe for comparison on scale here.
Even relying on Android's hardware attestation API instead of Play Integrity is an attack on digital autonomy in my opinion. Any security feature which relies on remote attestation of the users entire platform is government overreach as it ultimately gives the government the power to choose what operating systems are acceptable. It is only a matter of time before this power will be misused to put pressure on OS developers to install backdoors for the intelligence agencies. And no, asking people to own two smartphones is not a solution to this problem.
Anonymous digital age verification based on a suitable ZKP scheme and/or blind signatures does not require a general purpose operating system, it just requires a few cryptographic primitives and a set of device-bound keys. It is not too much to ask that the EU develops a specialized hardware token with these exact capabilities and offer them for free to all citizens as an alternative to the app. This also gives the citizens of EU the freedom to choose not to own a smartphone without having their access to digital services severely restricted.
Not really. EU is actually trying to decouple. But in many cases there are not any homegrown alternatives to support. There is not a single company in EU that could replace, even a considerable part, of software stack provided by Google and Apple.
And, unless the regulatory environment changes., there probably never will be.
Thr answer to US tech giants are not homegrown EU tech giants, but international free software (Free as in Freedom). We already have free operating systems: Linux, BSD. Office software: LibreOffice, etc.
EU regulators have stop listening to tech company lobbyists.
> But in many cases there are not any homegrown alternatives to support
There shouldn't need to be. Realistically for something like this an EU backed highly-audited non-profit should be in place for permanent highly controlled services like this that do not rely on any non-EU entities for it to function.
The US can call Austria in 5 minutes and with no burden of proof get the airspace permit for a head of sovereign state revoked and the plane swatted instantly upon landing, because someone might have been on board (he wasn’t) whose only real crime was embarrassing the USA by exposing their fundamentally unconstitutional lawbreaking.
Same goes with the prosecutors in Sweden; a phone call and the US got, not charges (as that would actually be official misconduct in Sweden), but enough of an official statement from a prosecutor to get the words “Assange” and “rape” in headlines together around the world by that evening.
European countries are, by and large, lapdogs of the USA. It’s sad. And then the US president turns around and stabs them in the back by threatening invasion and annexation, or complete disregard for the fundamental obligations of NATO members.
I really don’t know what the fuck the Europeans are thinking by playing the US’s stupid games. As we see time and time again, it won’t be repaid in kind.
Obviously, on both side (and beyond) they are nice people trying to plan good things without being too naive. But bragging all day through and destroy all that is in your power is both easier and more attention grabbing than discrete hard work at building better future for everybody.
Unfortunately the big game is opaque it's close to impossible to understand for the common folk. So many questions, so tough to grasp answers. Sickening. The enemy is hiding. One could say that paying the taxes in some form is a path toward a destruction. Phrases like "war economy" are lunatic. It all starts in your mind, and that's why it's the most important to protect your children from the propaganda. Take care!
Europe will never have digital sovereignty from the US.
It will take 100 years and an extremely expensive, government-mandated reimplementation of every critical US tech service and company.
No EU country is putting up budget for this, and no private enterprise is going to do it because building a worse version of AWS just so that it is "European" makes no financial sense and would most likely just fail anyway.
I agree with the premise but have the feeling that it’s less about the money. People here in Germany use WhatsApp and Instagram and Gmail and MS Office and Windows not because there are no alternatives but because they either don’t know or don’t care to switch. People are notoriously difficult to convince to switch platforms even if they‘d get more benefits on the other side. My mom does not want to touch any email client besides outlook and she does nothing but read and very occasionally reply to singular emails and she requires only the barest functionality of an email client. Half of my family gets a panic attack when the windows interface changes again. The idea of switching messengers recently in my rather tech sawy circle of friends has resulted in a multi day discussion with no real outcome mainly because some just don’t want to deal with two messengers while their friends and family remain unconvinced. We already have social media, hosting, email, operating systems, messengers and the likes from European providers. People just don’t want to switch.
If there is a higher level mandate or incentive to switch, people absolutely will - for example, if a government decides en masse to switch away from one OS or platform. [0]. This will likely be hugely influential, as then everyone who wants to communicate effectively with that government needs to make sure that they are compatible - which will likely drive adoption of the alternate technologies over time.
However, IMO the big challenge is MS Office - as much as people like to mention the FOSS Office alternatives, there's still a huge gap to cross before mainstream companies will adopt them. (To paraphrase, no-one gets fired for choosing Microsoft Office.)
Beyond this, on the more 'personal' level you discuss, the picture is more varied than you describe. Some people's elderly parents absolutely can and do switch to different email clients or browsers. Some groups of friends can and do switch messenger platforms - my personal comms are now split roughly 80:20 between Whatsapp (the default) and Signal. (It just took a determined minority deciding to switch, and the others followed.)
> We already have social media, hosting, email, operating systems, messengers and the likes from European providers.
Yes, but they aren't really competitive, as they currently aren't the easy/free/well-marketed/popular options that everyone defaults to when they first get a computer, or that their friends are already using. It's just network effect and inertia.
This can and will change if the need for a reduced dependence on the US continues to be front and center of people's minds. (Note this is mostly driven by the Trump administration's behaviour; the next president could probably heal many of these wounds and our European politicians will move one to caring about something else.)
Hopefully not. This hate towards good technology and innovation because you don’t like the current president is ridiculous. He’ll be gone in two years or so and then we’ll get back to normal.
Working as intended. EU wants you to use a device and OS they can fully control. Don't comply with some new ridiculous regulation? Your app will be banned.
> EU App Store: Apple Removes Thousands of Apps Due to Digital Services Act Requirements
> Apple’s app removals follow the Digital Services Act, a European law requiring all app traders to display verified contact details, including address, email, and phone number.
Regulations create monopolies. Even when regulations are aimed at curbing the control of giants, smaller players usually can't afford them and lose market share. This is actually taught as a competitive advantage strategy in business school. Corporations lobby the government to implement laws that seem to hurt them but in actuality create an uneven playing field where marketshare becomes available due to the higher implementation cost.
> Aren't monopolies is what we end up by default if have no regulation at all?
No. Monopolies are only inevitable if the goods aren't elastic, if there is a large cost of entry into the market, or if its a market you can create a moat that is unsurmountable.
Many markets don't have that even with 0 regulation, but might have second order problems like firms creating unsafe products for example.
But in general regulations almost always even unindentedly raise the cost to enter the market. If you make a new regulation that food needs to be safe, then the company needs to pay a safety inspection that a small home-made recipe might not be able to afford (to give a simple example).
At the same time, we now have uber large corporations due to non elastic parts of supply chain (like land) or moats that are insurmountable (like access to US capital). In which case, the FCC should break up monopolies as the current market is not catering to end users and consumers but to owners, which is why the Stock market has been in a never ending bull run.
I don't think so. Because the theories about elastic markets and monopolies do have a high 'spherical frictionless cow` smell. And they are posed here as gospel. So while it might be a bit of an ad hominem to frame someone as a 120 year old it does succinctly point out a problem and hence adds information.
The same could be said for people who suggest regulation for every problem that comes up, even for problems that were caused by regulation. Maybe we have our blindspots, but the "regulate everything" crowd is much louder and more prevalent on HN than the free market absolutists.
I mean, has there any empirical evidence disproven any of those base assumptions?
In econ the easiest part is to create a model, the hardest part is seeing it crash against reality. But the basis of monopolies seems to be pretty thoroughly tested. The biggest issues you have now are Chesterton Fence's. Were its hard to know what laws and regulations are therefore safety, parity and economic performance and ones are only creating friction with no benefit due to years of laws being put on top of other laws
There is always imperfect information, there is no such thing as a perfect market and as a result regulation will always be needed to curb the excesses such as monopoly. Even if we had perfect information, humans remain irrational. This is a simple fact of life and the universe.
The European Steel and Coal Community (precursor of the EU) was also involved in the effort to stop these. In general this has been something the EU has been involved in since its inception and the best action against monopolies is to not let them form in the first place (why there is so few of them in general in most developed countries. Though that is now slowly changing it seems)
The proposed regulations forcing everybody to use google or apple are ridiculous and very much the opposite of the kind of regulations we need though...
Unless regulations explicitely incorporate how to handle incumbents & newcomers. One instance of that is MMTIS (multi modal passenger information), which explicitly states innovation and new players as a goal. There are other similar examples.
> Corporations lobby the government to implement laws that seem to hurt them but in actuality create an uneven playing field where marketshare becomes available due to the higher implementation cost
(nit: I assume you meant "marketshare becomes unavailable")
So you mean that regulations that are created based on lobbying by corporations help them become monopolies? Sure, that makes sense. But thats different from a blanket "Regulations create monopolies".
Because the smaller players can't afford to implement the new regulations they lose their marketshare and it now becomes available for the bigger competitors to absorb.
My intuition is that this is not necessarily true, but probably often true in practice but perhaps someone more educated on the matter can speak on that. It must also depend on the expensiveness of the regulation in question. Since in tons of areas regulations are absolutely vital so that for example our buildings don’t collapse, our food remains non-toxic and the medicine we buy is not the pharmacological equivalent to russian roulette the goal should then be to optimise the cost performance of regulations.
DMA seems explicitly written to only target monopolies, though (and seems like a surrender from the EU, since monopolies should be broken up and not get laws codifying their business models IMHO).
Can you imagine the collective screeching, across the White house, HN and Apple reality distortion field, that'd happen if EU attempted to breakup the American monopolies?
Electing to not do something impossible and framing it as a surrender is strange to me.
EU should have mandated a user-facing authentication scheme using a random string as the only authentication factor for everything. Pretty much like the API tokens for contemporary enterprise software, except that they would be used by ordinary people and not by application developers.
And complement it with hardware tokens for highly sensitive applications.
Passkeys could have been that, but they were quickly subverted by the industry.
Here in Germany we had court rulings saying the german railway (DB) must offer offline tickets that do not require a computer or smartphone to purchase to not discriminate against the elderly. I am pretty sure we will see similar rulings for EUDI wallet requiring Google/Apple.
I really don't like how EUDI (OpenID4VP) works in the first place. IMO it should be scrapped and rebuilt from the ground up
It should be an open standard that's local first. Government issues certificate, user loads it into any supported client app on any platform (official, open-source, Google/Apple Wallet, etc). The user should then be able to selectively share data from the certificate with third-parties, directly between the client-app and the third-party, using an open standardized protocol/format. The important challenge is that we obviously shouldn't have to share the entire certificate (which would include all data in it), there shouldn't be a static subject pubkey which creates linkability between data-shares, and obviously we'd need privacy-focused data fields like {"isover18": true} in addition to full DoB.
Sarcastic view: Doesn't matter - the EU wont listen, then pull a surprised pikachu and make laws to force googles play integrity to attest that other devices are genuine, because obviously, the problem is google, not stupid design decisions made while creating the app.
A few years ago as I was working for a local government, a similar discussion started, but quickly finished after the project owner valiantly displayed her dumbphone.
Only months later did I learn that her husband was investigated for misappropriation of funds, so keeping a minimal digital footprint was important for her.
Time to reach out to your MEP's! I would imagine the id could web-based for example which would make it much less dependent on the Google's or Apple's "SAFETY" services.
Because Apple has always been a closed platform whereas Android started out being relatively open. For Android there is an alternative to Play Integrity which would enable governments to get remote attestation assurance on non-Google Android based operating systems like GrapheneOS, but that alternative does not even exist in the Apple ecosystem.
The problem was always that the government could ban you from society via the banks banning you, and you having no recourse because it was a business exercising its right to not do business with you.
Without the proper laws and proper leaders of law enforcement that protect an individuals’ right to transact, one’s rights were always just a technological advance away from being taken away.
> Governments are cementing a monopoly they claim to oppose
Duopoly but yea. Because there is no third alternative. Microsoft failed/gave up with Windows Phone. The people trying to fix secure government services can't really tackle that issue, but the systems needs to be built now anyway.
There are viable third alternatives which do not require building a full smartphone stack. The national eID in Denmark, MitID, is an app "protected by" Play Integrity, but at least there are two non-smartphone alternatives available in the form of either a TOTP code generator or a FIDO2 chip which you can get for free if you can't or won't buy a smartphone.
Age verification solutions could also be built on dedicated hardware tokens, even though the tokens required to build a ZKP or blind signature based solution may not be available off the shelf right now.
So Italy's IO app https://github.com/pagopa/io-app (wallet, documents, age verification) continuously refuses the users' request for GrapheneOS support and requires google.
Nothing will change until the lawsuits start coming in.
The only hope is the motorola/grapheneOS collaboration and consumer associations, that might sue for anticompetitive behavior.
Make noise on any channel for the apps that require play services, it will help in the future if the lawsuits start, since it will show user support for the initiative.
These mobile id's are too powerful, signing contracts, transfering all your funds or taking loans, regulation is also papering it over a bit by requiring high-stakes lenders,etc to do additional checks.
Germany was going in the right direction imho, they NFC enabled their ID cards (Sweden has info on them but no enablement procedures) that is then paired with the app, so the card acts as a 2nd factor that makes the app itself less of a security issue since a user will be required to physically enable it (sadly the NFC pairings are kinda fiddly.. but I'd take that as a security option for all non-trivial transfers).
Many countries in the EU already have all of that just done though some national equilevant system (for example here in Finland mainly with bank credentials).
And in fact additonal checks are done when enough money is moving. For example when I signed my bank loan for an apartment I had to sign it again after 24 hours just to be really really sure that I wanted to sign it.
For smaller (but still big enough) stuff a second "second factor" usually kicks in usually in the form of a sms verification after the actual proper login with bank credentials (which has a proper 2 factor auth in itself too)
1/3 of the population functionally illiterate in Europe seems beyond wild to me.
Are you talking about technical illiteracy? security illiteracy?
Or do you mean they can't read english, which is a very different thing.
Anonymous digital age verification based on a suitable ZKP scheme and/or blind signatures does not require a general purpose operating system, it just requires a few cryptographic primitives and a set of device-bound keys. It is not too much to ask that the EU develops a specialized hardware token with these exact capabilities and offer them for free to all citizens as an alternative to the app. This also gives the citizens of EU the freedom to choose not to own a smartphone without having their access to digital services severely restricted.
Wasn't there some talk about the pressing need for European digital sovereignty recently? Or was that just performative nonsense?
At FOSDEM, we discuss this at great length. There has been some movement, and I am optimistic that it is improving year on year.
And, unless the regulatory environment changes., there probably never will be.
EU regulators have stop listening to tech company lobbyists.
There shouldn't need to be. Realistically for something like this an EU backed highly-audited non-profit should be in place for permanent highly controlled services like this that do not rely on any non-EU entities for it to function.
I hear them complaining but for now, the alternatives are mostly run by hobbyists.
We're starting from so low that even a few dozen millions would help a lot.
Same goes with the prosecutors in Sweden; a phone call and the US got, not charges (as that would actually be official misconduct in Sweden), but enough of an official statement from a prosecutor to get the words “Assange” and “rape” in headlines together around the world by that evening.
European countries are, by and large, lapdogs of the USA. It’s sad. And then the US president turns around and stabs them in the back by threatening invasion and annexation, or complete disregard for the fundamental obligations of NATO members.
I really don’t know what the fuck the Europeans are thinking by playing the US’s stupid games. As we see time and time again, it won’t be repaid in kind.
Obviously, on both side (and beyond) they are nice people trying to plan good things without being too naive. But bragging all day through and destroy all that is in your power is both easier and more attention grabbing than discrete hard work at building better future for everybody.
It will take 100 years and an extremely expensive, government-mandated reimplementation of every critical US tech service and company.
No EU country is putting up budget for this, and no private enterprise is going to do it because building a worse version of AWS just so that it is "European" makes no financial sense and would most likely just fail anyway.
If there is a higher level mandate or incentive to switch, people absolutely will - for example, if a government decides en masse to switch away from one OS or platform. [0]. This will likely be hugely influential, as then everyone who wants to communicate effectively with that government needs to make sure that they are compatible - which will likely drive adoption of the alternate technologies over time.
However, IMO the big challenge is MS Office - as much as people like to mention the FOSS Office alternatives, there's still a huge gap to cross before mainstream companies will adopt them. (To paraphrase, no-one gets fired for choosing Microsoft Office.)
Beyond this, on the more 'personal' level you discuss, the picture is more varied than you describe. Some people's elderly parents absolutely can and do switch to different email clients or browsers. Some groups of friends can and do switch messenger platforms - my personal comms are now split roughly 80:20 between Whatsapp (the default) and Signal. (It just took a determined minority deciding to switch, and the others followed.)
> We already have social media, hosting, email, operating systems, messengers and the likes from European providers.
Yes, but they aren't really competitive, as they currently aren't the easy/free/well-marketed/popular options that everyone defaults to when they first get a computer, or that their friends are already using. It's just network effect and inertia.
This can and will change if the need for a reduced dependence on the US continues to be front and center of people's minds. (Note this is mostly driven by the Trump administration's behaviour; the next president could probably heal many of these wounds and our European politicians will move one to caring about something else.)
[0] https://www.rfi.fr/en/france/20260417-france-to-remove-windo...
Unless it becomes necessary because of EU regulation?
> EU App Store: Apple Removes Thousands of Apps Due to Digital Services Act Requirements
> Apple’s app removals follow the Digital Services Act, a European law requiring all app traders to display verified contact details, including address, email, and phone number.
https://www.techrepublic.com/article/eu-app-store-apple-digi...
You think apps which wouldn't want to implement Chat Control will remain on the app store?
EU to legislate about Chat Control behind closed doors (https://news.ycombinator.com/item?id=48707719)
And yes, not every regulation destroys monopoly, but regulation is the only thing that could break one.
No. Monopolies are only inevitable if the goods aren't elastic, if there is a large cost of entry into the market, or if its a market you can create a moat that is unsurmountable.
Many markets don't have that even with 0 regulation, but might have second order problems like firms creating unsafe products for example.
But in general regulations almost always even unindentedly raise the cost to enter the market. If you make a new regulation that food needs to be safe, then the company needs to pay a safety inspection that a small home-made recipe might not be able to afford (to give a simple example).
At the same time, we now have uber large corporations due to non elastic parts of supply chain (like land) or moats that are insurmountable (like access to US capital). In which case, the FCC should break up monopolies as the current market is not catering to end users and consumers but to owners, which is why the Stock market has been in a never ending bull run.
This ad hominem stuff is genuinely worthless.
The same could be said for people who suggest regulation for every problem that comes up, even for problems that were caused by regulation. Maybe we have our blindspots, but the "regulate everything" crowd is much louder and more prevalent on HN than the free market absolutists.
In econ the easiest part is to create a model, the hardest part is seeing it crash against reality. But the basis of monopolies seems to be pretty thoroughly tested. The biggest issues you have now are Chesterton Fence's. Were its hard to know what laws and regulations are therefore safety, parity and economic performance and ones are only creating friction with no benefit due to years of laws being put on top of other laws
A lot of these were international. Just read up on "Cartel capitalism".
https://www.cambridge.org/core/journals/enterprise-and-socie...
The European Steel and Coal Community (precursor of the EU) was also involved in the effort to stop these. In general this has been something the EU has been involved in since its inception and the best action against monopolies is to not let them form in the first place (why there is so few of them in general in most developed countries. Though that is now slowly changing it seems)
No.
A better answer would be 'not always'.
The proposed regulations forcing everybody to use google or apple are ridiculous and very much the opposite of the kind of regulations we need though...
(nit: I assume you meant "marketshare becomes unavailable")
So you mean that regulations that are created based on lobbying by corporations help them become monopolies? Sure, that makes sense. But thats different from a blanket "Regulations create monopolies".
Electing to not do something impossible and framing it as a surrender is strange to me.
And complement it with hardware tokens for highly sensitive applications.
Passkeys could have been that, but they were quickly subverted by the industry.
It should be an open standard that's local first. Government issues certificate, user loads it into any supported client app on any platform (official, open-source, Google/Apple Wallet, etc). The user should then be able to selectively share data from the certificate with third-parties, directly between the client-app and the third-party, using an open standardized protocol/format. The important challenge is that we obviously shouldn't have to share the entire certificate (which would include all data in it), there shouldn't be a static subject pubkey which creates linkability between data-shares, and obviously we'd need privacy-focused data fields like {"isover18": true} in addition to full DoB.
Only months later did I learn that her husband was investigated for misappropriation of funds, so keeping a minimal digital footprint was important for her.
Moral of the story: everyone has a smartphone.
Vendor lock-in is real
No thanks, I don't want any of that for obvious security reasons
From fingerprint/face id to digital id..
Like banking apps are now using play protect/depending on Google.
(Just a matter of time Google/Apple will be a banks themselves, as is the danger with governments)
Ofcourse the world could be a more open place, but constraint, rules and control are too pleasing to not implement, sadly.
Without the proper laws and proper leaders of law enforcement that protect an individuals’ right to transact, one’s rights were always just a technological advance away from being taken away.
Duopoly but yea. Because there is no third alternative. Microsoft failed/gave up with Windows Phone. The people trying to fix secure government services can't really tackle that issue, but the systems needs to be built now anyway.
Age verification solutions could also be built on dedicated hardware tokens, even though the tokens required to build a ZKP or blind signature based solution may not be available off the shelf right now.
I question that premise.