138
Fact : what's really behind the Swiss E-ID (lemmy.ml)
submitted 1 week ago* (last edited 1 week ago) by harfang@slrpnk.net to c/privacy@lemmy.ml
74 comments fedilink hide all child comments

End of September, Switzerland will vote for E-ID. A big threat for our privacy as it will widely used for tons of new use cases.

Behind the government pitch of an "open source project, completely optional" hides big tech industry... Which will make it mandatory to access their services.

What are your thoughts on that ?

#Switzerland #Privacymatters

top 50 comments
sorted by: hot top controversial new old
[-] exu@feditown.com 22 points 1 week ago

I'm in favour of it.

Contrary to the last time this was proposed, the government is in control of it instead of private corporations.

This will also be an alternative to any of the current online ID verification, which involve sending photos of your ID, videos of it and videos of yourself to some random third party for verification.

[-] harfang@slrpnk.net 14 points 1 week ago* (last edited 1 week ago)

My point of views is it will be used more broadly, in every services. So, even if it will be "optional",there will be no option to choose not to use it.

[-] Petter1@discuss.tchncs.de 13 points 1 week ago

There is an article in the proposed law that e-ID is only allowed to be required for actions, where the law explicitly requires authentication.

In this proposed law there is no article that explicitly forces services to require a ID

So it only applies to services that used to require identification since a long time, lime buying alcohol, money laundering protection, some government stuff you had to do physically prior etc.

But there is a new law coming which sadly did mot get a referendum, that requires age verification for 18+ media like video and games. But this law will take effect no matter if e-ID is accepted or not. So if e-ID was declined, you would have to scan the compete ID, do a liveness selfie and send it to private companies like Netflix to watch 18+ stuff there.

With e-ID, you can proof you’re old enough without revealing name, gender, body hight etc.

Please inform yourself correctly before spreading nonsense

[-] ryannathans@aussie.zone 6 points 1 week ago

Mm yes the law, a thing that can never be changed, that big tech definitely doesn't have power to influence, and a concept that other countries definitely won't be "inspired" by

[-] Petter1@discuss.tchncs.de 6 points 1 week ago

In Switzerland, any law changes can be prevented by a referendum

So, no, in Switzerland, the law can not just be changed.

[-] harfang@slrpnk.net 2 points 1 week ago

"Can be", we know that citizens do not have criticism sense for technologies matters

[-] Petter1@discuss.tchncs.de 5 points 1 week ago

Yes, but the e-ID won’t change that.

If no e-ID is existent, you’ll have to upload a scan of your real world ID instead, with all unneeded data included.

[-] harfang@slrpnk.net 1 points 1 week ago

I use my ID maybe 1x per year at the moment.

The ides of EID is to make it usable to access commons services such are bank, streaming, alcohol shop, sex shop and many else...which will make is use in many context where is unused at the moment.

[-] Petter1@discuss.tchncs.de 2 points 1 week ago

You need to verify age for all these services already, if you offer those. (Except 18+ streaming).

E-ID will not changed those laws.

And if you don’t use these services now, you will not need E-ID then. (Except 18+ streaming)

And if e-ID is declined by the people of Switzerland, you will have to upload ID for 18+ streaming. This law is already thought and can only be stopped with a new initiative.

[-] harfang@slrpnk.net 1 points 1 week ago

Why i should show my Is for streaming? Never had to.

load more comments (2 replies)
load more comments (2 replies)
[-] Schlemmy@lemmy.ml 5 points 1 week ago

Switserland is quite unique. They have referenda for big changes and are pretty conservative. Besides from that, they're all armed and battle ready ;-)

[-] harfang@slrpnk.net 1 points 1 week ago

As you mentioned. There's a new law coming without referendum. Today you'll need it to guy alcohol. Tomorrow streaming After tomorrow access to public transport

The open web forum in my picture exists. You can have a look. They dictate the rules. Its public information :)

[-] hubobes@sh.itjust.works 5 points 1 week ago* (last edited 1 week ago)

Yes because that law did not get a measly 50k signatures. So there is no need to vote.

[-] harfang@slrpnk.net 1 points 1 week ago

Because people are not involved in the digital topics as they don't understand it.

[-] hubobes@sh.itjust.works 22 points 1 week ago

You can not just say that it is a threat to privacy. Its design improves privacy as we finally can ID ourselves, where it has always been required, without actually giving our identity to online services.

load more comments (5 replies)
[-] SoulKaribou@lemmy.ml 19 points 1 week ago

Am I witnessing democracy right now ? Wow it's like people collectively decide about key topics, amazing. Go Switzerland !

load more comments (19 replies)
[-] Schlemmy@lemmy.ml 16 points 1 week ago

I think avoiding functioneren creep will be a certain issue.

Belgium has such an e-id for nearly 10 years now. It works pretty good and acces to your personalia data is granular.

If only age verification is needed, the request will only grant you birth date.

Comanies that want to use it need to be vetted and their acces to your data is centrally regulated.

https://www.itsme-id.com/en-BE

[-] Kazumara@discuss.tchncs.de 11 points 1 week ago

If only age verification is needed, the request will only grant you birth date.

I always wonder why they don't minimize data further. "Age of Majority reached: Yes" seems like it should be good enough.

[-] uniquethrowagay@feddit.org 5 points 1 week ago

The German one supports that. It will also tell you exactly what data is transferred to the service in question.

But because Germany is Germany, the eID is rarely even implemented.

load more comments (1 replies)
[-] utopiah@lemmy.ml 3 points 1 week ago

centrally regulated.

Any privacy freak who did a review on ItsMe? I just shared minutes ago https://lemmy.ml/post/36346569/21174131 that I don't trust them but maybe I'm just paranoid. The fact that they are regulated means little, Meta and Google also are and they legally siphon everything we let them.

[-] Schlemmy@lemmy.ml 2 points 1 week ago

We have a local privacy podcast (Dasprivé). The CISO was featured on the podcast. I can't transcribe everything but the community consents on the fact that they run a tight ship. The use case is very local so apart from Flemish and French speaking sources i sadly can't get further than 'trust me bro' at the moment.

Every authentication uses your SIM, your civil service number and your password (PIN, fingerprint, face id). Before authenticating you'll see all the info that'll be shared like your, date of birth, adress, phone number,...

Acces is granular. If age verification is needed, the request will only state that you're 18 or above for example. They don't get my date of birth. As a resident, I get a reduction at our local swimming pool. The can use my id but the only info they see is whether I live in the city or whether I'm from outside.

Everytime my data is accessed, the acces is logged. The log contains information about the organisation and, if it applies, the person that made the manual lookup. The legality is checked by logging the legal ground for acces.

Are they trustworthy? I don't know. We use our eID for online verification for over 20 years now and ItsMe has certainly made the whole process a breeze.

load more comments (8 replies)
[-] Wurzelfurz@feddit.org 15 points 1 week ago

I have not yet looked into it.

I will vote in favour if:

  • The E-ID platform is controlled by the government and is fully open source
  • Platforms only get a single binary information for age verification if the person is old enough or not and does not get any identifiable information.
  • The government platform does not get any info about what service is doing the request. So the government controlled ID platform cant log what service the person uses.

If any of these points are not fulfilled with the planned implementation I will have to weigh the risks.

[-] harfang@slrpnk.net 4 points 1 week ago

Its not fully open source actually. Just the App, not the infrastructure or what and who's behind .

[-] hubobes@sh.itjust.works 7 points 1 week ago

https://github.com/swiyu-admin-ch contains far more than just the client. Only a certain component where they had to rely on a proprietary solution is closed source. Everything else is in the open.

[-] utopiah@lemmy.ml 10 points 1 week ago* (last edited 1 week ago)

In Belgium we do have e-ID and we had it for years.

If in any of the circles there is only BigTech then indeed you are right it is a threat.

In Belgium though I can access my official document with some of these (honestly I don't remember which, but AFAIR It'sMe is one option) but more importantly there are some options with some decoupling, e.g. SMS (arguable as one must have a phone number usually via BigTelco) but, last and not least :

  • a card reader with your physical ID card and its chip with https://eid.belgium.be/en/what-eid which has had Linux packages for years
  • just learned about it yesterday which is why I'm excited to clarify this, a 2-step authentification app which does NOT have to be from BigTech, e.g. Ente Auth https://ente.io/auth/ which is FOSS and available on F-Droid

which means as long as at least one of these alternative is available then IMHO we can get some of the benefits without the centralization risk.

[-] InFerNo@lemmy.ml 4 points 1 week ago

Those aren't eID. They are a way to authenticate using CSAM.

There are different weights tied an authentication method, card reader scores highest.

From the top of my head there's email, sms, totp, card reader, eiDAS and itsme® (which I avoid because it's proprietary and controlled by a 3rd party).

There's a list of properties a service can request when accessing data via ACM/IDM, for example your ssn, name, etc.

You can read your eID with local software too, with the aptly named eid viewer. Click on the picture in the overview and drag it into a text editor to see the entire exportable xml.

[-] przmk@sh.itjust.works 3 points 1 week ago

If I'm not mistaken, it's up to the the service that's using the Belgian e-id to enable some of the options or not. For example, the website where I check my payroll only works through itsme or with a card reader — no TOTP or SMS 2FA. It's a big issue because itsme refuses to run when you don't pass Google's safety net.

load more comments (8 replies)
[-] sleen@lemmy.zip 2 points 1 week ago

private ids where always the scope of the privacy movement. However, it may as such present other challenges which can include age based discrimination. It as such must be implemented wisely.

Age is already being weaponised against us (child protection, etc), this shouldn't be like that - We can already see what kind of power governments hold. Ageism is what will ultimately destroy us.

[-] harfang@slrpnk.net 2 points 1 week ago

✊🏼❤️

load more comments
view more: next ›
this post was submitted on 18 Sep 2025
138 points (96.0% liked)

Privacy

42146 readers
1711 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod@lemmy.pt
Yayannick@lemmy.ml
ranok@sopuli.xyz