- The HN title is misleading and "editorialising". The real title:
I checked: It is not too long for HN. I think the title should be updated here.> Digital Identity Management in Norway is a Success but also a Disaster - The article is a little one sided, as it doesn't touch upon MinID which is a government ID service, and Idporten which is an authentication service that allows use of different EIDs, like MinID and BankID.
MinID is only considered "secure" while BankID is considered "highly secure"; as the linked pdf report (on Norwegian) states - in Norway, due to the popularity/market dominance of BankID - a lot of the logins are "highly secure" - while in Sweden their (different, but with same name) BankID is only "secure" - and most services require only "secure" login.
In Norway there are AFAIK public services that require "highly secure" login - and there the public issued MinID isn't enough.
If 2fa for MinID is improved - I think it would easily be upgraded to "highly secure" (most other details are similar to BankID). That should take care of public services.
Private services that do not cater to the public good - would still need a portal similar to (or be granted use of) Idporten.
So I think catastrophe is a little hyperbolic - but the current path of BankID dominance isn't good.
Ed: I see the hn title is editorialized - TFA has a more balanced title.
Ed2: From the podcast - BankID might get downgraded to "secure" because of how 2fa is handled - so it's not only MinID that might need some adjustments.
- To be fair a part of the problem here is that BankID is so common it has become the "Jacuzzi of EID" or the "Google of EID" or whatever your poison is. So all EID-related discussion in public is now "Why aren't we just adding BankID".
Sure, some policymaker will probably interpret this as "introduce EID" but it does color public debate.
I think it's a shame MinID doesn't have the same level of security as BankID, we are really missing out on a great opportunity. But something tells me the powers that are in Norway's socialite community doesn't want it. In Norway we don't have that much monetary corruption, but we have a lot of "kompistjeneste"
- > The report tells the story of Bendik, who has Down syndrome and is denied BankID, thereby losing access to digital public services due to his diagnosis.
The article is light on details. Are people being denied BankID due to having an autism diagnosis?
There are some crazy details in this story that are presented as side notes in between long paragraphs of filler text that don’t contribute anything. It’s an article where you keep reading expecting some explanations that never arrive.
- I'm assuming it fails to do face recognition, but yes the article is clearly very one sided on making 'digital ID' look bad.
- The other part of the problem not discussed in this article is that many services now require digital ID. Banks don't really have many physical locations any more, etc. So not having a digital ID is seriously impractical, and it didn't have to be this way. That is IMO a big factor for why digital ID is receiving so much flac: "Digital ID isn't something everyone can have, and for the corner-case people, the alternatives are drying up due to over-digitalization"
- The article title actually says it is a success as well as a disaster. The title here has been shortened.
And, as the professor in the article explains, it is a “disaster” for a small minority. And those are not he same minority who struggled for the same reasons before, and those difficulties ought be addressed. The system can be improved.
But it’s largely a success for the vast majority too. I don’t personally know of anyone with a negative impression of it. It’s actually something that the average Nordic Baltic person is so used to and happy with that it only comes to mind when we meet people from countries that aren’t organised - and we feel sorry for them!
It’s the same situation with cash. Very few people in a cashless society are wanting to go back to the old ways.
- > average Nordic Baltic person
there is no average person, it is a myth of statistics.
- A meaningless distinction and unnecessarily nitpicky. From a scientific perspective it's not a myth, it's a valuable tool. For the average person (see what I did there?) it's not a mathematical formula, it's way of saying "that person whose characteristic being discussed is very common and representative of the whole group".
- All models are wrong, but some are useful.
- An average person has one testicle and one ovary.
- > Very few people in a cashless society are wanting to go back to the old ways.
I don’t think that’s true. Also, never “trust” a bank with your money, for starters, “your money” is nothing but a fake number that doesn’t actually reflect a physical monetary asset, hence why if enough amount of people withdraw their money, you end up with a bank run, aka, the bank digital fake numbers are more than the actual physical papers. Additionally, in many cases you don’t want to be in entirely cashless system, besides the privacy concerns, you might get locked out of your account because the network operator malfunctioned (like Rogers in Canada back in 2022 I think, all ATMs were useless, purchase points, etc.), or maybe a sun coronal mass ejection that fries some utility power plants, or drop in the frequency and you end up like Spain last year or the year before.
The more you rely on one centralized point, the worse, hence why engineers avoid single point of failure in any design, be smart, and diversify your options.
- Cashless society is amazing until the foreign shareholders of your core suppliers of digital infrastructure develop their own political agenda.
But Norway is a monarchy well connected with the global Epstein class so I doubt their political system can actually reach an shareholder-hostile edge case. And meanwhile the surveillance helps keeping internal peace because one can reliably deplatform dissenters and conspiracy theorists.
It's a win-win until the n-th generation of nepo children is trying to steal too much and everybody notices they have been robbed.
- On the plus side, their database has still not been hacked .. like it has happened one month ago in France, with the "ANTS" (the French equivalent). More than 10 millions people had their data leaked including pretty much everything from SSN, to email, phone, etc. A mine gold for Phishers and Scammers.
- Why would they leak the data of only 10M people and not all? Just to cause damage or were some people filtered out?
- Wait until EU Dugital Wallet in 2027, that will be the ultimate fiasco.
- An outstanding solution no one asked for.
- Digital ID is a catastrophe, in Norway or elsewhere. But that doesn’t matter because the purpose of such ID is more surveillance, and if any issue happens you might end up liable like that man mentioned in the article. Right now in countries where digital ID isn’t yet implemented, phone numbers are used instead to link your digital identity to the real one, and most countries require government ID to issue one, and sometimes a biometric identification too, that number is later used in online services or messaging apps that links back to you. Watch now the applications that still insist on having phone numbers as an ID removing them once the digital ID is used instead.
- I'm confused how Nordic countries accepted linking banking login with government ID. Neither of them is your friend and both of them are not a friend in a completely different way.
- It's not linking banking login with government id. It is a story of the banks solving an issue with remote identification and the system working well enough that the public/government also want to use it for other things.
Being able to sign contracts, engage with the healthcare system, file taxes, read messages from the government and do general banking without having to leave the home is a massive convenience boost.
We are a high trust society where the government or the banks are not out to "get you". The majority of the banks (not by volume but by numbers) are even in a structure without any ownership of the capital except for the depositors, and most of the profit from these banks that is not used to build the capital further is handed out to customers and/or the local community.
- > We are a high trust society where the government or the banks are not out to "get you".
That's not the meaning of a "high trust society".
You are _trusting_ that the banks and the government are not out to get you. That doesn't mean that they _really_ aren't out to get you. You just believe they aren't and haven't yet been disappointed enough to change your belief...
Edit: and the original article shows btw. that there is yet another failure mode, not only "out to get you". It's that the banks and the government obviously don't care a bit if some people are intentionally left behind.
- Probably because they're not corrupt America. They don't walk around checking their back every minute for "Uncle Freedom" screwing them over.
- It isn’t about corruption, when your data is now shared freely with other “partners”.
> Norway, Sweden, and Israel partner to test CBDCs (https://reclaimthenet.org/norway-sweden-and-israel-partner-t...)
Debanking someone is basically ending their lives in modern days, when your ID is linked to the banks, an ID that’s also to be used for digital services, you could get debanked for criticizing a politician in the future, for example.
And uncle freedom sure will get that data from their “closest ally”, not to mention any breaches like what happened in Sweden recently, a country that also wants to strap tracking on 13yo.
Digital ID is a nightmare anywhere’s used, it will turn any government into a totalitarian state.
- How is this different from any other form of identification? If you are stripped of that you still wouldn't be able to access these services.
- I never heard of an ID card being revoked. Reasons for refusing to renew it are also very few in my country - like not having a place to live (owned or rented).
- So homeless might be refused ID? They're no longer a person?
- What otherwise will you do with people priced out of the real estate market and unable to compile valid elaborate application documents to rent something? /s
- The difference is the link between your digital footprint and real life one. Without a digital ID, there’s a huge margin of using many digital services while maintaining a privacy, even more, anonymity too. With a digital ID, there’s a connected link between the two, further expanding the surveillance capabilities, coupled with AI to profile user’s sentiment and emotions (in Canada, they admit that will be one of the use cases https://www.canada.ca/en/government/system/digital-governmen...), you will end up in some monitored list for just stating some online opinions, if not even getting a visit, or more.
There are even tools are being sold to do that, an israeli company called logivote made a tool to scan the social media and check who bad mouthed the politicians. So expect in the near future, you bad mouth one, you get sent to jail the next day, or debanked.
- Jeez Israel is going at full speed... recently when attempting to create an account at one of the brokers based in EU I was redirected to do a "friendly 3D full face scan" with another Israeli company - Au10tix. I noped out of the website instantly.
Looking further their parent company is doing "aviation security services", oh how convenient!
- I absolutely agree. I just don't like this American superiority on HN.
- You're the one mentioning America.
- Brazil has the same. It's possible to login in the government platform by your bank login. Simplifies a lot for the general population that won't use password managers and so on. And, as banks use a 2FA, security is improved.
- That seems better than the alternative in Belgium. There the prevalent ID app "itsme" was launched by a consortium of banks.
Last year the government launched an goverment owned alternative "myGov" and now has to claw back market share, which I don't see working out.
54 points by giuliomagnifico 4 hours ago | 33 comments