Yes, by name. And that name has to be verified. They know everything else by default.

Ask them to hand over their unlocked phone so you can read their messaged.

Every EU phone number has to be connected to an identifiable person or company.

We have these groups of volunteers gathering trash along the roadside. The more they collect the more they can earn for their good cause or their organisation.

They’re being cheap cleanup for the companies that sell trash and by collecting trash they keep the stats down.

It’s not the ID. It’s the implementation. I do like the Belgian implementation… It’s been nearly 10 years now and it seems to be pretty secure and trustworthy.

You can, manually. Sounds worse than it is.

Dude…

‘‘You won’t have a calculator in your pocket all the time!’’

No, the data can’t be used for other means than authentication.

Ah, you can see clearly who gets which data with every authentication. It’s logged and I can look it up on my portal.

Actually’', apart from ItsMe, I can see every time someone did any lookup on my online data with the federal government for the last 10 years. I even get to see their names.

There’s no third party watching with ItsMe because the traffic is encrypted. The data is owned by the Federal government and the party that requests authentication gets to see what the are legally allowed to see and what you clear. With every authentication you get to see what info they request.

Not really. I signed several contracts using ItsMe. That only works if my identity can be proven. No regular 2FA will be able to do that.

I don’t think it is because there’s only one authority, one identity provider, and that’s the federal government. All authentications pass through them. Enthe Auth or any other application will never be able to prove your identity without making an online call to the federal servers.

I can’t find the blog post that I was referring to but this might help:

From their own site: https://www.itsme-id.com/en-NL/why-itsme/security

ISO cert: https://www.itsme-id.com/en-BE/business/blog/iso27001

It’s good to point out that the system was developed by a consortium of banks to simplify identity verification en prevent fraud. Banks are held to ‘‘Know Your Customer’’. KYC entails that they need to check your identity every now and then and up until ItsMe that meant that you had to verify with your eID and a card reader. Those card readers have issues. Outdated firmware and whatnot make the proces a terible experience. I have several government websites that I use from day to day and the all need my eID for authentication.

Some figures. Nearly 1.700.000 authentications every day for 11.700.000 Belgians. 80% Of the Belgians use the app.

It’s used for official authentication. The certificates are handled by the federal government. That’s only possible with a call to the federal governments servers.

Any eID or other card wil have outdated data on it at some point. Like, when you move or, when you die.

That’s exactly how it works with the Belgian system.

Same for reductionis at the local swimming pool. They can only check if I’m a local but don’t get to see my adress.

We have a local privacy podcast (Dasprivé). The CISO was featured on the podcast. I can’t transcribe everything but the community consents on the fact that they run a tight ship. The use case is very local so apart from Flemish and French speaking sources i sadly can’t get further than ‘trust me bro’ at the moment.

Every authentication uses your SIM, your civil service number and your password (PIN, fingerprint, face id). Before authenticating you’ll see all the info that’ll be shared like your, date of birth, adress, phone number,…

Acces is granular. If age verification is needed, the request will only state that you’re 18 or above for example. They don’t get my date of birth. As a resident, I get a reduction at our local swimming pool. The can use my id but the only info they see is whether I live in the city or whether I’m from outside.

Everytime my data is accessed, the acces is logged. The log contains information about the organisation and, if it applies, the person that made the manual lookup. The legality is checked by logging the legal ground for acces.

Are they trustworthy? I don’t know. We use our eID for online verification for over 20 years now and ItsMe has certainly made the whole process a breeze.

You’re searching for molecular gastronomy.

https://kitchenwarrior.co.uk/culinary-chemistry-understanding-the-molecular-transformations-of-cooking/

I have this awesome Dutch book by Cook & Chemist that lays down basic kitchen principes in a molecular way. Changed my cooking a fair bit.

❤️ Termux

Switserland is quite unique. They have referenda for big changes and are pretty conservative. Besides from that, they’re all armed and battle ready ;-)

I think avoiding functioneren creep will be a certain issue.

Belgium has such an e-id for nearly 10 years now. It works pretty good and acces to your personalia data is granular.

If only age verification is needed, the request will only grant you birth date.

Comanies that want to use it need to be vetted and their acces to your data is centrally regulated.

https://www.itsme-id.com/en-BE