PriwayChromeRoads
commented
1 month ago What worries me is not so much the efforts to upgrade to a trustworthy wallet - we got that even though a lot more complex than the relative naive ARF structure.
What is worrying is the massive resources wasted on technical structures that do EU and citizens more harm than good.
A good operational test is if it solves the Schrems II problem - i.e. support US cloud based applications which require that data control remain outside cloud.
This failure could literally tear EU down - because EU did not comply with EU regulation when it allowed some special interest groups to take technical control of how regulation is implemented.
ARF in general focus on implementing a classic PKI model with a W3C/Verified Credentials overlay in smartphones. As such the many security problems are a direct result of technical choices.
Problem is both the inherent security vulnurabilities and the alarming lack of means to prevent tracking and linking.
The main issue is that Citizens DO NOT get control by selecting which attributes to share when sharing always occur linkable. Thereby the ARF violate both eIDAS 2.0 (no privacy by design) and GDPR (not according to state-of-the-art).
In addition the entire structure is suffering from huge security vulnurabilities:
These are merely the most obvious problems. In general it is essential to assume an inherent need to upgrade the security structures on a long range of aspects as the means applied are clearly not able to meet the regulatory requirements.