Yup. It's really the cheapest not the best. And Microsoft sell directly to our C suite who have white glove IT support that do everything for them so they never see any issues.
The old saying of "Microsoft is better at talking to your boss than you are" is certainly true though. Unfortunately.
I'm a British expat with a Danish job. I really dislike MitID and the Danish centralised world of (very good) public services that come with it. Each person has a number, CPR, which effectively defines your life solely to the state. Visit a library, doctor, tax man, anything official, and your ID is recorded. Buy alcohol online, go grocery shopping, use your bank card -- and sign in with it. This undoubtedly makes things easier for the state -- and I've seen produce some pretty good epidemiology work where the government can link purchasing habits and health outcomes(!) -- but it's a privacy nightmare.
MitID doesn't work on rooted android phones, or those running a custom rom. Reports from others who have disassembled it indicate that in fact a hard coded list of custom roms is checked against. It's a highly obsfucated binary, and by design is a single point of failure. If you sign in with an unauthorized device it helpfully centrally blacklists your IMEI. It's hard (but not impossible) to get a phone contract on Denmark without indirectly giving over your CPR number, so I imagine trying to get around this is frustrating. I didn't try and have a hardware dongle. One. By design, this whole system is a massive centralised single point of failure. It's absolutely key to Danish life.
That all said, most Danes would vigorously defend privacy, say that the state doesn't abuse its powers, and they're probably right. It's a very vivid vision of the 1960s Nanny State, where Nanny knows best and has your best interests at heart. Most of the time, she does. They're frequently voted as some of the happiest people on earth, so clearly the recipe of pay a ton of tax and get things from it works well. I find the privacy lack rather shocking and I've never got used to it -- in quite some ways it's an incredibly authoritarian society although no Dane would ever say that, and tell me to drink more øl and get off the internet and go for a walk in a forest. They point out that the UK has far more CCTV cameras and that we have more prosecutions for bent policemen and politicians. There's truth in all of this.
Either way, I'd be interested in seeing if they issue a post mortem on this. It'll cause a lot of issues for many, many people.
Italian living in Sweden, Malmö, and lived in the UK in the past.
I don't get the obsession you Brits have against IDs, in Europe you are pretty much the only ones. But a lot of what you say resonates with my observations:
- single point of failure: absolutely, but so is the "sign in with Google" or equivalent. It's just too convenient. I'd rather have a public service do it than a private company that can cut you out at any time without any explanation.
- Nanny State: 100% also in Sweden, actually worse here. But historically they have been pretty good at protecting freedoms, so far. The UK (or Italy) may be less nanny, but have got some very illiberal things going on these days (left or right government doesn't really matter, it seems).
- Happiest people on earth: I really doubt the surveys measure happiness. They tend to measure trust in institutions, which is very high in Scandinavia.
- It's an incredibly authoritarian society although no Dane would ever say that: exactly the same in Sweden! They would NEVER admit any failure in their society, no matter the hard evidence in front of their eyes. I guess that it's the other side of the same trust of the previous point.
- Drink more øl and get off the internet and go for a walk in a forest: At least you've got øl, in Sweden alcohol is taboo. Forests are nice, but become boring quite quickly :)
> They would NEVER admit any failure in their society, no matter the hard evidence in front of their eyes.
That must be the swedes. Danes complain constantly, about everything.
Edit: if you need examples.. DSB trains are slow/never on time/bad service/..; Post Nord takes WEEKS to get a letter out/too expensive. Well we switched to another provider now, Dao, so we’ll complain they are even worse! And complain why they are not doing it like in the good old days (see Post Nord); taxes are too high; public service is too bad/slow/low quality; too many cars in the city; never any parking space when I take MY car; the paid first child sick day is not enough we need at least a week (just for child sick days mind you, we need the 5 weeks paid vaca for relaxing on a Beach in Spain); btw our weather sucks; unacceptable that garbage collection service is not functioning during show storms; .. i can keep going all day
Denmark is like the Netherlands - where I'm originally from - and in some ways like Sweden - where I live. More like the Netherlands, really, Swedes are less likely to vocalise their dissatisfaction because they're more 'konflikträdd' or 'scared of conflicts'. Descartes may have claimed that 'Cogito, ergo sum' is one of the foundations of western philosophy but as far as the Dutch go 'Queror, ergo sum' often seems just as fitting.
> I don't get the obsession you Brits have against ID
I'm not British but to me it's extremely clear why they are against IDs when e.g. the Danish aren't. Media like 1984, animal farm, V for Vendatta etc. all came from the UK for a reason, they've always had a government entrenched in a strong class system with authoritarian tendencies.
That said, if you're Italian you should probably be wary of IDs for very similar reasons.
I would recommend getting the hardware dongle. I don't have the app, never did, and I've had none of the issues others have been complaining. The dongle is, generally, a much better experience from what I can tell, except if you need to do any authorizations on the go.
Your other complaints: 100% agree, the whole thing is a privacy nightmare.
I wouldn't count on a post mortem of any value. They still refuse to explain how the system has been abused in the past. Regardless of how hard I try, I fail to understand how it has been abused after QR codes was added to ensure presence at the device you're trying to authenticate at. The system feels secure, but has been abused a number of times and we're almost never told how.
Also British, living across the bridge in Malmö, Sweden.
I really like the centralised system, it makes navigating society surprisingly easy when compared to say, Germany or the UK.
The difference is that I sort of trust the Swedish government, they've never really done anything to breach that trust - up to and including their handling of COVID (while controversial, they took the stance of individual liberty and a "collective responsibility" over mandatory top-down systems).
The UK in contrast has a much more heavy handed relationship with the population, up to and including incarcerating people for saying the phrase "we love bacon" at a construction site or typing the letter "n" on social media. It's a different context entirely.
Also, BankID, the central system is a definite weakness, but you can have a card/pin device that still works, and it does work on grapheneOS, though it will complain a bit if you don't have google services installed... which I find hilariously awful...
BankID is not a government thing, it's developed by a company founded by a bank consortium. Once upon a time the state aimed to build an public good in this space but bank representatives in the committee responsible managed to block it.
I was under the impression that it doesn't work under GrapheneOS, great news that it does. Other than that it shares some of the characteristics detailed above, refusing to run if it notices rooting and the like. Also no Linux support.
Edit: I agree that it has a convenience to it, but I strongly suspect it has a latent tyrannical potential and that future governments will exploit this to a further degree.
The banks did not block it. The Swedish state did not want to spend 50-100 kr per citizen to distribute the secure element. They instead opted for aligning with the one set of institutions that already had somewhat good customer knowledge and could bear the cost, the banks. The incumbent telco (Telia) also tried but their system was even worse than bank id.
BankID also doesn't have Windows support. There's a defunct app that used smart-cards but it's fully deprecated and does not function.
But yes, it's owned by the banks not the state; if anything though this increases its weakness.
You can use BankID to identify with the tax agency, the public health services and police. (and more: this is just what I'm aware of) and there's an expectation that you have a BankID.
Also to identify with the banks, which was the original purpose, and many other services. It's somewhat expensive to run an integration but many customers and other users have a feeling that it is especially trustworthy as a method of authentication. One use I've had is with a file storage platform, they have an integration so that one can create shares against 'personal number' through BankID, which our customers in the public sector really liked. No need for them to juggle some account, they just share a 'personal number' and we were good to go.
The main competitor is Freja+, or just Freja, or Freja eID. It's particularly popular among immigrants, as I understand it, though not as commonly supported, especially in the private sector. There is also a semi-public electronic ID, "Skatteverkets ID-kort", issued by the same company that produces swedish passports, which is owned by the french defense corporation Thales.
This information is incorrect, I would know since Windows is the only platform I use BankID on. The app was updated just a few weeks ago as well, so fully deprecated is not how I would describe the situation.
You know exactly what you're doing, and so did the people agitating at the construction site.
They should have been arrested and taken away from the site as a courtesy to the public. You can't agitate on public property and cry foul when someone calls the cops.
How does it change anything? Being an asshole should not be a crime, that is way too fine a line to ever be a productive or worthwhile endeavor. Should we arrest someone for being like "Jesus is a level 16 Lich" or saying god is vengeful and bloodthirsty or joke about wearing mixed fabrics? Even just straight up saying "I hate you and hate your religious beliefs" shouldn't be a crime, there is nobody who would claim being liked or agreed with was a right.
I've gone the other way from Denmark to UK. And I've often had to mail copies of my passport or other identity documents via email. And my bank requires me to regular scan my face to check that it aligns with the picture in my passport.
It's the same in the US. We're really lucky that it's technically impossible for fraudsters to email pictures of stolen passports (or stolen pictures of passports) to banks and other companies for fraudulent purposes.
Weird, I'm in the USA and I've never emailed my picture or passport to a bank, or provided it in any other way. I suppose they might have a very old scan of my driver's license, certainly nothing newer than about 20 years. If they have any other photo of me it's without my knowledge.
I have experienced the same privacy culture shock in Denmark. Generally, I think the people’s trust in their government is the greatest social asset of the danish society, as well as their biggest blind spot.
Last year, I think, I saw someone talk about trust in Danish society and how it works. As a Dane it's not something I really think about, but I their conclusions where at least interesting. In Denmark you're given implicit trust, that's the default. Trust is given, not earned. That poses a problem for people coming from the outside, because trust can be lost, but because it's something that was given to you, there's not really any way to earn it back. If you don't understand that social contract, you can mess up your life pretty quickly, with no means of recovery.
This is a topic that frequently comes up in our multicultural Danish company. In many countries people have adversarial relationship with their government, which is completely unlike Denmark. This mindset requires time and effort to change for the newcomers, and is also difficult to understand for people who haven’t lived outside of Denmark.
Is the trust naive? Have there been instances of a government violating that trust? Were they held accountable?
The US was a much higher trust society before repeated governments from opposing parties violated that trust with little or no consequences. This left people with no realistic competitive party that was trustworthy, and first past the poles elections ensures they only have to be slightly less despicable than their opponent. This also drives polarization.
Having a multiple party system with something approximating proportional representation, an independent press and judiciary, and a smaller population and land area all make a large difference. The US was the last nation to use first past the poles for something besides a house of commons that was ranked a democracy by vdem I think? Definitely the last one to be ranked a full democracy. The largest remaining population ranked as a full democracy is Japan, it doesn't look too likely to change from the outside. Germany is next in size and we'll see how that goes. SK was next and they passed a rough test so lets hope. Large populations are easier to polarize apparently? I wonder if that will hold true with social media eroding the rural urban ideological divide.
>MitID doesn't work on rooted android phones, or those running a custom rom.
I find these arguments quite strange. A big part of MitID and similar services is to protect you against fraud. The most vulnerable in society (e.g. old people) aren't running these kinds of devices, and I'd rather we optimize for the general population and the people most at risk, rather than people running some weird setup that is almost identical to setups a scammer would run.
What privacy aspects are you lacking here? For all the services that MitID connects you to, there are government required responsibilities for these companies to track all of this information anyways and be able to provide it to the government if needed. That goes for banking, public services, telecom, etc. And this is in no way unique to Denmark, it's how most countries operate. Denmark has just acknowledged this and decided to make it easier.
Did you expect your UK bank to not be required to know who you are and be able to track and keep records of literally all financial interactions you have with them and their services? I'm a bit confused on what society you are comparing against.
I wouldn't bet on a postmortem. MitID is well into maintenance mode, like NemID before it.
NETS have always been very sparse with their post mortems, they don't act like a SaaS provider. Not even as a partner did we get postmortem. They're well and truly into the jaded territory. During two jobs, both as a provider (customer of NETS), and as a consumer of a provider of MitID
Note this is as a customer. The provider and in turn their customers pay pr login and a quite hefty fee at that. NETS are just too big.
They were down every few weeks for a short while (between 2020-2023), so I guess this is probably still the norm
Having lived in Germany it's quite different, but I'd argue the centralized handling of the CPR is actually quite convenient and doesn't meaningfully impact privacy. In Germany every authority has its own ID for you anyway (my password manager has a category "Government Primary Keys" for this), however that means that you have to provide all your information from scratch to every authority. This would theoretically lead to more privacy if we lived in 1926, but now computers are ubiquitous and a rogue government (like Germany is close to electing) can just correlate these keys together. Relational databases have existed for decades and JOINS are cheap. Thanks to surveillance capitalism by now we have very sophisticated ways to deanonymize people, the government can just hire someone to do it.
So the privacy in Germany is most often inconvenience for the citizen paired with hardly any privacy gain from a potentially hostile government. At this point I think the better solution is to avoid electing hostile governments. To Denmarks credit, they're currently doing that better than many other European countries.
It works just fine, but every time you open the app you have to dismiss a dialog saying that the app doesn't work without Google Play Services installed.
The Netherlands had a similar system with BSN and DigiD.
I personally prefer it, and I wish the country I live in right now had a better centralized system to deal with the government. It massively reduces bureaucracy and the need for me to produce all sorts of extremely privacy-invasive documents (such as bank statements, utility bills, scans of my driver license and passport) when dealing with the government. Sometimes I even need to mail those things, like, with an envelope.
The government can and will collect all data it needs about you at any given time, no matter if there's a centralized ID or not. It just spares everyone time and effort by removing friction.
Also, I have a very hard time to take seriously someone that unironically says the words "nanny state". It says a lot about your stance on the role of governments and society in general. What it says, to me, is very unflattering.
WeChat effectively is all of this but does work on rooted phones. There are far too many brands and variations of phones all over China running various forks of Android for them to keep track of.
Device attestation is precisely the thing I do not want my government to ever adopt. I have a Danish CPR number. They've given me a FIDO secure token generator as my phone is degoogled for MitID. Most Danes don't know what those words mean, and if they did, wouldn't understand why I distrust (all) governments (and indeed things! Three default scientific position is scepticism, albeit with varying degrees of priors)
Oh, I completely agree with you. What does help however is if the back benchers get a ton of emails about this and pressure the government from the inside – when Boris Johnson was teetering on the edge the volume of correspondence MPs received apparently made a big difference in encouraging him to be shoved out.
I'm going to try to meet with my MP the next time I'm back in the UK and hopefully get some sort of sense talked with them...
I think this article is a great opportunity to mention two under-used statistical techniques: Deming regression [0] and the Theil-Sen estimator [1].
They both fit straight lines to noisy data.
Deming regression is an errors-in-variables model that tries to fit the line of best fit when you have errors in both x and y and they are both known and in general _different_; the Theil-Sen estimator is based on medians and is particularly robust if you have an error process that fails more "one way" than the other. Simple linear regression is everywhere in our lives and yet remarkably not robust to errors that are not IID normal, particularly with a small number of data points: a process that can only fail in one direction if it breaks is likely to completely and utterly bugger up the line that you fit. Both approaches have their place and I wish were more widely used, particularly by people who like fitting linear models to complex phenomena because they are easily understood.
Many organists are not religious but appreciate the creativity and beauty of the music, buildings, and the mad range of incredibly different instruments that are all collectively called organs. Heck, in England, I've often wondered how really religious some of the clergy are...
My understanding is that (1) there is, as you say, a very nonzero risk of landing in a field and good visibility of what is _in_ that field is critical; (2) when riding thermals it is traditionally the case that many gliders soar in close proximity close to the core rising air mass, circling at quite a high bank angle – and collisions need to be avoided (many glider pilots wear parachutes for that reason…) and having visual references, particularly to mountains, really helps; and finally (3) it is common to be flying visually as one typically staircases in an altitude profile, as seen here, and go in and out of controlled airsapce (or deliberately avoid bumping into it, as I have done at 10 kft in UK airspace a long time ago).
In contrast, general aviation aircraft:
a) Have bright lights
b) Will fly in a straight line at a well defined altitude, meaning that vertical separation is sufficient to deconflict aircraft
c) Do not typically land in fields and do instead land on runways which often _also_ have bright lights.
reply