Yes, I agree. It's a bit weird because finally, after decades SEPA ICT is here and could be used to back this thing. It just needs to be more user-friendly.

Polish people have such a fear of Germans, thinking Germans are constantly scheming to screw Poland over. Whereas most Germans barely know Poland even exists.

As someone who has lived in both countries its such a hilarious anxiety.

Indeed hilarious considering my grandparent still remember being put into a german nazi concentration camp.

Germans probably won't attack anyone anymore, that is true.

But Germans making huge mistakes out of misguided idealism is still a problem. And given the size and influence of Germany, the rest of the continent has always to process those mistakes as well.

> As someone who has lived in both countries its such a hilarious anxiety.

What's hilarious about it? It seems pretty well-rooted given the actual history of the two areas.

- 1939: Germany invaded in 1939, officially starting World War II.

- 1941: Germany occupied the rest of Poland after attacking the Soviet Union, which had previously occupied Eastern Poland.

- Teutonic Order/Prussia: Throughout the 13th–16th centuries, the Teutonic Order fought numerous wars against Poland.

- Medieval Period: Records show invasions by Margrave Gero (963), Margrave Odo I (972), Emperor Otto II (979), and multiple campaigns by King Heinrich II between 1003 and 1017.

It’s been barely two generations since the death camps. My grandma, who is still alive, can tell you stories of seeing trains take half her village away.

Intergenerational trauma is a real psychological phenomenon.

A „hilarious anxiety” is an incredibly naive world view.

Isn't this pretty much what Nothing are doing? At least one of their phones has a different battery rating in India than elsewhere, despite containing the same hardware.

Yes, its exactly that Stephen Dolan.

Using Git when it came out would have probably meant to use Cogito, which has been dead for such a long time by now.

Or have bet on Mercurial. Which is also close to dead. Or darcs, which has been big in certain environments and now practically extinct.

If you bought into NFTs when they were hot you would have lost money. Not every new tech is worth investing immediately.

When they were hot is not when they were new.

All of this is true.

Having lived in Germany it's quite different, but I'd argue the centralized handling of the CPR is actually quite convenient and doesn't meaningfully impact privacy. In Germany every authority has its own ID for you anyway (my password manager has a category "Government Primary Keys" for this), however that means that you have to provide all your information from scratch to every authority. This would theoretically lead to more privacy if we lived in 1926, but now computers are ubiquitous and a rogue government (like Germany is close to electing) can just correlate these keys together. Relational databases have existed for decades and JOINS are cheap. Thanks to surveillance capitalism by now we have very sophisticated ways to deanonymize people, the government can just hire someone to do it.

So the privacy in Germany is most often inconvenience for the citizen paired with hardly any privacy gain from a potentially hostile government. At this point I think the better solution is to avoid electing hostile governments. To Denmarks credit, they're currently doing that better than many other European countries.

> The big drawback of one time passwords is that it doesn't protect against man-in-the-middle attacks such as phishing, which is in practice one of the most common attacks on systems of this scale.

This is true and was definitely a criticism of the old system, where websites would open the NemID iframe and ask you for your username, password and a specific indexed OTP code, without providing any authentication to you. You only notice something weird if it asks you for an the index of a code that is not on your card but maybe the scammer is lucky and guesses an index that you have and then they can use that phished username/password/OTP triple to perform an unauthorized action.

The new system is slightly different, because if you use the mobile phone authentication it will send you a notification to your phone, but if you use the (bespoke, non-standard) OTP dongle it still does not authenticate itself towards the user. However the codes are now time-based so if they collect an OTP code they can only use it in a ~30s window, so the phished credentials have to be used immediately.

Yeah but functionally it is the same. If the website is down it doesn't matter if I got the OTP code from a piece of paper or the dongle.

The way it worked before was that you had basically a piece of paper with OTP codes and the website would prompt you for a very specific one.

How that would've prevented this issue: not at all. If the login service is down, having the piece of paper with OTP codes is worthless as the problem is not getting the codes (I can still get MitID codes with the OTP dongle) but the authentication website. The previous system was just as centralized.