Having lived in Germany it's quite different, but I'd argue the centralized handling of the CPR is actually quite convenient and doesn't meaningfully impact privacy. In Germany every authority has its own ID for you anyway (my password manager has a category "Government Primary Keys" for this), however that means that you have to provide all your information from scratch to every authority. This would theoretically lead to more privacy if we lived in 1926, but now computers are ubiquitous and a rogue government (like Germany is close to electing) can just correlate these keys together. Relational databases have existed for decades and JOINS are cheap. Thanks to surveillance capitalism by now we have very sophisticated ways to deanonymize people, the government can just hire someone to do it.
So the privacy in Germany is most often inconvenience for the citizen paired with hardly any privacy gain from a potentially hostile government. At this point I think the better solution is to avoid electing hostile governments. To Denmarks credit, they're currently doing that better than many other European countries.
> The big drawback of one time passwords is that it doesn't protect against man-in-the-middle attacks such as phishing, which is in practice one of the most common attacks on systems of this scale.
This is true and was definitely a criticism of the old system, where websites would open the NemID iframe and ask you for your username, password and a specific indexed OTP code, without providing any authentication to you. You only notice something weird if it asks you for an the index of a code that is not on your card but maybe the scammer is lucky and guesses an index that you have and then they can use that phished username/password/OTP triple to perform an unauthorized action.
The new system is slightly different, because if you use the mobile phone authentication it will send you a notification to your phone, but if you use the (bespoke, non-standard) OTP dongle it still does not authenticate itself towards the user. However the codes are now time-based so if they collect an OTP code they can only use it in a ~30s window, so the phished credentials have to be used immediately.
The way it worked before was that you had basically a piece of paper with OTP codes and the website would prompt you for a very specific one.
How that would've prevented this issue: not at all. If the login service is down, having the piece of paper with OTP codes is worthless as the problem is not getting the codes (I can still get MitID codes with the OTP dongle) but the authentication website. The previous system was just as centralized.
No. As I understand it the previous system, NemID was actually (co?)designed by the banks so this is what they all use. Likewise MitID is another unholy alliance of Nets (a Danish payment provider) and Danish banks.
Given the Swedish version of it is called BankID I assume the situation is nearly the same in Sweden.
A bit of a shame that it mentions the wretched type K plugs in Denmark but leaves out the "EDB" type DK 2-5a plugs/sockets, which add a new dimension of problems to the mix!
Porkbun has .party for $21.09 (bar the first year promotion, not sure about VAT) and INWX (DE, VAT included) has it 32.80€ . It is definitely more but not as scary as you made it sound.
It’s not all bad. I hope you don’t mind tooting my own horn. But there are providers who try to keep prices reasonable: https://domain.chief.app/pricing (disclaimer: this is mine)
I must say though that this (at this stage) is mostly only possible because a few (also Dutch) reseller titans that allow me to be affordable.
The cost of entry as registrar into ICANN TLDs is pretty high
Huh, thats weird. I am from Norway, and I have always used domainname.shop, a Norwegian service. .party seems to be at around 7.49€ a year (bar the first year promotion)
It is not a super fancy website, and the company is pretty old, but I don't really need a lot from my DNS provider anyways.
I'm on INWX but trying to get out, as pricing is quite expensive for regular TLDs. A .com domain goes for about €18 with taxes and all that stuff.
And the situation for autorenewal is terrible. At least when using their Spanish site (inwx.es) they cannot do autorenewal billed directly to your credit card or Paypal account, you have to previously add credit to your account "balance" and leave it hanging there until your next renewal.
Somebody mentioned openprovider.com and I'm taking a look because it looks interesting.
At least apparent complexity. See "Expert C Programming: Deep C Secrets" which creeps up on you shockingly fast because C pretends to be simple by leaving things to be undefined but in the real life things need some kind of behavior.
> I've had horrible experience with German shops, when you have an issue they do whatever to make it look like it's your own fault.
That's just the usual experience of German customer service. The consumer is expected to quote the relevant paragraphs to explain customer service why they need to cover cost of return shipping or whatever and they will fight you every step of the way (or try to ignore you). It seems to be a cultural thing.
Edit: and what makes this so annoying is that I really want to be a nice guy for the customer service, not an asshole. And when they treat me like this, I turn into a monster and I'm not happy about it.
> It's hard to take these "YouTube is popular due to monopoly" arguments seriously when the competition can't even get the basics right.
I feel the same about a lot of online shopping. In Germany people often moan about Amazon and while it's has it's share of issues, the competition is often so bad. Really slow processes that feel like someone adopted a "submit order via fax" process slightly for the web, horrible web sites, sometimes next-to-non-existent customer service. No wonder the alternatives aren't taking off as they fuck up the basics before we even get to the point of starting to compete.
I don't know? I order from plenty of non-Amazon online shops and they are fine. mindfactory.de, alternate.de, booklooker.de, akkushop.de (they messed up and order, I wrote an e-mail about it, and the company owner answered on a Saturday - the missing item went out on Monday) etc. No really bad experiences.
Having lived in Germany it's quite different, but I'd argue the centralized handling of the CPR is actually quite convenient and doesn't meaningfully impact privacy. In Germany every authority has its own ID for you anyway (my password manager has a category "Government Primary Keys" for this), however that means that you have to provide all your information from scratch to every authority. This would theoretically lead to more privacy if we lived in 1926, but now computers are ubiquitous and a rogue government (like Germany is close to electing) can just correlate these keys together. Relational databases have existed for decades and JOINS are cheap. Thanks to surveillance capitalism by now we have very sophisticated ways to deanonymize people, the government can just hire someone to do it.
So the privacy in Germany is most often inconvenience for the citizen paired with hardly any privacy gain from a potentially hostile government. At this point I think the better solution is to avoid electing hostile governments. To Denmarks credit, they're currently doing that better than many other European countries.