MitID is the sole digital ID provider, leading the entire country unable to log into their internet banking, public services, digital mail etc.
https://www.digitaliser.dk/mitid/nyt-fra-mitid/2026/feb/drif...
Readit NewsReadit Newshttps://www.digitaliser.dk/mitid/nyt-fra-mitid/2026/feb/drif...
You're usually about 1 service away from realising that the "money you have" is just an int32, that, if everything works properly, you can modify.
Otherwise you have nothing except a pretty little plastic card.
(I'm aware that payments systems are not affected, but it's a sobering realisation that I've had a couple of times, but it works enough of the time that I forget about it... it's a bit like the meme about backups where a computer takes too long to boot, the person slowly builds panic and starts wishing they had backed up and published all their important work - then when the computer works they say "*phew*, thank god I don't have to do any of that".
Without a trusted device or Recovery Key, Apple may impose a security delay (24 hours to several days) before allowing a password reset. Getting new SIM and re-authenticating our life will be pain.
Getting a new (e)SIM abroad can be very annoying, depending on the mobile network, which is why I try to avoid mandatory SMS authentication as much as possible.
If only it was a uint32
I remember hearing that Zimbabwe, during its period of hyperinflation, had problems because the databases for the banking system couldn't handle a time with $100 trillion banknotes, and ATMs didn't work because of overflow errors.
If only they had used int128. :)
well, luckily, that's not how money is stored, but instead, they're transaction based. Aka, that number you have is a calculated value, not a stored, arbitrary value.
Except...perhaps the central bank's, where they could really just generate that money as an arbitrary value to lend out to other banks.
footnote: of course, your account balance is cached, so that it is not recalculated over and over again...
Not really. That's how the accounting works. It's the gold standard, and what we guarantee our customers, it's not universally how we store it though. Plenty of bank systems store just singular balances and infer that back into "transactions" in other systems to make the balance even out. Then the errors in those balances are manually corrected by looking at the sums.
IT systems only rarely match the legal frameworks they operate within.
Deleted Comment
Damn, that's terrifyingly eye opening. That's a really, really strong argument for physical cash (or gold maybe?)
All of those have some very annoying fail scenarios too.
Someone trips over a cable and now your region of the world can't recognise that you have any wealth of any kind.
Or, you can get debanked by the state. :)
Hard to do that with coinage- but you can have your coinage destroyed in a fire (or via theft, of course).
What are we supposed to do?
After all that we've been through
When everything that felt so right is wrong
Now that the money is gone (money is gone)
Deleted Comment
Most of us who work in payment systems care a lot about precision and reliability.
Dead Comment
MitID doesn't work on rooted android phones, or those running a custom rom. Reports from others who have disassembled it indicate that in fact a hard coded list of custom roms is checked against. It's a highly obsfucated binary, and by design is a single point of failure. If you sign in with an unauthorized device it helpfully centrally blacklists your IMEI. It's hard (but not impossible) to get a phone contract on Denmark without indirectly giving over your CPR number, so I imagine trying to get around this is frustrating. I didn't try and have a hardware dongle. One. By design, this whole system is a massive centralised single point of failure. It's absolutely key to Danish life.
That all said, most Danes would vigorously defend privacy, say that the state doesn't abuse its powers, and they're probably right. It's a very vivid vision of the 1960s Nanny State, where Nanny knows best and has your best interests at heart. Most of the time, she does. They're frequently voted as some of the happiest people on earth, so clearly the recipe of pay a ton of tax and get things from it works well. I find the privacy lack rather shocking and I've never got used to it -- in quite some ways it's an incredibly authoritarian society although no Dane would ever say that, and tell me to drink more øl and get off the internet and go for a walk in a forest. They point out that the UK has far more CCTV cameras and that we have more prosecutions for bent policemen and politicians. There's truth in all of this.
Either way, I'd be interested in seeing if they issue a post mortem on this. It'll cause a lot of issues for many, many people.
I don't get the obsession you Brits have against IDs, in Europe you are pretty much the only ones. But a lot of what you say resonates with my observations:
- single point of failure: absolutely, but so is the "sign in with Google" or equivalent. It's just too convenient. I'd rather have a public service do it than a private company that can cut you out at any time without any explanation.
- Nanny State: 100% also in Sweden, actually worse here. But historically they have been pretty good at protecting freedoms, so far. The UK (or Italy) may be less nanny, but have got some very illiberal things going on these days (left or right government doesn't really matter, it seems).
- Happiest people on earth: I really doubt the surveys measure happiness. They tend to measure trust in institutions, which is very high in Scandinavia.
- It's an incredibly authoritarian society although no Dane would ever say that: exactly the same in Sweden! They would NEVER admit any failure in their society, no matter the hard evidence in front of their eyes. I guess that it's the other side of the same trust of the previous point.
- Drink more øl and get off the internet and go for a walk in a forest: At least you've got øl, in Sweden alcohol is taboo. Forests are nice, but become boring quite quickly :)
That must be the swedes. Danes complain constantly, about everything.
Edit: if you need examples.. DSB trains are slow/never on time/bad service/..; Post Nord takes WEEKS to get a letter out/too expensive. Well we switched to another provider now, Dao, so we’ll complain they are even worse! And complain why they are not doing it like in the good old days (see Post Nord); taxes are too high; public service is too bad/slow/low quality; too many cars in the city; never any parking space when I take MY car; the paid first child sick day is not enough we need at least a week (just for child sick days mind you, we need the 5 weeks paid vaca for relaxing on a Beach in Spain); btw our weather sucks; unacceptable that garbage collection service is not functioning during show storms; .. i can keep going all day
I'm not British but to me it's extremely clear why they are against IDs when e.g. the Danish aren't. Media like 1984, animal farm, V for Vendatta etc. all came from the UK for a reason, they've always had a government entrenched in a strong class system with authoritarian tendencies.
That said, if you're Italian you should probably be wary of IDs for very similar reasons.
Your other complaints: 100% agree, the whole thing is a privacy nightmare.
I wouldn't count on a post mortem of any value. They still refuse to explain how the system has been abused in the past. Regardless of how hard I try, I fail to understand how it has been abused after QR codes was added to ensure presence at the device you're trying to authenticate at. The system feels secure, but has been abused a number of times and we're almost never told how.
I really like the centralised system, it makes navigating society surprisingly easy when compared to say, Germany or the UK.
The difference is that I sort of trust the Swedish government, they've never really done anything to breach that trust - up to and including their handling of COVID (while controversial, they took the stance of individual liberty and a "collective responsibility" over mandatory top-down systems).
The UK in contrast has a much more heavy handed relationship with the population, up to and including incarcerating people for saying the phrase "we love bacon" at a construction site or typing the letter "n" on social media. It's a different context entirely.
Also, BankID, the central system is a definite weakness, but you can have a card/pin device that still works, and it does work on grapheneOS, though it will complain a bit if you don't have google services installed... which I find hilariously awful...
I was under the impression that it doesn't work under GrapheneOS, great news that it does. Other than that it shares some of the characteristics detailed above, refusing to run if it notices rooting and the like. Also no Linux support.
Edit: I agree that it has a convenience to it, but I strongly suspect it has a latent tyrannical potential and that future governments will exploit this to a further degree.
You conveniently neglected to mention that it was the site where a _mosque_ was being constructed.
Changes things a bit.
I've gone the other way from Denmark to UK. And I've often had to mail copies of my passport or other identity documents via email. And my bank requires me to regular scan my face to check that it aligns with the picture in my passport.
The US was a much higher trust society before repeated governments from opposing parties violated that trust with little or no consequences. This left people with no realistic competitive party that was trustworthy, and first past the poles elections ensures they only have to be slightly less despicable than their opponent. This also drives polarization.
Having a multiple party system with something approximating proportional representation, an independent press and judiciary, and a smaller population and land area all make a large difference. The US was the last nation to use first past the poles for something besides a house of commons that was ranked a democracy by vdem I think? Definitely the last one to be ranked a full democracy. The largest remaining population ranked as a full democracy is Japan, it doesn't look too likely to change from the outside. Germany is next in size and we'll see how that goes. SK was next and they passed a rough test so lets hope. Large populations are easier to polarize apparently? I wonder if that will hold true with social media eroding the rural urban ideological divide.
Did they collectively close their eyes while Denmark was the latest, at EU presidency, in charge of pushing chat control?
I find these arguments quite strange. A big part of MitID and similar services is to protect you against fraud. The most vulnerable in society (e.g. old people) aren't running these kinds of devices, and I'd rather we optimize for the general population and the people most at risk, rather than people running some weird setup that is almost identical to setups a scammer would run.
What privacy aspects are you lacking here? For all the services that MitID connects you to, there are government required responsibilities for these companies to track all of this information anyways and be able to provide it to the government if needed. That goes for banking, public services, telecom, etc. And this is in no way unique to Denmark, it's how most countries operate. Denmark has just acknowledged this and decided to make it easier.
Did you expect your UK bank to not be required to know who you are and be able to track and keep records of literally all financial interactions you have with them and their services? I'm a bit confused on what society you are comparing against.
NETS have always been very sparse with their post mortems, they don't act like a SaaS provider. Not even as a partner did we get postmortem. They're well and truly into the jaded territory. During two jobs, both as a provider (customer of NETS), and as a consumer of a provider of MitID
Note this is as a customer. The provider and in turn their customers pay pr login and a quite hefty fee at that. NETS are just too big.
They were down every few weeks for a short while (between 2020-2023), so I guess this is probably still the norm
Having lived in Germany it's quite different, but I'd argue the centralized handling of the CPR is actually quite convenient and doesn't meaningfully impact privacy. In Germany every authority has its own ID for you anyway (my password manager has a category "Government Primary Keys" for this), however that means that you have to provide all your information from scratch to every authority. This would theoretically lead to more privacy if we lived in 1926, but now computers are ubiquitous and a rogue government (like Germany is close to electing) can just correlate these keys together. Relational databases have existed for decades and JOINS are cheap. Thanks to surveillance capitalism by now we have very sophisticated ways to deanonymize people, the government can just hire someone to do it.
So the privacy in Germany is most often inconvenience for the citizen paired with hardly any privacy gain from a potentially hostile government. At this point I think the better solution is to avoid electing hostile governments. To Denmarks credit, they're currently doing that better than many other European countries.
I personally prefer it, and I wish the country I live in right now had a better centralized system to deal with the government. It massively reduces bureaucracy and the need for me to produce all sorts of extremely privacy-invasive documents (such as bank statements, utility bills, scans of my driver license and passport) when dealing with the government. Sometimes I even need to mail those things, like, with an envelope.
The government can and will collect all data it needs about you at any given time, no matter if there's a centralized ID or not. It just spares everyone time and effort by removing friction.
Also, I have a very hard time to take seriously someone that unironically says the words "nanny state". It says a lot about your stance on the role of governments and society in general. What it says, to me, is very unflattering.
As a Dane, having lived in other countries, MitID is an insanely superior to anything I've ever tried. It simplifies so many touchpoints with the government, and is honestly such a good upgrade going from nothing -> physical NemID card with codes -> digital MitID (literally "My ID").
The only real disruption I'd say is if you happen to be buying something online that triggers the 3DS prompt (an additional security layer to prevent cards getting stolen/scam). In Denmark the 3DS prompt for VISA at least uses MitID to verify you are the owner of the card, so that'll obviously not work when MitID is down.
I'll say, it has been surprisingly stable though otherwise, and disruptions usually aren't a big impact (I literally wouldn't have known unless I saw this HackerNews post).
As for a centralized identity system: I personally see this as an acceptable contract for living in a society. Most countries have SSNs anyways, your taxes and many other things are tied to this. Centralizing this identity allows the government to streamline so many things to give a better service to their citizens. For example, all official communication goes to your "DigitalPost" email inbox, your verify identity with "MitID", and every person or company has a registered "NemKonto" tied to them for any salary or government payouts.
I maybe see people get tripped up at the concept that your government should actually care about the service they deliver. That's probably already the point where we diverge when talking about if these things are a good idea or not.
Digital identity service is fine for gov services. It’s not OK as a hard requirement for anything else such as banking.
Digital ID in my country is down for about 7 days and counting. iOS app no longer opens after the recent update. I cannot pay tax without digital id app working but i can do banking and everything else.
What’s the alternative that you think is okay for that then?
Certain businesses have regulatory requirements to know and verify your identity (banking, telco).
A UK poster gave an example of how they need to mail the bank a copy of their passport and other private information.
I’d certainly much prefer simply using a digital login solution as an alternative to that. They can verify I am who I say I am, without needing my passport which I would consider a much bigger privacy invasion to hand out.
It is in fact not a hard requirement. It just happens that when you have a relatively cheap and efficient digital identity, which is by definition trusted by the government, banks will use that to reduce risk. It's not that they can't verify your identity any other way, this is just the obvious and easy one.
If you use Lunar, the 3DS prompt uses the Lunar app and not MitID.
From a technical and user point of view, MitID have had less outages than Cloudflare, AWS and MS Azure in the last year. While I agree with the single point of failure, I also like that I setup my startup with all government and banking online via a login I had the last decade, painless and faster than most places without having to upload a single document in many a unsecured ways I heard from my US and Other European friends (outside the Nordic countries).
Yes we Danes trust our institutions more than others and trust is given by default and then lost, rather then "earned" (I would argue bought) in other places.
They're very light on reporting issues, in this case Signaturgruppen a subsidiary of NETS, didn't even mark this as a full outage.
Liberal democracy is a very young experiment and people do not realise how fragile it is. In the 1940s less than 10% of countries were democratic, and we could go back there again easily.
Would be cool if multiple actors were allowed and shared the same kind of auth signing method so that there aren’t just one point of failure. Or something distributed like a blockchain type of signing method, at least I don’t think Bitcoin or Ethereum have downtime that often, and authorization should probably be read heavy only to check if some identity is still allowed
I converted this to a Tell HN post since there didn't seem to be a good 3rd party article about it in English (yet, at least). The submitted link is in the toptext. (Submitted title was "MitID, Denmarks sole digital ID, has been down for over an hour and counting".)
(p.s. In case anyone is wondering, I think this was a good submission with aspects worth discussing. It set off the flamewar detector, so I turned that off and re-upped the post a bit.)
It is indeed up again, and I appreciate you recognizing that the thread had/have some great discussion aspects about e-ID in general.
It was completely down from 10:40 to 12:17 GMT+1
That’s a remarkable failure to read the room, given the digital sovereignty initiatives across Europe.