Tracking is a tiny little fraction of percent of bad stuff which can be done with CBDC. CBDC allow for direct control of every single CBDC cent on the whole planet. And direct control means that every single denomination can be programmed (since they are all non-fungible) to be allowed to be spent only on specific state approved goods, or in the state approved shops. It can have expiry date. It can be restricted as to who can send money to whom, per account. And of course it can and will be tracked forever with 100% precision.
Are you protesting against yet another Orban? How about your accounts in every country of the world are zeroed now? Automatically. Are you protesting against Danish Stazi 2.0 Chat Control? How about all your money are now frozen and you can only spend a few hundred and only for groceriess, as a punishment? Stuff like that will be possible and easy.
Last I checked, the application they were working on relied on google services. So at the end of the day it's still an american company that could decide to not let you run it if they want to.
The application requires remote attestation, like any serious financial application handling money probably should, and unfortunately there are no alternatives to Apple or Google on this front at the moment.
However, this payment system also comes with physical dedicated bank cards that can be used with the new system. There is no need to run an app.
I can't use my banking app. Because of some apps I installed from f-droid, and because I modified my open source keyboard and built my own. Therefore I am the only person in the world running this specific application, since I tailored it for myself. No other system has ever seen that application, so attestation fails on my device. It's not even rooted.
Meanwhile, on my linux PC with full root access, because I am the admin, this somehow isn't an issue. No, attestation is not needed. It never was before, and it still isn't, especially because it is NOT required on systems that have way more chance of being set up insecurely. There's nothing stopping me from viewing the source code of the page. There is nothing stopping me from taking a screenshot. There is nothing stopping me from doing anything. I am root on my machine, and that's ok there. Why is remote attestation required? Why the hell would I even want google to "vouch for me" as a european?
> Meanwhile, on my linux PC with full root access, because I am the admin, this somehow isn't an issue. No, attestation is not needed. It never was before, and it still isn't, especially because it is NOT required on systems that have way more chance of being set up insecurely. There's nothing stopping me from viewing the source code of the page. There is nothing stopping me from taking a screenshot. There is nothing stopping me from doing anything. I am root on my machine, and that's ok there. Why is remote attestation required? Why the hell would I even want google to "vouch for me" as a european?
Swiss-cheese security sprinkled upon grandfathering in PCs.
The former: there's no such thing as perfect security.
The latter: PC security model is awful, but we always had it and it would break stuff to get rid of it entirely.
