Monday, May 24, 2021

Photo Id for Voting in the UK

 There are about 3.5M people of voting age in the UK who dont have photo id.

May cannot afford a passportt and don't drive so won't get a driving license.

so government proposals to require photo id for voting is 

a) unfair on them as the hassle of getting some other voter id will deter some from voting, and is cleatly motivated around which segment of society they are likely from, politically.

b) Plan B is to have local councils generate free, or very cheap, photo id for those people to get on demand. Not a great plan, since such Id will then become a target for fake id (as it is in the USA).

This will increase voter fraud (which currently in the UK runs at about 1 case per election). at a cost of about £20M per annum. brilliantly counter productive.

but also (as experience in NI and aforesaid USA shows) will also be used for age verification, and even ID checks for people making payments, hence increasing fraud there, massively. 

Ironically, something the Online Harms bill shoud really be addressing - another piece of pointless

government legislation ust to be seen to be doing "something" for a problem that exists in another country, but not here. doh.

what's in an NHS App QR code that vouches for your vaccine status?


If you've got the NHS app (the one you use for booking appointments, or repeat prescriptions, not the contact tracer one), you can download a vaccine/covid status to it - here's mine, decoded

on it, you see my name & dob and the vaccine dose name, batch number and date, plus it is signed, and can be checked for its legitimacy - there's international protocols (at least for EU, and the UK Is still cooerating on that). If you dont have a phone capable of running the app, you can get a letter from your GP (takes a few days) - not too much data being given away here- you don't need to show the vaccine status being downloaded, you can store it (or get it emailed)and a border person could check it with (presumably) some other app and check name/dob against passport.

the code is valid for 1 month - i.e. it expires, so you then just download (or get emailed) a new one - so long as the vaccine wasn't so long ago that it's efficacy has dimmed (and we dont know how long that is yet for all the vaccines in use) you should just get a new valid QR code or cert (or letter) for another month...

not a lot of privacy threat here....nor is it a huge burden on systems to run something like this...


trust framework:


<COSE_Sign1: [{'Algorithm': 'Es256', 'KID': b'Key5PRO'}, {}, b'\xa4\x01bGB' ... (350 B), b'\xd1zo\xb3\x1b' ... (64 B)]>
    "-260": {
      "1": {
        "dob": "xxxxxxxxxx",
        "nam": {
          "fn": "Crowcroft",
          "fnt": "CROWCROFT",
          "gn": "Jonathan",
          "gnt": "JONATHAN"
        "v": [
            "ci": "",
            "co": "GB",
            "dn": "1",
            "dt": "2021-02-11",
            "is": "NHS Digital",
            "lot": "EL7834",
            "ma": "ORG-100030215",
            "mp": "EU/1/20/1528",
            "sd": "2",
            "tg": "840539006",
            "vp": "1119349007"
            "ci": "",
            "co": "GB",
            "dn": "2",
            "dt": "2021-04-09",
            "is": "NHS Digital",
            "lot": "ER1749",
            "ma": "ORG-100030215",
            "mp": "EU/1/20/1528",
            "sd": "2",
            "tg": "840539006",
            "vp": "1119349007"
        "ver": "1.0.0"
    "1": "GB",
    "4": 1624147200,
    "6": 1621341834


import sys

import zlib

from base45 import b45decode

from cose.messages import CoseMessage

import cbor2

import json

qr = input("QR plz: ")


if qr.startswith('HC1'):

              qr = qr[3:]

              if qr.startswith(':'):

                  qr = qr[1:]

bin = b45decode(qr)


foo = zlib.decompress(bin)


bar = CoseMessage.decode(foo)


baz = bar.payload

baz = cbor2.loads(baz)

fee = json.dumps(baz, indent=4, sort_keys=True)



reminder of value of contact tracing:-

but also of risks:-

Friday, May 14, 2021

Proof of Green

 so rather than burn the earth even faster in some bogus pursuit of decentralized crypto-currencies (we only have one earth, so bitcoin is inherently centralised around that one fact), why not use renewable resources to generate coins. I don't mean greenwashing where you place your mints next to hydroelectric or geothermal sources. I mean literally use the fact that sources like solar are highly time&space varying - a large solar array could be used to generate signatures (each cell will receive slightly differnt amounts of sunlight over time - the voltage generated from each, therefore varying - this can be logged (e.g. on a blockchain) with GPS coordinates (now feasible down to centimeter accuracy courtesy of new devices), and acts as a unique coin value. This can be measured and verified by other parties. It costs almost nothing to mint, and is a side effect of building more renewable (solar) energy sources, rather than a pointless consumer of them.

see the light! 

Blog Archive

About Me

My photo
misery me, there is a floccipaucinihilipilification (*) of chronsynclastic infundibuli in these parts and I must therefore refer you to frank zappa instead, and go home