A few observations about digital vaccination certificates:
* It's really just a static QR code, you can import it into your app, but you can also make a picture of it and save it into your phones gallery. Or carry the original paper copy around.
* This unfortunately means it's easy to "steal" other peoples certificates by just scanning their code when they have it open in their app.
* The certificate will not be for your name but will that *always* be verified?
* It's really not acceptable that the source code of #CovPass and #CovPassCheck is not yet published. https://github.com/Digitaler-Impfnachweis/documentation/issues/6
Those apps used in the wild as of yesterday and you cannot really study or verify them yet. I'd really like to check implementation details of the certificate validation in them... 😕
chaos.social – a Fediverse instance for & by the Chaos community