The Norwegian welfare agency publish most of their code on github: <a href="https://github.com/navikt/">https://github.com/navikt/</a><p>It's the organization you use if you're sick, lost your job, where you get your social security etc. Basically a huge behemoth of all kinds of social or labor services.<p>While most of the code probably has little value for others (2000 different repos), I think it's quite noble that it's public, given it's made with tax payer money and serves our people. And when working there I found it quite cool to work in the open, a sense of pride in publishing everything we were doing. Also a bit funny, just checked the project I started 5 years ago: "last updated 42 minutes ago".
Italy does the same: <a href="https://github.com/pagopa/io-app">https://github.com/pagopa/io-app</a><p>This is the official government app (you can get benefits, pay taxes, etc...), downloaded by 30+ million citizens, stack is React Native + Typescript
Speaking as an immigrant from America, I really like DigiD! I wish the US had something even remotely similar. The fact that we do not have a standardized national ID easily available to everyone is embarrassing.<p>DigiD has some minor annoyances, but it's a helluva lot better than some alternatives I could think of.
I find the DigiD app to be one of the most annoying implementations of 2FA out there. You have to unlock the app with a pin code, then enter an app-generated code on the site, then scan a QR with the app, and then grant permission to login to that site.<p>If you compare that to 2FA for Office 365 for example, where you just have a push notification where you press a button to allow, then you can't help but think that some attention to UX would be helpful.<p>As it is, I usually pick SMS verification instead of using the app. Yes, less secure, but so much easier.
"...This code has been disclosed in response to a request under the Dutch Open Government Act ("Wet open Overheid")..."'<p>Sounds like it was not voluntary. Also not sure what kind of transparency is expected here, since there is no way to find if the source code published is the same used to build the app. Maybe decompilation is the way to go...
There’s a lot of gov.uk stuff open source.<p>- <a href="https://github.com/alphagov">https://github.com/alphagov</a><p>- <a href="https://github.com/hmrc">https://github.com/hmrc</a><p>- <a href="https://github.com/dwp">https://github.com/dwp</a>
In order to verify your ID with the app your phone must have NFC support to scan the passport/id, and on the screen where you do the verification it says: if your phone doesnt have support find a friend with a phone that supports it, I kid you not..<p>edit, found it in the code:<p><a href="https://github.com/MinBZK/woo-besluit-broncode-digid-app/blob/master/Source/DIG-Common/Source/DigiD.Common/AppResources.en.Designer.cs#L2093">https://github.com/MinBZK/woo-besluit-broncode-digid-app/blo...</a>
This function is interesting: <a href="https://twitter.com/jeroenfrijters/status/1615204074588180481" rel="nofollow">https://twitter.com/jeroenfrijters/status/161520407458818048...</a>
As a Dutch person this is the only bit I was never able to get/register for since it got introduced. Requested it since like 2003/2004 or something.
Great so now we can be sure some hacker working at an intelligence agency or criminal syndicate reads this and now knows how to hack DigiD, which is basically the Dutch government's SSO. After you get in you can do all kinds of things like apply for student loans, passport taxes etc. There will be another layer of security but still.. this is not great. Don't get me wrong I am not against publishing source code but they ought to think about what they publish.