What do you gain from compiling it yourself and never updating versus picking the binary you consider done and never updating that?

For the curious, look up BSI TR-03124 eID-Client and BSI TR-03130 eID-Server for technical implementation, available in English.

There's:

-the ID card which trusts the government PKI and has its own private key and certificate

- the application that does some certificate checks and facilitates communication between the card and an eID server

- an eID server which is connected to the PKI and regularly received short lived certificates to present to the card, does revocation checks, validity checks and a bunch of other stuff. Also provides a list of fingerprints of TLS certificates of eID services allowed for the session

- an eID service which opens a session with the eID server indicating requested data and ultimately receives this data from the eID server. They own the legalese certificate of which data they have access to.

- maybe another provider wrapping all this and the required certifications,. compliance and hardware into an easy to use API. But could also all be the same.

It could be argued that the government has influence on the eID server providers - which do the actual communication with the card and are the first to receive the data before passing it on - via access to the necessary PKI, but they're not directly involved in the communication.

There are some steps missing.

The card communicates with an eID server via the app. This server is connected to the PKI and receives a new certificate daily-ish and also has a revocation list of blocked IDs. There's a ridiculous amount of regulation for hosting one yourself, so you get that service from one of the two or three who provide it as a service.

ID data this eID server received from the card is then sent to the eID service that initiated the session, which may either be the entity who needs it, or another service provider who wraps another set of regulation requirements and complex eID server API calls into an easy to use API for their customers.

ID data isn't actually shown to the user in the app unless it's a custom implementation that loops it all the way back from the service provider at the end.

Same with all those Apple domains. This is the world we live in now. Operating systems and most applications are now backed by cloud services.

From the video you can also see that it's moving backwards.

The Japan Rail Pass has gotten a price hike recently and now it feels like you have to keep chasing trains a lot to make it worthwhile. The regional passes are a bit better, but still require more moving around than I'm comfortable with for a vacation.

The Deutschlandticket is only valid for up to Reginald lines and not on faster trains like IC and ICE. It's already worth it money wise for the first trip already, but only using local connections adds at least an hour per trip between those cities, plus a bunch of layovers.

It feels similar to people conflating green https check marks in browsers and trustworthiness.

exactly!

It doesn't allow for different extensions though. I need to use a full profile in order to use separate bitwarden accounts, for example.

That list contains a lot of Microsoft services and login urls and seems to be more than just telemetry, though

Possibly, idk. I'm using some variant of these lists in my personal DNS host and never had issues when using Microsoft products.