Why can’t this be like that?

Because our highly corrupt, neo-liberal wannabe overlords hate the fact that we have basic privacy and data protection laws.

So every bit of digitalisation with government involvement has to be a non-funtional and totally insecure shit show so they can then lie and pretend that a) we need to remove data protection laws that are to blame for all problems and b) only big tech can do it properly so we really, really need to sell our private data to them (also c) <add random AI buzzword bingo gibberish> ).

You could at some time print out your ticket (depending on where you bought it) as a QR code . But that meant you wouldn’t need to use the DB App which is an insane security and privacy nightmare constantly breaking laws without any consequences. So they needed to limit that option and again lied about how that code can magically not save the info of who is the owner of that ticket (because… you know… basic cryptographic methods don’t exist…).

PS: Just so this isn’t just purely a rant, here’s a list of companies that still allow to get the Deutschlandticket as a chip card to avoid that horrific app.

When I cross the Atlantic I pdf or screenshot the plane ticket. Never had a problem. Why can’t this be like that?

I had this discussion with someone checking my ticket once. The argument being, that you could share the screenshot with multiple people.

The TL;DR is, that this is not true and comes from a lack of digital understanding.

For the long explanation: copying the ticket with a screenshot does provide a smaller hurdle for “copying” tickets, but the alternative is downloading the ticket on a second phone which is no hurdle at all. Even if it were restricted to one phone, I could backup my apps and restore the backup on a different phone. For every 10 ft wall there will be a 12 ft ladder, because: you can’t trust the users phone. They have full control of it.

Which is why the tickets have a UIC918.3 Aztec Code on them (what people call QRCode), which has a digital signature. Basically there are pairs of public and private keys (one per issuer of tickets), and the list of public keys is on the device checking your ticket. Without the knowledge of a private key, signing a ticket is statistically impossible (else there would be a lot of bigger problems worldwide)

That is why every control should check your id regardless. Because the Barcode does not identify you! Their assumption, that a valid ticket means you are the owner is not reasonable! And yet they do.

In another comment a user claimed that changing the name on the ticket would be thinkable, it is not. What has happend in the past with issuers of “fake” tickets is that someone got access to the private key of a local train company and was able to sign tickets in their name. (Don’t confuse “normal” signatures with digital ones: this is not like forging a signature on a cheque, but more like finding a chequebook full of presigned cheques)

After this discussion, I made a test. I saved the online (HTML) version of the ticket, changed the text around it to say I was the owner of the rail network (instead of the owner of the ticket) and changed my birthday to 69.69.420. The barcode I would download once a month, and replace it in the ticket (because again, that is the only unfakable part and in case someone would scan it I would like for it to be valid)… And never had issues with it again.

So basically I made an obviously fake but elaborate screenshot, and because something moves on it I never had issues with it. Which sucks, because in the end, it is the illusion of security that is the biggest danger to actual security.

If you have a .pkpass file you probably could import it into FossWallet (don’t know if this works for the Deutschland ticket, would be great if you could tell me :P).

Edit: I just realized you don’t have that lol.

Here’s a trick for you: While the google wallet will require an acount, downloading a file for the apple wallet will usually give you a .pkpass file.

So often you just need to visit the page on a desktop where both options are shown.

One time I also had a URL parameter where I just replaced “android” (or google) with “apple” and were then shown the apple download option.

I think you mentioned this was RIDE, right? Have you tried the desktop site or contacting support? Because I definitely got a .pkpass from them for a ticket. In fact there was a button right under the Google Wallet option

When I had that problem I was able to klick ‘add to Apple Wallet’ or something like this and it downloaded the .pkpass file. Maybe you need to spoof your useragent to present as a iOS device/PC?

Sometimes the agents who check tickets don’t accept something that looks unfamiliar though so be carefull. In most cases that does not agree with ther terms (which prohibit screenshots, not non-google wallet apps), but what’s your recourse? It’s not like anyone will sue over 7€…

Can’t really answer your questions, since u have never heard of the technology in question, but when you book the “Deutschland ticket” (Germany ticket), which gives access to every form of public transportation except IC/ICE for 58€ per month, you simply get a QR Code that you can take A Screenshot of.

The explanation is easy: Public transport has lots of tight regulations. The use of pkpass files is not in these rules, therefore nobody uses it directly.

The use of screenshots or PDFs is not secure. Fraud would be way too easy if they allowed it. Airplane tickets are an exception: because there are so many passport checks at airports, forged tickets are rare.

If I remember correctly, pkpass is a Apple standard. So maybe you can import the file into a wallet app. Then it may become usable for you. But that’s just a wild guess.