Websites that support IRMA typically have a button that says Log in with IRMA. If you don't have the IRMA app on your phone yet, you will have to install it first and fill it with your attributes. If you do have the IRMA app already, there two different situations:

• When you access the website where you need to log in with IRMA on a computer or laptop and you press the login button, a QR code appears. You open the IRMA app on your phone with your PIN. At the bottom of the app's screen, there is a button that allows you to scan the QR code. The app asks if you wish to disclose the requested attributes. When you click OK, you are logged in.
• When you view the website on your mobile phone, the IRMA app is automatically opened when you hit the login button. The app then asks you whether you agree to disclose the requested attributes. After pressing OK, your phone returns to the website and you are logged in. If all is well, your phone automatically returns to the original page, but sometimes you have to go back manually.

The IRMA app is available internationally, but only a few attributes are available globally, namely email and some data from social media (which are not very reliable). The real challenge for your country is to organise interesting local sources of attributes that wish to issue data to IRMA apps. The Privacy by Design Foundation has concentrated so far on The Netherlands, where it has organised connections of IRMA to instance the government's national citizen administration, but also to medical and academic registers. Similar connections need to be organised in other countries, in order to make IRMA really useful there. Local help and support is needed for this. So do join the effort and help out, if you are interested.

Another issue is that the IRMA app itself (and its documentation) is available so far only in English and in Dutch. Since the source code for the IRMA app is available online, volunteers from other countries can contribute by translating the relevant texts into their own language.

You can see how IRMA is used around the world on the online dashboard.

Currently the Municipality of Nijmegen offers address cards nationally for everyone in The Netherlands with a DigiD, including people that do not live in Nijmegen.

You can load your email address where-ever you are in the world. You can also load attributes from some social media accounts. When you have European mobile phone registration, you can also get your mobile phone number as IRMA attribute. In the Netherlands you can obtain more attributes, for instance from municipalities, like name, address, date of birth, citizen registration number ("BSN"), but also age limits like whether you are older than 18 or 65. Students and staff can add their academic registration. Health care professionals can add their professional registration ("AGB"). With these attributes people can make themselves known in many situations.

It is expected that many other attribute sources will join the IRMA ecosystem, for users in general, but also for special groups of individuals.

Certainly, on every separate (Android and iOS and F-droid) device you can open a separate IRMA account and fill it with your attributes. It might even be wise to do so, since if you loose one device, you can still use the other one to log in.

Your personal attributes are stored exclusively in the IRMA app on your phone and nowhere else. They are protected via the PIN of the IRMA app. You disclose only those attributes that are relevant and required in a particular situation (data minimalisation, as required by the General Data Protection Regulation). For instance, in order to get a certain discount, you may have to prove that you are a student; with IRMA you can do so without disclosing your name or your field of study.

Your attributes in the IRMA app are digitally signed by the source (issuer) of these attributes. A website receiving attributes can cryptographically check that they are authentic (really coming from the source). This exchange of personal attributes happens directly, between your phone and the website. No-one else can register that you make yourself known there. This is completely different from the (privacy-unfriendly) login mechanism of Facebook (and others), used for instance at an online store. In that case the data exchange happens differently: you first have to log in at Facebook, and then Facebook tells the store who you are. In this way Facebook can build up detailed profiles of who logs in where and when.

The attributes about yourself that you collect in the IRMA app on your phone are stored in the IRMA app only, and nowhere else. In particular, they are not stored somewhere in the cloud. When you remove attributes from your IRMA app, they are really gone. You are asked to give permission explicitly before any of these attributes in your phone are disclosed, from the app to a website.

Within the IRMA app you can see on each card with attributes when they expire. The validity period depends on the stability of the attributes at hand. For instance, in The Netherlands, your name and date-of-birth attributes are valid for five years, whereas your address attribute is valid for only one year. The issuer (source) of attributes decides about expiry times. The validity of IRMA attributes may thus run out. The app warns you about this. You can always renew (refresh) them, even without warning, by reloading them from the source, just like you did the first time. For instance, after your 18th birthday you can renew your attributes from your (Dutch) municipality and then obtain an older-than-18 attribute.

This may happen with the Firefox browser on Android phones. By default, Firefox does not open links to apps, such as IRMA. You can solve this by changing the settings of Firefox. Under "Settings" go to "Advanced" and allow "Open links in apps".

On a new phone you can install a new IRMA app, open a new (empty) account, and reload your attributes from the various sources onto your new phone. Currently, there is no possibility to transfer attributes from one phone to another. This is work in progress, which involves some delicate security issues. Fortunately, it is not so difficult to load your attributes again onto your new phone. It does take a bit of time.

The IRMA app on your phone is protected with a PIN, just like internet banking apps. Therefore, when you lose your phone, someone else cannot abuse your IRMA app and pretend to be you (commit identity fraud). So you do not need to worry, assuming your PIN is non-trivial.

There are still better ways to protect yourself: upon opening your IRMA account, you had the option to register an email address. If you have done this, you can block your old IRMA account via the MyIRMA environment. Then it really cannot be used anymore. If you have not registered an email address, you can still do so via MyIRMA. This is recommended.

When you have a question about logging in with IRMA at webshop The Trendy Chicken, you can best address your question at The Trendy Chicken itself. Also when that website asks you to install the IRMA app and that fails, you can best talk to them. Often such pages contain additional info and allow you to ask questions.

If, in the end, you have a question about IRMA itself, you can send an email to the address app@privacybydesign.foundation. Please explain clearly what your point is, and provide your phone's model and supply screen shots if possible when something goes wrong.

When you log in with IRMA at a website your phone talks directly to that website. No-one is in between, monitoring that exchange. The IRMA organization cannot see your attributes — because they are exclusively on your phone — and can also not see which attributes you disclose to which website.

IRMA is produced and run by the Privacy by Design Foundation. In 2016 this foundation grew out of the Digital Security research group from Radboud University at Nijmegen, The Netherlands. It is an independent non-profit foundation. Since 2019 it has a strategic cooperation with (SIDN), the foundation that runs the .nl domain. This cooperation contributes to IRMA's stability and continuity.

IRMA is free for users and also free for websites that use IRMA for login: everyone can request attributes from the IRMA app, and will receive them after the user has given consent. But it is not free to issue attributes. Not everyone can put attributes in other people's phones, since that would quickly become a mess.

Issuing involves a fee and also a contract, in which the issuer commits itself to put only accurate (authentic) data in the IRMA app of the right person.

Additionally, a contract is available, both for verifiers and issuers, that gives availability guarantees (an "SLA") via SIDN. Since IRMA is a decentralised system, in which attributes are stored only on user's phones, the organization behind IRMA has a relatively light task. Because, in addition, this organization has no profit goals, IRMA as a whole is a cheap system.

The IRMA software is deliberately open source. This means that the way that IRMA works can be inspected by anyone: the software is available online, see GitHub. This also means that people outside the foundation can contribute. Indeed, several other organizations are contributing software and designs to the IRMA ecosystem. Of course, you do have to know a bit about computer programs in order to really understand IRMA's software, but the principle is important: IRMA has no secrets and works in a transparent manner. This contributes to trust in IRMA. There are no uneasy discussions about hidden backdoors in IRMA, like for instance in 5G telecommunications. The Privacy by Design foundation is of the opinion that all software in infrastructure with a public role should be open source.

At MyIRMA you can remove your data. Then, delete the IRMA app from your phone. If you don't use IRMA for a year, we automatically delete all your data from our server.

Please contact the organization you wish to unsubscribe from.

Follow the instructions on the organization's website. If you have any questions about this, please contact the organization.

Open the IRMA app with your PIN code and press the ‘Scan QR’ button at the bottom right of the app. Scan the QR code by pointing your mobile at the IRMA QR code. Sometimes it is necessary to give permission to use the camera.

You can usually find the IRMA QR code via a button or link ‘Login’ or ‘Share data’. Sometimes the organization does not support IRMA (yet). If you have any questions about this, please contact the organization.

This is the assurance level with which you logged in with DigiD to load the data into IRMA. Do you want to get the assurance level at ‘Substantial’? Then link the DigiD app to an identity document. After that, reload the data into IRMA. More information can be found on www.digid.nl.

The organization from which you get the card determines its contents. If your data have changed, you can pick up a new card. It will contain the correct data.

Extensive background information about how IRMA works is described by the Privacy by Design foundation at this page. People who wish to understand the real technicalities can check out IRMA's documentation page and GitHub repository.

The big picture behind IRMA is described in a IRMA Manifest which is available only in Dutch, so far.

Yes, you can download the IRMA app here: F-droid, or via https://irma.app/irma.apk. If you install IRMA this latter way, the app will not recieve updates automatically.

The IRMA app ID is an identifier for your app installation. You can find your app ID by logging in on MyIRMA. After logging in you can find the IRMA app ID on the top of the page. If you have several IRMA apps, each installation has its own app ID.

IRMA will become Yivi from 4 April 2023. IRMA will get a new name and design. We will also improve the user-friendliness of the app and further strengthen our security. Yivi stands for 'Your digital life'. Visit the Yivi website.

IRMA will continue under the new Yivi brand so that we can secure trademark rights.