This is the elephant in the room regarding the big "digital sovereignty" talks in the EU.
For the moment in the EU institutions the focus is mostly at the post-acceptance stage that everything must eventually migrate off US clouds. There is still some denial and hope that things will go back to "before" because it's going to be extremely costly to migrate, but at least high level EU civil servants start to see the strategic value of moving out.
However there is ZERO talk about mobile platforms... No alternative solution like linux for the desktop, no money or care given to the few alternative that tentatively exist, and zero talk about forcing companies (at least for the ones shipping android phones) to open up their firmwares and allow users to install alternative OS if they want to sell in the EU.
So whilst the backend guys more or less got the memo about sovereignty, I think there is still a lot of educational work to do regarding end user devices and what kind of digital slavery hole we're digging ourselves in...
This is not entirely true. I don't have much details but I know people who started to work on two separate free software projects aiming to make supported mobile OS.
These projects couldn't get funding before but they do now. Afaik it's still a battle with AI companies lobbying that soverign AI is much more important than mobile OS but there is some growing interest.
Imho i don't even think some linux based alternative to Android would be that hard to pull off but it's the hw companies that will be skeptical to build hw for such OS. I would have to be some govs puahing it as secure gov devices first.
In fact, it requires attestation: even if you install Google Play on some Android in an emulator/container/VM, on an alternative Android distro or in a rooted device, the app will not accept it.
It is true that Google (de facto) controls the platform and made themselves (de facto) essential to utilizing the platform by integrating their proprietary services so deeply into the OS that you need to be a behemoth of Samsungs caliber to even attempt to meaningfully re-purpose the AOSP, and this was a brilliant strategy because it has allowed Google to solidify their spot in the duopoly / oligarchy while seeming "open". But. I do believe that Google will continue to publish the AOSP source code under a permissive license and that this code will be indispensible to a European Manhattan project for tech sovereignty, should policymakers ever see the light.
(because you still need the hardware made, and it's not like the EU commission is even prepared to fix BSPs for that hardware)
The EU has endlessly sold critical infrastructure to US, India and China while actively sabotaging efforts to rebuild it and now want it back - for free. This is criticized as having a low chance of success, as well as being a pretty unreasonable demand.
Because this is all a political move. This so-called "EU sovereignty" drive is in fact aimed at further reducing sovereignty of the member states via further transfer of power and control to the EU.
These digital ID wallets do exactly that. Member states lose control of the ID infrastructure, which will now be controlled by the EU. There isn't much sovereignty left at national level...
Where is control in being mandated to implement and EU-wide, EU-defined system? This is a net loss.
My previous comment should be taken in its entirety. The loss of sovereignty of individual countries is comprehensive across all domains and this is just one brick in the wall.
This is totally not the EU version of China's social credit score system and WeChat SSO system.
It will totally not be used to sanction you the moment you become a nuisance to the EU elites by saying "wrong speech" that goes against their mandated doctrine or pointing out their acts of corruption or dismantling of democracy.
The EU building in Brussels even has the word "DEMOCRACY" plastered on the front in large bold letters[1], in case you forgot.
Don't fall for the trap. The question isn't how we should technically force age verification on anybody. The question is why they're pushing it onto everyone. I did not consent to this, neither did you.
But it is needed to protect the children. The politicians say so, so it has to be true. Being against this is very dangerous to our children and democracy. There is no alternative.
Seriously, there is something tremendously wrong with governance when politicians keep changing the whole world around us, without us having any say in it at all. The threat this measure poses to the internet and society is significant, yet it is being pushed through without any substantial debate or push back. This just is not how decent and actual democracies should function. What messed up timeline is this?
> Seriously, there is something tremendously wrong with governance when politicians keep changing the whole world around us, without us having any say in it at all.
That's where you're wrong. Most people actually do agree with age verification. Just because a decision is stupid it doesn't mean it's undemocratic. Trump was elected democratically, twice. Brexit passed through a referendum.
Most people are in favor of solving world hunger, poverty, the wars and climate change. Until you hand them the bill. Likewise most people will not agree with age verification when actually implemented.
It requires reason to understand the consequences of your decisions. Reason is something democracies have a shortage of. Thus, democracies structurally suffer from issues like this.
It worked great for the last several hundred years. The problem is that as government keeps expanding to control more and more of our lives, every decision it makes it necessarily imposes on everyone, whether they agree with that decision or not.
E.g. In a country of 100M people, if 60% agree with a bill and it becomes law, the country has imposed that law on 40M people against their will. That's just as true in a dictatorship as it is in a democracy. The more areas of our lives government involves itself in, the bigger this problem becomes.
> Social media is destroying children's brains! Do you want access to be delayed until a certain age?
> Do you want children under a certain age to be banned from social media, which means that you will now have to give your ID, only with Android or iOS?
Luckily, the EU's current structure was put to a referendum. That referendum then failed to get the votes needed, so they implemented it anyway. Much superior.
It's just like democracy. Without the "dem(b)" part. Much better now.
We have such warm feelings about it! What could possibly go wrong with doing such strong governance and extreme-right parties polling at record highs in more than half the EU countries? We have warm feelings now. Or maybe the warm feelings the result of 30 years of climate action in the EU. Luckily, the extreme right is hard at work defending our right to airconditioning!
When they run out of other rights to destroy, they will pipe videos of little girls crying from food poisoning into your e-verified telescreen during ChildSafe^TM viewing hours, and the result will be that you will get to choose between two state approved restaurants thereafter.
There’s a huge amount of stuff that the EU does that no one consented to, or had a realistic democratic avenue to influence.
I’m in the UK and very anti Brexit. But were we still in, I would have no idea how to influence what happens behind those closed doors at the European Commision.
Granted the current UK Labour/ Conservative pact on these issues show they’re completely out of control. But I still theoretically know how I could influence policy.
I know this sounds bad, but when has consent mattered before? I agree with you wholeheartedly, but consent is simply not something these power structures value.
Yes, I said it before and I will say it again: We should invest our energy in the discussion whether to implement it and not already wonder how to implement it.
Shifting this question benefits only those who want to force this upon us.
Doesn't the "how to implement" determine whether to implement it? A poor implementation shouldn't be done, but a good implementation could make it simpler for companies to verify the ages of users, limit information passed to companies, offer a quality of life improvement for users.
It's funny, concomittant all this chest beating about representing open societies, democracies, unlike those creepy evil authoritarian states which we don't like, that the EC seems hell bent on proving we can have a police state _just_ as intrusive if not more than say: Russia. This is not how we were supposed to prove that we are better.
I love how "they" wanting to know your age is a big conspiracy, but zuck &co hiring the best behavioral and addictions scientists to get yours kids into doomscrolling brain rot as soon as possible is a fact of life and we shouldn't do anything about it
Don't use it. Don't even consider it. Do whatever it takes to let everyone know you're not gonna use this and tell your friends the same.
These corrupt bafoons talk of sovereignty and then they pull stunts like this. Even if you're totally pro EU, vote with your actions if you can't outvote the Commission.
The unintended consequence of poorly thought out regulations (good or bad) can be wild.
I’m still having to deal with making some sort of legal agreement with EVERY website I visit over cookies constantly… I just don’t care anymore / click whatever.
I'm confused on why browsers can't automatically handle the cookies pop ups. It's beyond annoying and something that should just be automated since my preferences don't change.
I agree wholeheartedly with the argument raised in this github issue, but I think people are wrong to be skeptical about the concept of a government-issued age verification app.
Thing is, the status quo is absolutely worse. My 13yo son likes making Roblox games. Suddenly, some months ago, Roblox made a change where you’re not allowed to share your games with friends unless you do “age verification”, apparently in some misguided bid to beat the pedos. In Roblox’ case, this means sharing your 3D likeness with some sketchy American business who pinky promises to delete said data after. I don’t want random American tech companies to have my kids’ biometric info like that, able to sell it to whoever asks. Nor my passport or anything like that.
I’d much prefer a government supplied app, that’s guaranteed to protect my privacy, and has no business incentive to sell my data, where I can see what data about me (or my son) is shared with Roblox or whichever sleazy business wants it.
Obviously this only makes sense if the government is less sleazy than the average American tech business, but for all its faults, I think that currently holds for the EU (and most of its member countries). There’s plenty precedent of EU governments doing privacy-conscious apps right (the Dutch covid tracking app comes to mind).
As a purely tactical measure, we use the same older person (me) for age verification for all family members - zero failures so far and it poisons the well.
In the case of Roblox they have a horrible system where they estimate your age and only allow you to interact with people of a similar age, meaning if you verified your kid with your face then they'd only be able to interact with adults and not other kids. At least that's the theory. It doesn't take a lot of effort to figure out how a predator could misuse this system to their advantage (which is why I call it horrible)
Predators have been using roblox since its inception, but I don't think they are doing age verification because of that. They're looking to expand into more adult experiences and, of all horrible ideas, dating.
I think it is much simpler: they are feeling regulatory pressure. In various countries there are increasingly strict laws that allow people to hold companies accountable for issues on their platform. By using age verification, they can increasingly move responsibility away.
> As a purely tactical measure, we use the same older person (me) for age verification for all family members - zero failures so far and it poisons the well.
Is there a 'break glass' workflow in case you are not available (e.g., health incident)?
Government issued versus corporate issued age verification is a false dichotomy. There are other options, such as refusing games that require them. (Yes, we do have a teen, and yes we did exactly that with Roblox.)
Pretending that those options are equal is a false dichotomy. Not participating is an option up to a point, and then it is increasingly limiting all other options.
Fwiw we did that with Roblox too, but I hate it because Roblox Studio was a pretty damn fun collaborative gamedev experience.
I mean his classmates argue with their parents about whether they can install TikTok (and most parents lose). Meanwhile I’m denying my son the right to make a game together with a friend. It’s so creative and so educative and I’m saying no to it. It sucks and I hate Roblox for making something so cool and then taking it away for such stupid reasons.
I’d happily pay a license fee or sth. But I’m not gonna let them scan my son’s face.
There's plenty of ways to make games outside of Roblox. Maybe they could sit down together and work through some Löve2D or Godot tutorials? No one can take that away arbitrarily
I think GP meant “collaboratively” as in collaborating online through the game itself. The same way you might e.g. collaborate on a Google Doc.
“Sit down together” might be impractical here, if GP’s child’s friends are e.g. friends they made before a move, who are thus quite far away physically. Or friends with snobby parents who won’t let them come over to GP’s house for whatever dumb reason. Or friends with extra-curriculars such that their free time never lines up with GP’s kid’s free time—meaning that only async collaboration will work.
(That’s just a steelman position, though; in general I agree.)
Thats obviously fine to do but it is very much going to have consequences for some kids. My kids spend hours a week playing roblox with their IRL friends. 10 - 15 kids on a group call on speaker phone all logged into the same code laughing and yelling for a couple hours a night. If I was to suddenly tell them that they can't play those games with their friends it would have very real effects on their social life. My kids spend a ton of time outside with friends but to ignore that they also spend time gaming with them is not an option.
This is generally my opinion, and goodness it's swung around quite a bit. This entire debate feels like it should be solved by adequate parental controls.
To the extent that it matters, I think the missing link here is "primary education should support a parent's intent to limit unrestricted internet access for their children." That is, during school activities where internet use is unavoidable, require supervision. (Maybe a lab monitor that can roam the room and see screens?) And for homework, don't assume the kid has internet access, because that is the parent's choice, and they may well not. On the flip side, if the parent trusts their kid with that access, or intends for them to learn through real world experience, let them. That should not be the state's decision.
The problem of course is that this idea in my head is a pipe dream. Schools seem to be well onboard with digital coursework, presumably for efficiency reasons? Unclear. I'm not sure what a more practical middle ground actually looks like.
To the extent that it matters, I think the missing link here is "primary education should support a parent's intent to limit unrestricted internet access for their children." That is, during school activities where internet use is unavoidable, require supervision.
Don't get me started. We try to restrict internet time, no Youtube (Shorts are poison/heroin), TikTok, etc. They go to primary school and there is a teacher that makes TikTok videos at school, they can play Roblox in breaks, etc. (Aside from this issue, the teachers are great though!)
There are only so many battles you can choose as a parent (not getting your kids photographed, put on Facebook, etc.).
In contrast to what the grandparent states, the government should unambiguously state: no smartphones, social media, and online games in primary school, period. That's the only way to make it work. Ironically, smartphones are forbidden in all high schools here.
The California Digital Age Assurance Act is a law mandating adequate parental controls. And it's a great law that should be copied instead of doing the verification nonsense.
Homeschool and exercise close, very close, supervision over what your kids do on the internet.
I'd have hated this as a child. But the case for unrestricted internet and social media access for children being harmful, at this point, seems pretty shut.
For those who sadly cannot homeschool their children... well, we need to push for school choice and to dismantle the teachers' unions. Which probably ultimately is the same thing.
In many European countries, homeschooling does not really exist. For good reasons. Mingling with many kids from the same age cohort with diverse backgrounds is good for kids. Homeschooling is also often used by religious zealots to indoctrinate their children.
Truthfully, I don't know! Especially for younger kids though, there's usually at least an adult in the room, right? Even when they're visiting a friend, the other parent is there to step in and check on them occasionally?
I guess once you hand your teenager a smart phone (and all their friends have one too!) all bets are off. That's new, and wasn't a thing when I grew up. We were rural and on the tail end of dial-up, so I couldn't get online at home without someone hearing the modem. That sure limited my attempts to do so without permission!
People need to understand that having a majority opinion does not inherently give you the right to impose that opinion on everyone else. Such impositions must be done with extreme hesitancy and restraint.
That's why many democratic countries have a constitution which prevents the government from restricting certain individual rights even in the face of popular opinion. But ultimately, the constitution is just a piece of paper. If people are determined to impose their will on others, it can only do so much.
"Inherently give you the right"? Rights are not inherent properties of facts, they're concessions between people. Nothing inherently gives rights, rights are given by agreement. If people agree that majorities can impose their opinion, then they can.
> Rights are not inherent properties of facts, they're concessions between people.
We're getting pretty deep into philosophical territory now, but I disagree. Human rights, to the extent they exist at all, are necessarily inherent properties of individuals.
E.g. If the majority decides people with dark skin are subhuman and therefore have no rights, the majority is most certainly not correct about that, because rights are not defined by the majority opinion. They are inherent.
The U.S. Declaration of Independence put it like this:
> We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.--That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed
I concur with this perspective; rights are inherent and inalienable, and the purpose of democratic government is to secure those rights (which already exist), not to create them.
endowed by their Creator with certain unalienable Rights [...] rights are inherent,
Only if you believe in a creator that determined these right, which is not rooted in fact, but solely belief.
Personally, I do not believe a particular ethics exist as an absolute/scientific truth. It is just that some amount cooperation is generally better for everyone and virtually all humans want to avoid pain and seek happiness.
Even though I was a convinced utilitarianist when I was young, I think Kant's categorical imperatives are more powerful now: you should act only according to principles you would want everyone to adopt as a universal law. Or Rawls' original position [1].
Even though this might sound like an off-topic philosophical debate, I think it is very relevant to democracy. Purely egoism-based democracy would trample on the rights of minorities, etc. But in a democracy based on these principles, the majority would vote to project minorities, etc.
I am not sure how you would modify democracy to align with this. I think it is for a large part of education. E.g. if everyone thinks every choice is a zero-sum game (my loss is another's win and vise versa), democracy will go in a very dark direction.
>Rights, to the extent they exist at all, are necessarily inherent properties of individuals.
What's sad is that there's a formulation that's actually correct. Rights are an inherent property of societies (or stable ones, at least). Note that I'm saying rights in an abstract sense, not necessarily any specific set of rights. Not every society will value the same things the same way.
>E.g. If the majority decides black people are subhuman and therefore have no rights, the majority is most certainly not correct about that, because rights are not defined by the majority opinion.
So it's an objective fact that they're incorrect? I.e. they can be shown to be incorrect without having to ask anyone's opinion? Okay, prove it.
>The U.S. Declaration of Independence put it like this:
That's an opinion. It's perfectly fine to think these things are so obvious they don't need to be justified, but I don't agree that that's true, even if I subjectively hold the same opinion.
Everything you do affects others, unless you live in a cave in the mountains somewhere. Part of the reality of living in a society is constantly negotiating what is and isn't acceptable.
The slave aristocracy of the Confederate States of America, and members only Communist Party of China are both democracies.
What we consider democracy went through a LOT of iteration, and continues to this day. Representative first-past-the-post is a form of democracy that can have the unfortunate side effect of the minority of the electorate establishing a tyranny of the majority. There is a lot of scholarship on how to make democratic systems more democratic.
Yes? Democracy is essentially exactly that - tyranny of the majority. The reason why successful democracies have so many checks and balances, constitutions that uphold essential rights etc is because of this fact. Really the main benefit of democracy is that it prevents the government from doing things which are wildly unpopular. To the extent that it "gives the people power", that is neutered as much as possible to prevent the majority from going "hey, we don't want these people here" and committing democratic genocide or whatever.
That seems backwards to me. You can choose to personally not do business with whatever big tech corp you dislike. Men with guns will show up at your house if you stop "doing business" with the regional government.
I hear you on the overall privacy issues related to age verification with US Corps. My concern with government registries of personal information is related to things like:
- Netherlands, WWII: The Dutch civil registry meticulously recorded religion. It’s a major reason ~75% of Dutch Jews were killed, the highest rate in occupied Western Europe (vs ~25% in France, where records were poorer).
- US, Japanese internment: The Census Bureau provided block-level data on Japanese Americans in 1942 despite confidentiality guarantees; 2007 research showed individual names and addresses were shared too.
- Rwanda, 1994: Belgian colonial administrators had put ethnicity (Hutu/Tutsi) on national ID cards in the 1930s. Sixty years later those cards were the primary tool at genocide checkpoints.
There’s loads more. Europe may be safe now so it feels safe to give government this information. However, as shown in all the instances above, the information was collected for one reason and used for a wholly different reason when times changed.
Who knows what kinds of ethnicities, beliefs, behaviors or personal histories will be the focus of future regimes? It could be Roblox users, HN commenters, people who religiously repost x.com links as xcancel.com ones, anything. Whatever it is, they will have access to all the data on any system we allow them to record. This isn’t even a totally made up hypothetical from far away places, multiple governments in Europe were doing this kind of thing just decades ago. Historically speaking, we are all currently living in an unusually peaceful era, that will likely be temporary for many of us.
> - Netherlands, WWII: The Dutch civil registry meticulously recorded religion. It’s a major reason ~75% of Dutch Jews were killed, the highest rate in occupied Western Europe (vs ~25% in France, where records were poorer).
Records were poorer in France because René Carmille and the French resistance sabotaged the machines. Machines made by a large tech company which was a competitor to IBM.
> Who knows what kinds of ethnicities, beliefs, behaviors or personal histories will be the focus of future regimes?
Absolutely. But I do know who has that data -- big tech, and it's willing to sell it for a nominal price. No doubt that price will be higher for a deaparate government wanting to kill everyone with green eyes, but that just means a higher profit margin for facebook as they mine their shadow profiles.
You can (and should) be mad at the government and at Roblox at the same time.
Also, don't use Roblox, you can freely share games made with PICO-8, Löve, Godot, Rpgmaker, Game maker and the like, no need to go to the hell scape that is Roblox and its dark patern and locked down ecosystem.
My kid does Godot and TIC-80 (a bit like PICO-8 but more forgiving) as well. Those are great but they don’t beat Roblox on distribution nor multiplayer by a long shot.
I agree that Roblox is a hellscape when you want to make serious games, eg make money from it or sth, but if you just want to mess around making a “supermarket horror tower defense” game full of in-jokes and then have all five of your friends join it, and It Just Works, sorry but nothing comes close to Roblox.
Until they required age verification for that ofc.
Also, just don't ever buy any Robux and kids will auto steer away from the shitty games that need it. That filters out 95% of the badness of Roblox right out the gate.
None of the engines you mentioned are nearly as approachable as roblox when it comes to making a 3D game with little programming or art skills.
Don't get me wrong. I agree roblox is a very shady operation, but that does not erase the fact that their platform is unmatched when it comes to letting kids make games.
> Don't get me wrong. I agree roblox is a very shady operation, but that does not erase the fact that their platform is unmatched when it comes to letting kids make games.
Ok, well then, toss your hands in the air and throw away all your principles then, I suppose.
There also Luanti, the new name of MineTest, which is closer to the Roblox experience (in the sense that there already a playable game there, and creating new stuff is closing to modding than to game making).
The Roblox experience also includes a huge existing player base who may come and play your game without having to install anything new on their machines. I'd say this social factor actually matters a lot for Roblox where many if not most games are multiplayer.
The only thing close is minecraft, which from what I heard already has similar restrictions on in game chat, plus other shady maneuvers from Microsoft.
Of course Roblox have more player, but does your child really need millions of players?
It's the same network effect with other megacorp, we could argue the same about X/Instagram/Mastodon, the question could be changed to:
Do you want your children to be groomed to use closed source ecosystem from shady companies or do you prefer they gain experience in using relatively open ecosystem ?
Luanti let you make multiplayer games/mods too.
For Minecraft there way to play outside of Microsoft sanctioned versions and servers.
> Of course Roblox have more player, but does your child really need millions of players?
Nobody uses platforms because they are are looking to exercise billions of options. The point is easy commonality. You sit next to a kid, and, what do you know, they are into Roblox too. Cool. Wanna play?
When I was a kid I loved this obscure multiplayer game engine called BYOND. In fact it's so obscure that even mentioning it provides several bits of fingerprinting. It technically still exists today, but it's been on life support for 15 years. We should make something like that again.
Besides the game engine, it provided central identity (optional - you could allow players to sign in as Guest), a website to browse games and servers, a forum to discuss games and programming, and an IDE with a built-in sprite editor (it was 2D), map editor and object browser.
We have had the need to prove age for hundreds of years. To buy alcohol. To drive a car. To vote. We depend on government-issued documents to do this. Not sure why anyone would really expect this to change just because it's online now.
I bought a bag of chips without having to show my ID.
There is a big difference between: Government demands every website to have age verification, and government supported scheme by which service can opt into age verification.
As of now, American private spyware is actively filling the demand.
I get the feeling some privacy advocates are approaching the choice as a tier system, with government being the worst case.
I don't see it.
The only viable solution for the future of privacy is to not be dependent on the giant platforms in the first place.
Government is demanding age verification because the websites and platforms completely punted on the issue of keeping inappropriate content from children. Yes parents have a role here but we live in a society and we depend on/demand everyone doing their part. We (the tech sector) made our own bed here.
> Government is demanding age verification because the websites and platforms completely punted on the issue of keeping inappropriate content from children.
Nah. Parental Controls are baked into every major consumer OS. If government cared about giving guardians the tools needed to care for the vulnerable ones they're responsible for, they'd require those parental controls to be beefed up [0] and that it be a requirement that online services and both local and remote software be required to honor the restrictions required by those Parental Controls.
Instead, what we get proposed is a system that cares very much about how old you are, and not one bit about the things that one's guardian understands one needs to be protected from. This system will work for some under-eighteens, but it will fail for many others, as well as every single dementia-damaged elder or brain-damaged/developmentally-stunted adult.
What's being proposed is absolutely not about protecting people... if it were, the mandate would be to beef up the existing fully-anonymous systems, rather than requiring identifying information from users.
[0] ...I mention this because I often hear in Internet discussion that these controls are insufficient, not because I have personal knowledge that they're inadequate.
Nah. Parental Controls are baked into every major consumer OS.
Even the parental controls that are there are a train wreck. Our kid has an iPhone and the parental controls have all kinds of weird issues like, you give them 15 minutes of WhatsApp daily. First time on a day they start WhatsApp it says that all their time is up. Or suddenly they cannot run an application that was permitted by a parent. Then you uninstall and install the app again and suddenly it works.
It is unusable.
There web is also a huge hole in all of this. A lot of services you can also use as a website. A whitelist is too limiting and a blacklist is a daily task to maintain (and would require spying on your kid).
I also prefer to avoid age attestation altogether, but I am also not sure what the solution is. I think many people do not realize how much social pressure there is to use certain apps/games and how bad parental controls are. Yes, we say "no" to a lot of things, but you cannot say "no" to everything. Missing certain cultural touchstones (certain TV shows, certain games) makes your child an outsider.
> Even the parental controls that are there are a train wreck.
As I said:
If government cared about giving guardians the tools needed to care for the vulnerable ones they're responsible for, they'd require those parental controls to be beefed up...
> There web is also a huge hole in all of this.
and as I went on to say:
...and that it be a requirement that online services and both local and remote software be required to honor the restrictions required by those Parental Controls.
I expect that you don't, but if you'd like to argue that it's impossible for the government to do either or both things, then I'd argue that it's impossible for them to make age and/or ID verification work.
I agree... the government's plan (as usual) misses the mark and probably won't solve the problem. But the reason the government is getting involved is precisely because parental controls (if any) that were delivered by the platforms were too hidden, too complicated, and had to be set for every app or website instead of once on the device and have that enforced on everything.
Privacy is losing ground, despite people understanding the stakes.
Privacy advocacy is losing the battle, because it is being framed as a choice between privacy and the status quo, and people vehemently dislike the status quo.
Older systems were imperfect and were understood to be. I've meet veterans who joined the Navy at 14 or 16. I've met many College students who can pass as old enough to buy alcohol, especially with a fake id. Dead people are sometimes registered to vote. We know this and have systems to try to catch these exceptions.
But cellphone access is different; it's assumed to be perfect, but it's increasingly being moderated by machine learning heuristics that serve as judge, jury, and executioner, severing your services if a couple of your actions trigger a fuzzy approximation to some of the training data.
AI moderation helps suppress spammers, but it's also punishing false positives, and there is just no recourse. Any ID system that piggybacks on "Apple | Google" is effectively shunning some non trivial portion of society. Governments of the people need to provision their own tech systems that are accessible to all citizens, even those who have run afoul of an AI moderation system.
This year, an octogenarian friend got locked out of his android phone permanently. He had never had a PIN on his Samsung phone.
It started when he signed up at a new bank, giving them his phone number. Somehow the bank enrolled his in their online banking system, which notified Samsung, who remotely initiated the "let's give your phone a pin" flow, presumably to protect him during online banking. (This happened without his knowledge -- he had not installed the bank's phone app.)
Later that day, when his phone went into a modal "let's setup a pin" screen, he panicked, assuming an attacker had gained control of his phone, since this was not something he initiated. No button would let him exit the screen, so he powered it down. Now, when he powers it up, it demands a pin, but he doesn't know what pin that would be. The only way to get the phone back would be to factory reset it, meaning he'd be wiping his data. He had the money to replace his phone, but that may not be true of every citizen, especially at his age.
People assume digital auth systems are perfect. But you don't hear from consumers who can't get online to tell you "I've lost access."
I've shared some other similar stories: a widow who got banned for life from facebook within minutes of making an account from an apple device on a consumer ISP with her real cell phone number.
A coworker attempted to sell his son's sporting goods on facebook marketplace and was banned for life with no appeal because AI thought it was "weapons."
Some high school students each made a gmail address from the same laptop one afternoon, only to be banned the next day. Each supplied their own cellphone number, but the accounts got shut down, presumably because multiple accounts were being created from the same device too rapidly.
AI moderation means there are a ton of unwritten rules, and private companies will keep you out of their platforms if you break them. That's fine, but it means governments have no business serving their citizens from these exclusive platforms.
> e signed up at a new bank, giving them his phone number. Somehow
It started when he signed up at a new bank, giving them his phone number. Somehow the bank enrolled his in their online banking system, which notified Samsung, who remotely initiated the "let's give your phone a pin" flow, presumably to protect him during online banking.
Do you have a proof that this actually a thing? I don't see what mechanism exists to do this and I don't see why Samsung would even bother to do this.
Perhaps cooincidence and Samsung pushed an update that now required a PIN, but there was an untested failure mode (rebooting the device after the PIN setting process had been initiated but not completed).
I've never gotten banned but I've been moderated/throttled (even here with the occasional "you're posting too fast") quite often. The triggers on things happening too fast from the same IP address or session seem quite sensitive and thus when I'm doing anything critical such as online transactions I space them out by many minutes, which is inconvenient.
Hundreds? 200 years ago most people did not even have birth certificates. I can think of multiple famous examples of people who lived in Europe 500 to 800 years ago where we don't know their real age. In existing countries with poor state capacity, a lot of people don't have legitimate birth certificates and there is some evidence that they make up their age to some degree. For example on surveys in such countries there are too many people reporting round number ages. My experience in such countries is that you can find very young looking males riding motorcycles late at night around the city and anybody can buy alcohol. That's how it was in the United States "hundreds" of years ago. Please read a book.
What you’re proposing works only if the government is always trustworthy and abiding by the rules. But there has been cases that ICE agents in US was able to track down people from their social media posts and in the past Nazis used the address registration lists to track down Jews for deportation to concentration camps.
We don’t know what EU would become in 5 to 10 years in the future, and I would rather not have any identification information about me or family being stored by a government body or any other party that can track/link me or my family members
They have this information anyway if you have an EU passport or an identity card. The government app allows you to share selected properties of these documents with third parties.
It’s not only government shares that info, the government can keep track on with which parties they shared that info and for what purpose.
As an example if I’m obliged to share my ID data via government to open a twitter account how would I know that the government would not link my twitter account to my ID and later use that info keep track of me and prosecute?
People would think that it would never happen, but not long ago that actually happened in East Germany. The Stasi kept track/files on almost every East German and this would be a digital version of the same thing
It doesn't have to be an either or dichotomy. For example, you could pass laws that make it illegal for an online game to demand age verification, identification, biometrics, etc. The main reason for any of this are some corporate attorneys justifying their own salaries based on "what if" and scaremongering. Regardless of how much personal information they succeed at demanding at this stage, or how [in]effective it is at addressing their claimed problems, they will be back again pushing for even more until they're actually told a hard "no".
> this means sharing your 3D likeness with some sketchy American business who pinky promises to delete said data after. I don’t want random American tech companies to have my kids’ biometric info like that, able to sell it to whoever asks. Nor my passport or anything like that.
Actually the market leader app for scanning faces and documents is an Israeli company. They encourage to use mobile for scanning, for your convenience. They promise they delete the data. Yeah, if they're lying you can sue them in Israel.
Then get your kid off Roblox. I promise you that Roblox exploits more children in a single day than all sex offenders put together do in a year.
Why is pedophilia such a problem on Roblox? It's because they heavily advertise towards children and one of the fastest ways for children to make money is asking their parents, then next is prostitution. Roblox is uniquely bad because they heavily advertise both products and the "self-made entrepreneur" image to children.
Putting the blame on nebulous "predators" when the system itself is clearly to blame is the very tacit Roblox relies on. Look at vehicular manslaughter are drunk and distracted drivers solely to blame for deaths? Clearly not since there are just as many drunks and phones in Europe as in the US. When the system creates more predators than exist otherwise then you know it needs to change.
If your son likes making games keep him on Godot. Your job as a parent is to find or build a good distribution system. you can see if he is generally interested or if he was pressured by an exploitative system grooming him into pumping out slop for the trough. Age verification is going to make the platform more exploitative in the business sense. Both in that it legitimizes bad practices and lets Roblox target their exploitative practices more effectively.
Funny you use Netherlands as a good example, considering that famously, their existing unusually thorough registry was super helpful for the Nazis rounding up jews later.
I don't think it's Godwin's Law when you are so spot on, exactly describing the worst case.
Additionally there was a leak of the personal information of covid patients, the official tracking app was not affected as far as I can tell.
However even if the app is secure the storage and handling of the information is a different matter and it has been shown that care is not always taken.
Why would an age verification app need to know your ethnicity/religion?
Governments likely already know your name, age, place of birth, so having an app with a standard API for verifying users isn't giving the government additional data.
It is one extra attack vector. There is a data leak reported every week, and it is now apparent we cannot trust any organization to handle any datum securely, at all. It has gotten to the point where I now consider every piece of information compromised and sold on the dark web as soon as I am forced to transfer it to a third party. Because those are the odds.
It's also replacing all the personal information stores from thousand applications and websites you have previously registered, or would have to. So arguably it's thousand attack vectors less.
First, the user downloads the app onto their phone and sets it up by certifying their age. This can be done with a biometric passport/ID card, a national eID (e.g. national ID Card or other electronic identification mean), a pre-installed third-party app (e.g. a banking app), or in person (e.g. at the post office). Only the information confirming that the user is over the age will be saved in the app. No name, no birthday, or any other data is saved.
After completing this step, the communication between the app and the provider certifying the user’s age (e.g. eID, third-party app) ends. No further data is exchanged.
I'm imagining something like recreation.gov in the US - it's the portal for booking campsites and other activities at national parks. It's run by BAH at great profit - most of the fees we pay aren't going to the national park service, it almost all goes to our corporate overlords.
Not necessary to hearken back so far in history. In our present age the intelligence services consistently do not respect privacy rights of citizens, even when they are legally bound to.
Sure, but the poster was not just wrong, but wrong like "peace in our time" wrong. "Adolf? What a charming name" wrong.
Amusingly fantastically wrong.
NL may have its own issues like you linked to, but more uniquely had their collected data abused more than other countries in probably the worst event in history.
I don’t follow. The Dutch tax office has substantially more complete records right now. Even if they don’t track race or religion as explicitly as they did in the 40s, your hypothetical invading Nazis can run some local AI over people’s last names and get close enough.
How is, of all things, an age verification app going to make that worse?
I mean I understand your argument in principle but it seems you’re arguing against ~every present-day functional government and not against an age verification app.
I'm not even saying your conclusion is wrong. But choosing Netherlands about how information control is safe in the hands of the government is a bit of an own goal.
Like if I was the boss of a train company I would probably not put up a photo of Mussolini as a motivational poster. Well… maybe I would, but only ironically.
> How is, of all things, an age verification app going to make that worse?
What are you arguing for, here? If everything were perfectly anonymous, maybe. But NOT ONCE in history has governments decided to not abuse power. It'd be so easy to just put a tracker in there or something.
All these "think of the children" arguments are ALWAYS red herrings. Literally any action, any freedom denied, can be justified in the fight against CSAM. And so they get rushed through and abused.
The EU DNS filter (CSAADF) was literally IMMEDIATELY abused to block other things too.
"It's just age verification". Is it, though? How do you verify age without verifying identity? How do you verify its use, without tracking. Provably without tracking. Provably without what's called "turnkey tyranny"?
I think if your argument, which is an extremely common argument, is "I just want to block children's access to bad stuff on the Internet", then you cannot possibly have been paying attention to this debate that's been going on since at least the mid 1990s. Were you even born when this was being discussed? If that's your argument then you have about 30 years of catching up to do before you should speak.
[1] yes, I know Mussolini did not in fact make the trains run on time.
Your comment sounds like a politician who has just heard a magic technical incantation that solves everything.
I'm sorry, you can't just drop "quantum computer", or "zero knowledge proof", or "flux capacitor", and think that you have solved the problem.
Just dropping "zero-knowledge proof" as if it's a mic drop moment is like when Turnbull said "the laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia".
The devil in all this is in the details. Just saying "zero-knowledge proof" is just barely more productive than saying "won't someone please think of the children?".
If you don't have a complete solution, then you're "not even wrong".
In addition to that, you have misunderstood how zero-knowledge even addresses the main problems. Not the technical problems, and DEFINITELY not the meatspace problems.
Trusting government... Do you even know any history? Like any? How many more atrocities, genocides, mass murders, lies, fraud, and many, many other crimes must these governments commit and also try to hide before you learn your lesson?
I'm just gobsmacked, and your e the highest up vote... HN is simply full of government skills and I'm not even allowed to point that out. Crazy stuff.
The "app" could be a good solution, if it didn't require attested Android or iOS. It could, for example, have me plug my ID chip into my GNU/Linux system and expose it with a standard protocol. That would be no problem. The problem is that they do not want such a way.
In any case, I think that age gating would not be needed if the platforms were regulated to remove addictive recommendation algorithms.
Using an ID card reader is already possible. See here for a list of Linux repos supporting German IDs: https://www.ausweisapp.bund.de/en/open-source Finding a working hardware/software combination for your ID card is up to you.
The app is an alternative for people who don't want to buy or carry around a card reader, but who already have a smartphone.
It is possible for e-signatures and similar variants. However, there is no sign that the "age verification" will support this variant. If you go to the demo <https://cinema.ageverification.dev>, no option is given other than the Android/iOS app.
So it seems that the app is only an alternative in the case of government portals, but it is not an alternative for "age verification".
ID cards aren’t exactly super standardized inside the EU. German ID cards have a RFID chip which basically contains all the same info that’s printed on the outside (PIN protected).
Smartphones can read that chip and the state as well as private businesses could in principle use this to do age verification – even the super minimal version of age verification that just asks for a certain age threshold and gets a binary response whether that threshold is met. (Which to me if we can achieve it is the perfect solution.)
The infrastructure is there and since 2017 those RFID chips are even actived by default when new ID cards are issued. (The cards are valid for ten years so nearly all ID cards have those active chips.)
The biggest issue currently is a network effect one: hardly anyone is using the chip so people don’t create their initial PIN, creating a UX hurdle for adoption. (If you want to use your ID card chip you have to find your initial PIN somewhere in your documents – if you didn’t throw it away – and then create your proper PIN, you can’t just start using it.)
I can sense usage increasing but exactly because of the poor initial use UX all sorts of private alternate solutions exist that are plain worse from a privacy preserving point of view. For example ones where you film your ID card from both sides (so the hologram is visible) which just suck. (You just share everything … which is just so unnecessary.)
To change this we would need a policy that requires age verification without sharing the birthdate or any other PII.
Unfortunately, we can't even get states to commit to our RealID requirements[1] (which doesn't even add a chip/PIN, it only strengthens validation of documents submitted at the time of application for a driving license). And the notion of a national ID is anathema to large swaths of the population.
Many (all?) EU countries have a national ID card, and most (all?) IDs has a chip that can be used for secure document signing. I don't know if it can be used by itself for age verification. Maybe it would need to contrast your signature with some sort of DB that can retrieve your age...
I'm still wondering how this is compatible with laws concerning disabilities, the elderly and those with certain religious believes. They already keep everything governmental related multi modal (you must be able to do it some other way, and almost always this include by proxy and on paper). This is some Draconian way of doing it.
Funny how the worry of "digital exclusion" of the elders who would never be able to use a smartphone has been thrown out of the window in recent years.
Don't worry the focus is on the youth with this legislation. I have the suspicion it's about indoctrination of surveillance as normal.
Additionally the amount of elderly that don't have or can't use a phone or don't have anyone that can help them with it will decrease rapidly anyway. In my experience it's mostly the same generation as the people that remember WWII.
They probably think that they do not use "social media" either, so it does not affect them. But elders are not the only category. In any case, it is fundamentally wrong to be forced to use a specific platform, American or European, mobile or desktop, for Internet service access.
I don't think this is relevant for them by definition, so that's an odd point to raise. It's hard to be encumbered by having to manage a digital identity, when you don't do anything digitally in the first place.
That's because they are lying to the people here. Just look at the "we must protect the children" lobbyists. It has never been about the children in the first place, that is just the convenient lie to force an authoritarian system in place.
Regardless of whether you personally use Android or iOS, I think that we can all agree that it is not right to be forced to use a specific platform in order to access almost any Internet services.
This is only an issue if it's the only way of verifying your age. If it's still accessible to everyone and this makes it significantly easier for 99.9999999% of people then why not?
Well, the plan is for it to be the only one. And even if it isn't, what's the alternative? Persona again? No thanks. They could have helped and made an alternative version of this system which used the ID chip plugged into a desktop PC, but they intentionally won't do so.
You won't be able to see a doctor when you're sick.
You won't be able to open a bank account to receive your salary.
You won't be able to buy train or plane tickets.
My point is I am most worried that these kind of "digital verification" type things most impact actual necessities. The social media I couldn't care less about. "I just won't use it" isn't really a solution.
You already can't do any of these things without some kind of governmental issued ID which already has your birthdate on it.
idk why people are so scared of it, do you really believe they don't know what you do on your personal internet connection linked to your name and payment data ?
Like yeah sure if you pay everything in cash and never use internet OK that's a big problem, but for the average HN shitposter who's already terminally online it really doesn't change much
> do you really believe they don't know what you do on your personal internet connection linked to your name and payment data?
Many people in the Western Europe used, until very recently, prepaid anonymous mobile data cards that they recharged monthly with charging vouchers paid for in cash.
All this ended in the last 5 - 10 years. The U.S.-American corporate glass citizen slave mentality is actually a little tad bit new here, thus the outrage.
> You already can't do any of these things without some kind of governmental issued ID which already has your birthdate on it.
Do you have to present this ID for every purchase you make or every website you visit? Will it be stored and processed by every shop you enter? If not, how is this relevant here? Currently, the personal data exists but is not accessed by anyone unless it is really required. And even then, the scope can be minimized if the user wants.
> do you really believe they don't know what you do on your personal internet connection linked to your name and payment data ?
Yes. I use Whonix on Qubes to access HN and other websites.
> but for the average HN shitposter who's already terminally online it really doesn't change much
> Do you have to present this ID for every purchase you make or every website you visit?
Basically yes, your mobile connection is attached to a name, your landline is attached to a name, your adresse too, the card you use to pay online too.
Well yeah, and that's why we use a third party app instead of having each website implement their own half assed solutions. That's like the entire point of this thing...
Well, they could change the laws to force people into slavery here,
e. g. by forcing them to use US corporations ("if you do not have
an app from Google store, you are excluded from society"). In that
case they see age sniffing as ultimate tool of spying on everyone,
so this is probably the real goal. What we all can see is that this
has never been about children - they are just abused as the red
hering here.
> "if you do not have an app from Google store, you are excluded from society"
It would be a difficult choice but would it really be so bad to be excluded from such a society? Don't a lot of people from silicon valley dream to be farmers in the wildlands?
I would never do this verification with my real face, and neither should anybody else. Kids get around this using video game character creators. You can too.
As a netizen it's your duty to avoid, oppose, and circumvent anything that forces you to use your real identity.
This entire issue is a disaster of a Github issue. It looks like its on the entirely wrong repository. I did eventually find the text in another repository; the one for the Android reference implementation: https://github.com/eu-digital-identity-wallet/av-app-android...
It was removed from there to clarify the entire "Hey, this application is not done yet"
It being in the reference implementation instead of the spec is a massive difference. One means that it's just there to show an example, and we should push national governments to do it better in their implementations, while the other would mean that it'd be a requirement for all implementations, which it doesn't appear to be.
It used to say that, it was removed as a PR measure, while in practice the national implementations (as you do not use this app, but a national one) require it, because the specification only mandates Android/iOS versions to be provided (it allows others, but no government will do so), and it does not mandate them not to have "attestation".
From what I can gather from the linked discussion it was started as a pull request or a issue and was transferred to a discussion later. Perhaps some data was lost there? If you expand the comments fully there is also mention of a nuked merge request, I assume it was related to this text.
Edit it was not visible from the discussion link but it is visible from the issue link below. Also it seems to be transferred over from a totally different repo?
Two platforms that are not owned by companies in the EU. Effectively handing the keys to your state ID to private foreign enterprise.
What will you do when Apple/Google or the US Government effective immediately delete/block your app? The impact initially may be small but after a few years if widely used, you can break a country.
Another juicy threat vector is forcing the app stores to stealthily ship a modified version of the app that sends copies of the IDs and/or tracking data to US intelligence services.
(Reminder: we know Persona's verification software already shares verification data with the federal government. It's a leap to modifying other apps, but within the realm of possibility of US government power. There is absolutely desire from them to gather blackmail material on politically important people, and age verification systems connected to adult sites/apps are a great way to do it)
This is a problem, but not the only one. The biggest one is that the phones in question are locked and deny user freedom. I would not be content with an European "alternative", but which is as locked as iOS.
This is even more than just android, I'm sure there are plenty of us using AOSP forks that do not have google services installed. I think the EU will overturn this with enough noise though. Hopefully the UK doesn't do the same, I've avoided having to root my phone so far and would like to keep it that way if possible.
> European "age verification" "app" forcing everyone to use Android or iOS
As a european if I wanted to see the glass half-full I'd say: at least the good news is that from that headline we can name a gigantic loser... Microsoft.
The issue is not the issue, the issue is what their "solution" enables for expanding the surface that governments have for controlling details of how you live your life in the future once accepted.
The spec mandates mobile versions to exist, and not PC ones. While a PC version can be provided, no government will do that, because they will do the bare minimum.
You must realize, age verification is for more then just Googles Android apps.
Such a strong new legal framework must consider consumer hardware actually in use:
- Android variations Like GrapheneOS, Huawei's HarmonyOS, older phones running custom ROMs
- Linux phones, which are sold in
the EU and by EU companies
- Desktop operating systems
All of them can run Web Apps, and thus need age verification
Even on the Android or iOS phone the EU app won't run if the device owner made even a tiniest change of the operating system without Google or Apple approval.
The EU developed system excludes the 1% of people for which the popular mobile solutions do not work and also make the rest 99% totally dependent on the selected corporations.
I don't understand. Even if you run GNU/Linux, when you access a restricted website on it, you will have to scan a QR code with the Android or iOS app. <https://cinema.ageverification.dev> is a demo which shows that.
Unrelated to the substance of the comment but this is a depressing example. Imagine having to verify your age and your identity to buy a movie ticket. This is pure insanity.
Dark times are ahead. Anyone that doesn't see we'll all be living in dictatorships within the next 10 years is putting their head in the sand.
We have a definition at the beginning, for "Social media and other digital services (in short, social media+)":
“Within the scope of this report, the terms ‘social media+’ and ‘social media and other digital services’, are used to broadly define services that may be available to minors and contain age-inappropriate and/or risky features (for example, addictive and harmful features, among which infinite scroll, autoplay, recommendation algorithms and persistent notifications) and/or content. Social media and other digital services providers include online platforms serving as intermediaries of content from third parties, such as social media, as well as app stores. AI systems posing risks to minors’ safety and development, including AI companions, video games exposing children to harmful commercial practices or dangerous contacts, and video-sharing platforms enabling age-inappropriate access to minors are also included.”
So, let's see, services that may contain age-inappropriate and/or risky content, "online platforms serving as intermediaries of content from third parties".
How quickly can you come up with something that wouldn't fall in that definition?
It seems that anything that allows user-contributed content (such as plain old forums) or communication among users would be comprised in it.
And, yes, to be sure we explicitly include app stores (I guess including e.g. F-Droid, and what about software repositories?) and video games with intercommunication features.
What is this definition used for?
Recommendation 1 of chapter 3: “A harmonised EU-wide access restriction to *social media and other digital services*, including AI companions, for children under 13 is necessary.”
This is a report, not law, but it was commissioned by Ursula von der Leyen and
“The report is intended to inform future actions to be proposed by the European Commission and EU Member States to reinforce child safety online.”
What baffles me the most is how the EU commission constantly
works in favour of US corporations in the long run. This is
really strange. Something does not work in the explanations
given by the EU commission. To me it looks like US lobbyists
run the EU here.
Well, they really, really, really want the end game of tying (real) identity to digital identity. And they want it now, not 10+ years in the future when _theoretically_ there _might_ be some EU-friendly mobile operating system that everyone uses. Right now, Google and Apple are basically the entire smartphone market, so they gotta work with what they've got if they want these plans to come to fruition.
I guess it's that time of the week again. Do we have a sockpuppet account to welcome in you by any chance?
The (actual) complaint of the thread appears to be resolved already (which would make sense given this is old news):
> In the README, the following is listed:
>> App and device verification based on Google Play Integrity API and Apple App Attestation
The README.md does not appear to feature such a section (nor any of the other files for that matter).
Separately, the title is editorializing, and falsely suggests there's some big bad EU app, even though the app that does exist is merely a reference implementation, not for end user usage. There's a reason the repository you're linking a discussion thread from only holds specs.
Edit:
> the specification does not prohibit it
My account has been rate-limited, so I'm not able to reply directly. Nevertheless, I'm sure you can appreciate that your title is still quite the lie then. "Not prohibiting it" is very different from "forcing", after all.
In the thread you will find many examples of national implementations which do require attestation. It was removed from the README as a PR measure, but in practice the specification does not prohibit it, so national implementations will still use it.
Tells us the us is some sort of failed democracy then implements China like access control for the population because they want to ensure they can prosecute you for wrong think in the future. Yeah Im loving this "liberal order" that looks more like good old facism dressed up to look "nice". Even how the passing of chat control was done has ensured I´m voting for any party that will dismantle the EU. EU Parliament is not a democratic of representative institution. Its about as legitimate and democratic as the Duma in Russia.
> Are there any other Operating Systems than iOS, Android or Android flavors
Yes, there are many more: GNU/Linux, Windows, macOS, *BSD, etc.
This will prevent people who only own a computer and not a modern iOS/Android smartphone from accessing services and platforms.
This also sets a very strong anti-competition pressure. Which company will try now to invest on developing a new OS for smartphones if we already know users will not be able to access the most popular services & platforms with it?
Well, that would boost up torrent and sites and places like Usenet and IRC with no age verification at all.
English speakers can just use overseas servers (or non-UE services such as the ones in Switzerland). And maybe Usenet servers outside the US too.
Spanish speakers in Spain will just register services in Latinamerica sites with a VPN. Despite the dialect differences, non-jargon Spanish it's understood everywhere and once they got their user registered they can switch the country anytime.
Distros like Trisquel will just set their sites and mirrors outside the EU.
And, well, if they provide a portable torrent client for Windows among the torrent the law would be utterly broken.
Yes. LineageOS, GrapheneOS, Arch, Sailfish, various other open distros, Windows Phone, and a surprising number of random proprietary options (these are sometimes based on Android, and have some social media apps, but can't run regular Android apps that weren't specifically designed or altered for it) including for modern dumbphones. There are always more over time, too.
There's also old versions of iOS and Android. We don't want to end up in a situation where people are locked into one of only two vendors and can be forced to keep buying the newest model to use an ID app that only supports the most recent software. That'd be even worse for the environment than the current disposable smartphone culture.
Everything to do with the age verification push is corrupt and stupid to begin with. There isn't even a legitimate cause behind all this for forcing ANY app, even if it didn't also force people to buy a specific, expensive, privacy-invading American product.
Even in a world where Android and iOS have 100% of market share, the law (including indirect but obvious consequences of the law) should not force using them.
> Are there any other Operating Systems than iOS, Android or Android flavors?
I remember a gov.uk team presentation. They had a usecase of someone using a PS Vita to access a government assistance program because that was the only device they had access to.
Among 450 million people in the EU there are definitely more OSes than just latest versions of iOS and Android.
This is the elephant in the room regarding the big "digital sovereignty" talks in the EU. For the moment in the EU institutions the focus is mostly at the post-acceptance stage that everything must eventually migrate off US clouds. There is still some denial and hope that things will go back to "before" because it's going to be extremely costly to migrate, but at least high level EU civil servants start to see the strategic value of moving out.
However there is ZERO talk about mobile platforms... No alternative solution like linux for the desktop, no money or care given to the few alternative that tentatively exist, and zero talk about forcing companies (at least for the ones shipping android phones) to open up their firmwares and allow users to install alternative OS if they want to sell in the EU.
So whilst the backend guys more or less got the memo about sovereignty, I think there is still a lot of educational work to do regarding end user devices and what kind of digital slavery hole we're digging ourselves in...
This is not entirely true. I don't have much details but I know people who started to work on two separate free software projects aiming to make supported mobile OS. These projects couldn't get funding before but they do now. Afaik it's still a battle with AI companies lobbying that soverign AI is much more important than mobile OS but there is some growing interest. Imho i don't even think some linux based alternative to Android would be that hard to pull off but it's the hw companies that will be skeptical to build hw for such OS. I would have to be some govs puahing it as secure gov devices first.
They could try and put money into funding Jolla/sailfish/whatever
Isn't AOSP a thing?
This app requires Google Play. AOSP alone won't cut it.
In fact, it requires attestation: even if you install Google Play on some Android in an emulator/container/VM, on an alternative Android distro or in a rooted device, the app will not accept it.
Writings on the wall can’t be clearer on AOSP’s future…
It is true that Google (de facto) controls the platform and made themselves (de facto) essential to utilizing the platform by integrating their proprietary services so deeply into the OS that you need to be a behemoth of Samsungs caliber to even attempt to meaningfully re-purpose the AOSP, and this was a brilliant strategy because it has allowed Google to solidify their spot in the duopoly / oligarchy while seeming "open". But. I do believe that Google will continue to publish the AOSP source code under a permissive license and that this code will be indispensible to a European Manhattan project for tech sovereignty, should policymakers ever see the light.
Have to throw in this 13 year old Ars Technica article as a follow up:
https://arstechnica.com/gadgets/2018/07/googles-iron-grip-on...
Still amazes me how everyone isn't cynical-by-default about anything Google (or big tech in general) open-sources yet...
You mean giving China control over it?
(because you still need the hardware made, and it's not like the EU commission is even prepared to fix BSPs for that hardware)
The EU has endlessly sold critical infrastructure to US, India and China while actively sabotaging efforts to rebuild it and now want it back - for free. This is criticized as having a low chance of success, as well as being a pretty unreasonable demand.
TIL Google is China
Because this is all a political move. This so-called "EU sovereignty" drive is in fact aimed at further reducing sovereignty of the member states via further transfer of power and control to the EU.
These digital ID wallets do exactly that. Member states lose control of the ID infrastructure, which will now be controlled by the EU. There isn't much sovereignty left at national level...
Each member state has to implement the system themselves. Where is the loss of control?
Where is control in being mandated to implement and EU-wide, EU-defined system? This is a net loss.
My previous comment should be taken in its entirety. The loss of sovereignty of individual countries is comprehensive across all domains and this is just one brick in the wall.
This is totally not the EU version of China's social credit score system and WeChat SSO system.
It will totally not be used to sanction you the moment you become a nuisance to the EU elites by saying "wrong speech" that goes against their mandated doctrine or pointing out their acts of corruption or dismantling of democracy.
The EU building in Brussels even has the word "DEMOCRACY" plastered on the front in large bold letters[1], in case you forgot.
[1] https://audiovisual.ec.europa.eu/en/media/photo/P-069521
10000 basis points agree.
Add here shared border control since 2027 in eu, and chat control now.
And prominent names like democratic republics of Kongo and North Korea.
Don't fall for the trap. The question isn't how we should technically force age verification on anybody. The question is why they're pushing it onto everyone. I did not consent to this, neither did you.
But it is needed to protect the children. The politicians say so, so it has to be true. Being against this is very dangerous to our children and democracy. There is no alternative.
Seriously, there is something tremendously wrong with governance when politicians keep changing the whole world around us, without us having any say in it at all. The threat this measure poses to the internet and society is significant, yet it is being pushed through without any substantial debate or push back. This just is not how decent and actual democracies should function. What messed up timeline is this?
Maybe we should protect the children and then they couldn't use the excuse
their parents won't protect them and everyone else has to pay for it. maybe they shouldn't have been allowed to have kids.
Nothing could possibly go wrong with eugenics
The Idiocracy scenario we've stepped into isn't much better...
It is. It's far from good, but it's much better than eugenics.
Note that we do have a system of eugenics, which we call money.
> Seriously, there is something tremendously wrong with governance when politicians keep changing the whole world around us, without us having any say in it at all.
That's where you're wrong. Most people actually do agree with age verification. Just because a decision is stupid it doesn't mean it's undemocratic. Trump was elected democratically, twice. Brexit passed through a referendum.
Most people are in favor of solving world hunger, poverty, the wars and climate change. Until you hand them the bill. Likewise most people will not agree with age verification when actually implemented.
It requires reason to understand the consequences of your decisions. Reason is something democracies have a shortage of. Thus, democracies structurally suffer from issues like this.
It worked great for the last several hundred years. The problem is that as government keeps expanding to control more and more of our lives, every decision it makes it necessarily imposes on everyone, whether they agree with that decision or not.
E.g. In a country of 100M people, if 60% agree with a bill and it becomes law, the country has imposed that law on 40M people against their will. That's just as true in a dictatorship as it is in a democracy. The more areas of our lives government involves itself in, the bigger this problem becomes.
> It worked great for the last several hundred years.
No, it did not.
> E.g. In a country of 100M people, if 60% agree with a bill and it becomes law
That's not how that law was adopted.
Maybe it depends on how you frame it.
> Social media is destroying children's brains! Do you want access to be delayed until a certain age?
> Do you want children under a certain age to be banned from social media, which means that you will now have to give your ID, only with Android or iOS?
> only with Android or iOS
99% of people understand this as "you need a smartphone" which is not a problem in 2026, even for the elderly.
"only if you choose to share your personal data with either Google or Apple"?
How is that different from having a banking app installed? Or a government ID app?
I have neither. Phones are too much of a security liability to be linked into such sensitive realms of personal life.
What you can do with the ID app, you can also do on paper (if not with a Web service), except "age verification".
You can survive and be exist in society without both.
Luckily, the EU's current structure was put to a referendum. That referendum then failed to get the votes needed, so they implemented it anyway. Much superior.
It's just like democracy. Without the "dem(b)" part. Much better now.
We have such warm feelings about it! What could possibly go wrong with doing such strong governance and extreme-right parties polling at record highs in more than half the EU countries? We have warm feelings now. Or maybe the warm feelings the result of 30 years of climate action in the EU. Luckily, the extreme right is hard at work defending our right to airconditioning!
Children die from wrongly-prepared food, thus we should only allow people to eat at McDonald's from now on! /s
When they run out of other rights to destroy, they will pipe videos of little girls crying from food poisoning into your e-verified telescreen during ChildSafe^TM viewing hours, and the result will be that you will get to choose between two state approved restaurants thereafter.
Two? Since the Franchise Wars, all restaurants are Taco Bell.
> The question is why they're pushing it onto everyone. I did not consent to this, neither did you.
The representatives elected by Europeans did though: 483 votes in favor, 92 against
I doubt those representatives gathered a sufficient mandate from their public given the huge consequence.
I’m no conspiracy theorist, but it does seem that there’s an international influence outweighing democracy.
Cui bono?
The halls of power are full of pedophiles. Why do you think they want to gather data on children?
There’s a huge amount of stuff that the EU does that no one consented to, or had a realistic democratic avenue to influence.
I’m in the UK and very anti Brexit. But were we still in, I would have no idea how to influence what happens behind those closed doors at the European Commision.
Granted the current UK Labour/ Conservative pact on these issues show they’re completely out of control. But I still theoretically know how I could influence policy.
I know this sounds bad, but when has consent mattered before? I agree with you wholeheartedly, but consent is simply not something these power structures value.
Yes, I said it before and I will say it again: We should invest our energy in the discussion whether to implement it and not already wonder how to implement it.
Shifting this question benefits only those who want to force this upon us.
And what do "they" want? It's not like they don't already know your age, name, ID number or your browsing history
You will think twice before expressing your opinion in public.
Since you seem unfamiliar with the following, I will leave this here for your perusal:
- https://en.wikipedia.org/wiki/Chilling_effect
- https://en.wikipedia.org/wiki/Nothing_to_hide_argument
Doesn't the "how to implement" determine whether to implement it? A poor implementation shouldn't be done, but a good implementation could make it simpler for companies to verify the ages of users, limit information passed to companies, offer a quality of life improvement for users.
The question is -- why they even need to verify ages of users. This is not decided, and my take is that they do not.
It's funny, concomittant all this chest beating about representing open societies, democracies, unlike those creepy evil authoritarian states which we don't like, that the EC seems hell bent on proving we can have a police state _just_ as intrusive if not more than say: Russia. This is not how we were supposed to prove that we are better.
> as intrusive if not more than say: Russia.
Ping me when people are physically tortured by police for facebook posts, because that's what happens there.
How about 30 years in prison for distributing zines?
USA is not member of EU
I love how "they" wanting to know your age is a big conspiracy, but zuck &co hiring the best behavioral and addictions scientists to get yours kids into doomscrolling brain rot as soon as possible is a fact of life and we shouldn't do anything about it
The solution is banning dark patterns at big tech companies, not banning privacy.
Don't use it. Don't even consider it. Do whatever it takes to let everyone know you're not gonna use this and tell your friends the same.
These corrupt bafoons talk of sovereignty and then they pull stunts like this. Even if you're totally pro EU, vote with your actions if you can't outvote the Commission.
The unintended consequence of poorly thought out regulations (good or bad) can be wild.
I’m still having to deal with making some sort of legal agreement with EVERY website I visit over cookies constantly… I just don’t care anymore / click whatever.
I'm confused on why browsers can't automatically handle the cookies pop ups. It's beyond annoying and something that should just be automated since my preferences don't change.
It should be very easy. But for whatever reasons they chose to make this the people’s problem… constantly.
Same goes for age ID things too.
Consentomatic does most common cookie dialogs, according to your settings.
https://addons.mozilla.org/en-US/firefox/addon/consent-o-mat...
It also exists for other browsers.
I am not affiliated,but I have it on my devices and even on my phone, it's quite good and I very rarely get cookie popups now.
I agree wholeheartedly with the argument raised in this github issue, but I think people are wrong to be skeptical about the concept of a government-issued age verification app.
Thing is, the status quo is absolutely worse. My 13yo son likes making Roblox games. Suddenly, some months ago, Roblox made a change where you’re not allowed to share your games with friends unless you do “age verification”, apparently in some misguided bid to beat the pedos. In Roblox’ case, this means sharing your 3D likeness with some sketchy American business who pinky promises to delete said data after. I don’t want random American tech companies to have my kids’ biometric info like that, able to sell it to whoever asks. Nor my passport or anything like that.
I’d much prefer a government supplied app, that’s guaranteed to protect my privacy, and has no business incentive to sell my data, where I can see what data about me (or my son) is shared with Roblox or whichever sleazy business wants it.
Obviously this only makes sense if the government is less sleazy than the average American tech business, but for all its faults, I think that currently holds for the EU (and most of its member countries). There’s plenty precedent of EU governments doing privacy-conscious apps right (the Dutch covid tracking app comes to mind).
I hope they see reason and fix this here issue.
As a purely tactical measure, we use the same older person (me) for age verification for all family members - zero failures so far and it poisons the well.
In the case of Roblox they have a horrible system where they estimate your age and only allow you to interact with people of a similar age, meaning if you verified your kid with your face then they'd only be able to interact with adults and not other kids. At least that's the theory. It doesn't take a lot of effort to figure out how a predator could misuse this system to their advantage (which is why I call it horrible)
Reference: https://en.help.roblox.com/hc/en-us/articles/39143693116052-...
Predators have been using roblox since its inception, but I don't think they are doing age verification because of that. They're looking to expand into more adult experiences and, of all horrible ideas, dating.
I think it is much simpler: they are feeling regulatory pressure. In various countries there are increasingly strict laws that allow people to hold companies accountable for issues on their platform. By using age verification, they can increasingly move responsibility away.
I’ve seen Roblox invest and conduct child safety research for several years now.
Maybe they are expanding into other industries, but the safety focus predates that.
> As a purely tactical measure, we use the same older person (me) for age verification for all family members - zero failures so far and it poisons the well.
Is there a 'break glass' workflow in case you are not available (e.g., health incident)?
We only do it for one-off age verification, not stuff that requires repeat authentication (those we simply don't use).
Government issued versus corporate issued age verification is a false dichotomy. There are other options, such as refusing games that require them. (Yes, we do have a teen, and yes we did exactly that with Roblox.)
Pretending that those options are equal is a false dichotomy. Not participating is an option up to a point, and then it is increasingly limiting all other options.
Fwiw we did that with Roblox too, but I hate it because Roblox Studio was a pretty damn fun collaborative gamedev experience.
I mean his classmates argue with their parents about whether they can install TikTok (and most parents lose). Meanwhile I’m denying my son the right to make a game together with a friend. It’s so creative and so educative and I’m saying no to it. It sucks and I hate Roblox for making something so cool and then taking it away for such stupid reasons.
I’d happily pay a license fee or sth. But I’m not gonna let them scan my son’s face.
There's plenty of ways to make games outside of Roblox. Maybe they could sit down together and work through some Löve2D or Godot tutorials? No one can take that away arbitrarily
I think GP meant “collaboratively” as in collaborating online through the game itself. The same way you might e.g. collaborate on a Google Doc.
“Sit down together” might be impractical here, if GP’s child’s friends are e.g. friends they made before a move, who are thus quite far away physically. Or friends with snobby parents who won’t let them come over to GP’s house for whatever dumb reason. Or friends with extra-curriculars such that their free time never lines up with GP’s kid’s free time—meaning that only async collaboration will work.
(That’s just a steelman position, though; in general I agree.)
Thats obviously fine to do but it is very much going to have consequences for some kids. My kids spend hours a week playing roblox with their IRL friends. 10 - 15 kids on a group call on speaker phone all logged into the same code laughing and yelling for a couple hours a night. If I was to suddenly tell them that they can't play those games with their friends it would have very real effects on their social life. My kids spend a ton of time outside with friends but to ignore that they also spend time gaming with them is not an option.
Self-hosting a minecraft server is still an option. And tons of customisability there and you aren't turning everything over to a centralised server.
>There are other options, such as refusing games that require them.
How about the option of the state not being so tyrannical in meddling about what people anonymously do online in their free time?
This is generally my opinion, and goodness it's swung around quite a bit. This entire debate feels like it should be solved by adequate parental controls.
To the extent that it matters, I think the missing link here is "primary education should support a parent's intent to limit unrestricted internet access for their children." That is, during school activities where internet use is unavoidable, require supervision. (Maybe a lab monitor that can roam the room and see screens?) And for homework, don't assume the kid has internet access, because that is the parent's choice, and they may well not. On the flip side, if the parent trusts their kid with that access, or intends for them to learn through real world experience, let them. That should not be the state's decision.
The problem of course is that this idea in my head is a pipe dream. Schools seem to be well onboard with digital coursework, presumably for efficiency reasons? Unclear. I'm not sure what a more practical middle ground actually looks like.
To the extent that it matters, I think the missing link here is "primary education should support a parent's intent to limit unrestricted internet access for their children." That is, during school activities where internet use is unavoidable, require supervision.
Don't get me started. We try to restrict internet time, no Youtube (Shorts are poison/heroin), TikTok, etc. They go to primary school and there is a teacher that makes TikTok videos at school, they can play Roblox in breaks, etc. (Aside from this issue, the teachers are great though!)
There are only so many battles you can choose as a parent (not getting your kids photographed, put on Facebook, etc.).
In contrast to what the grandparent states, the government should unambiguously state: no smartphones, social media, and online games in primary school, period. That's the only way to make it work. Ironically, smartphones are forbidden in all high schools here.
The California Digital Age Assurance Act is a law mandating adequate parental controls. And it's a great law that should be copied instead of doing the verification nonsense.
Homeschool and exercise close, very close, supervision over what your kids do on the internet.
I'd have hated this as a child. But the case for unrestricted internet and social media access for children being harmful, at this point, seems pretty shut.
For those who sadly cannot homeschool their children... well, we need to push for school choice and to dismantle the teachers' unions. Which probably ultimately is the same thing.
In many European countries, homeschooling does not really exist. For good reasons. Mingling with many kids from the same age cohort with diverse backgrounds is good for kids. Homeschooling is also often used by religious zealots to indoctrinate their children.
You think most of the unsupervised internet time is happening at school? I mean, maybe it is, but that's an assertion I haven't seen before.
Truthfully, I don't know! Especially for younger kids though, there's usually at least an adult in the room, right? Even when they're visiting a friend, the other parent is there to step in and check on them occasionally?
I guess once you hand your teenager a smart phone (and all their friends have one too!) all bets are off. That's new, and wasn't a thing when I grew up. We were rural and on the tail end of dial-up, so I couldn't get online at home without someone hearing the modem. That sure limited my attempts to do so without permission!
I guess that is one way to manufacture consent.
As another European, I agree with GP.
I don't fully trust my government. But I definitely trust it more than any American tech company.
I can also vote out my government. I can't do that for Big Tech.
> I can also vote out my government.
You can't. Not if you're in the minority. Tyranny of the majority is still tyranny.
You what you as an individual most certainly can do is stop using Roblox. Not ideal, but way easier than moving to a new country.
Tyranny of the majority is ... democracy?!
Unrestrained democracy, yes. Tyranny.
People need to understand that having a majority opinion does not inherently give you the right to impose that opinion on everyone else. Such impositions must be done with extreme hesitancy and restraint.
That's why many democratic countries have a constitution which prevents the government from restricting certain individual rights even in the face of popular opinion. But ultimately, the constitution is just a piece of paper. If people are determined to impose their will on others, it can only do so much.
"Inherently give you the right"? Rights are not inherent properties of facts, they're concessions between people. Nothing inherently gives rights, rights are given by agreement. If people agree that majorities can impose their opinion, then they can.
> Rights are not inherent properties of facts, they're concessions between people.
We're getting pretty deep into philosophical territory now, but I disagree. Human rights, to the extent they exist at all, are necessarily inherent properties of individuals.
E.g. If the majority decides people with dark skin are subhuman and therefore have no rights, the majority is most certainly not correct about that, because rights are not defined by the majority opinion. They are inherent.
The U.S. Declaration of Independence put it like this:
> We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.--That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed
I concur with this perspective; rights are inherent and inalienable, and the purpose of democratic government is to secure those rights (which already exist), not to create them.
endowed by their Creator with certain unalienable Rights [...] rights are inherent,
Only if you believe in a creator that determined these right, which is not rooted in fact, but solely belief.
Personally, I do not believe a particular ethics exist as an absolute/scientific truth. It is just that some amount cooperation is generally better for everyone and virtually all humans want to avoid pain and seek happiness.
Even though I was a convinced utilitarianist when I was young, I think Kant's categorical imperatives are more powerful now: you should act only according to principles you would want everyone to adopt as a universal law. Or Rawls' original position [1].
Even though this might sound like an off-topic philosophical debate, I think it is very relevant to democracy. Purely egoism-based democracy would trample on the rights of minorities, etc. But in a democracy based on these principles, the majority would vote to project minorities, etc.
I am not sure how you would modify democracy to align with this. I think it is for a large part of education. E.g. if everyone thinks every choice is a zero-sum game (my loss is another's win and vise versa), democracy will go in a very dark direction.
[1] https://en.wikipedia.org/wiki/Original_position
>Rights, to the extent they exist at all, are necessarily inherent properties of individuals.
What's sad is that there's a formulation that's actually correct. Rights are an inherent property of societies (or stable ones, at least). Note that I'm saying rights in an abstract sense, not necessarily any specific set of rights. Not every society will value the same things the same way.
>E.g. If the majority decides black people are subhuman and therefore have no rights, the majority is most certainly not correct about that, because rights are not defined by the majority opinion.
So it's an objective fact that they're incorrect? I.e. they can be shown to be incorrect without having to ask anyone's opinion? Okay, prove it.
>The U.S. Declaration of Independence put it like this:
That's an opinion. It's perfectly fine to think these things are so obvious they don't need to be justified, but I don't agree that that's true, even if I subjectively hold the same opinion.
> The U.S. Declaration of Independence put it like this:
The opinion of a few slave owners 250 years ago
> We hold these truths to be self-evident, that all men are created equal
For a given definition of "men"
> I concur with this perspective
Good for you. You have an opinion, doesn't make it a fact.
Everything you do affects others, unless you live in a cave in the mountains somewhere. Part of the reality of living in a society is constantly negotiating what is and isn't acceptable.
Democracy is the most fair way of doing so.
The slave aristocracy of the Confederate States of America, and members only Communist Party of China are both democracies.
What we consider democracy went through a LOT of iteration, and continues to this day. Representative first-past-the-post is a form of democracy that can have the unfortunate side effect of the minority of the electorate establishing a tyranny of the majority. There is a lot of scholarship on how to make democratic systems more democratic.
Yes? Democracy is essentially exactly that - tyranny of the majority. The reason why successful democracies have so many checks and balances, constitutions that uphold essential rights etc is because of this fact. Really the main benefit of democracy is that it prevents the government from doing things which are wildly unpopular. To the extent that it "gives the people power", that is neutered as much as possible to prevent the majority from going "hey, we don't want these people here" and committing democratic genocide or whatever.
> You can't. Not if you're in the minority
Is that a bad thing?
> Not if you're in the minority. Tyranny of the majority is still tyranny.
> you as an individual
I understand. Such is living in a society. No man is an island.
> Not ideal, but way easier than moving to a new country.
I've moved countries five times. I still haven't been able to get rid of my dependencies on Big Tech.
Most people can't move anywhere because getting citizenship is difficult.
Meanwhile, all you need to do to get rid of a dependency on big tech is to log off.
That seems backwards to me. You can choose to personally not do business with whatever big tech corp you dislike. Men with guns will show up at your house if you stop "doing business" with the regional government.
I can choose to move (and I have!), I can't practically quit my dependency on tech.
Things look different if you’re comparing an American tech company to an American government.
>I can also vote out my government.
Like you also voted out the EU pricks that pushed chat control?
The EU pricks that pushed Chat Control is... American oligarch Ashton Kutcher.
https://edri.org/our-work/how-a-hollywood-star-lobbies-the-e...
> I can also vote out my government.
No.
I hear you on the overall privacy issues related to age verification with US Corps. My concern with government registries of personal information is related to things like:
- Netherlands, WWII: The Dutch civil registry meticulously recorded religion. It’s a major reason ~75% of Dutch Jews were killed, the highest rate in occupied Western Europe (vs ~25% in France, where records were poorer).
- US, Japanese internment: The Census Bureau provided block-level data on Japanese Americans in 1942 despite confidentiality guarantees; 2007 research showed individual names and addresses were shared too.
- Rwanda, 1994: Belgian colonial administrators had put ethnicity (Hutu/Tutsi) on national ID cards in the 1930s. Sixty years later those cards were the primary tool at genocide checkpoints.
There’s loads more. Europe may be safe now so it feels safe to give government this information. However, as shown in all the instances above, the information was collected for one reason and used for a wholly different reason when times changed.
Who knows what kinds of ethnicities, beliefs, behaviors or personal histories will be the focus of future regimes? It could be Roblox users, HN commenters, people who religiously repost x.com links as xcancel.com ones, anything. Whatever it is, they will have access to all the data on any system we allow them to record. This isn’t even a totally made up hypothetical from far away places, multiple governments in Europe were doing this kind of thing just decades ago. Historically speaking, we are all currently living in an unusually peaceful era, that will likely be temporary for many of us.
> - Netherlands, WWII: The Dutch civil registry meticulously recorded religion. It’s a major reason ~75% of Dutch Jews were killed, the highest rate in occupied Western Europe (vs ~25% in France, where records were poorer).
Records were poorer in France because René Carmille and the French resistance sabotaged the machines. Machines made by a large tech company which was a competitor to IBM.
> Who knows what kinds of ethnicities, beliefs, behaviors or personal histories will be the focus of future regimes?
Absolutely. But I do know who has that data -- big tech, and it's willing to sell it for a nominal price. No doubt that price will be higher for a deaparate government wanting to kill everyone with green eyes, but that just means a higher profit margin for facebook as they mine their shadow profiles.
You can (and should) be mad at the government and at Roblox at the same time.
Also, don't use Roblox, you can freely share games made with PICO-8, Löve, Godot, Rpgmaker, Game maker and the like, no need to go to the hell scape that is Roblox and its dark patern and locked down ecosystem.
My kid does Godot and TIC-80 (a bit like PICO-8 but more forgiving) as well. Those are great but they don’t beat Roblox on distribution nor multiplayer by a long shot.
I agree that Roblox is a hellscape when you want to make serious games, eg make money from it or sth, but if you just want to mess around making a “supermarket horror tower defense” game full of in-jokes and then have all five of your friends join it, and It Just Works, sorry but nothing comes close to Roblox.
Until they required age verification for that ofc.
Also, just don't ever buy any Robux and kids will auto steer away from the shitty games that need it. That filters out 95% of the badness of Roblox right out the gate.
Yeah multiplayer is kinda problematic because of port forwarding and dynamic IP.
S&B or other engine-as-game solve that by using the platform account system and master server for discovery and NAT punch through.
None of the engines you mentioned are nearly as approachable as roblox when it comes to making a 3D game with little programming or art skills.
Don't get me wrong. I agree roblox is a very shady operation, but that does not erase the fact that their platform is unmatched when it comes to letting kids make games.
> Don't get me wrong. I agree roblox is a very shady operation, but that does not erase the fact that their platform is unmatched when it comes to letting kids make games.
Ok, well then, toss your hands in the air and throw away all your principles then, I suppose.
how is the view in your ivory tower?
Pretty much the same as my view before roblox even existed, which is not bad.
How is the view in your FOMO dungeon?
RpgMaker is really approachable for a 13yo.
There also Luanti, the new name of MineTest, which is closer to the Roblox experience (in the sense that there already a playable game there, and creating new stuff is closing to modding than to game making).
The Roblox experience also includes a huge existing player base who may come and play your game without having to install anything new on their machines. I'd say this social factor actually matters a lot for Roblox where many if not most games are multiplayer.
The only thing close is minecraft, which from what I heard already has similar restrictions on in game chat, plus other shady maneuvers from Microsoft.
Of course Roblox have more player, but does your child really need millions of players?
It's the same network effect with other megacorp, we could argue the same about X/Instagram/Mastodon, the question could be changed to: Do you want your children to be groomed to use closed source ecosystem from shady companies or do you prefer they gain experience in using relatively open ecosystem ?
Luanti let you make multiplayer games/mods too. For Minecraft there way to play outside of Microsoft sanctioned versions and servers.
> Of course Roblox have more player, but does your child really need millions of players?
Nobody uses platforms because they are are looking to exercise billions of options. The point is easy commonality. You sit next to a kid, and, what do you know, they are into Roblox too. Cool. Wanna play?
It's the difference between getting a trickle of random players on the map vs. never ever seeing another player.
For Minecraft random people are more of a nuisance than an asset, but for a Roblox obby there is an expectation that other people will check it out.
When I was a kid I loved this obscure multiplayer game engine called BYOND. In fact it's so obscure that even mentioning it provides several bits of fingerprinting. It technically still exists today, but it's been on life support for 15 years. We should make something like that again.
Besides the game engine, it provided central identity (optional - you could allow players to sign in as Guest), a website to browse games and servers, a forum to discuss games and programming, and an IDE with a built-in sprite editor (it was 2D), map editor and object browser.
We have had the need to prove age for hundreds of years. To buy alcohol. To drive a car. To vote. We depend on government-issued documents to do this. Not sure why anyone would really expect this to change just because it's online now.
Very obviously because privacy advocates are concerned by the effects of mass deanonymization. I find it doubtful that you don't grasp that.
I bought a bag of chips without having to show my ID.
There is a big difference between: Government demands every website to have age verification, and government supported scheme by which service can opt into age verification.
As of now, American private spyware is actively filling the demand.
I get the feeling some privacy advocates are approaching the choice as a tier system, with government being the worst case.
I don't see it.
The only viable solution for the future of privacy is to not be dependent on the giant platforms in the first place.
Government is demanding age verification because the websites and platforms completely punted on the issue of keeping inappropriate content from children. Yes parents have a role here but we live in a society and we depend on/demand everyone doing their part. We (the tech sector) made our own bed here.
> Government is demanding age verification because the websites and platforms completely punted on the issue of keeping inappropriate content from children.
Nah. Parental Controls are baked into every major consumer OS. If government cared about giving guardians the tools needed to care for the vulnerable ones they're responsible for, they'd require those parental controls to be beefed up [0] and that it be a requirement that online services and both local and remote software be required to honor the restrictions required by those Parental Controls.
Instead, what we get proposed is a system that cares very much about how old you are, and not one bit about the things that one's guardian understands one needs to be protected from. This system will work for some under-eighteens, but it will fail for many others, as well as every single dementia-damaged elder or brain-damaged/developmentally-stunted adult.
What's being proposed is absolutely not about protecting people... if it were, the mandate would be to beef up the existing fully-anonymous systems, rather than requiring identifying information from users.
[0] ...I mention this because I often hear in Internet discussion that these controls are insufficient, not because I have personal knowledge that they're inadequate.
Nah. Parental Controls are baked into every major consumer OS.
Even the parental controls that are there are a train wreck. Our kid has an iPhone and the parental controls have all kinds of weird issues like, you give them 15 minutes of WhatsApp daily. First time on a day they start WhatsApp it says that all their time is up. Or suddenly they cannot run an application that was permitted by a parent. Then you uninstall and install the app again and suddenly it works.
It is unusable.
There web is also a huge hole in all of this. A lot of services you can also use as a website. A whitelist is too limiting and a blacklist is a daily task to maintain (and would require spying on your kid).
I also prefer to avoid age attestation altogether, but I am also not sure what the solution is. I think many people do not realize how much social pressure there is to use certain apps/games and how bad parental controls are. Yes, we say "no" to a lot of things, but you cannot say "no" to everything. Missing certain cultural touchstones (certain TV shows, certain games) makes your child an outsider.
> Even the parental controls that are there are a train wreck.
As I said:
> There web is also a huge hole in all of this.and as I went on to say:
I expect that you don't, but if you'd like to argue that it's impossible for the government to do either or both things, then I'd argue that it's impossible for them to make age and/or ID verification work.I agree... the government's plan (as usual) misses the mark and probably won't solve the problem. But the reason the government is getting involved is precisely because parental controls (if any) that were delivered by the platforms were too hidden, too complicated, and had to be set for every app or website instead of once on the device and have that enforced on everything.
> But the reason the government is getting involved is...
Nope.
That's a separate concern from depending on government entities to issue proof of identity/age.
Privacy is losing ground, despite people understanding the stakes.
Privacy advocacy is losing the battle, because it is being framed as a choice between privacy and the status quo, and people vehemently dislike the status quo.
Older systems were imperfect and were understood to be. I've meet veterans who joined the Navy at 14 or 16. I've met many College students who can pass as old enough to buy alcohol, especially with a fake id. Dead people are sometimes registered to vote. We know this and have systems to try to catch these exceptions.
But cellphone access is different; it's assumed to be perfect, but it's increasingly being moderated by machine learning heuristics that serve as judge, jury, and executioner, severing your services if a couple of your actions trigger a fuzzy approximation to some of the training data.
AI moderation helps suppress spammers, but it's also punishing false positives, and there is just no recourse. Any ID system that piggybacks on "Apple | Google" is effectively shunning some non trivial portion of society. Governments of the people need to provision their own tech systems that are accessible to all citizens, even those who have run afoul of an AI moderation system.
This year, an octogenarian friend got locked out of his android phone permanently. He had never had a PIN on his Samsung phone.
It started when he signed up at a new bank, giving them his phone number. Somehow the bank enrolled his in their online banking system, which notified Samsung, who remotely initiated the "let's give your phone a pin" flow, presumably to protect him during online banking. (This happened without his knowledge -- he had not installed the bank's phone app.)
Later that day, when his phone went into a modal "let's setup a pin" screen, he panicked, assuming an attacker had gained control of his phone, since this was not something he initiated. No button would let him exit the screen, so he powered it down. Now, when he powers it up, it demands a pin, but he doesn't know what pin that would be. The only way to get the phone back would be to factory reset it, meaning he'd be wiping his data. He had the money to replace his phone, but that may not be true of every citizen, especially at his age.
People assume digital auth systems are perfect. But you don't hear from consumers who can't get online to tell you "I've lost access."
I've shared some other similar stories: a widow who got banned for life from facebook within minutes of making an account from an apple device on a consumer ISP with her real cell phone number.
A coworker attempted to sell his son's sporting goods on facebook marketplace and was banned for life with no appeal because AI thought it was "weapons."
Some high school students each made a gmail address from the same laptop one afternoon, only to be banned the next day. Each supplied their own cellphone number, but the accounts got shut down, presumably because multiple accounts were being created from the same device too rapidly.
AI moderation means there are a ton of unwritten rules, and private companies will keep you out of their platforms if you break them. That's fine, but it means governments have no business serving their citizens from these exclusive platforms.
> e signed up at a new bank, giving them his phone number. Somehow
It started when he signed up at a new bank, giving them his phone number. Somehow the bank enrolled his in their online banking system, which notified Samsung, who remotely initiated the "let's give your phone a pin" flow, presumably to protect him during online banking.
Do you have a proof that this actually a thing? I don't see what mechanism exists to do this and I don't see why Samsung would even bother to do this.
Perhaps cooincidence and Samsung pushed an update that now required a PIN, but there was an untested failure mode (rebooting the device after the PIN setting process had been initiated but not completed).
I've never gotten banned but I've been moderated/throttled (even here with the occasional "you're posting too fast") quite often. The triggers on things happening too fast from the same IP address or session seem quite sensitive and thus when I'm doing anything critical such as online transactions I space them out by many minutes, which is inconvenient.
Hundreds? 200 years ago most people did not even have birth certificates. I can think of multiple famous examples of people who lived in Europe 500 to 800 years ago where we don't know their real age. In existing countries with poor state capacity, a lot of people don't have legitimate birth certificates and there is some evidence that they make up their age to some degree. For example on surveys in such countries there are too many people reporting round number ages. My experience in such countries is that you can find very young looking males riding motorcycles late at night around the city and anybody can buy alcohol. That's how it was in the United States "hundreds" of years ago. Please read a book.
Maybe hundred of years, singular. And reading/watching stuff in our own homes has never required any proof of age.
> Roblox made a change where you’re not allowed to share your games with friends unless you do “age verification”
My son had a similar "making games" interests and I just showed him the Godot engine. Roblox bosses are doing you a favor. Act now :D
What you’re proposing works only if the government is always trustworthy and abiding by the rules. But there has been cases that ICE agents in US was able to track down people from their social media posts and in the past Nazis used the address registration lists to track down Jews for deportation to concentration camps.
We don’t know what EU would become in 5 to 10 years in the future, and I would rather not have any identification information about me or family being stored by a government body or any other party that can track/link me or my family members
They have this information anyway if you have an EU passport or an identity card. The government app allows you to share selected properties of these documents with third parties.
It’s not only government shares that info, the government can keep track on with which parties they shared that info and for what purpose.
As an example if I’m obliged to share my ID data via government to open a twitter account how would I know that the government would not link my twitter account to my ID and later use that info keep track of me and prosecute?
People would think that it would never happen, but not long ago that actually happened in East Germany. The Stasi kept track/files on almost every East German and this would be a digital version of the same thing
The app is open source, and it doesn't do that.
I agree that governments should minimize collection of their citizen's data. I just don't see where it is supposed to happen in this case.
> a government supplied app, that’s guaranteed to protect my privacy
This is a bit of a 64,000 euro question, though. Look very closely at what the government exemptions for GDPR are.
What are they?
https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-re... for example. (Yes I know about Brexit, but this is basically identical to when the UK was in the EU and subject to the Directive)
It doesn't have to be an either or dichotomy. For example, you could pass laws that make it illegal for an online game to demand age verification, identification, biometrics, etc. The main reason for any of this are some corporate attorneys justifying their own salaries based on "what if" and scaremongering. Regardless of how much personal information they succeed at demanding at this stage, or how [in]effective it is at addressing their claimed problems, they will be back again pushing for even more until they're actually told a hard "no".
> a government supplied app, that’s guaranteed to protect my privacy
[citation needed]
> this means sharing your 3D likeness with some sketchy American business who pinky promises to delete said data after. I don’t want random American tech companies to have my kids’ biometric info like that, able to sell it to whoever asks. Nor my passport or anything like that.
Actually the market leader app for scanning faces and documents is an Israeli company. They encourage to use mobile for scanning, for your convenience. They promise they delete the data. Yeah, if they're lying you can sue them in Israel.
Then get your kid off Roblox. I promise you that Roblox exploits more children in a single day than all sex offenders put together do in a year.
Why is pedophilia such a problem on Roblox? It's because they heavily advertise towards children and one of the fastest ways for children to make money is asking their parents, then next is prostitution. Roblox is uniquely bad because they heavily advertise both products and the "self-made entrepreneur" image to children.
Putting the blame on nebulous "predators" when the system itself is clearly to blame is the very tacit Roblox relies on. Look at vehicular manslaughter are drunk and distracted drivers solely to blame for deaths? Clearly not since there are just as many drunks and phones in Europe as in the US. When the system creates more predators than exist otherwise then you know it needs to change.
If your son likes making games keep him on Godot. Your job as a parent is to find or build a good distribution system. you can see if he is generally interested or if he was pressured by an exploitative system grooming him into pumping out slop for the trough. Age verification is going to make the platform more exploitative in the business sense. Both in that it legitimizes bad practices and lets Roblox target their exploitative practices more effectively.
People don't want to make games, they want to make multiplayer games.
Very few kids are going to go though the incredible difficulty of making multiplayer work in something like Godot.
Funny you use Netherlands as a good example, considering that famously, their existing unusually thorough registry was super helpful for the Nazis rounding up jews later.
I don't think it's Godwin's Law when you are so spot on, exactly describing the worst case.
Additionally there was a leak of the personal information of covid patients, the official tracking app was not affected as far as I can tell.
However even if the app is secure the storage and handling of the information is a different matter and it has been shown that care is not always taken.
Why would an age verification app need to know your ethnicity/religion?
Governments likely already know your name, age, place of birth, so having an app with a standard API for verifying users isn't giving the government additional data.
It is one extra attack vector. There is a data leak reported every week, and it is now apparent we cannot trust any organization to handle any datum securely, at all. It has gotten to the point where I now consider every piece of information compromised and sold on the dark web as soon as I am forced to transfer it to a third party. Because those are the odds.
Doing absolutely everything useful with that data is "one extra attack vector". That is not any kind of a persuasive argument in itself.
It's also replacing all the personal information stores from thousand applications and websites you have previously registered, or would have to. So arguably it's thousand attack vectors less.
Governments will track with whom you verify. Much worse.
Can we not spread nonsense narratives? One of the explicit requirements of the EU age verification system is that they cannot:
https://digital-strategy.ec.europa.eu/en/factpages/blueprint...
First, the user downloads the app onto their phone and sets it up by certifying their age. This can be done with a biometric passport/ID card, a national eID (e.g. national ID Card or other electronic identification mean), a pre-installed third-party app (e.g. a banking app), or in person (e.g. at the post office). Only the information confirming that the user is over the age will be saved in the app. No name, no birthday, or any other data is saved.
After completing this step, the communication between the app and the provider certifying the user’s age (e.g. eID, third-party app) ends. No further data is exchanged.
https://digital-strategy.ec.europa.eu/en/faqs/eu-age-verific...
"government" age verification app will be made and maintan ed by some corp anyways.
so it will gather extra data, sell it sideways and leak like hell. (as they already do with all the data they already have)
Since it requires Android or iOS, Google/Apple can gather the same data too.
They did this from the beginning, still one can not cease trying to limit the exposure.
I'm imagining something like recreation.gov in the US - it's the portal for booking campsites and other activities at national parks. It's run by BAH at great profit - most of the fees we pay aren't going to the national park service, it almost all goes to our corporate overlords.
Not necessary to hearken back so far in history. In our present age the intelligence services consistently do not respect privacy rights of citizens, even when they are legally bound to.
https://www-bitsoffreedom-nl.translate.goog/2026/07/06/aivd-...
Sure, but the poster was not just wrong, but wrong like "peace in our time" wrong. "Adolf? What a charming name" wrong.
Amusingly fantastically wrong.
NL may have its own issues like you linked to, but more uniquely had their collected data abused more than other countries in probably the worst event in history.
I don’t follow. The Dutch tax office has substantially more complete records right now. Even if they don’t track race or religion as explicitly as they did in the 40s, your hypothetical invading Nazis can run some local AI over people’s last names and get close enough.
How is, of all things, an age verification app going to make that worse?
I mean I understand your argument in principle but it seems you’re arguing against ~every present-day functional government and not against an age verification app.
I'm not even saying your conclusion is wrong. But choosing Netherlands about how information control is safe in the hands of the government is a bit of an own goal.
Like if I was the boss of a train company I would probably not put up a photo of Mussolini as a motivational poster. Well… maybe I would, but only ironically.
> How is, of all things, an age verification app going to make that worse?
What are you arguing for, here? If everything were perfectly anonymous, maybe. But NOT ONCE in history has governments decided to not abuse power. It'd be so easy to just put a tracker in there or something.
All these "think of the children" arguments are ALWAYS red herrings. Literally any action, any freedom denied, can be justified in the fight against CSAM. And so they get rushed through and abused.
The EU DNS filter (CSAADF) was literally IMMEDIATELY abused to block other things too.
"It's just age verification". Is it, though? How do you verify age without verifying identity? How do you verify its use, without tracking. Provably without tracking. Provably without what's called "turnkey tyranny"?
I think if your argument, which is an extremely common argument, is "I just want to block children's access to bad stuff on the Internet", then you cannot possibly have been paying attention to this debate that's been going on since at least the mid 1990s. Were you even born when this was being discussed? If that's your argument then you have about 30 years of catching up to do before you should speak.
[1] yes, I know Mussolini did not in fact make the trains run on time.
>how do you verify age without verifying identity
zero-knowledge proofs
Then you only know that someone is over 18. You don't know who is over 18. In particular, you don't know it's the person who's accessing your website.
Your comment sounds like a politician who has just heard a magic technical incantation that solves everything.
I'm sorry, you can't just drop "quantum computer", or "zero knowledge proof", or "flux capacitor", and think that you have solved the problem.
Just dropping "zero-knowledge proof" as if it's a mic drop moment is like when Turnbull said "the laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia".
The devil in all this is in the details. Just saying "zero-knowledge proof" is just barely more productive than saying "won't someone please think of the children?".
If you don't have a complete solution, then you're "not even wrong".
In addition to that, you have misunderstood how zero-knowledge even addresses the main problems. Not the technical problems, and DEFINITELY not the meatspace problems.
Trusting government... Do you even know any history? Like any? How many more atrocities, genocides, mass murders, lies, fraud, and many, many other crimes must these governments commit and also try to hide before you learn your lesson?
I'm just gobsmacked, and your e the highest up vote... HN is simply full of government skills and I'm not even allowed to point that out. Crazy stuff.
The "app" could be a good solution, if it didn't require attested Android or iOS. It could, for example, have me plug my ID chip into my GNU/Linux system and expose it with a standard protocol. That would be no problem. The problem is that they do not want such a way.
In any case, I think that age gating would not be needed if the platforms were regulated to remove addictive recommendation algorithms.
Using an ID card reader is already possible. See here for a list of Linux repos supporting German IDs: https://www.ausweisapp.bund.de/en/open-source Finding a working hardware/software combination for your ID card is up to you.
The app is an alternative for people who don't want to buy or carry around a card reader, but who already have a smartphone.
It is possible for e-signatures and similar variants. However, there is no sign that the "age verification" will support this variant. If you go to the demo <https://cinema.ageverification.dev>, no option is given other than the Android/iOS app.
So it seems that the app is only an alternative in the case of government portals, but it is not an alternative for "age verification".
ID chip? Is that something everybody in the EU (or whatever region) has? Is it just embedded in your driver license or passport?
[I'm in the US, we're very ID-averse here, weird, but is what it is]
ID cards aren’t exactly super standardized inside the EU. German ID cards have a RFID chip which basically contains all the same info that’s printed on the outside (PIN protected).
Smartphones can read that chip and the state as well as private businesses could in principle use this to do age verification – even the super minimal version of age verification that just asks for a certain age threshold and gets a binary response whether that threshold is met. (Which to me if we can achieve it is the perfect solution.)
The infrastructure is there and since 2017 those RFID chips are even actived by default when new ID cards are issued. (The cards are valid for ten years so nearly all ID cards have those active chips.)
The biggest issue currently is a network effect one: hardly anyone is using the chip so people don’t create their initial PIN, creating a UX hurdle for adoption. (If you want to use your ID card chip you have to find your initial PIN somewhere in your documents – if you didn’t throw it away – and then create your proper PIN, you can’t just start using it.)
I can sense usage increasing but exactly because of the poor initial use UX all sorts of private alternate solutions exist that are plain worse from a privacy preserving point of view. For example ones where you film your ID card from both sides (so the hologram is visible) which just suck. (You just share everything … which is just so unnecessary.)
To change this we would need a policy that requires age verification without sharing the birthdate or any other PII.
Yeah, that sounds like the ideal solution.
Unfortunately, we can't even get states to commit to our RealID requirements[1] (which doesn't even add a chip/PIN, it only strengthens validation of documents submitted at the time of application for a driving license). And the notion of a national ID is anathema to large swaths of the population.
1 - https://en.wikipedia.org/wiki/REAL_ID_Act
Many (all?) EU countries have a national ID card, and most (all?) IDs has a chip that can be used for secure document signing. I don't know if it can be used by itself for age verification. Maybe it would need to contrast your signature with some sort of DB that can retrieve your age...
It's isreali as well: https://www.404media.co/id-verification-service-for-tiktok-u...
Not gonna use it, and if forced I’ll just retire from the internet. I’ve been around since 1996, it’s high time anyways.
Related:
"EU age verification app to ban any Android system not licensed by Google" 27-jul-2025 https://www.reddit.com/r/BuyFromEU/comments/1mah79o/eu_age_v...
and
"EU age verification app not planning desktop support" 24-sep-2025 https://news.ycombinator.com/item?id=45359074
I'm still wondering how this is compatible with laws concerning disabilities, the elderly and those with certain religious believes. They already keep everything governmental related multi modal (you must be able to do it some other way, and almost always this include by proxy and on paper). This is some Draconian way of doing it.
Funny how the worry of "digital exclusion" of the elders who would never be able to use a smartphone has been thrown out of the window in recent years.
And the youths who just... don't like smartphones. We exist
Don't worry the focus is on the youth with this legislation. I have the suspicion it's about indoctrination of surveillance as normal.
Additionally the amount of elderly that don't have or can't use a phone or don't have anyone that can help them with it will decrease rapidly anyway. In my experience it's mostly the same generation as the people that remember WWII.
They probably think that they do not use "social media" either, so it does not affect them. But elders are not the only category. In any case, it is fundamentally wrong to be forced to use a specific platform, American or European, mobile or desktop, for Internet service access.
I don't think this is relevant for them by definition, so that's an odd point to raise. It's hard to be encumbered by having to manage a digital identity, when you don't do anything digitally in the first place.
That's because they are lying to the people here. Just look at the "we must protect the children" lobbyists. It has never been about the children in the first place, that is just the convenient lie to force an authoritarian system in place.
Regardless of whether you personally use Android or iOS, I think that we can all agree that it is not right to be forced to use a specific platform in order to access almost any Internet services.
A certified Real Opinion (tm). The only thing missing is the checkmark.
This is only an issue if it's the only way of verifying your age. If it's still accessible to everyone and this makes it significantly easier for 99.9999999% of people then why not?
Easier than… not using age verification ?
It's not like it's a feature for you the end user, it doesn't solve any of your problems, on the contrary, it creates new ones.
So we should just let children order alcohol and cigarettes online then?
With whom credit card, to whom mailbox, on whom device ?
Does Roblox sell them ? If no it's a non sequitur.
How much of a problem is the online availability of alcohol or cigarettes in the health of children ?
"We" should not be involved in the raising of strangers children. This perspective is one of the oddest to creep out of modernity.
Well, the plan is for it to be the only one. And even if it isn't, what's the alternative? Persona again? No thanks. They could have helped and made an alternative version of this system which used the ID chip plugged into a desktop PC, but they intentionally won't do so.
Yeah, I am leaning towards never to use anything that is forced to implement any kind of age verification.
You won't be able to see a doctor when you're sick.
You won't be able to open a bank account to receive your salary.
You won't be able to buy train or plane tickets.
My point is I am most worried that these kind of "digital verification" type things most impact actual necessities. The social media I couldn't care less about. "I just won't use it" isn't really a solution.
You already can't do any of these things without some kind of governmental issued ID which already has your birthdate on it.
idk why people are so scared of it, do you really believe they don't know what you do on your personal internet connection linked to your name and payment data ?
Like yeah sure if you pay everything in cash and never use internet OK that's a big problem, but for the average HN shitposter who's already terminally online it really doesn't change much
> do you really believe they don't know what you do on your personal internet connection linked to your name and payment data?
Many people in the Western Europe used, until very recently, prepaid anonymous mobile data cards that they recharged monthly with charging vouchers paid for in cash.
All this ended in the last 5 - 10 years. The U.S.-American corporate glass citizen slave mentality is actually a little tad bit new here, thus the outrage.
> You already can't do any of these things without some kind of governmental issued ID which already has your birthdate on it.
Do you have to present this ID for every purchase you make or every website you visit? Will it be stored and processed by every shop you enter? If not, how is this relevant here? Currently, the personal data exists but is not accessed by anyone unless it is really required. And even then, the scope can be minimized if the user wants.
> do you really believe they don't know what you do on your personal internet connection linked to your name and payment data ?
Yes. I use Whonix on Qubes to access HN and other websites.
> but for the average HN shitposter who's already terminally online it really doesn't change much
Speak for yourself.
> Do you have to present this ID for every purchase you make or every website you visit?
Basically yes, your mobile connection is attached to a name, your landline is attached to a name, your adresse too, the card you use to pay online too.
That is totally incorrect for many parts of Europe. Pre-paid anonymous sim cards were used by the majority of mobile users until very recently.
Websites do not have access to any of these, do they?
Well yeah, and that's why we use a third party app instead of having each website implement their own half assed solutions. That's like the entire point of this thing...
Well, they could change the laws to force people into slavery here, e. g. by forcing them to use US corporations ("if you do not have an app from Google store, you are excluded from society"). In that case they see age sniffing as ultimate tool of spying on everyone, so this is probably the real goal. What we all can see is that this has never been about children - they are just abused as the red hering here.
> "if you do not have an app from Google store, you are excluded from society"
It would be a difficult choice but would it really be so bad to be excluded from such a society? Don't a lot of people from silicon valley dream to be farmers in the wildlands?
I mean, if the government would not demolish your house the second they found out about it...
I would never do this verification with my real face, and neither should anybody else. Kids get around this using video game character creators. You can too.
As a netizen it's your duty to avoid, oppose, and circumvent anything that forces you to use your real identity.
Im confused, the github discussion says that the README says
App and device verification based on Google Play Integrity API and Apple App Attestation
But I can't find that anywhere. Am I missing something?
This entire issue is a disaster of a Github issue. It looks like its on the entirely wrong repository. I did eventually find the text in another repository; the one for the Android reference implementation: https://github.com/eu-digital-identity-wallet/av-app-android...
It was removed from there to clarify the entire "Hey, this application is not done yet"
It being in the reference implementation instead of the spec is a massive difference. One means that it's just there to show an example, and we should push national governments to do it better in their implementations, while the other would mean that it'd be a requirement for all implementations, which it doesn't appear to be.
It also looks like the reference implementation removed that functionality entirely several months ago: https://github.com/eu-digital-identity-wallet/av-app-android...
It used to say that, it was removed as a PR measure, while in practice the national implementations (as you do not use this app, but a national one) require it, because the specification only mandates Android/iOS versions to be provided (it allows others, but no government will do so), and it does not mandate them not to have "attestation".
From what I can gather from the linked discussion it was started as a pull request or a issue and was transferred to a discussion later. Perhaps some data was lost there? If you expand the comments fully there is also mention of a nuked merge request, I assume it was related to this text.
Edit it was not visible from the discussion link but it is visible from the issue link below. Also it seems to be transferred over from a totally different repo?
https://github.com/eu-digital-identity-wallet/av-doc-technic...
> Am I missing something?
Yes, that this post is propaganda.
Two platforms that are not owned by companies in the EU. Effectively handing the keys to your state ID to private foreign enterprise.
What will you do when Apple/Google or the US Government effective immediately delete/block your app? The impact initially may be small but after a few years if widely used, you can break a country.
Another juicy threat vector is forcing the app stores to stealthily ship a modified version of the app that sends copies of the IDs and/or tracking data to US intelligence services.
(Reminder: we know Persona's verification software already shares verification data with the federal government. It's a leap to modifying other apps, but within the realm of possibility of US government power. There is absolutely desire from them to gather blackmail material on politically important people, and age verification systems connected to adult sites/apps are a great way to do it)
This is a problem, but not the only one. The biggest one is that the phones in question are locked and deny user freedom. I would not be content with an European "alternative", but which is as locked as iOS.
Isn't there a niche platform that can sue the hell out of the EU here?
Perhaps https://fsfe.org or https://edri.org can do that.
It should be stressed that Play Integrity also requires having a Google account and logging in to it on the phone.
This is even more than just android, I'm sure there are plenty of us using AOSP forks that do not have google services installed. I think the EU will overturn this with enough noise though. Hopefully the UK doesn't do the same, I've avoided having to root my phone so far and would like to keep it that way if possible.
Your app should've been a website.
> European "age verification" "app" forcing everyone to use Android or iOS
As a european if I wanted to see the glass half-full I'd say: at least the good news is that from that headline we can name a gigantic loser... Microsoft.
The issue is not the issue, the issue is what their "solution" enables for expanding the surface that governments have for controlling details of how you live your life in the future once accepted.
The EU skipped "having kids" and jumped directly to "protecting kids"
Excellent point.
Why the hell EU even needs an age verification app? Who's genius idea is this and what for?
Step one in the "EU Firewall" and future credit system. Step out of line and get debanked or other things they will come up with to keep you inline.
I agree with the sentiment but is there even any phone that doesn't run Android (or derivatives) or iOS and that can install modern "apps"?
Why does it have to be a phone? Some people still use tablets, laptops and, believe it or not, desktop PCs.
Smartphones are much more ubiquitous than any of those devices. Across all demographics.
Accessibility doesn't end with catering to most people though. Since this will be a prerequisite to communicate online, that simply isn't good enough.
You're under the impression that your concerns matter. What matters is the end game of tying real identity to digital identity.
Well my concerns happen to be my constitutional rights.
Tablets would be compatible, and there's absolutely no indication that there won't be a separate system for computers.
It's actually disingenuous to think there won't be. This is a repository for a mobile app only.
The spec mandates mobile versions to exist, and not PC ones. While a PC version can be provided, no government will do that, because they will do the bare minimum.
This will ensure there never is.
You must realize, age verification is for more then just Googles Android apps.
Such a strong new legal framework must consider consumer hardware actually in use:
- Android variations Like GrapheneOS, Huawei's HarmonyOS, older phones running custom ROMs - Linux phones, which are sold in the EU and by EU companies
- Desktop operating systems
All of them can run Web Apps, and thus need age verification
Well, none of them _need_ age verification.
My PinePhone runs postmarketOS and can technically run every modern Linux desktop "app".
Android derivatives are not considered enough, because they will not be Google-attested, so the app will refuse them.
Windows and Mac have billions of users.
Even on the Android or iOS phone the EU app won't run if the device owner made even a tiniest change of the operating system without Google or Apple approval.
The EU developed system excludes the 1% of people for which the popular mobile solutions do not work and also make the rest 99% totally dependent on the selected corporations.
Run linux?
I don't understand. Even if you run GNU/Linux, when you access a restricted website on it, you will have to scan a QR code with the Android or iOS app. <https://cinema.ageverification.dev> is a demo which shows that.
> https://cinema.ageverification.dev is a demo which shows that.
Unrelated to the substance of the comment but this is a depressing example. Imagine having to verify your age and your identity to buy a movie ticket. This is pure insanity.
Dark times are ahead. Anyone that doesn't see we'll all be living in dictatorships within the next 10 years is putting their head in the sand.
Doesn't that mean that Apple and Google are getting all that data about every single affected user?
They are.
What would this be applied to? Let's check the freshly printed report by the "Special Panel on child safety online and potential age restrictions for social media" (https://commission.europa.eu/document/download/d833504d-5ec3...).
We have a definition at the beginning, for "Social media and other digital services (in short, social media+)":
“Within the scope of this report, the terms ‘social media+’ and ‘social media and other digital services’, are used to broadly define services that may be available to minors and contain age-inappropriate and/or risky features (for example, addictive and harmful features, among which infinite scroll, autoplay, recommendation algorithms and persistent notifications) and/or content. Social media and other digital services providers include online platforms serving as intermediaries of content from third parties, such as social media, as well as app stores. AI systems posing risks to minors’ safety and development, including AI companions, video games exposing children to harmful commercial practices or dangerous contacts, and video-sharing platforms enabling age-inappropriate access to minors are also included.”
So, let's see, services that may contain age-inappropriate and/or risky content, "online platforms serving as intermediaries of content from third parties".
How quickly can you come up with something that wouldn't fall in that definition?
It seems that anything that allows user-contributed content (such as plain old forums) or communication among users would be comprised in it.
And, yes, to be sure we explicitly include app stores (I guess including e.g. F-Droid, and what about software repositories?) and video games with intercommunication features.
What is this definition used for?
Recommendation 1 of chapter 3: “A harmonised EU-wide access restriction to *social media and other digital services*, including AI companions, for children under 13 is necessary.”
This is a report, not law, but it was commissioned by Ursula von der Leyen and “The report is intended to inform future actions to be proposed by the European Commission and EU Member States to reinforce child safety online.”
What baffles me the most is how the EU commission constantly works in favour of US corporations in the long run. This is really strange. Something does not work in the explanations given by the EU commission. To me it looks like US lobbyists run the EU here.
Well, they really, really, really want the end game of tying (real) identity to digital identity. And they want it now, not 10+ years in the future when _theoretically_ there _might_ be some EU-friendly mobile operating system that everyone uses. Right now, Google and Apple are basically the entire smartphone market, so they gotta work with what they've got if they want these plans to come to fruition.
I guess it's that time of the week again. Do we have a sockpuppet account to welcome in you by any chance?
The (actual) complaint of the thread appears to be resolved already (which would make sense given this is old news):
> In the README, the following is listed:
>> App and device verification based on Google Play Integrity API and Apple App Attestation
The README.md does not appear to feature such a section (nor any of the other files for that matter).
Separately, the title is editorializing, and falsely suggests there's some big bad EU app, even though the app that does exist is merely a reference implementation, not for end user usage. There's a reason the repository you're linking a discussion thread from only holds specs.
Edit:
> the specification does not prohibit it
My account has been rate-limited, so I'm not able to reply directly. Nevertheless, I'm sure you can appreciate that your title is still quite the lie then. "Not prohibiting it" is very different from "forcing", after all.
In the thread you will find many examples of national implementations which do require attestation. It was removed from the README as a PR measure, but in practice the specification does not prohibit it, so national implementations will still use it.
Fuck the globalists.
Tells us the us is some sort of failed democracy then implements China like access control for the population because they want to ensure they can prosecute you for wrong think in the future. Yeah Im loving this "liberal order" that looks more like good old facism dressed up to look "nice". Even how the passing of chat control was done has ensured I´m voting for any party that will dismantle the EU. EU Parliament is not a democratic of representative institution. Its about as legitimate and democratic as the Duma in Russia.
I am not a fan of such an "app". But the app is, as far as I understand, for things like Facebook, TikTok etc.
Are there any other Operating Systems than iOS, Android or Android flavors?
WebOS was nice but who is still using this? Symbian? Can you even use Social Media Apps with another phone OS?
> Are there any other Operating Systems than iOS, Android or Android flavors
Yes, there are many more: GNU/Linux, Windows, macOS, *BSD, etc.
This will prevent people who only own a computer and not a modern iOS/Android smartphone from accessing services and platforms.
This also sets a very strong anti-competition pressure. Which company will try now to invest on developing a new OS for smartphones if we already know users will not be able to access the most popular services & platforms with it?
Well, that would boost up torrent and sites and places like Usenet and IRC with no age verification at all. English speakers can just use overseas servers (or non-UE services such as the ones in Switzerland). And maybe Usenet servers outside the US too.
Spanish speakers in Spain will just register services in Latinamerica sites with a VPN. Despite the dialect differences, non-jargon Spanish it's understood everywhere and once they got their user registered they can switch the country anytime.
Distros like Trisquel will just set their sites and mirrors outside the EU. And, well, if they provide a portable torrent client for Windows among the torrent the law would be utterly broken.
>or non-UE services such as the ones in Switzerland
Switzerland absolutely complies to EU (and US) demands for a long time now, when it comes to prosecuting crimes.
Swiss privacy and anonymity is a myth from a bygone era.
Yes. LineageOS, GrapheneOS, Arch, Sailfish, various other open distros, Windows Phone, and a surprising number of random proprietary options (these are sometimes based on Android, and have some social media apps, but can't run regular Android apps that weren't specifically designed or altered for it) including for modern dumbphones. There are always more over time, too.
There's also old versions of iOS and Android. We don't want to end up in a situation where people are locked into one of only two vendors and can be forced to keep buying the newest model to use an ID app that only supports the most recent software. That'd be even worse for the environment than the current disposable smartphone culture.
Everything to do with the age verification push is corrupt and stupid to begin with. There isn't even a legitimate cause behind all this for forcing ANY app, even if it didn't also force people to buy a specific, expensive, privacy-invading American product.
as far as I'm aware, Adroid is not the same as the requirement here, which requires specific Google attestation.
There is GrapheneOS, HarmonyOS by Huawei, LineageOS for older phones and many more Android ROMs.
Additionally, Linux phones exist and are already sold in the EU to consumers, not just a prototype.
There's really no justification around limiting the OS selection.
There is also Linux, Windows, MacOS and many more operatint system not limited to phones.
> Are there any other Operating Systems than iOS, Android or Android flavors?
Like Windows, MacOS and Linux?
SailfishOS, various incompatible blends of AOSP, KaiOS, and the Mocor based OSs run on various UNISOC based dumb phones
Even in a world where Android and iOS have 100% of market share, the law (including indirect but obvious consequences of the law) should not force using them.
I'm on SailfishOS since a couple of years
> Are there any other Operating Systems than iOS, Android or Android flavors?
I remember a gov.uk team presentation. They had a usecase of someone using a PS Vita to access a government assistance program because that was the only device they had access to.
Among 450 million people in the EU there are definitely more OSes than just latest versions of iOS and Android.