bad title, this isnt about protecting kids online
this isnt about protecting kids online
It never is, but they always try to sell unpopular things as “protecting the kids”.
How about being a fucking parent instead of letting the government do it?
The government isn’t doing shit except censorship and mass data surveillance. This has less than nothing to do with kids.
Unless I’m reading this incorrectly, this seems far more invasive than the California law.
From my understanding this age verification app seems to be based on the age verification blueprint they have been working on for a while now, which is supposed to be part of the European “digital wallet”
https://digital-strategy.ec.europa.eu/en/policies/eu-age-verification
From my understanding it works as follows:
- There will be a central “authority”, with which you can identify
- This authority will provide you with tokens indicating you are 18+ (or whatever age verfication you may need)
- These tokens are stored locally, and contain no identifying information other than a simple “is this guy 18+?”
- You can use these tokens to verify age with a website that requires age verification
This solution does seemingly address my two greatest concern with online age verficiation:
- You cannot trust the website, so they only get the information they need. They don’t get any identifiable information
- You cannot trust the authority, so they don’t get to know for which websites and for what reason you request 18+ tokens
Assuming that this blueprint is followed, it seems like a decent approach at online age verification.
The big problem is the trustworthiness of that central authority to maintain the confidentiality of your information, and to not use it for other purposes.
I get why this sounds better than websites directly collecting IDs, but I think it still understates the problem. Even if the site only sees “18+”, the system still begins with strong identity proofing somewhere upstream. So this is not really anonymous access, it is identity-based access with a privacy layer on top.
The bigger issue is centralization. You still need trusted issuers, approved apps, approved standards, and authorities deciding who can participate. That means users are being asked to trust a centralized framework not to expand, not to abuse its power, and not to fail. History gives us no reason to be relaxed about that.
I am also skeptical of the privacy promises. These systems are always presented in their ideal form, but real-world implementations involve metadata, logging, renewal, compliance rules, vendors, and future policy changes. “The website does not know who you are” is only one small part of the privacy question.
So even in the best-case version, this is still dangerous because it normalizes the idea that access to lawful online content should depend on credentials issued inside a centrally governed identity ecosystem. Today it is age verification. Tomorrow it is broader permissioned access to the internet. That is why I do not see this as a decent compromise, but as infrastructure for future control.
The skepticism is very understandable. It is important to scrutinise solutions like this to make sure that they indeed do as they say they do, and to make sure the government doesn’t overreach with their authority.
That said, it should also be possible for laws to be enforced, and there are laws on the books that are supposed to prevent children from accessing things they we as a society have agreed they have no business accessing (alcohol, tabacco, porn, and increasingly commonly social media)
Currently there is no good method to actually enforce those laws on the internet, so there needs to be a solution for that.
I think this form of age verification may be a decent compromise between privacy and the need to enforce these existing laws.there are laws on the books that are supposed to prevent children from accessing things they we as a society have agreed they have no business accessing
The problem is that different societies have different lists of things that they deem children shouldn’t access (or in some cases, citizens in general). For instance, conservative-leaning U.S. states are increasingly labeling any and all LGBTQ content as being unsuitable for children, furthering their indoctrination against a persecuted minority group.
Parents are in the wrong for preventing their children from accessing content depicting LGBTQ perspectives, and age verification tools in such markets are likely to be designed with the express intent of blocking access to LGBTQ content for minors by default.
I think the disagreement comes from treating “we have laws” as automatically meaning “we must enforce them everywhere at any cost.” The method matters. This approach flips the burden of proof by treating everyone as a minor unless they prove otherwise. That is a pretty extreme shift from how things normally work in the real world.
We also shouldn’t pretend this actually solves the problem. Kids got access to adult magazines before, and they will get access now through a parent’s phone, shared devices, or older friends. If that’s the target, this kind of system is mostly symbolic while adding friction and control for everyone else.
And more importantly, it normalizes something much bigger. Once you accept that accessing legal content requires proving attributes through some approved system, it becomes very easy to expand that logic. Today it’s age. Tomorrow it can be anything else.
So I don’t see this as a balanced compromise. It’s a disproportionate response to an enforcement gap, with long-term consequences that go way beyond the original problem.
I don’t think laws should be enforced at any cost, but if we can reasonably enforce laws I think there is a duty to do so.
Then there is also a different question of whether we agree with the laws on the books, but that is a different matter imo. Personally I don’t think we should limit access to pornography as strictly as the laws says we should, and I don’t think the ills of social media are solved with a simple age limit.
But that is a separate discussion from the implementation of a (in my eyes) reasonable approach to age verification
I don’t think it’s entirely a separate issue, because how a law is enforced is part of evaluating whether it makes sense in practice.
If a law can only be enforced by treating everyone as a minor until proven otherwise, that’s a strong signal that the law, or at least its scope, may be flawed.
This is the intelligent non-invasive way to implement this. Basically using a similar cryptographic signing scheme as SSL certificates. We’ve known how to do this for decades.
Hi. This system doesn’t have the cryptographic properties that you think it does. The authority could keep a map between tokens and real IDs. They just say they don’t.
See the problem is the central authority.
I don’t see a central authority (i.e. your government) issuing tokens, as much different from the government issuing you a ID card by which you can verify your age to buy alcohol in the supermarket.
As long as that central authority doesn’t get to know what I use the tokens for, it seems like an acceptable solution to me.
The difference is in the potential for creep.
The proposed implementation would actually be less invasive than a national ID card (assuming the implementation information provided is complete and accurate), but also usable in less scenarios.
AFAICT there is no provision for actually verifying the person using the app is the person who’s identity is verified in the app.
What’s to stop one person having a verified identity and just sharing it with the people around them once it’s been issued ?
As an example, with an ID card in a bar you need to match the photo, this digital system would be like turning up to a bar with an ID that had no picture or details on , but just said “over 18”, you could then hand this to a friend and they could also use it.
I personally think that if a system is mandatory then an easily circumventable verification system is the best choice , but such an easily circumventable system is exactly the kind of thing governments have used as an excuse to push for further encroachment.
Take the UK for example, the online safety act they have is easily circumvented with a VPN (which many people noted before it was implemented) the government basically stuck their head in the sand and claimed vpn’s weren’t widespread enough to be a problem.
Skip to now and they’ve got representatives looking to force vpn compliance with the online safety act without having the slightest clue about why that wouldn’t and can’t work the way they want.
A more suspicious person might suspect the attack on vpn usage was an expected part of the overall plan.
Even a less suspicious person could still see the direct line from one to the other.
I’m not saying they will, but if i were a betting person, I’d certainly put some money on it.
This actually sounds pretty reasonable. Thanks for bringing it up.
but whose the “central authority” that you have to provide your ID to? and what happens when that central authority inevitably gets hacked?
That central authority would, from my understanding, be your government. They already have your information, so if they get hacked you are already screwed ;)
On one hand this is an elegant solution that is already in use in Germany for years, if companies want to implement it that is. But I think only Sony’s Playstore uses it. Or so I have heard. No US company wants to use it and I am sure they will lobby to get more data from users than a token if this gets rolled out EU wide. I am skeptical about this.
Finally a sane approach to online age verification
or rather their foot at the door. they just need SOMETHING and once they get started they can just keep making things worse. its never about protecting kids.
Could even have an OAuth flow that only provides a service unique key that the service can use to call the central authority to confirm the user is 18+ and nothing else, I always thought this would be the second best solution
Democracies: Hey we have to stop the onslaught of right wing populism
Also Democracies: Let’s push moral policies that right wing populists thrive on.
Lotta internet users are going to suddenly be from outside the EU, just like the UK population suddenly all moved to the Netherlands after their own version of this.
What? We got this too? I guess I accidentally dodged it.
Don’t give palantir your biometrics
Sure nothing wrong can result from that. /s
While I cannot agree on having to prove your identity online, this is ON PAPER better than what individual governments are doing right now (from what I know, I may be wrong though). I still don’t like it and think it’s a bad idea in general, but if EU countries are going to implement it in any case, at least it’s better to have something that protects your anonymity both ways (the government cannot see and track what your are visiting, and the sites cannot see and track your identity).
BUT, this is in paper. We will have to see the actual implementation.
And I would much rather not have anything like this (but good luck with all the far right parties that are being pushed right now…).
Für Dritte soll nach Kommissionsangaben nicht nachvollziehbar sein, welche Internetseiten einzelne Nutzer aufrufen. [source]
Translation:
According to the Commission, third parties should not be able to determine which websites individual users visit.
This means the goverment will be able to tell which websites individual users visit.
deleted by creator
Yes, citizens without a phone or without Google / Apple integrety check (or a phone without NFC capability?) will be completely locked out of all the “age check compliant” websites.
🤦♂️
You can launch an app all you want, but I don’t use my phone… It’s likely not compatible with whatever app they present anyway… So now I have to buy a new phone every idk, 3 years or so to do a bit of ranting here and there?
But that’s somehow a “me” problem. So let’s mention another issue for "app-stuff:
For a European to be able to use Social media, I first have to agree with all kinds of American TOS’s : (Apple, Google, or whatever semi-alternative that requires a Google app-store). Basically making our GDPR subordinate to the US.
IPhones get software updates for 5-7 years and high end Androids from some manufacturers are also finally catching up to this. Plus the app may not always require the absolute newest version of the OS. Might get 7-8 years out of a brand new high end phone.
Still doesn’t change the fact that now you HAVE to have an Android or iOS device and I’m betting they’ll use play integrity too.
I bought a high end Samsung specifically for the 7 years update. I got tired of buying low end phones that got slow and outdated every 2-3 years. Hopefully 7 years form now there will be a better alternative.
The tool could soon help users prove their age online without sharing personal data
Once released, users will be able to download the app from an app store and set it up using proof of identity, such as a passport or national ID card.
Officials say the app will be “completely anonymous” and built on open-source technology, meaning it could also be adopted outside the EU.
The fuck am I reading?
What’s your confusion?
Here’s the German open source app https://github.com/Governikus/AusweisApp
You can read how it works here https://github.com/eu-digital-identity-wallet and a decent summary here https://feddit.org/post/28546687/12555790 There are already apks downloadable from their repos for testing purposes.
Thanks, the article was entirely useless, just glazing the proposal.
While this is a better turd than k-ID and the likes, it’s still a turd. What is this supposed to achieve? Doesn’t stop kids from accessing anything, but hinders VPN usability (tunneling into ID requiring locations is going to be useless, as you can’t verify) and lays out the foundation for labeling anything as “adult” content, which we all know never stops at actual adult content.
Hold on, hold the fuck on, is this bitch so stupid or is her English so bad that she didn’t understand what she said, i’ll use my ID or passport to verify my age without sharing personal data!!! BITCH THAT IS MY PERSONAL FUCKING DATA!!!
You show your ID only to the central authority, which is your government. Who gave that ID to you in the first place.
They then issue you a ticket that says “we verify this dude is 18”, and you give that to the website.
You don’t give it to a website, read the article ffs, you download an app and that is what will “verify” your age, they did a trial run during their Covid experiment and now comes version 2.0, which will most likely have a backdoor for surveillance.
And I tried to simplify how the system works for you, as you apparently don’t know anything about it all. Reading an article that doesn’t explain it is hardly going to help. Here’s the actual full statement the article is badly referencing.
And here’s the diagram straight from the EU design documentation.
Steps 1-2 are “You show your ID only to the central authority, which is your government.”
Steps 3-4 is “They then issue you a ticket that says “we verify this dude is 18””
Steps 5-8 is “and you give that to the website.”Note especially step 3 - “The link between the user and provider is cut”. After that point, the provider can only tell the website that the ticket it valid, it cannot tell who it belongs to. So the website doesn’t know who you are, and the provider doesn’t know what website you are accessing. All they have is “Is adult: True.”
So this will exclude everyone without a (NFC capable?) phone from accessing social media or adult sites?? Absolutely insane.
At the core it’s just a website, if you are able to get online to require an age check, you’ll be able to access the system to generate the tickets - aka, electronically signed certificates.
the app works on any device – phone, tablet, computer, you name it. -https://ec.europa.eu/commission/presscorner/detail/da/statement_26_817
[EDIT] Oh, and the phone app should AFAIK, work offline, kinda in the same way a 2FA code app does.
I guarantee you this will not work on Linux because they also want this to be an identity verification app.
You can read how it works here https://github.com/eu-digital-identity-wallet and a decent summary here https://feddit.org/post/28546687/12555790
Who knew we would need an Orban for this absurdity.
I didn’t see Orban mentioned in the article. What is his role in it all?
I’m saying we somehow now need someone to block this garbage.
Ah yes Orban that champion of personal freedoms and heroic warrior against government overreach
