The operating system was licensed by Google
The app was downloaded from the Play Store (thus requiring a Google account)
Device security checks have passed
While there is value to verify device security,this strongly ties the app to many Google properties and services,because those checks won't pass on an aftermarket Android OS
I would like to strongly urge to abandon this plan.
Requiring a dependency on American tech giants for age verification
further deepens the EU's dependency on America and the USA's
control over the internet.
Especially in the current political climate I hope I do not have
to explain how undesirable and dangerous that is.
As a resident of the aforementioned political climate, I find their concerns to be reasonable.
There are a number of comments in that same thread that indicate a mandate to utilize Google services may run afoul of EU member nations' integrity and privacy laws.
userbinator · 8h ago
"Device security checks" is the most horrifying aspect as it basically means "officially sanctioned hardware and software", and leads straight into the dystopia that Stallman warned us about in Right to Read.
There is some amusing irony in the EU relying on the US for furthering its own authoritarianism. It's unfortunate that freedom (in the classic rebellious, American sense) never became that popular in the EU, or for that matter, the UK.
nextos · 7h ago
> leads straight into the dystopia that Stallman warned us about
IMHO, the push for age verification is just a stepping stone towards requiring a mandatory ID for all social media posts made from EU. Given the current trends against freedom of speech, it's not unreasonable to think that by the end of the decade any site, including HN, might need to link usernames with their respective eIDs in case posts come from EU IP addresses.
> officially sanctioned hardware and software
Right now, if you want to run an alternative OS, it's already an uphill battle to use tons of member state services, as well as to do banking. Even if you have microG available, the situation is terrible. I imagine it's going to become harder. I cannot understand why the European Commission wants to reduce our reliance on FAANG services, and at the same time they make Google Play a de facto standard, reinforcing the mobile duopoly. In this context, free alternative mobile platforms, such as Sailfish, cannot flourish.
swiftcoder · 2h ago
> I cannot understand why the European Commission wants to reduce our reliance on FAANG services, and at the same time they make Google Play a de facto standard
It seems to be different branches of the EU? This has been a recurring problem in EU tech legislation - the EU government bodies are sufficiently autonomous that the right hand seldom knows what the left is doing...
perihelions · 34m ago
> "it's not unreasonable to think that by the end of the decade any site, including HN, might need to link usernames with their respective eIDs in case posts come from EU IP addresses."
A rule of thumb that works too often is "how is mainland China doing things?"[0], and assume the West will follow behind shortly.
(tl;dr: Mandatory digital ID, with central government attesting and holding personal data in escrow. The "least bad", "privacy-preserving" option a sizeable portion of even HN itself advocates).
> "This means that companies, like social media site Weibo or online shopping behemoth Alibaba, will no longer be able to see the personal information of their users with digital IDs — but Chinese authorities will be able to see the real identity behind online accounts across a range of sites."
miohtama · 1h ago
VPN ban is coming next.
DocTomoe · 31m ago
> In this context, free alternative mobile platforms, such as Sailfish, cannot flourish.
If you are a system that depends on people being constantly under the yoke of your jurisdictional powers, you do not want a strong, free, ecosystem. You want as little diversity as possible, ideally two so there is an illusion of choice.
kubb · 1h ago
I would honestly love that. No more paid trolls on social media, the democratic process has a chance to adapt to technology, we can avoid the fate of the US.
exe34 · 50m ago
Only until the next Reichstag fire, I suspect, because by then there won't be any more democracy.
DocTomoe · 30m ago
... and all the social media posts having been pre-approved by Minitrue. What a glorious world we shall live in.
This is no longer just rhetoric. Meanwhile, the EU’s polite, tea-drinking cousin, the UK has quietly deployed a “social media surveillance unit.” Not to fight trolls or bots, of course - but to ensure His Majesty’s Subjects think correctly in public. Doubleplusgood, wouldn’t you say? [1]
I wouldn't consider South Korea as having any meaningful freedom of speech; in fact they seem closer to China than the EU.
numpad0 · 3h ago
SK had this, and it appeared to have turned their entire WWW into 4chan with cult radicalisms. Their state of online speeches and its real world negative consequences are crazy. People on permanent records in real name never backs down because they more tangibly feel their mistakes as threats, and if you think about it, people who never backs down even if they are in wrong are effectively cultists. It's clear what these types of totalitarianism do and where this path ends. It's crazy EU don't get that.
tonyhart7 · 2h ago
lol. its echo chamber on internet
if you talk to people directly, no one said that
numpad0 · 2h ago
Every cultures has echo chambers, I'm talking about which one is the worst and which parts of laws are likely fueling it
yorwba · 4h ago
There's not a trend against freedom of speech so much as existing laws outlawing certain categories of speech being applied to the internet. If you lie in a commercial context, that's fraud; if you lie in court, that's perjury; if you tell your buddies to go do crimes together, that's conspiracy to commit; if you tell someone to give you money or else, that's blackmail...
If you come from the perspective that there used to be freedom of speech and now there's all those pesky laws restricting what you can say, it looks like a slippery slope. If you realize that people have been required to check ID when selling material unsuitable for minors in physical stores since before the internet existed, it seems a bit more unlikely that ID requirements will expand to cover everything else.
AnthonyMouse · 3h ago
The trouble with these analogies is that they ignore the nature of the internet.
If there is a law in one jurisdiction that says you have to be 21 to buy some product and a different jurisdiction sets it to 18, or has no age restriction at all, and someone who is underage in the first jurisdiction goes to the second jurisdiction to buy that thing, what happens? The seller sells it to them. This has always been a completely normal thing for people to do in border towns, or when people e.g. visit Amsterdam because of less restrictive drug laws.
The internet allows anyone to visit the site of a supplier located outside of their jurisdiction. That's completely normal an expected too. It also makes things like age verification laws for digital content pretty much entirely worthless, because most of the suppliers weren't in your jurisdiction to begin with and the ones outside of it are... outside of your jurisdiction.
Governments now want to pretend that it matters where the user is rather than where the site is, but that's a joke because there is no way for the site to even know that. If you try to require it then they'll either ignore you because they're actually entirely outside of your jurisdiction and you can't impose penalties on them for not complying, or treat IP addresses in your jurisdiction differently (possibly by banning them entirely) and then people there will just use a VPN.
Neither of these cause the law to be effective and ineffective laws are inefficient and embarrassing.
yorwba · 2h ago
> Governments now want to pretend that it matters where the user is rather than where the site is
This is not a new thing either. Whenever something somehow touches multiple jurisdictions, it's generally safe to assume that laws from all of them apply. Countries can and do make laws that apply entirely extraterritorially. When that makes it difficult to do a thing while complying with all applicable laws, you either have to not do the thing or pick which jurisdictions' laws you want to break and deal with the consequences.
I don't think most lawmakers will consider the potential embarrassment from difficult-to-enforce laws much of a deterrent against outlawing what they want to outlaw. They're more likely to put additional requirements on third parties to assist with enforcement (e.g. VPN providers are an obvious candidate.)
mytailorisrich · 3h ago
There is no "freedom of speech" in the US sense in the EU/UK. That's often a cause for misunderstanding between the two sides of the Pond.
There are many things that you are not allowed to write or say by law in EU countries simply because the legislator has decided that they are wrong opinions, and it is generally accepted that the State can and should implement such controls.
Note that lying is not a crime in general. Your examples are for very specific contexts.
af78 · 3h ago
That's a common misconception. The European Convention on Human Rights guarantees freedom of expression https://en.wikipedia.org/wiki/European_Convention_on_Human_R... and is legally binding in all member states.
Sure, there are exceptions but in the USA too freedom of speech is not absolute either.
USA: 0.89
France: 0.96
Germany: 0.94
Czechia: 0.96
etc.
grumbel · 1h ago
> there is more freedom of speech in most EU countries than in the USA
A quick look at Steam says otherwise. All the games that credit cards companies pressured to get removed from Steam, were already long gone in Germany. Because that's the level of government censorship that is completely normal in Germany.
The only reason why one might get the idea that Germany ain't so bad is because Germany doesn't do (much) Internet censorship, so we have access to the much less censored outside world. If German law would apply worldwide half the Internet would be wiped out.
Mudbugs · 39m ago
Germany has a rich history, particularly in the gaming industry. Not the best example for "EU countries" since most of their censorship was blood and gore and anything related to Nazi symbolism, which was a plague of video games in the 1980s-2000s, since they were always the bad guys in video games, leading to heavy censorship in video games. In 2018, they lifted it significantly, and the list of censored or banned video games in Germany is relatively short.
mytailorisrich · 3h ago
Including things like "media bias" and other dubious criteria in freedom of speech rankings is obviously skewed.
Whatever the ECHR might say what I wrote in my previous comment is factual. In Europe "freedom of speech" comes with a long list of small print.
In fact, this is so embedded that the article of the ECHR you quote provides for restrictions and even states that they are "necessary": "subject to certain restrictions that are "in accordance with law" and "necessary in a democratic society"." QED
af78 · 2h ago
The distinction is academical. As I wrote, freedom of speech is not absolute in the USA either, think copyright law or gag orders etc. And arguing about this day after Colbert's show is cancelled...
Certhas · 2h ago
The internet will never run out of idiots arguing that there is no freedom in the EU and freedom of speech is a uniquely US thing. The German constitution guarantees Freedom of Speech? Doesn't matter. The US limits plenty of types of speech? Who cares.
> Categories of speech that are given lesser or no protection by the First Amendment (and therefore may be restricted) include obscenity, fraud, child pornography, speech integral to illegal conduct, speech that incites imminent lawless action, speech that violates intellectual property law, true threats, false statements of fact, and commercial speech such as advertising. Defamation that causes harm to reputation is a tort and also a category which is not protected as free speech.
> Under Title 18 Section 871 of the United States Code it is illegal to knowingly and willfully make "any threat to take the life of, to kidnap, or to inflict bodily harm upon the president of the United States." This also applies to any "President-elect, Vice President or other officer next in the order of succession to the office of President, or Vice President-elect."[45] This law is distinct from other forms of true threats because the threatener does not need to have the actual capability to carry out the threat; thus, for example, a person in prison could be charged.
yorwba · 1h ago
> The German constitution guarantees Freedom of Speech?
Article 5 of the Basic Law guarantees freedom of expression, freedom of the press and freedom of reporting by broadcast and film. It immediately restricts those freedoms with "limits in the provisions of general laws, in provisions for the protection of young persons and in the right to personal honour." https://www.gesetze-im-internet.de/englisch_gg/englisch_gg.h...
Many kinds of speech aren't covered by the enumerated freedoms in the first place, and "protection of young persons" is the basis for age-verification requirements.
Though given that the US constitution claims to guarantee freedom of speech while many things that people would ordinarily consider speech remain illegal, maybe "freedom of expression within limits" and "freedom of speech" is a distinction without difference in practice. But I think the former approach is more honest.
mytailorisrich · 2h ago
Well, the Internet will never run out who don't read because I can't see anyone arguing that there is no freedom in the EU. No-one is arguing there it is absolute in the US, either. I guess insults are easier than a thoughtful reply.
Mudbugs · 31m ago
>There is no "freedom of speech" in the US sense in the EU/UK.
Is the first line in the chain post you reply to. Also, read the guidelines (rude comments or dumb comments).
NicoJuicy · 3h ago
Yeah, what trump did, spreading lies, hate and falsely accusing wouldn't work in the EU.
Freedom of speech doesn't mean freedom of stupidity
mytailorisrich · 3h ago
> Freedom of speech doesn't mean freedom of stupidity
Freedom of stupidity has to be the most basic right in a free society. Imagine if stupidity wasn't allowed!
NicoJuicy · 3h ago
We learned from Nazi Germany in previous century. US seems, from the outside, not.
Racism against other groups, deportations, camps, ...
poszlem · 1h ago
We haven’t learned anything. We’re already caught in a radicalization spiral between the far left and the far right, echoing 1930s Europe. AfD is currently the most popular party in Germany, France is stuck between the National Rally and the openly communist New Popular Front, and if you think they won’t gladly exploit existing restrictions on free speech once they take power, you’re in for a rude awakening.
You argue about the EU as if we were still living in 2005.
mytailorisrich · 49m ago
Regarding France, it is a big stretch to paint the National Rally as "far right" at this point. The label is mostly over-used to create tactical FUD against them.
Likewise I would not say that the New Popular Front is communist, either, although as a coalition it does include parties that are.
userbinator · 2h ago
"Freedom is not worth having if it does not include the freedom to make mistakes."
paganel · 2h ago
It may do so in some of their written papers, but in practice I risk going to prison if I dare say some things. Soon enough it will be illegal for me, the grandkid of a devout communist party member, to say that I agree with what my grandad believed in, it is already illegal to do that in the Czech Republic.
blitzar · 1h ago
There is no freedom of speech in the "US sense" in the US either.
Just because a bunch of noisy people shout about freedom all day long doesn't mean they are not talking absolute garbage.
stereolambda · 1h ago
If there's an argument here, it's a mess. You first talk about speech. Commerce is barely speech--it's actually using the public market--and there is a legitimate opinion that applying civil rights to companies is already a corrupt abuse of our society. Perjury is strictly limited to one context existing since the dawn of time (courts), it is also very proceduralized what they can ask you, and even then there's a carveout for not incriminating yourself. Conspiracy and blackmail are only secondarily about speech. There's a criminal intent that you either made clear yourself or they have to prove.
The internet is like media (press) or communication by letters. Both extremely established in terms of guaranteeing freedom of speech and in the latter case, also secrecy. And the ID identification (that you then make your argument about) is only loosely related to free speech strictly. It's about being constantly searched and surveilled with a presumption of crime.
defrost · 3h ago
> If you realize that people have been required to check ID when selling material unsuitable for minors in physical stores
Not a great example.
No physical store would bother to check the ID of anyone clearly not {too young or borderline}.
Digital ID requirements are such that age verification of some form is required for every single connection .. and to assume that a connection from {X} might well require another ID check an hour later as it might well be a different person at the same computer or another device altogether.
That's an expansion from {only check young looking people} to {check and possibly retain records for _everyone_}.
throwaway290 · 2h ago
Check out zero trust proof standards
Edit: I'm not saying EU uses it but it could...
defrost · 2h ago
Let's assume I'm familiar with the theory, what pragmatic open verification exists for the implementation of this EU app?
Edit: the EU asserts the app is "privacy preserving" and "Additionally, work on the integration of zero-knowledge proofs is ongoing."
It's not the assertions made that trouble me, it's the quality of any actual implementation and the scope for deliberate or accidental side leaking of knowledge that should be zero .. but likely (in a pragmatic view of a political world) is not.
Zak · 6h ago
When Microsoft proposed such a scheme in the early 2000s under the name "Palladium", even the mainstream press decried it as a nightmare scenario. Google did pretty much the same thing in 2014 with Safetynet and there was barely a whimper. How did we lose our way?
wkat4242 · 5h ago
Back with palladium the people that used computers were still mostly knowledgeable like us. These days everyone carries a phone and nobody really understands the impact. In fact many people in the EU are even against the opening of iOS because they feel comfortable in apple's walled garden. Many people consider privacy a lost battle (I often get the argument "why are you railing against this, you have no privacy anymore anyway"). And that's from intelligent people usually.
somenameforme · 4h ago
People often say things like this, but it's not supported by polling (or my own extensive anecdotal evidence) whatsoever. [1] For instance 81% believe the risks outweigh the benefits of corporate data collection, and 66% believe the same of government data collection.
64% would be uncomfortable with companies sharing their personal data with outside groups doing research that "might help them improve society", which is great because it shows people understand that such phrases aren't just about sitting around and singing kumbaya.
What people say in polling is different from what they will actually do.
IMHO "would be uncomfortable" is not a strong opinion. "Oppose and actively seek to prevent" is a strong opinion. In my experience the majority just have a sense of learned helplessness.
somenameforme · 4h ago
I agree in general, but the person I was responding to was implying the equal but opposite in that claiming he "often" faced the argument of "why are you railing against this, you have no privacy anymore anyway."
People are usually quite interested to learn about ways to can work against the dystopia to some degree. For a specific example I've converted numerous of people to Brave users just by demoing the ad-block and privacy features. People who have never used ad-block are often in borderline disbelief. Not once has a person ever been like 'oh why bother.' That is just literally unbelievable.
rickdeckard · 1h ago
> In fact many people in the EU are even against the opening of iOS
True, but I am not sure it is even that many people.
This whole narrative is strongly driven by Apple themselves, one of their strategies against regulations like the EU Digital Markets Act is to rally its userbase against the EU.
pantalaimon · 15m ago
On a PC people are used to tinker around, the whole ecosystem is built around that assumption.
The smartphone was a closed ecosystem from the start, tinkering around was an uphill battle fought with custom ROMs that only few users dared to try (if the bootloader wasn't locked down to begin with). Adding more restrictions didn't have much impact on most users.
userbinator · 6h ago
How did we lose our way?
They figured out that much of the population is easily manipulated and controlled by exploiting their desire for "safety and security" --- in stark contrast to that classic Franklin quote (yes, I know the context isn't the same, but the words are otherwise a perfect fit for the situation.) It's only a minority of the population; and I'd suspect a smaller minority in the EU than the US; which is willing to argue against it.
Next time you find yourself arguing for something or doing things a certain way, throw in an "it's better for security" or similar phrase with a plausible-sounding argument why, and see how easily it shuts down the opposition. In my experience, many won't even question it.
Xelbair · 7m ago
fatigue.
same idea has been pushed since forever(you can include ACTA and other copyright protectionist movements like that as its originators too) over and over again.
People need to protest all the time and win, legislators can just keep pushing it over and over again.
What's even worse you get really smart people seeing noting wrong with this.. Meanwhile this reeks of same methods that were used in my country under communist regime.
troupo · 3h ago
Palladium was just one issue. Now it's one of dozens.
Even activists can get exhausted
paleotrope · 5h ago
Politics and money.
Mudbugs · 52m ago
>or for that matter, the UK.
Hate to say it mate, UK is already one of the worst offenders.
In their own "internet bubble," with curated Google searches that only present a very "Commonwealth countries bias" in search results. After I worked in the UK for a couple of years, I noticed there is a strong bias toward the same sites (Government and UK companies, especially biased toward "facts"). Second, you leave the UK. You will never get it. Try a VPN outside of the UK and search for the same stuff, you will notice it right away.
The UK have used the "think about the children" excuse for different stuff they don't like (Remember the Porn pass Idea? Where you had to go down to your local Tesco to get a "wanker pass" from the cashier.)
Same thing, now just for EU, and they use the "protect the children" excuse, but they have now started to aim at video game companies and others to "verify" age for the sake of "protecting the children". It is horrifying that they want to ID children in the excuse of their "safety". In a couple of years, they will likely offer free in-game currency to trick users into giving away their personal information.
> There is some amusing irony in the EU relying on the US for furthering its own authoritarianism.
I think you're trying too hard to post cynical remarks as if the were this major gotcha. Even though the bill is quite awful, Occam's razor is quick to point out this has all the hallmarks of an overzealous technocrat than authoritarianism. Try to think about it for a second:
- the goal of the legislation is to ensure adult content is not provided or actively pushed to children,
- adult content is pushed primarily by tech platforms,
- the strategy is to allow access to adult content only to users who prove they are adults,
- the strategy followed is to push an age verification system.
- technocrats know age verification systems can be circumvented if tampered with.
- technocrats proceed to add provisions that mitigate the risk of tampering age verification systems.
The detail you're glancing over is US's hegemony over social media and tech platforms. The world is dominated by three platforms: Microsoft's, Apple's, Google's. Even Samsung is not European. How do you expect to push a technical solution for an authorization platform without leveraging the systems that people use?
Also, the way the current US administration is pushing their blend of fascism onto the world is something I do not find funny. If anything, this would mean the American fascists are succeeding.
AnthonyMouse · 3h ago
> How do you expect to push a technical solution for an authorization platform without leveraging the systems that people use?
Imagine a world in which there are ten thousand phone platforms, some of them are developed by communities rather than business entities, and anyone can easily create a new one. Can your system function in that world? If so, then do it that way. If not, then assume it shouldn't work and stop trying to build it.
motorest · 2h ago
> Imagine a world in which there are ten thousand phone platforms, some of them are developed by communities rather than business entities, and anyone can easily create a new one.
You'd be imagining a world that's very different from reality. Lawmakers have to operate in reality, though.
jonathanstrange · 56m ago
It's completely unnecessary,there are plenty of parental control options and software for parents to install.
What will happen in reality is that videos and information is labelled adult content when in reality it isn't, e.g. videos of democratic protests. How do I know that? Because that's what's already happening.
troupo · 3h ago
> the goal of the legislation is to ensure adult content is not provided or actively pushed to children,
Maybe an easy to manipulate technocrat with an authoritarian figure guiding them from behind.
> the goal of the legislation is to ensure adult content is not provided or actively pushed to children
It always starts with the children or terrorists. It's an easy way to sneak the idea in your head. You wouldn't want children to be harmed or terrorists to win, would you? Once you got used to the though, everything else follows.
Name something you want or like I can lazily turn it into a "think of the children" situation.
Magnusmaster · 5h ago
It's already happening for several apps such as banking apps, payment apps, government ID apps, etc.
ars · 5h ago
My phone is rooted and passes "Device security checks", even though it's not supposed to.
I don't know how it works technically, but clearly there's a way to fake it.
userbinator · 4h ago
AFAIK there are still cracks available, although it's been getting more difficult over time.
This is another one of the reasons why I'm opposed to the current trend of "memory safety" that the megacorps are so enthusiastic about. When insecurity is freedom, and security means securing against the user's control, attacking insecurity will only close off paths to freedom.
TheDong · 3h ago
> This is another one of the reasons why I'm opposed to the current trend of "memory safety"
It's good if all my software on linux crashes with segfaults because it might let someone unlock a locked down linux device one day?
I don't feel particularly free if my device is pwned with ransomware
userbinator · 3h ago
When the gun is pointed at you, you'd better hope it misfires.
preisschild · 35m ago
There are two levels, one can be faked, one can not.
ehnto · 6h ago
You don't even need to consider politics to acknowledge this is dangerous, wildly irresponsible of a government to tie internet access to a foreign corporate entity's control. The privacy concerns of not being able to use a device free from Google services, may only be second to the sovereignty issues it introduces.
Whoops, Google have delisted your government app from the Play Store, how quickly can you de-couple your citizens internet access from the corptocracy?
fsckboy · 7h ago
>Especially in the current political climate I hope I do not have to explain how undesirable and dangerous that is.
this is not the way to make a point that the other party will find persuasive.
eru · 7h ago
What do you mean by 'the other party'? Many places have more than two parties.
dguest · 1h ago
I assumed they meant Republicans/Trump, but it's a bit confusing because those parties aren't very popular in the EU:
whatever your political alignment, saying the situation in the US is problematic might sell pretty well in the EU.
wkat4242 · 5h ago
Yeah I'm glad I don't live in a two party state. The zero sum game politics that results in rips the country apart. You see this in the US and also in the UK (Brexit etc)
sunaookami · 4h ago
It's not better in countries with multiple parties where nearly everyone (every relevant party) wants authoritarianism in the name of "fighting hate speech".
johnisgood · 39m ago
It is all the same, under different names. Plus even in countries with multiple parties, it is usually only two parties that have a chance, but again, they usually (or always) have a similar (or the same) goals.
riffraff · 2h ago
I assumed that meant "the other side of the conversation", e.g. "all parties involved".
cwillu · 6h ago
“We have both kinds of music: country _and_ western”
rightbyte · 9h ago
> As a resident of the aforementioned political climate, I find their concerns to be reasonable.
No. The lesson is that stuff like this is concerning what ever the "political climate".
Anyway, you mainly don't want the gov in your vicinity to snoop. Non-local OS:es is probably advantageous in that regard if you choose to run proprietary code...
johnnyanmac · 9h ago
>No. The lesson is that stuff like this is concerning what ever the "political climate".
We say this, but many also want to entrust all our PC games to one closed source launcher. Or have videos/TV all on one subscription service. There's definitely a spectrum of benevolent and greedy dictators people draw lines on.
rightbyte · 19m ago
Ye well I agree. I am guilty of using Steam to play some games on Linux with low effort. But as you note there is a spectrum.
dspillett · 8h ago
> many also want to entrust all our PC games to one closed source launcher
I think that is far more that people like the other closed source launchers less, and each launcher potentially adds it's own stream of notifications and adverts to their system so there is a cost to having multiple active even if the PC resource cost is practically undetectable.
Furthermore if comparing game launches and related issues to political climates, I'd consider all the current closed source ones to be the same in those respects. Also we are not subject to several local political climates at any one time in that way (though we are when looking at a wider scale, of course).
> Or have videos/TV all on one subscription service
While there are other issues (each service tracking you etc.) this is more due to the fact that each service charges what we used to pay (in fact more, as in some cases prices have gone up by more than general inflation) for a single service that provided the same amount of content that they cared about. This doesn't really equate to trust on political climates (except where commercial greed is considered a political matter).
freehorse · 3h ago
> I think that is far more that people like the other closed source launchers less
Why does one need a game launcher? Cannot we just like run games as we run any app? Having to use a launcher that by default requires internet connection, even if the game itself doesn’t, sounds like a very specific choice of how to do things. We don’t run any other kind of program like that.
numpad0 · 3h ago
GP's saying that having and embracing Steam client is technically wrong, as comfortable as it might feel to you.
lotsofpulp · 7h ago
> this is more due to the fact that each service charges what we used to pay (in fact more, as in some cases prices have gone up by more than general inflation) for a single service that provided the same amount of content that they cared about.
That is because the introductory prices were not 1 to 1 to the business’ existing revenue streams from cable and satellite transmission fees. Especially considering that before, there was a very limited supply of content restricted by time slots, and now you are buying far, far more on demand content without advertising breaks. And without contracts with a cable or satellite company.
People are spoiled, and don’t appreciate how much easier and cheaper it is to watch or listen to most content than it was pre streaming services.
One only needs to look at market cap graphs of the various media companies to see that streaming isn’t the cash cow people think it is.
A4ET8a8uTh0_v2 · 9h ago
This is genuinely a real issue. It seems that most people cannot forsee an issue down the road unless it just happens to personally affect them after it took place ( ideally immediately after ). Valve is a good example, because while it is providing good value for the service it provides, it will not stay like that forever, but the environment it did set up will. And it will hurt once MBAs divvy up that kingdom. Just sayin'
And obviously it is not just one arena, because it seems to be one glaring issue with human beings: they do not want to see the road ahead. And the ones they do are, at best, ignored.
sidewndr46 · 5h ago
So remote attestation?
tonyhart7 · 4h ago
so what option is??? do you rely on third party store to do check??? I bet its more secure than google has verify it for you
agilob · 2h ago
So we wouldn't be real EU citizens, unless Google says so? Can we get rid of passports then? /s
decremental · 9h ago
From the telegraph.co.uk: "Elite police unit to monitor online critics of migrants" and there are people worried about the "political climate" in the US lmao
dmix · 5h ago
The UK in the last 2 decades has been far more totalitarian than the US, even up to 2025. But the people in England seem to accept it and openly defend government encroachment even here on HN. While even smallest steps towards eroding rights in US have people there decry it, so it's far more controversial and newsworthy
But it's nice so many people care about the last few places where hard freedoms exist. The biggest risk is missing the forest for the trees and not seeing the local extensions of short term political comprise.
0x_rs · 8h ago
The war on the free internet is accelerating. Without real push-back to these dystopian laws and consequences for the people proposing and lobbying for them, you'll miss what will ultimately end up being a temporary anomaly of mostly unrestrained free flow of information. It's not an hypothetical scenario or something that will develop down the line, it's happening today, worldwide.
RpFLCL · 7h ago
I heard from a friend last night that they were unable to see posts on X about current protests in their country because those were considered "adult" content which can now only be viewed after submitting to an ID check. Not porn, video of a protest.
You're 100% right that it's happening today.
btown · 6h ago
It’s really important to remember in this context that “the purpose of a system is what it does.”
Do not think for a moment that ID verification primarily protects children and only incidentally enables authoritarian restrictions on speech. Do not think for a second that verification initiatives are designed without anticipating this outcome.
The phrase does not mean that you can pick any single effect of a system and claim that is its purpose, as your linked article does in its examples. (Ironically, a form of reducto as absurdum.) It is a heuristic, a pattern of thought to attempt to overcome the bias towards judging systems based on the intentions behind them instead of the outcomes they produce. The point is that when you choose a course of action, you are implicitly choosing its negative effects as well, and the choice should be judged on all its effects. You are making a cost / benefit analysis, and if that is not explicit, it can easily be wrong.
I think you're taking it too literally. A more generous interpretation would be "what it does can be a better indicator of what the true hidden motive was for nefarious state programs".
throwaway290 · 2h ago
> "the purpose of a system is what it does"
So then the purpose of the internet was to share cat pics? This quote is so wrong in every way.
> Do not think for a moment
I will decide what I think thank you. It's very ironic when arguments against "censorship" go this way.
stinkbeetle · 7h ago
Sadly the old guard of free speech and privacy activists on the internet has long gone, drowned by a sea of unprincipled populist reactionaries - if their team decided that the content is "problematic", then they are entirely justified in censoring and punishing the speakers for daring to speak it, and entirely justified in protecting everybody else from having to suffer the horror of reading/seeing/hearing it, and it matters not whether the mechanisms are legal or ethical because the ends justify the means.
fsckboy · 7h ago
>the old guard of free speech and privacy activists on the internet has long gone, drowned by a sea of unprincipled populist reactionaries
which is an unnecessary ideological divide if your concern is free speech and privacy; too bad the old guard of activists chose sides and alienated additional support for their cause.
stinkbeetle · 6h ago
> >the old guard of free speech and privacy activists on the internet has long gone, drowned by a sea of unprincipled populist reactionaries
> which is an unnecessary ideological divide if your concern is free speech and privacy;
What do you mean by this, an unnecessary ideological divide?
> too bad the old guard of activists chose sides and alienated additional support for their cause.
What sides did they choose and whose additional support did they alienate?
throwaway290 · 2h ago
I guess "The old guard of free speech" went to be rightie libertarians
TFYS · 3h ago
We are approaching a time when most of that free flowing information is LLM generated propaganda and advertising. The average person can no longer go on the internet and trust any of the things they see or read, so what's the value of such information? I would prefer the free internet of the 90s and 00s, but we're losing it even without these laws.
dragonwriter · 3h ago
> We are approaching a time when most of that free flowing information is LLM generated propaganda and advertising. The average person can no longer go on the internet and trust the things they see or read
The average person could never do that; critical evaluation was always needed (and it was needed for the material people encountered before the internet, too.) The only thing that is a change from the status quo ante in the first sentence is “LLM generated”.
TFYS · 2h ago
Maybe, but it's not possible to critically evaluate everything you see and read. For sure most people don't, and probably no one does all the time. So if before 10% of information was lies and manipulation, most of the information was still good, or at least something that a real person thought was good. Now, or soon, anything you read or watch has a 99% chance of being generated by someone who wants to manipulate you, because those who want to manipulate have something to gain from it, and are willing to spend more money to do it than those who want to share the truth.
ivell · 3h ago
Actually I think with LLM, the average person is more likely to be critical of anything they see now than ever before, as they know that it could be AI generated. In my non IT circle, now even genuine content is being doubted as being AI generated.
jonathanstrange · 48m ago
This state is not going to last long because LLMs are getting better and the people who write prompts are getting better. Soon the vast majority of content on the net is going to be generated by LLMs to influence you in one way or another, be that politically or as a consumer, and the content is going to be indistinguishable from human writing. And you can be virtually certain that the groups and people with the lowest moral standards will use it the most to sway public opinion.
yupyupyups · 5h ago
There wont be any consequences if you expect them to legislate against themselves, or handcuff themselves and throw themselves into a cage.
Let's stop beating around the bush. We all know this doesn't make any sense.
quantummagic · 8h ago
They always start with "think of the children", but that's just the opening salvo. The wild west days of the internet are definitely behind us. We'll be lucky if we still have private personal computing in the future, or any semblance of free speech.
akersten · 7h ago
If we're to regain any ground here we need to adjust the messaging wrt terms like "wild west" - that's precisely the kind of terminology that scares the average voter into thinking the government needs to do something about this whole internet thing. We need to use patriotic and inspiring language, like "free" as in "free speech for the internet," or "safe and private" etc
athrowaway3z · 3h ago
I'm not sure this old horror story still works. The things to be afraid of have changed too much and at a far larger scale than people then could comprehend.
The "temporary anomaly" is one of perception. It was individuals talking to individuals. In terms of volume the world has never had this much free flow of information, and its never been easier to transmit encrypted data within a group.
At the same time the problem with letting the internet be without government means it pushes digital crack to all children, and an oligarchy of (natural) monopolies tightly control certain powers through systems like "sign in with Google".
The options for companies to instead use a government backed digital identity seems like an obvious step forward if designed carefully enough.
That requires the right mindfullness of people's rights, eg the right story. I just don't think the war on the free-internet narrative from 30 years ago is up for it.
djrj477dhsnv · 27m ago
But the "digital crack" isn't what the government wants to restrict from children.
They want to stop children from accessing porn, which really isn't all that bad. Certainly it's not nearly as bad as wasting hours on perfectly legal social media and streaming sites
deadbabe · 7h ago
It's not accelerating, it's over. We lost.
wkat4242 · 5h ago
We didn't quite yet. We're still here, pretty anonymous, I'm sure your real name is not deadbabe :) IRC still exists where you can just pick a nickname from thin air. And most of these things will stay, underground. It's the commercial mainstream that will bow to this, sadly.
dotancohen · 4h ago
Unfortunately, the expert in debugging Arduino electrical errors, or in numpy, or in evaluating what the burn pattern on your spark plugs means, or in identifying that strange object in your telescope, won't be on IRC. He'll be on Reddit, where you'll need a government-provided ID _and sanctioned device_ to participate. Or on Facebook, where you'll need a government-provided ID _and sanctioned device_ to participate. Or on whatever large, popular platform replaces them, where you'll need a government-provided ID _and sanctioned device_ to participate.
But rest assured, so long as you want to discuss privacy and nostalgia of the pre-invasionary internet, you'll find a knowledgeable expert on IRC.
johnisgood · 3h ago
There are more free alternatives. We need to move to these platforms. We need the network effect here for sure.
rixed · 3h ago
In Germany, before I can send an anonymous message on HN, I have to send a picture of my passport to some government agency and have a video call with them, so that my phone is allowed to attach to the internet.
nake89 · 1m ago
No you don't. You can get a prepaid SIM card.
danieldk · 7m ago
Could you elaborate? I lived in Germany for a while and I never had to send a picture to a government agency and have a video call with them to access the internet. Phone, laptop, and desktop.
Never heard anything like that from many people I know in Germany.
I feel like there is a huge chunk of context missing here.
snickerbockers · 8h ago
The European union never ceases to amaze me. Whatever happened to becoming less dependent on American corporations?
They flip flop on this stuff at least once a month, and the most annoying part is that they always herald everything they do as some new epoch-defining initiative only to quietly forget about it and do the opposite a few months later.
If nation states are dogs, then EU is the chihuahua: loud, proud and extremely ineffective.
pyrale · 2m ago
On one hand, there is a will from some people to be less dependent.
On the other hand, the EU bodies as well as national reps are besieged by lobbyists and diplomats, and without much backlash from constituents, it's very hard not to find someone that will do what you want. Just look at this former EC commissioner [1] working for Uber.
Flip-floping happens occasionally when the public catches up.
Ineffective? Extremely so? From open borders to open roaming to the various legislation that my tiny country would never be able to force corporations into if we didn't have it at the EU level. Heck, the currency. There's so many aspects I take for granted in life and don't even think about anymore. I can just pay anywhere without thinking or conversion fees. Must have been amazing for trade though it's nearly as old as I am so I don't know how things were before. How in the world you come to a worldview of the EU being extremely ineffective, I cannot imagine. Are you from the EU?
wting · 8h ago
Because of goomba fallacy.
The EU is not a hegemonic state, but rather an economic supranational organization. France/Germany tend to be primary proponents of increased EU strategic autonomy, while Poland/Czech/Baltic states are less supportive.
Similar to recent discussions of self-hosting, it's a tradeoff of autonomy/control vs efficiency.
wkat4242 · 5h ago
> Because of goomba fallacy.
> The EU is not a hegemonic state, but rather an economic supranational organization. France/Germany tend to be primary proponents of increased EU strategic autonomy, while Poland/Czech/Baltic states are less supportive.
Well obviously, these states know how bad the Russians are since they were terrorised by them for decades. They'll be the first on the chopping block. And they know that Europe does not have much deterrent of its own right now so they're screwed without the US. Though this will come.
bjoli · 4h ago
They are not so stupid to believe that this kind of dependency (the android one) is consequential in any way.
dotancohen · 3h ago
Or maybe, like my friend from Riga tells me, the Russian years were not "terrorism".
Right now, Russia (I have no affiliation, other than thinking that Russian girls are pretty) and Israel (my country) are the big villains online. I completely support Israel, and am constantly silenced online, even on HN. I wonder if those who support Russia are similarly silenced. I hear that in Riga food was more plentiful and nobody slept in the streets during the Soviet years. There was no dream of getting rich, but no fear of losing your home and livelihood. And now, the big change is that there is still no dream of getting rich.
So maybe Poland/Czech/Baltic states have insight that comes from experience with both ideaologies.
edgineer · 3h ago
Stories of Russian war crimes personally experienced post-invasion told in my family
dotancohen · 2h ago
Sure, nobody is denying that. That does not contradict the argument (not mine) that perhaps people lived more secure lives under Soviet rule.
Note that I define "more secure" as in not living in fear of losing home and income. Not necessarily that their standard of living was as good as those in the West.
calgoo · 1h ago
It depends: if you are part of the party and things are going good then yes. However, if you are from a group of people that you government has decided is trouble, then you tend to disappear in the night. Like my mother in law who says things where so safe when there was police on every corner in Spain during the dictatorship but my father in law was hiding "reds" under the floorboards as they where Jewish and being procecuted. One does not take away from the other, instead of criminals threatening you it's the government goons.
alephnerd · 8h ago
> Germany tend to be primary proponents of increased EU strategic autonomy
Germany isn't doing this as much anymore, because Germany Inc has become increasingly dependent on their investments within the US [0], especially after the triple whammy of the Biden-era IRA [1], the sanctions on Russia sparking a domestic energy crisis [2], and Chinese players outcompeting German industry in China [3].
This can be seen with Germany purchasing American weapons for Ukraine over French objections [4]
You need to put yourself in the EU governing people shoes for a minute.
Their predecessors, who were from the WW2 and Silent generations, did not care about the free Internet because they relied on the large mainstream media consuming baby boomers. They had a direct line to them.
But the boomers are between 60 and 80 and vanishing. The following generations are in panic mode.
So until recently the "free" Internet did not matter politically in the EU. Tech was used to trigger color revolutions abroad where the demographics were younger.
But now the unelected EU commission inherited that Internet things and are on the wrong side of it. Worst almost everybody in the EU speaks English and listen to Joe Rogan & co.
And while the US Gov might be able to control the Joe Rogan type the EU does not.
So their only move is to crack down on the Internet and limit it with a Chinese firewall type system. But they obviously do not have the ability to do so without the capabilities of an US tech giant (remember their own systems are on Office 365, every phone is Android or Apple). And this would also be in the interest of the US because it would give them a solid control over the EU.
Remember the first goal of a system is to survive and I do not see another realistic path.
alephnerd · 8h ago
> They flip flop on this stuff at least once a month
Because in the background it's a French vs German vs Irish vs Czech vs $insert_eu_state business interests competing with each other.
Notice how it's almost always French legislators and businesses that mention "domestic EU tech" and not Polish, Czech, Romanian, Dutch, or even German policymakers or businesses?
That's why.
National interests always end up trumping the EU in it's current form. And for a large portion of the EU, American BigTech represents the majority of FDI (tech and overall).
Japanese and Korean automotive players did the same thing with the US in the 1980s-90s in order to ensure their interests remained aligned (though the Plaza Accords did play a role)
BLKNSLVR · 4h ago
France has some history in being disappointed by the US, so it doesn't really surprise me that France is beating the independence drum the loudest.
(the entire video is interesting and informative, I've skipped it to the France-US specific part, up to about 11:02 where Australia is introduced as the US sycophant it is)
Whether it's logical or not, offences past, even those thought forgotten, are easily recalled when under similar pressures.
alephnerd · 3h ago
> Whether it's logical or not
From an American NatSec perspective, French strategic autonomy is viewed as a positive, as can be seen with Elbridge Colby's work (and similar work by Mastro and Doshi), and a lot of the initiatives led by the Biden admin, as this would allow burden sharing because the US is no longer in a position to manage a two continent war. France does our dirty work in the Sahel and can help in the Indo-Pac (as was seen with the US, France, and India jointly armtwisting the UK into ceding Diego Garcia to Marutius)
In Australia's case (and to the US's benefit), alignment with France makes sense and has been something that has come up in Australian NatSec for years.
New Caledonia is barely 800 miles off the coast of Australia and NZ, and both New Caledonia and French Polynesia have faced pressure due to China, especially after the recent violence in New Caledonia was linked to Azeri [5] disinfo networks on TikTok, along with decades of covert ops by China in New Caledonia [6][7]. France has also been an active defense partner with India and Indonesia - both of whom are increasingly cornerstones of Australian defense.
By every single standard, having an active "Indo-Pac" France is a net benefit for America+ strategy and Taiwan.
That said, French NatSec "strategic autonomy" does not have anything to do with French industry's alignment with marketing a "European first" tech story.
France has similar issues to the US with power politics (as can be seen with France, US, SK, and Israel sharing a similar CPI score), and the biggest booster and beneficiary for "European Tech" is Xavier Niel [0] (France's Mark Cuban or Elon Musk), who is on a first-name basis with Macron [1][2] and whose Father-in-Law (Bernard Arnault) has personally played a significant role in French power politics for years [3][4]. Arnault is also the reason why every country negotiating with the EU ALWAYS tariffs congac and champagne - Arnault's LVMH owns Hennessy and all the other congac producers, and the majority of champagne producers.
End of the day, this is just another inter-elite conflict between vested business interests like any other, but couched with the flag of nationalism.
Nothing wrong with that, but this is why you don't see alignment amongst EU member states - as each state is supporting their own vested business interests amidst a trade war. For example, there's a reason all of us American tech investors end up working with the same handful of politically aligned law firms in Czechia or ending up in the same IT Parks in Eastern Europe.
One wonders how much of the French foreign policy is affected by an online influencer trolling campaign.
alephnerd · 3h ago
Pretty significantly actually.
For example, the violence in New Caledonia was instigated on TikTok by Azeri disinfo networks [0][1] due to French support of Armenia, which itself is due to French support for Greece+Cyprus against Turkiye, who is the primary patron for Azerbaijan.
Algeria has been doing something similar [2] due to French support of Morocco, and China's UFWD aligned groups have done something similar in the French Pacific [3]
Unless you're insisting I'm a troll or a bot, which I strongly disagree with. I've worked closely with EMEA (and especially French institutions and businesses) in my current career and previously when I worked in the policy space. I just kvetch on HN because it's not significantly on any radar yet and the anonymity is appreciated.
EU is a great chihuahua, authoritarian laws get passed, national politicians say that there's nothing they can do, but they benefit greatly from all the new posibilities of control over the internet.
I mean.. great for the politicians, not for an average european.
wmf · 7h ago
95% of Europeans are running American OSes today. Should age verification just wait 20 years for EurOS to be deployed?
nemomarx · 7h ago
what's the rush on age verification? why does it need to happen now and not in a decade after working on digital ID and battle testing that etc?
wkat4242 · 5h ago
Because it's a conservative talking point. And they're appeasing them with all the extreme right parties popping up all over Europe
rixed · 3h ago
The role played in the US by grassroot conservative bigots have no equivalent in the EU.
The push for authoritarianism seems to come purely from above. My intuition, from personal anecdotes, is that after 30 years of widening gap between the haves and the have nots, the haves are increasingly terrified buy their own populations.
nsksl · 45m ago
Age verification is not a conservative talking point in Europe. I live in Western Europe where conservatives simply do not exist and the government is trying to push an age verification solution too.
danieldk · 2m ago
I live in Western Europe and conservatives were ruling the in my country until one of them blew up the government (over a typical topic that conservatives are obsessing over).
queenkjuul · 7h ago
They could just choose not to depend on OS level verification tools
sensanaty · 6h ago
Why exactly do we need age verification, again? Other than the classic "But the children!" excuse of course.
Zak · 7h ago
Yes, and when that comes to pass, we should find something else it should wait another 20 years for.
Essentially, the core user journey is a privacy preserving "over 18" check. I suppose this prevents under 18's from accessing porn, in the same way that most blocking technologies impose an expense on everyone but fail to block tech-savvy children.
Doesn't seem like it could ever stop someone with a bittorrent client, unless you have to attest you are over 18 to even use bittorrent.
wkat4242 · 5h ago
If they could have stopped BitTorrent they would have long ago.
So no, this is totally ineffective. And it's not like there's actually a problem. There's no crisis of messed up kids or young adults. We all had access to porn in some form and we all turned out fine. I used to watch the late night pay tv which was just 'scrambled' by removing the sync signal. It was easy to put that back with some electronics chops. I saw my share of gangbangs and cumshots and I did not get messed up or get weird ideas. In fact I often get compliments I'm a sensitive and caring lover. I never do or push for the dirty porn tropes (unless she asks for them :)
So did most of my school friends. Also video tapes got passed on at school and later CDroms (when the writable DVD came I was already an adult). We all had plenty.
This is all to mitigate a "crisis" which doesn't actually exist.
sapphicsnail · 1h ago
I don't want to ban porn or anything but the problem has definitely become worse than when I was growing up. I have a zoomer roommate that had unfettered access to the Internet and has some trauma she's still working through. I think the intense age verification laws popping up are going to be a big net negative but I think something needs to he done. I just don't know what that is. Maybe educating parents and children?
IshKebab · 1h ago
> some trauma she's still working through
From watching porn?
druskacik · 2h ago
There's a difference between passing on video tapes and having a pocket machine with an unlimited amount of adult content. Just my opinion, but I think it's worrying kids can access it in basically a few clicks.
But I agree, forcing verification will not be effective enough, kids will find their way. The real solution is more education on this topic from younger age.
Aachen · 1h ago
Some porn videos were shared via Bluetooth in my school. From my perception, things you get from real people makes you more likely to think it's something real you ought to know about and not just an internet thing. Seems much better to me that kids can discover it on their own terms and know it for what it is
ozgrakkurt · 1h ago
So they are doing this to block the children that are able to “hack” their phones, from watching porn.
Don’t know how to describe how insane this is
washadjeffmad · 6h ago
It seems reversed, that the default is legal eligibility, and that minors should need to prove their status. They're the ones who need policing, after all, not us.
For instance, it's not illegal for me to be served alcohol. If I'm not carded when being sold a drink, nothing illegal has taken place.
If the lawmakers are being cowards and not saying they want to round up and ID all the children from birth until they are eligible to participate in the adult world, that's their battle to fight and not our burden.
latentsea · 9h ago
I think social media does more damage than porn. We should just instead legislate that all social media has to shutdown and just let everyone watch porn and be done with it. Sure, you wind up with ED if you watch that stuff since you were a kid, but hey, if birth rates around the world are anything to go by, no one seems to really want to bring children into this world anymore anyway, so it's not as if that actually matters anymore.
I think I have become far too cynical.
avidiax · 9h ago
The one good thing (in principle) about a service like this is that social media is much more centralized, so this kind of system could put seemingly-effective age restrictions on social media. For example, no under-14's, or under-14 requires a supervising guardian and has other guardrails.
But this still wouldn't stop determined kids from VPNing to another country to make their account, and wouldn't stop peer pressure on kids from bleeding to parents to help them.
scarface_74 · 1h ago
What do you think will happen when the EU regulates the “centralized” social media companies? Kids will just flock to other services that don’t care about EU regulations or use a VPN.
We see something similar in the US with age verification for viewing porn in some states. Mainstream porn sites that I’m sure you have heard of that aren’t based in the US just ignore the laws and VPN sales skyrocket in those states.
scarface_74 · 5h ago
Or you know the government could stay out of it and parents that wanted kids to stay off of social media could use the existing parental controls.
johnisgood · 3h ago
Be careful about telling parents to parent. For some reason people do not like being told that it is the parents' job, and not the Government's.
jeroenhd · 3h ago
Social media laws are actually being discussed, designed, and even implemented, targeting teenagers at the moment.
GaggiX · 9h ago
>but fail to block tech-savvy children.
If I were a kid, I could see myself downloading Opera GX and enabling the free VPN. It's probably not "tech-savvy" because the browser gets a lot of ad views on YouTube; it would be pretty obvious.
avidiax · 9h ago
Or using a torrent. Or trading a fileshare with your friends. Or finding a box in the woods. Or finding dad's "tax returns" folder. Or getting on TOR. Or finding an open directory. Or asking AI to produce something.
Basically anything other than going to a legally compliant website and trying to attach your mom's passport to the age verification app and doing the challenge.
lotsofpulp · 8h ago
> Or finding dad's "tax returns" folder.
I would want to sit in on this audit.
SauciestGNU · 4h ago
Are you coming onto his dad?
zeta0134 · 9h ago
I keep coming back to the actual solution being to keep kids off the internet period. If you are under 18, and online without some sort of adult supervision, we have failed you. Maybe that ship has sailed with so much coursework requiring online access, but I maintain that perhaps we should declare it lost at sea and try again.
Because the practical reality here is, like, porn is the big scary word, but the actual danger to kids is *other people.* Other addictions still exist. Removing one vice without solving the underlying systemic problem merely shifts the goalposts, and everyone is up in arms about what a slippery slope that is for good reason.
EDIT: Clarity here because I phrased that badly in a hurry: I'm in disfavor of internet access being a requirement for schoolwork, but I failed to set that context initially. If parents trust their kids enough with access, once they've reached a certain point of maturity, that's fine. I'm against technological age gates and I'm against removal of bad content from the net at large. Parents should decide when their kids are ready, and guide them appropriately.
I will leave my original remarks unedited so the remaining discussion is sensible. (Sorry!)
Hizonner · 8h ago
> I keep coming back to the actual solution being to keep kids off the internet period.
W T F ? ? ?
> Because the practical reality here is, like, porn is the big scary word, but the actual danger to kids is other people.
Bad news, Champ. Other people also exist off of the Internet. They always have. The world is not entirely safe. And that does not mean children shouldn't get to be part of the world.
The main problem here is panicky idiocy.
cosmic_cheese · 7h ago
While there are absolutely issues with kids coming across things they shouldn’t, I’d argue an equally large issue is parents buying into the delusion that they can keep their children contained within a bubble of perfect innocence until adulthood.
That idea has never really been realistic short of keeping them isolated from society until 16-18 (which most would consider abuse), but it’s not even slightly possible today with how readily available information has become. It’s an inevitability that they will learn about the topics you’ve been avoiding and take on external influences you may not approve of.
Now to be clear, I’m not advocating for letting kids run wild on the internet with no guardrails, especially earlier on. Guardrails are important, but it’s even more important in my opinion to try to stay ahead of what they may encounter by talking with them about those things so when they eventually run across it, they’re not flying blind and might even seek your guidance about the incident since they know you’re not going to get angry about it. That’s much more likely to bring positive outcomes than if they ran into these things without parental support.
wkat4242 · 5h ago
You know what helps? Proper sex ed around the age of 12-14. That's what we do in Holland. And why we had one of the lowest teenage pregnancy ratings. Unfortunately the conservatives are complaining about this more and more (the Lentekriebels program) because they mention that men can also love men. This porn filter is also from their corner.
zeta0134 · 7h ago
Yeah, I'm nodding in agreement here for the most part. I didn't mean to suggest crazy helicopter parenting surveillance nonsense, just ... the idea that giving young minds the whole dang net and letting them loose without any guidance or oversight is kinda dangerous. Growing up we always had an adult in the computer lab, or the library, where most computer coursework was being taught. I had "the real internet" right there, but if I actually got into trouble, someone was bound to notice, and I could always ask for help.
The point I was actually trying to make is just this: if the parent's goal is to block content, then the simplest thing to do is to be there when the child is surfing the net. That shouldn't take crazy technological measures. At some point, most parents realize their kids are mature enough to handle things and back off, but the parent should be making that call for their own kid. I don't think the government should be doing it on their behalf. If the government believes the internet is dangerous for young minds, then it should focus on the thing it can control: educational curriculum, primarily. Trying to "fix the internet" is a fool's errand.
sillysaurusx · 8h ago
Couldn’t disagree more. I watched my first beheading video at 13, let alone porn. I still remember it, Nick Berg. I think I turned out ok. My online freedom was largely why I became who I am.
As for other people being the danger, there’s some truth to that for women. I have a daughter, so this will be a concern. But you know, she won’t die. Everyone goes through trauma. The key here is to make sure she feels comfortable enough to talk to me and to my wife before doing anything (too) stupid.
I snuck out of my parents’ house to go see a girl when I was 16. Took my dad’s station wagon. On the way, some car tried to pass me and ended up hitting a big truck on the side. Truck was fine, I was fine, that fella was not. He ended up on the side of the road. Me and trucker just kept going. I still think about that guy a lot, because obviously the correct thing to do would have been to call 911, but I was a dumb 16yo who was out past midnight to go see a girl.
Point is, if things went a little differently, I could have been the one who crashed, or even dead. But that doesn’t mean that the girl I was going to go see was somehow a threat to me. It means I was doing something dangerous.
Again, this is easy to say as a man. The threat model for women is different. But prohibiting minors from the internet without supervision is totally absurd, and I feel bad for any parent who helicopters their kids like that.
Ultimately your kid will grow up and have their own life. Do you want to be remembered as the parent who had them under lock and key in the name of safety, or as a parent who monitored from a distance and occasionally let them do stupid things so that they could learn from it? For me, the latter is far more preferable.
heavyset_go · 8h ago
> Ultimately your kid will grow up and have their own life. Do you want to be remembered as the parent who had them under lock and key in the name of safety, or as a parent who monitored from a distance and occasionally let them do stupid things so that they could learn from it? For me, the latter is far more preferable.
You're trying to logically and emotionally appeal to people whose amygdala have been hijacked by a moral panic.
I agree with you, but good luck.
zeta0134 · 8h ago
I'm kindof horrified that your immediate response is to defend a beheading video as something a 13 year old should watch. As a normal thing. What the actual hell. Like, the rest of your argument has some good points, but you led with something guaranteed to offend.
I was not clear enough, so I will try again. If parents do not want their kids to access "bad content", whatever that means to them, then they need to supervise the access. If parents are okay with their kids accessing bad content, then that choice is theirs to make. The internet itself should not be the gatekeeper here, neither should the government, but the parents do need to actually parent. I do not believe technology should be doing the parenting. And BECAUSE I believe this is a choice the PARENT should make, I also do not believe unfettered access to the internet should be a requirement for students. As long as that is a requirement, the parents aren't in control, and we get draconian laws trying to "fix the internet."
You have wildly misinterpreted my intent, and admittedly it is because my opening sentence was poorly phrased.
sillysaurusx · 7h ago
I largely agree with your second paragraph, but the solution isn’t necessarily to give parents control, but rather to stop draconian laws from passing.
As far as the beheading video, why be offended? Yes, I think teenagers will be naturally curious, and that gore videos will be on their watch list along with porn. It was true for most of my friends, and admitting this truth rather than running from it is how you deal with it. It’s not "defending" when it happens as a matter of course.
Again, you’re basically arguing for draconian powers not for the government but for the parents. To me, this is two sides of the same coin; whether the jailer is the government or the parent, when I was a teen both would have been the enemy. I personally don’t want my child to think of me as the enemy. Other parents can make different choices.
And yes, I think it was fine for me to watch that video when I was 13.
sillysaurusx · 4h ago
I wanted to leave a bit more context.
The reason I think it was fine to watch the video at 13 is because it was major news at the time. The Iraq war was just starting up, and I believe Nick Berg was one of the first troops taken prisoner and executed. I wanted to see for myself what other countries were doing to our soldiers.
As I got older, I realized it wasn’t so clear cut as good vs evil, and that we were often the evil ones. (Regardless of the reason, blowing up someone’s home with some of their family inside is evil, and there were civilian casualties in the Iraq war.) But at the time, it was a major formative life experience for me. It galvanized me into wanting to join the marines, which of course would have been a huge mistake. So you could argue that me watching the video was harmful in that sense, since it influenced me pretty heavily.
I take a different perspective. Freedom is about freedom to view something and decide for yourself how you feel about it. It’s easy to forget how mature you felt at 13. If at the time you tried to stop me from watching that video, I would have been furious, and said that you’re preventing me from seeing what’s really going on in the world.
Now, I personally think that that freedom also extrapolates to the rest of the evils viewable on the internet. I watched a lot of cartel videos, some war footage, and so on. You can argue that 13 is way too young, and maybe I’ll even agree once my daughter reaches that age. But if a kid is genuinely curious to see what reality is actually like, I personally find it a little repulsive that we as a society think it’s so awful, and that we say children should be babied for their own protection. If you tried that with me at 13, I’d have given you the finger and figured out a way around whatever security measures you put into place. In my opinion, the correct thing to do is for a kid to have a close connection with their parents, to tell them that they’re curious, and for the parents to explain the reasons why the kid might not want to see it. (This also forces you to explain why it’s so horrible. Surgical procedure videos are equally graphic, but we don’t call them horrible.) And if at the end of that process, your kid wants to watch those videos, be it porn or gore, you should seriously consider their request. Your options are to be supportive or for them to do it in secret. Thinking you’ll stop them is wishful at best.
Yes, it’s uncomfortable. I don’t personally know what I’ll do when Kess comes to me or her mom asking about that. But "forbid it in all circumstances" is in my opinion an extreme overreaction given what’s at stake. At worst, it will cause them some emotional trauma. It arguably did for me. It’s good to protect children from trauma. But if they genuinely want to go through it, who are we to stop them and say we know better? Let them figure it out.
We’re their parents. It’s easy to believe we do know better. And in most cases we probably do. But at the end of the day, by forbidding this content, you’re waging war on your child’s curiosity. I personally find that as horrifying as it probably felt hearing me say that there’s nothing wrong with it. It’s fine to disagree.
If this comes up the future, I’ll point back to this comment as my canonical response on the topic. If after reading it people still want to be offended, then okay. But I’m not trying to tell you how to raise your kid. I’m saying, you’re fighting a losing battle if you think you can stop them.
johnisgood · 2h ago
Just to add to the video you have watched: upon watching such videos, I made the realization that life is precious, and that I am happy with where I am, and it made me cherish life more. Sounds positive, right? Similarly, bad trips from psychedelics can be a highly rewarding experience, too.
johnisgood · 2h ago
I do not think that him stating what he has watched implies that he thinks one should watch this something, just that he did, which does not imply endorsement.
nabakin · 7h ago
Unfortunately this isn't the first time a government has banned Android devices which are not licensed by Google. GrapheneOS has a list of them[1]
The Austrian ID App was also blocking GrapheneOS due to SafetyNet verification...
After a lot of angry emails towards the helpdesk, they at least changed it, so a failed check only shows a warning that you can accept.
pfoof · 1h ago
For Authy I don’t even feel sorry. Proprietary TOTP. sorry for off-topic
reactordev · 9h ago
Asking my EU friends, why do you let yourselves be bamboozled by the US tech companies when you’re totally capable of doing it yourselves?
Seriously. You don’t need Google. You just need a plan and a will to execute.
clarionbell · 1h ago
Regulation and lack of capital. Just read the report from Mario Draghi if you don't believe me.
We have EU regulations, those are much tighter than in US, on practically every front. Labor, finance, environment, data, AI, you name it, we have it regulated. And then you have the country level regulations on top. That's right, EU sets the floor, not the ceiling.
Suppose you have a start up in Poland, you have managed to get funding and you are offering services in your country. You want to do that in Germany? Get ready for complying with new set of regulations. And you better hope that individual German states don't have something extra on top of those.
All of those regulations have purpose, it is possible that they were designed by well meaning people and bring some benefit. But their compound effect is catastrophic. It is not that you can't push trough, you can, just look at Kiwi or Mikrotik. But it's an uphill battle and your competition from overseas has it so much easier, that they can end up outgrowing you, and eventually buying you out.
mosura · 9h ago
It is amazing. All the US companies have to do is dangle a “free” solution and the EU will go for it, and then be all surprised pikachu at the terms they agreed to.
mrtksn · 4h ago
EU isn't at all capable of doing that because it's not a hegemonic state, it's just bunch of a countries coming together to coordinate on doing stuff.
My guess on what happened this time is, people were tasked to implement a way to verify age anonymously and this was the only feasible way to do it because of their constraints that don't allow them to do bigger stuff that China or USA will able to do through having the budget and enforcement power.
reactordev · 3h ago
I don’t disagree, my argument is why continue? The scientific method is thrown out the window. Age verification, oh you need the cooperation of member nations of the EU, ok, wait, everyone has different systems, ok, new objective - standardize the systems so we can do age verification like we want.
I know politics isn’t logical but if you keep drilling down the root cause, eventually you’ll hit bedrock.
mrtksn · 2h ago
Because countries don’t want to give away more sovereignty?
EU needs to federalize but europeans are still too nationalistic for that to happen. Even Germany is too tiny to matter in the global stage but even small countries with population of a city in America will be like “we are special, we can take on USA and China because of our intrinsic characteristics. Even if we can’t we are definitely better than our neighbors”.
TrackerFF · 7h ago
Lack of capital. Fear of consequences.
Google rolls into town and wants to spend half a billion euro on a datacenter? Sure thing. They'll say that it'll boost the local economy while being built - by creating a couple of thousand jobs for the contractors that are going to build and maintain it, and then some onsite jobs for the next decade or two, creating a couple of hundred jobs for techs / engineers.
And as long as they keep playing ball with google, projects like that will pop up once in a while. If you're difficult, there's also a risk of the rich tech companies taking their business some other place.
With that said, I've recently noticed more voices for building our own stuff - as there's a real risk that US tech companies will simply comply if pushed enough, say, by a POTUS that's out for blood and wants to hurt certain foreign users. Ban/lock out certain users from gaining access to software, turn off their infrastructure, etc. who knows.
But, alas, there just isn't the same willingness to pour in capital on the important things. For private investors it doesn't make much sense, unless they have a bulletproof contract with domestic users willing buy their service - and using state funds isn't too popular, either.
Truth be told, any of the big tech businesses can undercut any competition, and probably build better and faster. If anything, it could be the case for tariffs - outsourcing critical infrastructure will leave you very exposed. If European countries all over the board started to abandon US tech companies, they'd cry to Trump, who in turn would probably start a trade-war.
reactordev · 5h ago
Now replace Google with an EU company doing it in the EU for EU jobs and everything you described. It’s not like money only comes from the US.
You are right to be worried. US companies under this administration can’t be trusted to follow the law. Why should they, when our commander in chief isn’t and has a panel of judges who let him do whatever. Just the other day he suggested Obama be investigated for treason. So yeah, we’re toxic, and you all should seriously quarantine yourselves.
immibis · 47m ago
EU businesses are pretty conservative. They don't have the insane amounts of capital that arose in Silicon Valley as a result of the Bretton Woods system. There are companies that size, but they're all in, like, manufacturing, or coal mining. There's no EU company that both has a billion dollars and knows how to be AWS. There are companies with billions of dollars (euros) and there are different startup companies that probably could be AWS if they tried really hard, but never the twain shall meet.
nsksl · 8h ago
Where do you get from that we are capable of doing it ourselves? All EU-made software I've used was terrible, and the one that was a bit better than terrible was bought by a US company.
Jensson · 6h ago
Where do you live? I live in Sweden and I have used a lot of not so bad software from Sweden. Maybe its just your country, but at least in Sweden the government can make software for its services that works well, better than what I've seen from the US government.
> and the one that was a bit better than terrible was bought by a US company
But here you say EU can make great software? Just that USA then buys it. So we should just ban USA from buying our great software companies, is that what you are saying?
bee_rider · 8h ago
Most closed source US software is garbage too. Some stuff, like Steam, is beloved anyway. But actually the program itself is terrible and slow even on decent computers.
Struggling to think of corporate produced software that doesn’t suck. iOS Safari is ok, I guess.
meowface · 8h ago
Sure but "almost all tech is bad but almost all non-bad tech is American" in effect means European software is seen as bad. (And as an American who's spent a lot of time in Europe, this has been my experience, personally.)
In America the least bad stuff eventually rises to the top. In Europe it feels like it's all just one shared pit.
Jensson · 6h ago
> almost all non-bad tech is American
The reason is because Americans buy the other tech firms, so its not because they don't make non-bad tech its because USA just monopolizes it via very aggressive acquisitions.
amelius · 9h ago
You need a pile of money first. And that works differently in the EU.
reactordev · 9h ago
You have sovereignty of the EU and nations willing. Don’t say it will take money. Money is fake. You can do this.
Everyone’s ready. The only reason US is wealthy is those subscription fees and vendor lock in we have.
amelius · 9h ago
They will be sued by Google for illegal state aid.
globalnode · 9h ago
who cares, money is fake (as stated above), pay the fines and move on with an EU OS
reactordev · 5h ago
Cool, in what court? EU court? It would be the EU doing this. Want to do business in the EU, GDPR extends to giving us the keys as well if you’re going to valet park here. Or they can go kick rocks while smart engineers in member countries build a new android. After all, a lot has changed since someone decided to bolt Java onto a Linux kernel.
johnnyanmac · 9h ago
how does a pile of money work in the EU?
immibis · 44m ago
In the US due to various historical economic factors there's a lot more money going around. Basically the EU has to ship $100 of steel to America to get $100, while America can just print it. America has been printing money and giving it to the rich for a long time, resulting in the American rich having relatively huge piles of money and not enough to spend it on, resulting in highly speculative things getting funding, i.e. venture capital.
There isn't really venture capital like that in Europe. Your business has to bootstrap. There are big businesses that could fund big ideas but they are big because they do one thing well - a company like Airbus isn't going to branch out and build an AWS.
heavyset_go · 7h ago
The same way it does anywhere else.
LtWorf · 7h ago
Investors want a realistic plan to make money, they will hardly fund anything without a clear strategy on how to make money.
snickerdoodle12 · 8h ago
Because politicians are corrupt
bluecalm · 6h ago
The only will you get from EU is to protect incumbents and the only plan is to make another centrally planned fund that distributes money to chosen entities.
EU is very good at removing the carrot while wielding a big stick for would be entrepreneurs.
immibis · 50m ago
Because most politicians in most countries (even most dictatorships) feel that interfering with the free market is too radical. They feel it's fickle and too risky to upset.
Anyway, if a government tried to make a European smartphone design, it would be treated as any other government supply contract, resulting in a terrible design-by-committee. So in the end, all politicians are willing to do is wait around and say "someone should do something".
It's actually a little better than that. One thing they can do, and have done, is make funds available for individuals and small groups who want to have a go themselves. Notably NLnet funds a lot of projects. They're all small projects though so they're not really capable of displacing megacorps in the free market. Stuff like MNT hardware remains niche hacker stuff.
alephnerd · 8h ago
Because national interests always end up trumping the EU in it's current form.
American companies like Google [0][1], Amazon [2][7], and Microsoft [3][4][5][6] have spent billions in FDI and hiring, thus building strong relationships with EU states like Ireland, Romania, Poland, Finland, Sweden, and others, but French and German competitors haven't (or don't exist depending on the service or SLA).
This means a significant portion of EU member states have an incentive to maintain the relationship, because the alternative means significant capital outflows. A Polish legislator doesn't have to answer to French voters, so they will incentivize the relationship with BigTech. Thus, these nations will lobby tooth and nail against destroying the relationship.
It's the same reason Hungary courts Chinese FDI [8] and enhancing the Sino-Chinese relationship as leverage against the EU pushing too hard [9].
No it doesn't work that way. That's a lot of political will for little monetary gain. Don't forget that countries in EU are still quite capitalist and many of the bigger companies have huge investments in the US. EU itself is a quite neoliberal org too. It has all sorts of forced privatization laws.
The post WWII doctrine of US that's applied in Europe is strengthening the bigger businesses. Those businesses use US tech since investing in an actual European tech sector is expensive. Especially after all the first players took critical positions.
The time to invest in that sector was in the 80s and 90s. Europe had a different relationship with the US and it was trying to encite small ex-Soviet states to join, so they can exploit the cheap labor. So nobody actually invested in local tech sector.
It is now an uphill battle that'll cost more than the original investment. Only countries with strong independence urge like France is willing to fight it. Most of the EU countries are not.
lossolo · 8h ago
It's largely a political issue. At this stage you can't create alternatives to Google and other U.S. tech giants without removing them from the market (so essentially the Chinese approach, which has allowed them to build their own massive tech giants). But that path is nearly impossible for the EU due to the risk of U.S. retaliation. The EU can't even implement a digital tax.
You also can't just say, "Here's a few hundred billion in public support to create alternatives to U.S. tech giants", because the U.S. would argue that it's unfair state aid and retaliate.
There isn't enough private capital in the EU with the risk tolerance required to take on such a challenge independently.
We also lack a reserve currency like the USD, so we can't print $2 trillion a year, much of which ultimately flows into the U.S. stock market and further boosts U.S. tech companies, making competition even harder.
EU markets are already fully penetrated by U.S. behemoths that can either withstand or acquire any privately funded competitor, thanks to their massive cash flows and valuations.
For all these reasons, the outlook isn't very promising.
bluecalm · 6h ago
>>There isn't enough private capital in the EU with the risk tolerance required to take on such a challenge independently.
That can be improved by making traditional investments (real estate, land) less attractive while making investments into businesses more attractive. You just need to change tax incentives by removing capital gain tax and introducing real estate/land value tax (or raising it).
Removing red tape would help as well and then making the common market really common.
As it is there is very little incentive to invest in companies here.
lossolo · 5h ago
> That can be improved by making traditional investments (real estate, land) less attractive while making investments into businesses more attractive. You just need to change tax incentives by removing capital gain tax and introducing real estate/land value tax (or raising it). Removing red tape would help as well and then making the common market really common.
That's unrealistic. Majority of people in the EU own property and/or land, and no one wants to pay even more taxes on it. In my EU country, the majority of politicians own more than two apartments. I don't see them working against their own interests.
bluecalm · 1h ago
Yes, it's unrealistic because the plan is for people who already own property or land to extract rent from productive class, especially young people.
That's why nothing every changes. Ever increasing taxes on productivity to benefit the real estate/land owners is how EU operates. No wonder we have fewer and fewer children and there isn't many people willing to found new businesses.
It's a death spiral which will end with the youth rebelling or going extinct. The latter being more probable looking at current fertility rates.
boroboro4 · 8h ago
Russia can do it. Thinking EU can’t shows only how low the self esteem is. And it’s a very sad story. EU needs to wake up sooner rather than later.
esseph · 7h ago
I'd argue Europe is further in to their economic decline that the US, but both are in a downward trajectory
lossolo · 5h ago
> And it’s a very sad story. EU needs to wake up sooner rather than later.
Indeed, it's a very sad story. I'm afraid the EU is in a coma, so waking up is not a given.
hnpolicestate · 4h ago
What outlook? What planet are we on? Why are we debating who makes better handcuffs? Do E.U citizens prefer their handcuffs be made in Europe? I'm so confused.
yupyupyups · 6h ago
This has nothing to do with age verification, but everything to do with identifying users on various services. They can compell the providers of said services to give them access to how each, now identified, user is using the service. Since a lot of our lives are digital, this is a major transfer of power from the people to a select few.
A question I have is who voted for this? I sure didn't.
ranyume · 4h ago
It's called representative democracy and it's been in crisis for some years now.
dekken_ · 20m ago
It's so indirect it's hard to even consider it a form of democracy.
I don't.
pastage · 35m ago
You can't use device verification in production anyways. (ATM)
This has no effect, is it even used in production anywhere? It seems to be part of eIDAS which is a good thing, most countries already have their own identity systems as is stated in the README. The three or for id apps I have seen all have some kind of device check that is sent to the ID provider, it is not usually accisible for ServiceProviders though. On those apps you either get no indication or just a "seems suspicious" score.
This does not make it possible to filter out people. And honestly considering the amount of shady phones people have I am not sure this will every work. Apple is sadly another issue, too many normals there.
It is nice that this is pointed out so we do not get a distopian future.
latentsea · 9h ago
Ugh. There's just no winning with tech anymore.
I use GrapheneOS as a daily driver and I absolutely love it. It should be the default. There's already one app I use that must do something similar and absolutely just won't run on it, so I have an entirely separate phone running stock Android just for that one app. Still worth the hassle.
Glad I don't live in a place where all this madness is taking root, but still, the trend itself sucks.
jeroenhd · 3h ago
By design, this app isn't mandatory. There should be an alternative way to do age verification. If you can't access a service because you can't run the app, the service fucked up.
Furthermore, there's nothing stopping the governments implementing these standards from permitting GrapheneOS' signature. It's one of the ROMs that actually has a reliable signature so unlike random images from XDA there's a case for it to be permitted. Google's integrity check isn't just a binary check, it's a combination of a hash and a pre-defined list of suggested acceptable hashes.
progval · 2h ago
> By design, this app isn't mandatory. There should be an alternative way to do age verification. If you can't access a service because you can't run the app, the service fucked up.
So you complain to the service, they either ignore you or tell you to use the app, and then what? They are not breaking any law as far as I can tell.
And even if it was, class actions in Europe are close to inexistent, and it's not worth it for any one consumer to take the multinational running the service to court.
> there's nothing stopping the governments implementing these standards from permitting GrapheneOS' signature
incompetence and/or not caring
Aachen · 1h ago
Alternatives to legal identification requirements being available isn't my experience. How do you even imagine that? Going to a local post office to show an ID anytime you want to open pornhub and your i_am_adult=token cookie has expired?
pabs3 · 3h ago
There are lots of them, you might want to complain to your competition authority.
The only winning move is not to play the game. One has to have a phone these days but you don't have to do your computing on it (during personal time). Use a real computer instead.
Aachen · 1h ago
This software doesn't run on a real computer. The point of the submission is that it only runs on a DRM device from two entrenched vendors
IlikeKitties · 6h ago
> I would like to pay for goods and services online.
> Very well sir, which digital payment service would you like to use?
> It doesn't matter they all force me to use my phone.
ranyume · 4h ago
It's pretty crazy. You can be authenticated on a website, and the website still asks you to use your phone to.. validate what you're doing on the pc.
latentsea · 8h ago
Great advice that I just can't take.
ajsnigrutin · 7h ago
It's not a tech issue, it's a regulation issue.
EU wants to push more control on the internet, today it's "think of the children" but when the infrastructure is rolled out, it'll be "real name verifiction" on social media, chat control, etc.
Whoever is pushing this in EU has to be removed before things will get better.
hansvm · 7h ago
Luckily France is part of the EU. They seem to have better removal tools than the rest of us.
titanomachy · 9h ago
Without getting into the ideological weeds too much, is there a solid technical reason for this? Like if this verification wasn’t in place, could I just alter the source code or binary to always return “yes I’m 18” (or whatever) and completely subvert the intent of this tool? If so, is there a straightforward way to prevent this without involving Google?
Aaargh20318 · 8h ago
> if this verification wasn’t in place, could I just alter the source code or binary to always return “yes I’m 18” (or whatever) and completely subvert the intent of this tool?
Kinda, yes.
(slightly simplifying the mechanism here)
This seems to be based on the EU Wallet project, which is still work in progress. The EU wallet is based on OpenID (oidc4vci, oidc4vp). The wallet allows for selective disclosure of attributes. These attributes are signed by a issuing party (i.e. the government of a EU country). That way a RP (relying party) can verify that the data in the claim (e.g. this user is 18+) is valid.
However, this alone is not enough, because it could be a copy of that data. You can just query a wallet for that attribute, store it and replay it to some other website. This is obviously not wanted.
So the wallet also has a mechanism to bind the credential to a specific device. When issuing a credential the wallet provides a public key plus a proof of possession of the associated private key (e.g. a signature over an issuer-provided nonce) to the issuer. The issuer then includes that public key in the signed part of the credential. When the RP verifies the credential it also asks the wallet to sign part of the response using the private key associated with that public key. This is supposed to prove that the credential was sent by the device it was issued to.
Now this is where the draconian device requirements come in: the wallet is supposed to securely store the private key associated with the credential. For example in a Secure Enclave on the device. The big flaw here is that none of this binding stuff works if you can somehow get access to the private key, e.g. on a rooted phone if the wallet doesn't use a secure enclave or with a modified wallet app that doesn't use a secure enclave to store the private key. You could ask a friend who is 18+ to request the credential, copy it to your phone and use that to log in.
rkagerer · 7h ago
What if I refuse to buy a device with a secure enclave that I don't have access to? Am I now censored from a chunk of the internet?
Is the EU essentially foisting a someone-else-owns-your-keys regime onto their citizens?
jeroenhd · 2h ago
The law designed this as a privacy-friendly and convenient alternative to traditional identity verification, and stipulates usage should be optional.
Without the wallet, you'll be forced to jump through the same hoops as you're doing right now. Depending on what EU country you live in, that can be anything between "no real difference" to "making an appointment to exchange stamps on documents".
Aachen · 1h ago
Please point out where the age verification law says it's optional to verify someone's age
Or which hoops you mean we have to currently jump through to access 12/14/16/18+ sites
IlikeKitties · 6h ago
> What if I refuse to buy a device with a secure enclave that I don't have access to? Am I now censored from a chunk of the internet?
The idea is that once you get used to that, you will get censored from all the internet.
> Is the EU essentially foisting a someone-else-owns-your-keys regime onto their citizens?
Not quite, it's the EU essentially foisting a don't-use-free-software regime onto their citizens
Aachen · 1h ago
> You could ask a friend who is 18+ to request the credential, copy it to your phone
Oh no! Imagine you find a willing adult who does the verification on your phone. The whole system is moot!
Don't need "copy" here for that. They can just do the verification on your device without any technical tricks
snickerdoodle12 · 8h ago
Wouldn't it make way more sense to just have the RP supply a nonce that gets signed by the IDP? Isn't this how oidc works already?
Aachen · 1h ago
The tool could have a mode where it just reads the cryptographic chip in your ID card via NFC and passes on the information to the verifying party. This information is signed by your government and they could verify it with the public key
Instead, they're trying to shoehorn your device into providing the same safety level and, in doing so, making it by design impossible for you to control your own device. Obviously if the sites trust a device that you control, you can make it tell them anything. The ideological part is that it's not your device anymore then and imo we should oppose that. The technical solution is to use the hardware security chip you already have with a reading mechanism that (nearly?) every smartphone already has and even works on any OS that can run a USB NFC reader. It could be an entirely open standard
topranks · 46m ago
Yeah it’s sort of like all the apps that would refuse to run on a jailbroken iPhone.
Basically on such a system you can potentially manipulate the process. Here that would probably be to install the credentials of someone else on the device.
So they want a locked down OS environment where user does not have root privileges and software has to be verified (in this case by Google) to be installed.
fluidcruft · 9h ago
I'm pretty sure all you need is the ability to login to a website and for that site to vouch for your age based on having examined your identification documents (or something like a network of PGP web-of-trust type notaries). I have a hunch that using a hardware token and biometrics is required to prevent fraud (FIDO and passkeys etc should work). The trick is preventing simulated tokens from existing/working which is where secure boot etc enter the picture.
Aachen · 1h ago
Can you clarify what fraud you're thinking the "secure boot" (which I take to mean: being denied the access to control your own device) would prevent? Since the identity documents you already have, have this chip that works the same as your bank card, you really don't need a relaying party (your phone, your ISP, etc.) to be trusted for the receiving website to be able to verify the cryptographic signature on the data
altairprime · 9h ago
You would need to release a kernel and OS that requires users who modify the attestation and hardware token components of it to provide their own signing key rather than your production EU-registered one, chained back to the HSM signature emitted by the phone’s HSM signed bootloader; and then you would simply let the app check that its secure boot attestations chain to a secure bootloader/image/OS triplet that’s on file with the EU. Mix in some tech spice for the EU to prohibit OS releases that are validly signed but whose specific instance of a signature is found to be exploitable to bypass age checks and you’re set. None of this would prevent users from modding their devices, any more than macOS prevents modifications today if you turn off the security protections; but once you turn off the security protections, it can no longer attest with Apple’s signature because your modifications don’t match the signature any longer, and so Apple Wallet is inaccessible.
None of this prohibits users from modifying their bootloader, kernel, or OS image; but any such modification would invalidate the secureboot signature and thus break attestation until the user registered their own signatures with the EU.
The EU currently only transacts with Google in this regard because, as far as I know, they are the only Android OS publisher (and perhaps the only Linux publisher?) that bothered to implement hardware-to-app attestation chaining live in production end-user devices in the decades since Secure Boot came onto the scene. All it takes to change that is an entity who has sufficient validity to convince them that outsourcing permitted-signature verification to Google is unethical, which it is.
It’s a safe bet that Steam Linux was already working on this in order to attest that the runtime environment is unmodified for VAC and other multiplayer-cheating prevention systems in games — and so once they publish all that, I expect we’ll find that they’ve petitioned their attested OS signature chain to the EU as satisfying age requirements for mature gaming.
The vendor lock-in here is that Apple and Google and, eventually, Valve, are both willing to put the weight of their business behind their claims to the EU that they do their best to protect the security of their environment from cheaters, with respect to the components required by the EU age verification app. The loophole one could drive a truck through that the EU has left open to break that lock-in in the future? Anyone can petition the EU to accept attestations from their own boot-kernel-OS chain signatures so long as they’re willing to accept the legal risks visited upon them if found to have knowingly permitted exploitation for age check bypasses, or neglected to respond in a timely and prudent manner when notified of such exploitability by researchers — and if the EU rejects their petition improperly, they’ll have to answer for that to their citizens.
Aachen · 1h ago
All of this assumes that the device, a relaying party for your identity document, needs to be secure in the first place. We don't attest the OS of the router and your ISP before being allowed to use them to relay this information to pornhub. Why does your phone need to be under a third party's control just to relay information that the government already signed onto your NFC-enabled identity documents?
But even if you were to want user's phones to be roots of trust...
> as far as I know, they are the only Android OS publisher (and perhaps the only Linux publisher?) that bothered to implement hardware-to-app attestation chaining
Using Google Play's instead of Android's attestation framework means that nobody else ever could enter this market indeed, no matter how secure the OS
Hizonner · 8h ago
> None of this prohibits users from modifying their bootloader, kernel, or OS image;
... unless they don't want to turn their device into a boat anchor that nothing else will talk to. It's not going to stop with age verification.
Counterproposal: fuck attestation, and fuck age verification. Individual users, not corporations, associations, or organizations, get to use any goddamned software they want any time they want for any purpose they want, and if you set up some system that can't deal with that, tough beans for you.
fluidcruft · 7h ago
Or just rely on a separate trusted hardware device (think: USB+NFC yubikey) when the device itself can't be trusted.
altairprime · 4h ago
There’s no way to prove you aren’t MitM-proxying a reply from a device not paired to your phone in that scenario, because the kernel ‘says’ it’s USB to the app but a patched kernel can lie about that unless the kernel is attested-unmodified-secured — and anyways USB can itself be mitm’d at the phys layer without the kernel knowing at all.
Aachen · 1h ago
My mom can also do the identification on my phone and unlock it for me. There is fundamentally no way to prevent proxy issues if you let people do verification themselves
Intercepting the USB reader traffic to feed the computer a different card is about the most roundabout way of achieving that
fluidcruft · 3h ago
You can enroll keys on trusted hardware and then use them on untrusted hardware. That's how smartcards work. Enrollment is secure (say performed by your employer) and (in theory) extracting the private key is impossible.
Smartcards also seem to have the ability to issue certificate requests. I think the keys inside the cards are signed by a manufacturer trust chain (I got a gemalto card to play with for signatures and places like IdenTrust were able to verify authentic cards, but I wasn't trying to fool anything so it may be possible... but they would only issue certain levels of keys for specific cards)
I'm not saying you are wrong (I don't know enough about the details) but it all was much more sophisticated than I had thought and the chips seem to be running some sort of attestation of the chip in the card. Basically, you can't MITM things if doing so requires getting a private key that only exists in the factory. That sort of thing.
Magnusmaster · 5h ago
Unfortunately I don't think they will let you do that.
Aachen · 1h ago
Is that a reference to HAL9000?
akersten · 8h ago
> that bothered to implement hardware-to-app attestation chaining live in production end-user devices
This is why it's important that initiatives like Web Environment Integrity fail. Once the tools are in place, they will always be leveraged by the State.
> and so once they publish all that, I expect we’ll find that they’ve petitioned their attested OS signature chain to the EU as satisfying age requirements for mature gaming.
I hope that Valve pays no mind to this nonsense and continues to allow art to be accessible to anyone.
altairprime · 8h ago
That ship sailed decades ago when Intel promoted Secure Boot as a defense against malicious modifications; it stops rootkits and it stops cheaters, what more could one ask for, etc. App attestation of this sort has been offered in certain enterprise/government Windows 10 SKUs since day one. Apple’s web attestation protocol has been live on all T2 devices for about as long as T2 has been out.
Governments have real and serious need for verifications that are backed by their force. They’re a government; they are wielding force upon citizens by doing this, knowingly and intentionally. That is a normal and widespread purpose of the State existing at all: to compel people to align with the goals of the State, whether members of the State like it or not, until such time as the State’s goals are changed by whatever means it permits or by its collapse.
If this pans out for them, as cryptographically it will but remains to be how vendors and implementations handle it at scale, then they can introduce voting from your phone — the previously-unattainable holy grail of modern democracy — precisely because it lets the government forcibly stop the cheating that device-to-app/web attestation solves. And they can do so without leaking your identity to election officials if they care to! Just visit a government booth once in a while to have your identity signature renewed (and any prior signatures issued to your identity revoked). That’s how digital wallet passports and ID cards work already today anyways, with their photo/video/NFC processes.
Western sfbay-style tech was founded on the libertarian principle that one should be able to tell the government to fuck off and deny taxation, representation, blah blah etc. in favor of one’s armed enclave that does what it feels like. It’s fine to desire that, but it’s proven too radical to be compatible with the needs of nation-states or the needs they enforce satisfactions for on behalf of their citizens. Attacking attestation won’t solve the problem of the “State”, and has led us to a point where Google can claim truthfully to a “State” that the Android forks ecosystem isn’t competent enough to be trusted, because they can’t be bother to do attestations.
akersten · 7h ago
> If this pans out for them, as cryptographically it will but remains to be how vendors and implementations handle it at scale, then they can introduce voting from your phone — the previously-unattainable holy grail of modern democracy — precisely because it lets the government forcibly stop the cheating that device-to-app/web attestation solves. And they can do so without leaking your identity to election officials if they care to! Just visit a government booth once in a while to have your identity signature renewed (and any prior signatures issued to your identity revoked). That’s how digital wallet passports and ID cards work already today anyways, with their photo/video/NFC processes.
we've banned all graphic depictions from the internet, required a verified name attached to every blog post, and made sure to confirm everyone's digital passport before letting them resolve a DNS query, but at least now I can vote from me phone instead of having to go outside. The future is bright!
altairprime · 4h ago
Yeah, this future sucks, and we’ve had twenty years to push back and utterly failed to do so. I’ve tried for years to interest people in learning about attestation so they can curb it before it swings hard authoritarian, but no one wanted to listen b/c Linux is about having root and anything that challenges that belief is anathema to consider. Welcome to the party, the sky is falling just as it has been for years; someone else can be the harbinger for a while, I’m tired of watching people try the same old arguments that have failed for years.
walterbell · 5h ago
> the Android forks ecosystem isn’t competent enough to be trusted, because they can’t be bother to do attestations
GrapheneOS has optional attestation, either local (another device) or remote (their server) attestation.
altairprime · 4h ago
Aha! Graphene, with the support of impacted EU citizens, has grounds to petition the EU for inclusion in their age verification app, then. I hope someone makes that happen! (I am not an EU citizen and so have no ability to help.)
It really seems like tying this to Google violates some key principles of the EU market.
mk89 · 9h ago
I am not sure if I am more disturbed by the user journey they want to introduce for accessing websites or the fact that a private company (american, chinese, I don't care) has to become the gatekeeper to let me in.
Who the hell wants this Internet...?
IlikeKitties · 6h ago
> Who the hell wants this Internet...?
The under educated, unthinking unwashed masses. Just look at the tea leak. The amount of people that do not care about freedom or privacy on the internet vastly outnumber those that do. And because they do democracy unmasks itself in the digital realm as the tyranny of the unthinking majority.
Weep for the future.
ranyume · 4h ago
The lazy middle class who don't like to take the responsibility of actually contributing to their community and running their family.
ps: Had to add this post after the others identified the low class and the upper class as responsible for this ;). But depending on where you are, the low class might not be "the masses".
clarionbell · 1h ago
Well meaning nordic liberals? They have been pushing chat control, I assume this is their idea as well.
heavyset_go · 8h ago
> Who the hell wants this Internet...?
Scared rich people and bureaucrats
djrj477dhsnv · 10h ago
What kind of services will use this app?
Unless their governments start issuing Android devices to all of their citizens, I don't understand how they can require use of this app for anything official.
the_mitsuhiko · 9h ago
> Unless their governments start issuing Android devices to all of their citizens, I don't understand how they can require use of this app for anything official.
Not sure who you mean by "they" but you already cannot use a lot of governmental services unless you have an Android or iOS device (at least in Austria). At least in practice that is almost impossible.
> you already cannot use a lot of governmental services unless you have an Android or iOS device (at least in Austria).
That's terrible. They have official services that require an app and can't be used via a standard browser or even paper forms? What do elderly people without smartphones do?
homebrewer · 9h ago
I am in a similar situation, with very aggressive push for turning all banking and every government service into mobile applications only.
> What do elderly people without smartphones do?
They buy a smartphone and have their relatives set everything up for them. Not doing that isn't really an option because you can't even get your pension or planned (i.e. nonemergency) medical services anymore without going through the government mobile app.
If they don't have any relatives, they walk to the government building that used to solve these things for them using good old paper forms, and have officers there help them out. It's a completely braindead system that was envisioned by someone who has very little idea of how the common person lives.
Not that there are any channels to provide feedback, ironically enough. (Voting is a sham and has always been so here.)
jeroenhd · 2h ago
They don't require the app for anything official. Uploading (partially redacted) scans of your ID like you would be obligated to today, or physically verifying your age for things like alcohol delivery, should also suffice.
Aachen · 1h ago
> Uploading (partially redacted) scans of your ID like you would be obligated to today
Redacted, I wish...
To vote in the upcoming election, I was asked to upload an uncensored copy of an identity document to the website of the municipality of The Hague
To keep the domain I registered in 2014, the French TLD required me to send them the same thing by unencrypted email a few months ago. I tried sending a link to a PNG so it wouldn't linger in their inbox forever but they absolutely required it to be an attachment
To buy a prepaid card in Germany, I was required to show an uncensored identity document. I had put a tiny piece of tape tape over only the burgerservicenummer that the germans can't make use of anyway because it's the Dutch numbering system that's beholden only to specific authorities
There's scarcely anyone who appears to know what EU legislation says on identity numbers. The Dutch government themselves apparently don't
wmf · 7h ago
They will support iOS and Android which covers 99.9% of the population.
AAAAaccountAAAA · 7h ago
What about the rest? Don't basic rights apply to them?
potato3732842 · 9h ago
If you're wondering what regulatory capture looks like, this is it.
wmf · 7h ago
It's more likely to be laziness by the developers.
elric · 3h ago
I'm getting pretty tired of the EU trying to shove internet-crippling regulations down my throat. This, along with ChatControl, is clearly a path towards totalitarian control.
Who are the politicians making these decisions? How did they get elected? Did anyone vote for Totalitarianism 2.0?
Llamamoe · 3h ago
Politicians are all that stands between corporations and absolute corruption. It's why they're both their primary target and the ambition of greedy people.
Oras · 3h ago
Governments are reflection of their people, like it or not.
elric · 15m ago
Are they, though? The people don't elect the European Commission. The European Council selects candidates and that European Parliament can vote for them. The people in the European Parliament are often politicians who no one knows but sort of vote for because they're associated with their preferred party.
I don't recall any party campaigning on reducing internet freedoms.
perching_aix · 6h ago
This collision course has been a long time brewing, though I'm not even sure why integrity checking is included in this. The data source for the age information is the governments, there's no need to trust the clientside per se, it's just a middleman.
One thing I find reassuring is the nature of pushback on display on the repo (only read the first few comments there, mind you). Really not what I expected phrasing and rhetoric wise (unlike here), honestly kind of restored a very very tiny and fragile bit of faith in humanity in me, it's very reserved and reasonable stuff.
Arch-TK · 7h ago
It's absolutely abysmal that the EU and UK are implementing laws relating to age verification requirements.
Who voted for this? Who asked for this?
luke727 · 3h ago
Unfortunately many more people than you might think are in full support of this type of thing. The UK in particular is a very nanny state and this is sold as protecting children. You're not against protecting children, are you?
johnisgood · 3h ago
It is a rhetorical appeal to emotion, which is used to override rational debate, discourage criticism, and create false dichotomies, e.g. "you're either with the children, or you're with criminals".
This "think of the children" rhetoric targets encryption, anonimity, decentralized platforms, and private communication channels like messaging apps, VPNs, Tor, etc. It is nasty. Keep in mind that it does not actually prevent child exploitation and grooming. Most of the pedophiles are on Discord and Roblox anyways.
In any case, there are ways to prove someone is over 18 without revealing identity, but that is not that goal, is it? There are cryptographic schemes just for that, such as zk-SNARK, etc. ZKPs in general.
jeroenhd · 2h ago
EU citizens voted for this. Unfortunately, EU citizens are too lazy to vote a lot of the times, and the ones that do vote are turning more and more right-wing authoritarian.
As much as the EU pretends there's some kind of united Europe, it covers different countries, with laws ranging from "sex work is just taxed work" to "all prostitution and porn is illegal". Even basic rights like gay marriage aren't consistent between member states.
However, everyone I've talked to about it said they don't care about it so they don't want to bother, which is probably what the people behind these laws are banking on.
perching_aix · 35m ago
> EU citizens voted for this.
I'm growing pretty tired of this rhetoric, but maybe this is a reasonable opportunity to discuss it:
- not all citizens of a jurisdiction are eligible for voting: in this case, cursory search suggests only 400M (88.8%) of 450M were eligible - seems a bit too high to me, but let's roll with it nevertheless
- not all who are eligible actually vote: voting in the EU parliamentary elections, which is what EU citizens can actually vote on, like most elsewhere, is not mandatory; it's a right, not a duty: turnout was 50.74%, and that is of the eligible population, so really just 45.1% (203M)
- most voting systems are mathematically unfair [0]: extensively researched, doesn't quite apply necessarily in this case though as per the next bit
- several key positions in the various bodies are elected indirectly: same here in the EU, at which point all bets are off
- laws, regulations, and policies are not voted for or against by citizens: same here in the EU too, nobody could have even possibly voted for this in the literal sense
It's a run of the mill representative system and I think it'd serve discussions a great deal if this was acknowledged properly. Surely it's agreeable at least that this wouldn't be such news if people were all just completely on board as the sentence "EU citizens voted for this." implies when read naively and literally.
I really don't see a point to this phrase other than inciting others. And before anyone brings it up, yes, this is common in US threads as well, yes, often expressed by EU folks against US folks, but no, that does not make this better. Why dig ourselves into rhetorical holes unnecessarily?
And "offering feedback" is not a vote or a voting I'd say.
The whole Chat Control crap is bullshit no one asked for, and unfortunately many countries in the EU are in favor of it. There is a map somewhere that shows the countries that are against it, I cannot find it right now.
BLKNSLVR · 4h ago
What "things" are going to depend on this Android-locked age check? What about Apple users? What about accessing it via a laptop or desktop (shock horror: running Linux!)?
My dad gets by in his "my dad" way of life without a mobile phone at all, I wonder how much longer this will be possible. I was about to rant about being forced to have a mobile if you want to participate in society, but then he uses a desktop for some of the services for which the rest of us use a mobile, so my rant falls down in that, for a while now, to participate in society you've needed either a computer or a mobile.
Hopefully computer-only can eke out some kind of base-adequate participation for a while longer.
Aachen · 29m ago
You can also buy an Apple device but that was never your device to begin with so nothing is lost when the EU requires Apple to be the only party with the capability to modify what your device can run
jeroenhd · 2h ago
iOS also be supported and will use Apple's remote attestation capabilities. But, as there are no real alternative ROMs for iOS devices, only Android users are really affected by this.
From a legal point of view, the app should be a reliable convenience feature and not replace traditional (physical) identity verification. How much your dad will be affected will depend on how shitty and lazy the services he uses are. If he doesn't use a phone or a computer, he probably won't notice the difference.
trklausss · 1h ago
EU: "We need to decouple from the independence of the US". Many (local and national) entities proceed to ditch Microsoft for it.
Also the EU: Well if you don't have a Google or Apple account you are not getting age verified.
aniviacat · 9h ago
Does anyone know how this is implemented?
If the proof can not be traced back to your identity, then what stops a person from creating large amounts of proofs and distributing them?
If the proof can be traced back to your identity, then... that would suck.
jeroenhd · 2h ago
They use attribute based attestation which should be mostly anonymous. The long term goal was also to implement zero knowledge proofs which would make things like age verification fully anonymous, but because of technical reasons and development constraints that idea seems to have been postponed.
The reason you can't distribute a huge amount of proofs is that the app won't let you. To make sure the app won't let you, the app tries to verify that you're not running a modified app or a modified system environment. That's the remote attestation that "bans any android system not licensed by Google".
These tokens are signed and only usable for a limited amount of time so you can't just generate a million of them and sell them for others to use.
If the app can't rely on the system working as it should, it'll need to contain less privacy-friendly measures for limiting large scale token abuse.
For the proof to be traced back to your identity, you'd need to be tracked consistently across websites, possibly with the aid of the government itself. If ZKPs make it into the app, tracking you is basically impossible.
Of course, if you're authenticating with your full name and birth date, when opening a bank account for instance, you're not going to get the anonimity benefits. Still, you do get to see what party you've authenticated with and get a button in the app to request deletion or report suspicious behaviour if you think it was a scam.
RpFLCL · 7h ago
Even if they can't be traced back to a name/photo identity, it would still be a privacy disaster if you could only make one proof per service.
If a user can only make one then they'll have to use that identity with that service forever. That's a nightmare for privacy. Sometimes people need another account, unknown to their employer/family/friends. People should be able to make multiple accounts without those being tied together through a common "age check" identifier. But, of course, there is no way to prevent those from being distributed.
At some level I believe that's the purpose behind some of this. If someone can only have one proof, then someone can only have one account to speak with. They'll be easier to monitor, easier to identify, easier to silence. That's why I think these types of laws and behaviors should be resisted and protested.
I've mentioned in a previous comment that it's telling that big tech isn't resisting these totally-just-coincidental ID laws coming from western countries. It supercharges their surveillance and tracking abilities, and widens their moats.
Also, porn is a smokescreen. The definition of "adult" content will rapidly expand, and these put the ID issuers in censorious a position of control over people and services. Nothing stops a government attestation server from rejecting a request because someone is blacklisted from "mass communication services" because they're a felon, protestor, LGBT activist, etc... or because a service has fallen out of favor.
magicalhippo · 9h ago
The technical specification can be found here[1], with further details here[2].
Well, it's more like a framework, so not a ton of details. I've just glossed over it, but from what I can gather they have thought about it:
No personal data, especially no information from personal identification documents such as national ID card, is stored within an [Age Verification App Instance]. Only the Proof of Age attestation, specifically indicating "older than 18", is utilized for age verification purposes
Stored Verification(8b): [Relying Parties] may optionally store information derived from the Proof of Age attestation in the User's account, allowing the User to bypass repeated verification for future visits or purchases, streamlining the User experience. In this case, authentication methods such as WebAuthN should be utilised to ensure secure access while enabling the User to choose a pseudonym, preserving privacy. Risks in case of the device sharing should be considered.
This is the pr on it [0]. It was linked on hn at the time too [1]
For all the shit Google deservedly gets they seem to be genuinely trying to implement good and privacy preserving solutions to a lot of these problems.
The issue of course is that there's essentially no way to do all this stuff with software and hardware the user actually controls themselves, so you end up with hard requirements that you use big tech as gatekeepers.
This is the slippery slope that IMO eventually ends the open web.
If you take that outcome as inevitable, which at this point I basically do given all the forces lined up to restrict access to information, I suppose Google is about the best steward you could hope for.
I don't and I wish Google et al would take a god damned stand against it. All it takes is 2 or 3 big companies to just not play along with the destruction of the open internet (the very same responsible for their genesis and incredible success), and the bureaucrats will eventually relent. Unfortunately they've chosen the path of least resistance, which also is the path of regulatory capture to their sole benefit. Sad to see that win over the ideals of the early net.
dvsfish · 7h ago
I agree in principle but as time goes on I have found that the free and open internet as we know it already no longer exists in practise. Theres like 5 places to go on the internet these days - your social media platform of choice, your short form content platform of choice, youtube, perhaps an AI platform, and 1 misc place of your preference. And this loop of crap seems to demand more and more of your life.
I went on youtube in bed last night to watch a 10 minute video (that I knew I had to search for to find - it was a specific one), but the app opens to shorts and they're so damn stimulating that it was 30 minutes before I finally got to the vid I wanted. I started with pure agency and was immediately thrown off course. Say what you will about my discipline or habits, but imagine the affect this has on less... aware individuals such as children.
Walking around the world you see everyone buried in their phones.
There are aspects of this initiative that I totally welcome, if it has the result of some level of de-interneting. The argument is always "they do it to protect children first, then it comes for everyone". I hope they increase resistance for the end user. I agree its sad, but what we have currently is truly awful, and less of it is a good thing.
I understand that it may not have that effect and end up in the "worst of both worlds" situation. But I don't wan't google fighting any battles for me anymore. They might try on occasion to be respectful but their bottom line is to own my attention.
ajsnigrutin · 7h ago
The idea is, that you have a 'digital ID' on your phone, tied to your real identity, that will today be used to prove you're 18, but when the infrastructure exists, it will be used for other stuff too... like needing to attach your real name to any social media account (you already have an app that does that on your phone for the 18+ thing, so adding real name is easy to implement), and that will greatly affect freedom of speech.
jruohonen · 1h ago
A lot of discussion, but one contradiction seems to have gone unnoticed; notably, the EU's DMA decision about Apple having to allow alternative app stores. Go figure again about these contradictory moves.
MrDresden · 3h ago
The title of the submission is misleading.
The linked Reddit discussion is about the issue of attestation in the EU age verification application requiring a licensed version of Android to function properly.
The EU is not banning non licensed Android systems. This would make it hard for EU citizens to use those though, if they need that app.
bluecalm · 6h ago
Funny how EU politicians complain about dependency on American tech and the next day do something like this.
It's all cheap talk anyway as they have 0 intention to make EU based alternatives possible but it's rarely in your face so much.
bfg_9k · 9h ago
What an absolute clown show - the EU fines Google and Apple for being monopolistic and abusing market power and then proceed to implement apps like these that can only be used on American operating systems.
Seriously you can't make this stuff up.
tonis2 · 9h ago
Yeah, EU byrocrats love corporate overlords in real life
stephen_g · 9h ago
I mean there's a perfectly rational possible explanation for this - if the fines are actually just an extra targeted tax on these companies (but it's politically inconvenient to just do it honestly by levying a tax), and they would therefore adjust the laws to make sure they could still fine them if they had already complied...
It may be that the people in charge in the EU don't really care about the market dominance as long as they can collect enough extra money from them...
chmod775 · 37m ago
At the end of the day someone could always grab this code, remove the verification step, and distribute that as a new app.
isaacremuant · 10h ago
So many people advocating for this in HN and elsewhere when it's so clearly a draconian slippery slope for invasive surveillance and choice restriction. After these things get implemented people pretend it was always like this.
We don't need the governments to mass surveil us to protect us. We need them to sort the economy and stop invading countries and being deferential to corporate interests instead of the people they represent.
It's such an obvious push that If you don't want to see it, it makes me think you're shielding yourself to avoid contending with the reality: These politicians and govs all around, including the countries you claim "work" are absolutely power hungry and beholden to interests other than yours and will push for as much total surveillance as they can, including as much curtailment of freedoms as they can.
Obviously that won't mean elites will actually face justice or crimes will actually be solved because more surveillance is not accompanied with more government transparency, quite the opposite and bigger and more powerful burocracies, with more authoritarianism, allow for easy hidden exceptions that you can't question.
It's nothing new. Corruption is common. It's just mediocre to see "hackers" pushing for it just because the government and corporations tell them to, because foreign country bad, bad social media influences kids, drugs, word-ism, etc.
ViktorRay · 10h ago
At the time this comment was posted there was only one other comment in this entire thread.
You say “so many people are advocating for this in HN” but this thread was empty except for one other comment (which was also critical of this) at the time you posted your comment.
isaacremuant · 9h ago
I think if you use critical thinking to read you may easily find I'm talking about my experience with reading comments in relation to imposing age verification for online access, which means digital ID for internet access.
HN and even the GitHub comments mostly start with the assumption that of course we should do this. Of course we should restrict social media to under 16/18s and either are in favor of ID to access the Internet or pretend it won't happen by consequence of this.
Now try to address what I said instead of poorly calling me out.
lukan · 9h ago
Linking to some comments in favour of this might help your case.
Or at the very least, many here support the goal of keeping children and/or teenagers off of social media entirely, while disliking the means of ID verification. But it's not like there's any other obvious means.
baby_souffle · 6h ago
> It's been a relatively common position to find, at least before the most recent hubbub around Steam, Itch.io, Britain, etc.
If you stretch the definition of "recent" to ~ 60d then you can also search for the pornhub/France thing. Quick google nets this thread: https://news.ycombinator.com/item?id=44210557. There are likely others, too... but I'm lazy :).
isaacremuant · 9h ago
My case? What's YOUR case. Assert a position and provide proof in triplicate please.
Please tell me exactly what you think and I can nitpick it vaguely instead of putting forth mine. Heh.
In any case, just look at the comments under my comment. You'll see them.
Don't be disingenuous with your proof demands and tell us what you think and then we can discuss the merits of your argument.
Dylan16807 · 9h ago
> My case?
The case that "so many" people are advocating this on HN. Sounds like a significant percentage!
> What's YOUR case. Assert a position
Their case is that you should give evidence.
> and provide proof in triplicate please. Please tell me exactly what you think and I can nitpick it vaguely instead of putting forth mine. Heh.
"you should give evidence" doesn't need its own proof. And nitpicking such a simple idea would be a waste of everyone's time.
isaacremuant · 7h ago
You're not the original poster of the question so why are you trolling?
"So many" means "so many". You're creating a straw man in bad faith.
What's your take on digital Age verification. Either provide useful commentary or stop trolling. Address the existence of the other comments I linked.
Dylan16807 · 7h ago
Giving you a clear answer to your questions is trolling?
Gunax · 8h ago
It's just information. Data. Bytes. We need a proper George Orwell for the digital age.
The internet used to be a bastion of freedom. That era ended around 2005.
ActorNightly · 9h ago
I don't think you are fully wrong, but the issue is your rhetoric is very much used by conservatives or "both sides are bad" which are just mask-on conservatives who end up voting the same way. And the problem with conservatives is not really the ideals and ideas, but the fact that they vote Republican (or whatever the equivalent party is in other countries), that all pretty much are the exact opposite of those ideals.
Age verification is already a thing IRL, there is no reason to not extend it online considering so much of our lives is digital. Overall I think anonymity should be reduced on the internet in general - a big reason of the world issues, especially in USA is that ideas can grow in forums where people under etherial identities can tell lie after lie without any repercussion.
djrj477dhsnv · 9h ago
How can you criticize those for voting Republican when you're advocating for the extremely authoritarian and dystopian position of banning anonymous discourse online?
heavyset_go · 8h ago
> a big reason of the world issues, especially in USA is that ideas can grow in forums where people under etherial identities can tell lie after lie without any repercussion.
See, I wouldn't have as much of an issue if you were honest about this real intention, because of how on the nose it is to reasonable people.
The idea that I will have to upload 3D models of my face and ID, or get permission from Google, just to go online because you don't like the idea of someone else's kids using the internet is absurd.
Please stop using appeals to children in your quest to "stop ideas from growing".
baby_souffle · 6h ago
> Age verification is already a thing IRL, there is no reason to not extend it online considering so much of our lives is digital. Overall I think anonymity should be reduced on the internet in general - a big reason of the world issues, especially in USA is that ideas can grow in forums where people under etherial identities can tell lie after lie without any repercussion.
Ah yes. Anonymity is the only thing that enables dishonesty and of course it's the government's moral duty to regulate it.
Once anonymity is banned, the world will be honest and good and True and we'll all look back on the Bad times thinking how silly we all were.
The best part of minority report was the way everything constantly tracked identity through retinal scans; i can't wait for the future!
avidiax · 9h ago
> it's so clearly a draconian slippery slope for invasive surveillance and choice restriction
It's a privacy preserving over 18 check.
Is it a "slope"? Sure, you can imagine an extension to the system that is "worse".
Is it "slippery"? This thing isn't draconian enough to be effective. It will be a minor speedbump that prevents exactly zero determined under-18's from accessing anything that they'd want to. So then the question is, does the government react by trying something more draconian, or does it give up?
latentsea · 9h ago
Things like this are a pain in the ass for GrapheneOS users. It's not great to get locked out of legitimate usage of things when using an OS that actually puts privacy first.
sunaookami · 4h ago
Do you really think this will stop there? Websites need to contact an attestation server and the EU can just ban verification for any website they don't like.
ozgrakkurt · 1h ago
Wow, kids are installing random operating systems from internet into their phones right?
marcinzm · 8h ago
Looks like someone just got a really cushy job at Google when they retire from leading this system.
lemoncookiechip · 9h ago
We shouldn't need Age Verification checks for adults in the first place.
Create a better, standardized, open-source parental control tool that is installed by default on all types of device that can connect to the web.
The internet aspect of the parental control should be a "Per Whitelist" system rather than Blacklisting. The parents should be the ones to decide which domains are Whitelisted for their kids, and government bodies could contribute with curated lists to help establish a base.
Yes, there would be some gray area sites like search engine image search, or social media sites like Twitter that can allow you to stumble into pornography, and that is why these devices that have the software turned ON, should send a token through the browser saying "Parental Control". It would be easier for websites to implement a blanket block of certain aspects of their site than expect them to implement whole ID checks systems and security to make sure that no leaks occur (look at the TEA app) like the UK is expecting everyone to do.
Also, I'm for teenagers (not little children) having access to pornography. I was once a teenager, every adult was, and we know that it's a natural thing to masturbate which includes the consumption of pornography for most in some way. Repressing their desires, their sexuality, and making this private aspect of their life difficult isn't the way. Yes, yes, there is nuance to it, (very hardcore/addiction/etc) but it should be up to the parents to decide with given tools if they trust their kid to consume such a thing.
As for the tool itself. Of course we have parental tools, but they can be pretty garbage, their all different, they're out of the way, and I understand that many people simply don't know how to operate them. That's why I believe that creating a standardized open-source project that multiple governments can directly contribute to and advertise for parents is the way, because at the end of the day, it should be up to the parents to decide these things, and for the government to facility that choice.
Obviously, besides the internet aspect, the tool should have all the bells and whistles that you'd expect from one, but that's not the topic.
EDIT: And yes, some children would find a way, just like they're doing now for the currently implemented ID checks. It's not lost of me that VPNs with free plans suddenly exploded in 4 digits % worth of downloads. A lot of those are tiny people who are smart enough. Or using an app like a game to trick Facial Recognition software.
glitchc · 5h ago
I wonder if this requirement stemming from the recently announced trade deal with the US.
I think this misses the forest for the trees. I could care less if the app requires a Google Android phone or non-jailbroken iPhone to work. I care that age verification exists in the first place, when it most definitely shouldn't. Arguing and ranting about how a huge privacy compromise functions misses the point that privacy is being compromised.
It's just odd to see them bringing up America when their own government created this. Not the US. How about fight the actual problem instead of making sure the problem works on more devices.
redbell · 2h ago
The first comment was hilarious: "so how does one report the EU for breaching GDPR" and it reminds me of a comment on r/androiddev where Google was requiring solo devs to have a verifiable phone number for support and the commenter said something like: "Meanwhile, Google itself do not have a support phone number for his Android devs!"
hnpolicestate · 5h ago
The problem isn't being handcuffed by Google or an American company, it's being handcuffed at all. Is it some kind of psychological coping skill to misdirect from the obvious problem (an age verification app that bans user software preferences)?
Who cares if it's Google or an American company. The point is you decided to let the E.U dictate what software you can run on your phone.
exabrial · 8h ago
Lol. People put way too much trust in governments.
If it's not unbelievably obvious, there's an entire class of people flying private jets to "world summits" where the transcripts aren't disclosed. What do you think is going on? Use your brain.
johnisgood · 3h ago
I don't know why people on here love the Government. They are probably advocating for a Government, but not this. A government that does its basic functions, without too much overreach, something like minarchism.
motohagiography · 6h ago
"age verification app," is such a phony pretext. They know that android fragmentation and the lack of consistent verifiable hardware is what prevents govts from implementing a punitive digital ID that is sufficient to punish and fine people using western standards of evidence and legal defense.
these people are monsters. don't help them, and don't be complicit. working on digital ID tech, and even disclosing vulns in it is like helping Hollerith make faster and more efficient punch cards.
FpUser · 7h ago
Sure, so much for freedom of choice and twisting people's arms. What is it their fucking leaders sing about being freedom loving and democratic?
hulitu · 3h ago
> EU age verification app to ban any Android system not licensed by Google
Oh, so now we know who is pushing for age verification. FAANG
jonathanstrange · 31m ago
They're pushing for anything that makes their services essential and indispensable for every citizen, and thereby locks all future competition out.
Traubenfuchs · 2h ago
Will this be the end of kyc companies like veriff, onfido, jumio, trulioo and whatever else is this crowded space in europe?
Will people sign up to banks and betting apps with their eu wallet digital identity?
scarface_74 · 5h ago
I never want to read about how the EU “cares about people’s privacy” unlike the evil US
johnisgood · 3h ago
Neither cares about privacy, to be honest.
Edmond · 9h ago
There is a correct cryptographic solution for information verification online:
Any EU friends can tell me which politicians are behind this?
jonathanstrange · 27m ago
This is ridiculous but it's worth pointing out that if the EU would provide their own infrastructure for "age verification" it would be even more Dystopian. The problem is not really that the EU in this case would give Google and Apple monopolies that locks out all competition, the problem is the "age verification" itself. Nobody needs, nobody wants it, and it's the starting point for all kinds of browsing and chat control measures dictated by governments.
renewiltord · 3h ago
I know you can’t access the Internet but at least you can use USB-C. Europe LOL!
lern_too_spel · 9h ago
No evidence is given that they won't implement non-Google remote attestation solutions like https://attestation.app/about
Indeed, the bug links to another bug where the author says that it isn't restricted to Play Services remote attestation and recently followed up with a documentation update making that clear. https://github.com/eu-digital-identity-wallet/eudi-app-andro...
Hizonner · 8h ago
> No evidence is given that they won't implement non-Google remote attestation solutions like https://attestation.app/about
Unfortunate that it doesn't matter, because they're not going to accept anything that's not attested by some authority.
Attestation in itself is a bad thing, guaranteed to be horrifically abused in ways far, far worse than any problem it could possibly solve. You do not need to know what software I am running, period.
lern_too_spel · 8h ago
> You do not need to know what software I am running, period.
Your employer needs to know if your devices connected to its network have been rooted without your knowledge.
In any case, this is a completely different discussion from what OP alleged, which I hope we can all agree is completely false.
Dylan16807 · 8h ago
My employer needs to know if their devices have been rooted. My devices should be on guest wifi or not connected at all.
lern_too_spel · 7h ago
So you agree, in a needlessly antagonistic way.
Dylan16807 · 5h ago
I'm not trying to be antagonistic, I'm just trying to make it very clear that nobody else should have a say in my device.
And a check for rooting against my knowledge probably becomes a check for rooting at all very quickly.
saubeidl · 9h ago
No evidence is given they will.
lern_too_spel · 8h ago
You replied after I had updated the comment to provide said evidence.
The issue is being raised here: https://github.com/eu-digital-identity-wallet/av-app-android...
As a resident of the aforementioned political climate, I find their concerns to be reasonable.There are a number of comments in that same thread that indicate a mandate to utilize Google services may run afoul of EU member nations' integrity and privacy laws.
There is some amusing irony in the EU relying on the US for furthering its own authoritarianism. It's unfortunate that freedom (in the classic rebellious, American sense) never became that popular in the EU, or for that matter, the UK.
IMHO, the push for age verification is just a stepping stone towards requiring a mandatory ID for all social media posts made from EU. Given the current trends against freedom of speech, it's not unreasonable to think that by the end of the decade any site, including HN, might need to link usernames with their respective eIDs in case posts come from EU IP addresses.
> officially sanctioned hardware and software
Right now, if you want to run an alternative OS, it's already an uphill battle to use tons of member state services, as well as to do banking. Even if you have microG available, the situation is terrible. I imagine it's going to become harder. I cannot understand why the European Commission wants to reduce our reliance on FAANG services, and at the same time they make Google Play a de facto standard, reinforcing the mobile duopoly. In this context, free alternative mobile platforms, such as Sailfish, cannot flourish.
It seems to be different branches of the EU? This has been a recurring problem in EU tech legislation - the EU government bodies are sufficiently autonomous that the right hand seldom knows what the left is doing...
A rule of thumb that works too often is "how is mainland China doing things?"[0], and assume the West will follow behind shortly.
[0] https://www.washingtonpost.com/world/2025/07/15/china-digita... ("Big Brother gets new powers in China with digital ID system")
(tl;dr: Mandatory digital ID, with central government attesting and holding personal data in escrow. The "least bad", "privacy-preserving" option a sizeable portion of even HN itself advocates).
> "This means that companies, like social media site Weibo or online shopping behemoth Alibaba, will no longer be able to see the personal information of their users with digital IDs — but Chinese authorities will be able to see the real identity behind online accounts across a range of sites."
If you are a system that depends on people being constantly under the yoke of your jurisdictional powers, you do not want a strong, free, ecosystem. You want as little diversity as possible, ideally two so there is an illusion of choice.
This is no longer just rhetoric. Meanwhile, the EU’s polite, tea-drinking cousin, the UK has quietly deployed a “social media surveillance unit.” Not to fight trolls or bots, of course - but to ensure His Majesty’s Subjects think correctly in public. Doubleplusgood, wouldn’t you say? [1]
[1] https://www.independent.co.uk/news/uk/home-news/police-socia...
what?? how is this againt freedom of speech???, south korea implement this ages ago and there is nothing like that
I wouldn't consider South Korea as having any meaningful freedom of speech; in fact they seem closer to China than the EU.
if you talk to people directly, no one said that
If you come from the perspective that there used to be freedom of speech and now there's all those pesky laws restricting what you can say, it looks like a slippery slope. If you realize that people have been required to check ID when selling material unsuitable for minors in physical stores since before the internet existed, it seems a bit more unlikely that ID requirements will expand to cover everything else.
If there is a law in one jurisdiction that says you have to be 21 to buy some product and a different jurisdiction sets it to 18, or has no age restriction at all, and someone who is underage in the first jurisdiction goes to the second jurisdiction to buy that thing, what happens? The seller sells it to them. This has always been a completely normal thing for people to do in border towns, or when people e.g. visit Amsterdam because of less restrictive drug laws.
The internet allows anyone to visit the site of a supplier located outside of their jurisdiction. That's completely normal an expected too. It also makes things like age verification laws for digital content pretty much entirely worthless, because most of the suppliers weren't in your jurisdiction to begin with and the ones outside of it are... outside of your jurisdiction.
Governments now want to pretend that it matters where the user is rather than where the site is, but that's a joke because there is no way for the site to even know that. If you try to require it then they'll either ignore you because they're actually entirely outside of your jurisdiction and you can't impose penalties on them for not complying, or treat IP addresses in your jurisdiction differently (possibly by banning them entirely) and then people there will just use a VPN.
Neither of these cause the law to be effective and ineffective laws are inefficient and embarrassing.
This is not a new thing either. Whenever something somehow touches multiple jurisdictions, it's generally safe to assume that laws from all of them apply. Countries can and do make laws that apply entirely extraterritorially. When that makes it difficult to do a thing while complying with all applicable laws, you either have to not do the thing or pick which jurisdictions' laws you want to break and deal with the consequences.
I don't think most lawmakers will consider the potential embarrassment from difficult-to-enforce laws much of a deterrent against outlawing what they want to outlaw. They're more likely to put additional requirements on third parties to assist with enforcement (e.g. VPN providers are an obvious candidate.)
There are many things that you are not allowed to write or say by law in EU countries simply because the legislator has decided that they are wrong opinions, and it is generally accepted that the State can and should implement such controls.
Note that lying is not a crime in general. Your examples are for very specific contexts.
Moreover, in practice, there is more freedom of speech in most EU countries than in the USA https://ourworldindata.org/grapher/freedom-of-expression-ind...:
USA: 0.89 France: 0.96 Germany: 0.94 Czechia: 0.96 etc.
A quick look at Steam says otherwise. All the games that credit cards companies pressured to get removed from Steam, were already long gone in Germany. Because that's the level of government censorship that is completely normal in Germany.
The only reason why one might get the idea that Germany ain't so bad is because Germany doesn't do (much) Internet censorship, so we have access to the much less censored outside world. If German law would apply worldwide half the Internet would be wiped out.
Whatever the ECHR might say what I wrote in my previous comment is factual. In Europe "freedom of speech" comes with a long list of small print.
In fact, this is so embedded that the article of the ECHR you quote provides for restrictions and even states that they are "necessary": "subject to certain restrictions that are "in accordance with law" and "necessary in a democratic society"." QED
https://en.m.wikipedia.org/wiki/United_States_free_speech_ex...
> Categories of speech that are given lesser or no protection by the First Amendment (and therefore may be restricted) include obscenity, fraud, child pornography, speech integral to illegal conduct, speech that incites imminent lawless action, speech that violates intellectual property law, true threats, false statements of fact, and commercial speech such as advertising. Defamation that causes harm to reputation is a tort and also a category which is not protected as free speech.
> Under Title 18 Section 871 of the United States Code it is illegal to knowingly and willfully make "any threat to take the life of, to kidnap, or to inflict bodily harm upon the president of the United States." This also applies to any "President-elect, Vice President or other officer next in the order of succession to the office of President, or Vice President-elect."[45] This law is distinct from other forms of true threats because the threatener does not need to have the actual capability to carry out the threat; thus, for example, a person in prison could be charged.
Article 5 of the Basic Law guarantees freedom of expression, freedom of the press and freedom of reporting by broadcast and film. It immediately restricts those freedoms with "limits in the provisions of general laws, in provisions for the protection of young persons and in the right to personal honour." https://www.gesetze-im-internet.de/englisch_gg/englisch_gg.h...
Many kinds of speech aren't covered by the enumerated freedoms in the first place, and "protection of young persons" is the basis for age-verification requirements.
Though given that the US constitution claims to guarantee freedom of speech while many things that people would ordinarily consider speech remain illegal, maybe "freedom of expression within limits" and "freedom of speech" is a distinction without difference in practice. But I think the former approach is more honest.
Is the first line in the chain post you reply to. Also, read the guidelines (rude comments or dumb comments).
Freedom of speech doesn't mean freedom of stupidity
Freedom of stupidity has to be the most basic right in a free society. Imagine if stupidity wasn't allowed!
Racism against other groups, deportations, camps, ...
You argue about the EU as if we were still living in 2005.
Likewise I would not say that the New Popular Front is communist, either, although as a coalition it does include parties that are.
Just because a bunch of noisy people shout about freedom all day long doesn't mean they are not talking absolute garbage.
The internet is like media (press) or communication by letters. Both extremely established in terms of guaranteeing freedom of speech and in the latter case, also secrecy. And the ID identification (that you then make your argument about) is only loosely related to free speech strictly. It's about being constantly searched and surveilled with a presumption of crime.
Not a great example.
No physical store would bother to check the ID of anyone clearly not {too young or borderline}.
Digital ID requirements are such that age verification of some form is required for every single connection .. and to assume that a connection from {X} might well require another ID check an hour later as it might well be a different person at the same computer or another device altogether.
That's an expansion from {only check young looking people} to {check and possibly retain records for _everyone_}.
Edit: I'm not saying EU uses it but it could...
Edit: the EU asserts the app is "privacy preserving" and "Additionally, work on the integration of zero-knowledge proofs is ongoing."
~ https://digital-strategy.ec.europa.eu/en/news/commission-mak...
It's not the assertions made that trouble me, it's the quality of any actual implementation and the scope for deliberate or accidental side leaking of knowledge that should be zero .. but likely (in a pragmatic view of a political world) is not.
64% would be uncomfortable with companies sharing their personal data with outside groups doing research that "might help them improve society", which is great because it shows people understand that such phrases aren't just about sitting around and singing kumbaya.
[1] - https://www.pewresearch.org/internet/2019/11/15/americans-an...
IMHO "would be uncomfortable" is not a strong opinion. "Oppose and actively seek to prevent" is a strong opinion. In my experience the majority just have a sense of learned helplessness.
People are usually quite interested to learn about ways to can work against the dystopia to some degree. For a specific example I've converted numerous of people to Brave users just by demoing the ad-block and privacy features. People who have never used ad-block are often in borderline disbelief. Not once has a person ever been like 'oh why bother.' That is just literally unbelievable.
True, but I am not sure it is even that many people.
This whole narrative is strongly driven by Apple themselves, one of their strategies against regulations like the EU Digital Markets Act is to rally its userbase against the EU.
The smartphone was a closed ecosystem from the start, tinkering around was an uphill battle fought with custom ROMs that only few users dared to try (if the bootloader wasn't locked down to begin with). Adding more restrictions didn't have much impact on most users.
They figured out that much of the population is easily manipulated and controlled by exploiting their desire for "safety and security" --- in stark contrast to that classic Franklin quote (yes, I know the context isn't the same, but the words are otherwise a perfect fit for the situation.) It's only a minority of the population; and I'd suspect a smaller minority in the EU than the US; which is willing to argue against it.
Next time you find yourself arguing for something or doing things a certain way, throw in an "it's better for security" or similar phrase with a plausible-sounding argument why, and see how easily it shuts down the opposition. In my experience, many won't even question it.
same idea has been pushed since forever(you can include ACTA and other copyright protectionist movements like that as its originators too) over and over again.
People need to protest all the time and win, legislators can just keep pushing it over and over again.
What's even worse you get really smart people seeing noting wrong with this.. Meanwhile this reeks of same methods that were used in my country under communist regime.
Even activists can get exhausted
Hate to say it mate, UK is already one of the worst offenders.
In their own "internet bubble," with curated Google searches that only present a very "Commonwealth countries bias" in search results. After I worked in the UK for a couple of years, I noticed there is a strong bias toward the same sites (Government and UK companies, especially biased toward "facts"). Second, you leave the UK. You will never get it. Try a VPN outside of the UK and search for the same stuff, you will notice it right away.
The UK have used the "think about the children" excuse for different stuff they don't like (Remember the Porn pass Idea? Where you had to go down to your local Tesco to get a "wanker pass" from the cashier.)
Same thing, now just for EU, and they use the "protect the children" excuse, but they have now started to aim at video game companies and others to "verify" age for the sake of "protecting the children". It is horrifying that they want to ID children in the excuse of their "safety". In a couple of years, they will likely offer free in-game currency to trick users into giving away their personal information.
I think you're trying too hard to post cynical remarks as if the were this major gotcha. Even though the bill is quite awful, Occam's razor is quick to point out this has all the hallmarks of an overzealous technocrat than authoritarianism. Try to think about it for a second:
- the goal of the legislation is to ensure adult content is not provided or actively pushed to children,
- adult content is pushed primarily by tech platforms,
- the strategy is to allow access to adult content only to users who prove they are adults,
- the strategy followed is to push an age verification system.
- technocrats know age verification systems can be circumvented if tampered with.
- technocrats proceed to add provisions that mitigate the risk of tampering age verification systems.
The detail you're glancing over is US's hegemony over social media and tech platforms. The world is dominated by three platforms: Microsoft's, Apple's, Google's. Even Samsung is not European. How do you expect to push a technical solution for an authorization platform without leveraging the systems that people use?
Also, the way the current US administration is pushing their blend of fascism onto the world is something I do not find funny. If anything, this would mean the American fascists are succeeding.
Imagine a world in which there are ten thousand phone platforms, some of them are developed by communities rather than business entities, and anyone can easily create a new one. Can your system function in that world? If so, then do it that way. If not, then assume it shouldn't work and stop trying to build it.
You'd be imagining a world that's very different from reality. Lawmakers have to operate in reality, though.
What will happen in reality is that videos and information is labelled adult content when in reality it isn't, e.g. videos of democratic protests. How do I know that? Because that's what's already happening.
Yeah, you can stop here. https://en.wikipedia.org/wiki/Think_of_the_children
Maybe an easy to manipulate technocrat with an authoritarian figure guiding them from behind.
> the goal of the legislation is to ensure adult content is not provided or actively pushed to children
It always starts with the children or terrorists. It's an easy way to sneak the idea in your head. You wouldn't want children to be harmed or terrorists to win, would you? Once you got used to the though, everything else follows.
Name something you want or like I can lazily turn it into a "think of the children" situation.
I don't know how it works technically, but clearly there's a way to fake it.
This is another one of the reasons why I'm opposed to the current trend of "memory safety" that the megacorps are so enthusiastic about. When insecurity is freedom, and security means securing against the user's control, attacking insecurity will only close off paths to freedom.
So the argument is that those buffer overflows in iMessage used to target people (i.e. https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-i... used to target a Saudi activist) are actually good because a hacker might jailbreak a phone with it?
It's good if all my software on linux crashes with segfaults because it might let someone unlock a locked down linux device one day?
I don't feel particularly free if my device is pwned with ransomware
Whoops, Google have delisted your government app from the Play Store, how quickly can you de-couple your citizens internet access from the corptocracy?
this is not the way to make a point that the other party will find persuasive.
https://www.pewresearch.org/global/2025/06/11/confidence-in-...
whatever your political alignment, saying the situation in the US is problematic might sell pretty well in the EU.
No. The lesson is that stuff like this is concerning what ever the "political climate".
Anyway, you mainly don't want the gov in your vicinity to snoop. Non-local OS:es is probably advantageous in that regard if you choose to run proprietary code...
We say this, but many also want to entrust all our PC games to one closed source launcher. Or have videos/TV all on one subscription service. There's definitely a spectrum of benevolent and greedy dictators people draw lines on.
I think that is far more that people like the other closed source launchers less, and each launcher potentially adds it's own stream of notifications and adverts to their system so there is a cost to having multiple active even if the PC resource cost is practically undetectable.
Furthermore if comparing game launches and related issues to political climates, I'd consider all the current closed source ones to be the same in those respects. Also we are not subject to several local political climates at any one time in that way (though we are when looking at a wider scale, of course).
> Or have videos/TV all on one subscription service
While there are other issues (each service tracking you etc.) this is more due to the fact that each service charges what we used to pay (in fact more, as in some cases prices have gone up by more than general inflation) for a single service that provided the same amount of content that they cared about. This doesn't really equate to trust on political climates (except where commercial greed is considered a political matter).
Why does one need a game launcher? Cannot we just like run games as we run any app? Having to use a launcher that by default requires internet connection, even if the game itself doesn’t, sounds like a very specific choice of how to do things. We don’t run any other kind of program like that.
That is because the introductory prices were not 1 to 1 to the business’ existing revenue streams from cable and satellite transmission fees. Especially considering that before, there was a very limited supply of content restricted by time slots, and now you are buying far, far more on demand content without advertising breaks. And without contracts with a cable or satellite company.
People are spoiled, and don’t appreciate how much easier and cheaper it is to watch or listen to most content than it was pre streaming services.
One only needs to look at market cap graphs of the various media companies to see that streaming isn’t the cash cow people think it is.
And obviously it is not just one arena, because it seems to be one glaring issue with human beings: they do not want to see the road ahead. And the ones they do are, at best, ignored.
But it's nice so many people care about the last few places where hard freedoms exist. The biggest risk is missing the forest for the trees and not seeing the local extensions of short term political comprise.
You're 100% right that it's happening today.
Do not think for a moment that ID verification primarily protects children and only incidentally enables authoritarian restrictions on speech. Do not think for a second that verification initiatives are designed without anticipating this outcome.
https://en.wikipedia.org/wiki/The_purpose_of_a_system_is_wha...
The purpose of a system is not what it does.
https://www.astralcodexten.com/p/come-on-obviously-the-purpo...
So then the purpose of the internet was to share cat pics? This quote is so wrong in every way.
> Do not think for a moment
I will decide what I think thank you. It's very ironic when arguments against "censorship" go this way.
which is an unnecessary ideological divide if your concern is free speech and privacy; too bad the old guard of activists chose sides and alienated additional support for their cause.
> which is an unnecessary ideological divide if your concern is free speech and privacy;
What do you mean by this, an unnecessary ideological divide?
> too bad the old guard of activists chose sides and alienated additional support for their cause.
What sides did they choose and whose additional support did they alienate?
The average person could never do that; critical evaluation was always needed (and it was needed for the material people encountered before the internet, too.) The only thing that is a change from the status quo ante in the first sentence is “LLM generated”.
Let's stop beating around the bush. We all know this doesn't make any sense.
The "temporary anomaly" is one of perception. It was individuals talking to individuals. In terms of volume the world has never had this much free flow of information, and its never been easier to transmit encrypted data within a group.
At the same time the problem with letting the internet be without government means it pushes digital crack to all children, and an oligarchy of (natural) monopolies tightly control certain powers through systems like "sign in with Google".
The options for companies to instead use a government backed digital identity seems like an obvious step forward if designed carefully enough.
That requires the right mindfullness of people's rights, eg the right story. I just don't think the war on the free-internet narrative from 30 years ago is up for it.
They want to stop children from accessing porn, which really isn't all that bad. Certainly it's not nearly as bad as wasting hours on perfectly legal social media and streaming sites
But rest assured, so long as you want to discuss privacy and nostalgia of the pre-invasionary internet, you'll find a knowledgeable expert on IRC.
Never heard anything like that from many people I know in Germany.
I feel like there is a huge chunk of context missing here.
They flip flop on this stuff at least once a month, and the most annoying part is that they always herald everything they do as some new epoch-defining initiative only to quietly forget about it and do the opposite a few months later.
If nation states are dogs, then EU is the chihuahua: loud, proud and extremely ineffective.
On the other hand, the EU bodies as well as national reps are besieged by lobbyists and diplomats, and without much backlash from constituents, it's very hard not to find someone that will do what you want. Just look at this former EC commissioner [1] working for Uber.
Flip-floping happens occasionally when the public catches up.
[1]: https://www.ombudsman.europa.eu/en/opening-summary/en/181717
The EU is not a hegemonic state, but rather an economic supranational organization. France/Germany tend to be primary proponents of increased EU strategic autonomy, while Poland/Czech/Baltic states are less supportive.
Similar to recent discussions of self-hosting, it's a tradeoff of autonomy/control vs efficiency.
> The EU is not a hegemonic state, but rather an economic supranational organization. France/Germany tend to be primary proponents of increased EU strategic autonomy, while Poland/Czech/Baltic states are less supportive.
Well obviously, these states know how bad the Russians are since they were terrorised by them for decades. They'll be the first on the chopping block. And they know that Europe does not have much deterrent of its own right now so they're screwed without the US. Though this will come.
Right now, Russia (I have no affiliation, other than thinking that Russian girls are pretty) and Israel (my country) are the big villains online. I completely support Israel, and am constantly silenced online, even on HN. I wonder if those who support Russia are similarly silenced. I hear that in Riga food was more plentiful and nobody slept in the streets during the Soviet years. There was no dream of getting rich, but no fear of losing your home and livelihood. And now, the big change is that there is still no dream of getting rich.
So maybe Poland/Czech/Baltic states have insight that comes from experience with both ideaologies.
Note that I define "more secure" as in not living in fear of losing home and income. Not necessarily that their standard of living was as good as those in the West.
Germany isn't doing this as much anymore, because Germany Inc has become increasingly dependent on their investments within the US [0], especially after the triple whammy of the Biden-era IRA [1], the sanctions on Russia sparking a domestic energy crisis [2], and Chinese players outcompeting German industry in China [3].
This can be seen with Germany purchasing American weapons for Ukraine over French objections [4]
[0] - https://flow.db.com/more/macro-and-markets/us-german-trade-r...
[1] - https://www.bloomberg.com/news/articles/2022-12-14/german-go...
[2] - https://oec.world/en/blog/bavarias-dependency-on-russian-gas...
[3] - https://www.reuters.com/business/majority-german-firms-feel-...
[4] - https://www.politico.eu/article/europe-donald-trump-weapons-...
So until recently the "free" Internet did not matter politically in the EU. Tech was used to trigger color revolutions abroad where the demographics were younger.
But now the unelected EU commission inherited that Internet things and are on the wrong side of it. Worst almost everybody in the EU speaks English and listen to Joe Rogan & co. And while the US Gov might be able to control the Joe Rogan type the EU does not.
So their only move is to crack down on the Internet and limit it with a Chinese firewall type system. But they obviously do not have the ability to do so without the capabilities of an US tech giant (remember their own systems are on Office 365, every phone is Android or Apple). And this would also be in the interest of the US because it would give them a solid control over the EU.
Remember the first goal of a system is to survive and I do not see another realistic path.
Because in the background it's a French vs German vs Irish vs Czech vs $insert_eu_state business interests competing with each other.
Notice how it's almost always French legislators and businesses that mention "domestic EU tech" and not Polish, Czech, Romanian, Dutch, or even German policymakers or businesses?
That's why.
National interests always end up trumping the EU in it's current form. And for a large portion of the EU, American BigTech represents the majority of FDI (tech and overall).
Japanese and Korean automotive players did the same thing with the US in the 1980s-90s in order to ensure their interests remained aligned (though the Plaza Accords did play a role)
https://www.youtube.com/watch?v=Px9qhDGv300&t=150s.
(the entire video is interesting and informative, I've skipped it to the France-US specific part, up to about 11:02 where Australia is introduced as the US sycophant it is)
Whether it's logical or not, offences past, even those thought forgotten, are easily recalled when under similar pressures.
From an American NatSec perspective, French strategic autonomy is viewed as a positive, as can be seen with Elbridge Colby's work (and similar work by Mastro and Doshi), and a lot of the initiatives led by the Biden admin, as this would allow burden sharing because the US is no longer in a position to manage a two continent war. France does our dirty work in the Sahel and can help in the Indo-Pac (as was seen with the US, France, and India jointly armtwisting the UK into ceding Diego Garcia to Marutius)
In Australia's case (and to the US's benefit), alignment with France makes sense and has been something that has come up in Australian NatSec for years.
New Caledonia is barely 800 miles off the coast of Australia and NZ, and both New Caledonia and French Polynesia have faced pressure due to China, especially after the recent violence in New Caledonia was linked to Azeri [5] disinfo networks on TikTok, along with decades of covert ops by China in New Caledonia [6][7]. France has also been an active defense partner with India and Indonesia - both of whom are increasingly cornerstones of Australian defense.
By every single standard, having an active "Indo-Pac" France is a net benefit for America+ strategy and Taiwan.
That said, French NatSec "strategic autonomy" does not have anything to do with French industry's alignment with marketing a "European first" tech story.
France has similar issues to the US with power politics (as can be seen with France, US, SK, and Israel sharing a similar CPI score), and the biggest booster and beneficiary for "European Tech" is Xavier Niel [0] (France's Mark Cuban or Elon Musk), who is on a first-name basis with Macron [1][2] and whose Father-in-Law (Bernard Arnault) has personally played a significant role in French power politics for years [3][4]. Arnault is also the reason why every country negotiating with the EU ALWAYS tariffs congac and champagne - Arnault's LVMH owns Hennessy and all the other congac producers, and the majority of champagne producers.
End of the day, this is just another inter-elite conflict between vested business interests like any other, but couched with the flag of nationalism.
Nothing wrong with that, but this is why you don't see alignment amongst EU member states - as each state is supporting their own vested business interests amidst a trade war. For example, there's a reason all of us American tech investors end up working with the same handful of politically aligned law firms in Czechia or ending up in the same IT Parks in Eastern Europe.
[0] - https://www.bloomberg.com/opinion/articles/2025-02-12/xavier...
[1] - https://www.lemonde.fr/en/politics/article/2024/12/22/emmanu...
[2] - https://www.bloomberg.com/news/articles/2018-05-22/french-mi...
[3] - https://www.reuters.com/business/media-telecom/insight-macro...
[4] - https://www.lemonde.fr/en/economy/article/2023/08/08/bernard...
[5] - https://www.aspistrategist.org.au/russia-azerbaijan-exploit-...
[6] - https://www.aspi.org.au/report/when-china-knocks-door-new-ca...
[7] - https://www.lemonde.fr/en/pixels/article/2024/05/16/why-and-...
For example, the violence in New Caledonia was instigated on TikTok by Azeri disinfo networks [0][1] due to French support of Armenia, which itself is due to French support for Greece+Cyprus against Turkiye, who is the primary patron for Azerbaijan.
Algeria has been doing something similar [2] due to French support of Morocco, and China's UFWD aligned groups have done something similar in the French Pacific [3]
Unless you're insisting I'm a troll or a bot, which I strongly disagree with. I've worked closely with EMEA (and especially French institutions and businesses) in my current career and previously when I worked in the policy space. I just kvetch on HN because it's not significantly on any radar yet and the anonymity is appreciated.
[0] - https://www.politico.eu/article/france-accuse-azerbaijan-fom...
[1] - https://www.institutmontaigne.org/en/expressions/azerbaijans...
[2] - https://www.atlanticcouncil.org/blogs/menasource/the-roots-o...
[3] - https://www.aspi.org.au/report/when-china-knocks-door-new-ca...
I mean.. great for the politicians, not for an average european.
The push for authoritarianism seems to come purely from above. My intuition, from personal anecdotes, is that after 30 years of widening gap between the haves and the have nots, the haves are increasingly terrified buy their own populations.
https://ageverification.dev/Technical%20Specification/media/...
Essentially, the core user journey is a privacy preserving "over 18" check. I suppose this prevents under 18's from accessing porn, in the same way that most blocking technologies impose an expense on everyone but fail to block tech-savvy children.
Doesn't seem like it could ever stop someone with a bittorrent client, unless you have to attest you are over 18 to even use bittorrent.
So no, this is totally ineffective. And it's not like there's actually a problem. There's no crisis of messed up kids or young adults. We all had access to porn in some form and we all turned out fine. I used to watch the late night pay tv which was just 'scrambled' by removing the sync signal. It was easy to put that back with some electronics chops. I saw my share of gangbangs and cumshots and I did not get messed up or get weird ideas. In fact I often get compliments I'm a sensitive and caring lover. I never do or push for the dirty porn tropes (unless she asks for them :)
So did most of my school friends. Also video tapes got passed on at school and later CDroms (when the writable DVD came I was already an adult). We all had plenty.
This is all to mitigate a "crisis" which doesn't actually exist.
From watching porn?
But I agree, forcing verification will not be effective enough, kids will find their way. The real solution is more education on this topic from younger age.
Don’t know how to describe how insane this is
For instance, it's not illegal for me to be served alcohol. If I'm not carded when being sold a drink, nothing illegal has taken place.
If the lawmakers are being cowards and not saying they want to round up and ID all the children from birth until they are eligible to participate in the adult world, that's their battle to fight and not our burden.
I think I have become far too cynical.
But this still wouldn't stop determined kids from VPNing to another country to make their account, and wouldn't stop peer pressure on kids from bleeding to parents to help them.
We see something similar in the US with age verification for viewing porn in some states. Mainstream porn sites that I’m sure you have heard of that aren’t based in the US just ignore the laws and VPN sales skyrocket in those states.
If I were a kid, I could see myself downloading Opera GX and enabling the free VPN. It's probably not "tech-savvy" because the browser gets a lot of ad views on YouTube; it would be pretty obvious.
Basically anything other than going to a legally compliant website and trying to attach your mom's passport to the age verification app and doing the challenge.
I would want to sit in on this audit.
Because the practical reality here is, like, porn is the big scary word, but the actual danger to kids is *other people.* Other addictions still exist. Removing one vice without solving the underlying systemic problem merely shifts the goalposts, and everyone is up in arms about what a slippery slope that is for good reason.
EDIT: Clarity here because I phrased that badly in a hurry: I'm in disfavor of internet access being a requirement for schoolwork, but I failed to set that context initially. If parents trust their kids enough with access, once they've reached a certain point of maturity, that's fine. I'm against technological age gates and I'm against removal of bad content from the net at large. Parents should decide when their kids are ready, and guide them appropriately.
I will leave my original remarks unedited so the remaining discussion is sensible. (Sorry!)
W T F ? ? ?
> Because the practical reality here is, like, porn is the big scary word, but the actual danger to kids is other people.
Bad news, Champ. Other people also exist off of the Internet. They always have. The world is not entirely safe. And that does not mean children shouldn't get to be part of the world.
The main problem here is panicky idiocy.
That idea has never really been realistic short of keeping them isolated from society until 16-18 (which most would consider abuse), but it’s not even slightly possible today with how readily available information has become. It’s an inevitability that they will learn about the topics you’ve been avoiding and take on external influences you may not approve of.
Now to be clear, I’m not advocating for letting kids run wild on the internet with no guardrails, especially earlier on. Guardrails are important, but it’s even more important in my opinion to try to stay ahead of what they may encounter by talking with them about those things so when they eventually run across it, they’re not flying blind and might even seek your guidance about the incident since they know you’re not going to get angry about it. That’s much more likely to bring positive outcomes than if they ran into these things without parental support.
The point I was actually trying to make is just this: if the parent's goal is to block content, then the simplest thing to do is to be there when the child is surfing the net. That shouldn't take crazy technological measures. At some point, most parents realize their kids are mature enough to handle things and back off, but the parent should be making that call for their own kid. I don't think the government should be doing it on their behalf. If the government believes the internet is dangerous for young minds, then it should focus on the thing it can control: educational curriculum, primarily. Trying to "fix the internet" is a fool's errand.
As for other people being the danger, there’s some truth to that for women. I have a daughter, so this will be a concern. But you know, she won’t die. Everyone goes through trauma. The key here is to make sure she feels comfortable enough to talk to me and to my wife before doing anything (too) stupid.
I snuck out of my parents’ house to go see a girl when I was 16. Took my dad’s station wagon. On the way, some car tried to pass me and ended up hitting a big truck on the side. Truck was fine, I was fine, that fella was not. He ended up on the side of the road. Me and trucker just kept going. I still think about that guy a lot, because obviously the correct thing to do would have been to call 911, but I was a dumb 16yo who was out past midnight to go see a girl.
Point is, if things went a little differently, I could have been the one who crashed, or even dead. But that doesn’t mean that the girl I was going to go see was somehow a threat to me. It means I was doing something dangerous.
Again, this is easy to say as a man. The threat model for women is different. But prohibiting minors from the internet without supervision is totally absurd, and I feel bad for any parent who helicopters their kids like that.
Ultimately your kid will grow up and have their own life. Do you want to be remembered as the parent who had them under lock and key in the name of safety, or as a parent who monitored from a distance and occasionally let them do stupid things so that they could learn from it? For me, the latter is far more preferable.
You're trying to logically and emotionally appeal to people whose amygdala have been hijacked by a moral panic.
I agree with you, but good luck.
I was not clear enough, so I will try again. If parents do not want their kids to access "bad content", whatever that means to them, then they need to supervise the access. If parents are okay with their kids accessing bad content, then that choice is theirs to make. The internet itself should not be the gatekeeper here, neither should the government, but the parents do need to actually parent. I do not believe technology should be doing the parenting. And BECAUSE I believe this is a choice the PARENT should make, I also do not believe unfettered access to the internet should be a requirement for students. As long as that is a requirement, the parents aren't in control, and we get draconian laws trying to "fix the internet."
You have wildly misinterpreted my intent, and admittedly it is because my opening sentence was poorly phrased.
As far as the beheading video, why be offended? Yes, I think teenagers will be naturally curious, and that gore videos will be on their watch list along with porn. It was true for most of my friends, and admitting this truth rather than running from it is how you deal with it. It’s not "defending" when it happens as a matter of course.
Again, you’re basically arguing for draconian powers not for the government but for the parents. To me, this is two sides of the same coin; whether the jailer is the government or the parent, when I was a teen both would have been the enemy. I personally don’t want my child to think of me as the enemy. Other parents can make different choices.
And yes, I think it was fine for me to watch that video when I was 13.
The reason I think it was fine to watch the video at 13 is because it was major news at the time. The Iraq war was just starting up, and I believe Nick Berg was one of the first troops taken prisoner and executed. I wanted to see for myself what other countries were doing to our soldiers.
As I got older, I realized it wasn’t so clear cut as good vs evil, and that we were often the evil ones. (Regardless of the reason, blowing up someone’s home with some of their family inside is evil, and there were civilian casualties in the Iraq war.) But at the time, it was a major formative life experience for me. It galvanized me into wanting to join the marines, which of course would have been a huge mistake. So you could argue that me watching the video was harmful in that sense, since it influenced me pretty heavily.
I take a different perspective. Freedom is about freedom to view something and decide for yourself how you feel about it. It’s easy to forget how mature you felt at 13. If at the time you tried to stop me from watching that video, I would have been furious, and said that you’re preventing me from seeing what’s really going on in the world.
Now, I personally think that that freedom also extrapolates to the rest of the evils viewable on the internet. I watched a lot of cartel videos, some war footage, and so on. You can argue that 13 is way too young, and maybe I’ll even agree once my daughter reaches that age. But if a kid is genuinely curious to see what reality is actually like, I personally find it a little repulsive that we as a society think it’s so awful, and that we say children should be babied for their own protection. If you tried that with me at 13, I’d have given you the finger and figured out a way around whatever security measures you put into place. In my opinion, the correct thing to do is for a kid to have a close connection with their parents, to tell them that they’re curious, and for the parents to explain the reasons why the kid might not want to see it. (This also forces you to explain why it’s so horrible. Surgical procedure videos are equally graphic, but we don’t call them horrible.) And if at the end of that process, your kid wants to watch those videos, be it porn or gore, you should seriously consider their request. Your options are to be supportive or for them to do it in secret. Thinking you’ll stop them is wishful at best.
Yes, it’s uncomfortable. I don’t personally know what I’ll do when Kess comes to me or her mom asking about that. But "forbid it in all circumstances" is in my opinion an extreme overreaction given what’s at stake. At worst, it will cause them some emotional trauma. It arguably did for me. It’s good to protect children from trauma. But if they genuinely want to go through it, who are we to stop them and say we know better? Let them figure it out.
We’re their parents. It’s easy to believe we do know better. And in most cases we probably do. But at the end of the day, by forbidding this content, you’re waging war on your child’s curiosity. I personally find that as horrifying as it probably felt hearing me say that there’s nothing wrong with it. It’s fine to disagree.
If this comes up the future, I’ll point back to this comment as my canonical response on the topic. If after reading it people still want to be offended, then okay. But I’m not trying to tell you how to raise your kid. I’m saying, you’re fighting a losing battle if you think you can stop them.
[1] https://grapheneos.org/articles/attestation-compatibility-gu...
After a lot of angry emails towards the helpdesk, they at least changed it, so a failed check only shows a warning that you can accept.
Seriously. You don’t need Google. You just need a plan and a will to execute.
We have EU regulations, those are much tighter than in US, on practically every front. Labor, finance, environment, data, AI, you name it, we have it regulated. And then you have the country level regulations on top. That's right, EU sets the floor, not the ceiling.
Suppose you have a start up in Poland, you have managed to get funding and you are offering services in your country. You want to do that in Germany? Get ready for complying with new set of regulations. And you better hope that individual German states don't have something extra on top of those.
All of those regulations have purpose, it is possible that they were designed by well meaning people and bring some benefit. But their compound effect is catastrophic. It is not that you can't push trough, you can, just look at Kiwi or Mikrotik. But it's an uphill battle and your competition from overseas has it so much easier, that they can end up outgrowing you, and eventually buying you out.
My guess on what happened this time is, people were tasked to implement a way to verify age anonymously and this was the only feasible way to do it because of their constraints that don't allow them to do bigger stuff that China or USA will able to do through having the budget and enforcement power.
I know politics isn’t logical but if you keep drilling down the root cause, eventually you’ll hit bedrock.
EU needs to federalize but europeans are still too nationalistic for that to happen. Even Germany is too tiny to matter in the global stage but even small countries with population of a city in America will be like “we are special, we can take on USA and China because of our intrinsic characteristics. Even if we can’t we are definitely better than our neighbors”.
Google rolls into town and wants to spend half a billion euro on a datacenter? Sure thing. They'll say that it'll boost the local economy while being built - by creating a couple of thousand jobs for the contractors that are going to build and maintain it, and then some onsite jobs for the next decade or two, creating a couple of hundred jobs for techs / engineers.
And as long as they keep playing ball with google, projects like that will pop up once in a while. If you're difficult, there's also a risk of the rich tech companies taking their business some other place.
With that said, I've recently noticed more voices for building our own stuff - as there's a real risk that US tech companies will simply comply if pushed enough, say, by a POTUS that's out for blood and wants to hurt certain foreign users. Ban/lock out certain users from gaining access to software, turn off their infrastructure, etc. who knows.
But, alas, there just isn't the same willingness to pour in capital on the important things. For private investors it doesn't make much sense, unless they have a bulletproof contract with domestic users willing buy their service - and using state funds isn't too popular, either.
Truth be told, any of the big tech businesses can undercut any competition, and probably build better and faster. If anything, it could be the case for tariffs - outsourcing critical infrastructure will leave you very exposed. If European countries all over the board started to abandon US tech companies, they'd cry to Trump, who in turn would probably start a trade-war.
You are right to be worried. US companies under this administration can’t be trusted to follow the law. Why should they, when our commander in chief isn’t and has a panel of judges who let him do whatever. Just the other day he suggested Obama be investigated for treason. So yeah, we’re toxic, and you all should seriously quarantine yourselves.
> and the one that was a bit better than terrible was bought by a US company
But here you say EU can make great software? Just that USA then buys it. So we should just ban USA from buying our great software companies, is that what you are saying?
Struggling to think of corporate produced software that doesn’t suck. iOS Safari is ok, I guess.
In America the least bad stuff eventually rises to the top. In Europe it feels like it's all just one shared pit.
The reason is because Americans buy the other tech firms, so its not because they don't make non-bad tech its because USA just monopolizes it via very aggressive acquisitions.
Everyone’s ready. The only reason US is wealthy is those subscription fees and vendor lock in we have.
There isn't really venture capital like that in Europe. Your business has to bootstrap. There are big businesses that could fund big ideas but they are big because they do one thing well - a company like Airbus isn't going to branch out and build an AWS.
Anyway, if a government tried to make a European smartphone design, it would be treated as any other government supply contract, resulting in a terrible design-by-committee. So in the end, all politicians are willing to do is wait around and say "someone should do something".
It's actually a little better than that. One thing they can do, and have done, is make funds available for individuals and small groups who want to have a go themselves. Notably NLnet funds a lot of projects. They're all small projects though so they're not really capable of displacing megacorps in the free market. Stuff like MNT hardware remains niche hacker stuff.
American companies like Google [0][1], Amazon [2][7], and Microsoft [3][4][5][6] have spent billions in FDI and hiring, thus building strong relationships with EU states like Ireland, Romania, Poland, Finland, Sweden, and others, but French and German competitors haven't (or don't exist depending on the service or SLA).
This means a significant portion of EU member states have an incentive to maintain the relationship, because the alternative means significant capital outflows. A Polish legislator doesn't have to answer to French voters, so they will incentivize the relationship with BigTech. Thus, these nations will lobby tooth and nail against destroying the relationship.
It's the same reason Hungary courts Chinese FDI [8] and enhancing the Sino-Chinese relationship as leverage against the EU pushing too hard [9].
[0] - https://www.gov.pl/web/primeminister/google-invests-billions...
[1] - https://www.gov.ie/ga/an-roinn-fiontar-turas%C3%B3ireachta-a...
[2] - https://www.aboutamazon.eu/news/job-creation-and-investment/...
[3] - https://centraleuropeantimes.com/microsoft-google-invest-big...
[4] - https://www.reuters.com/technology/nordics-efficient-energy-...
[5] - https://www.idaireland.com/latest-news/press-release/an-taoi...
[6] - https://www.government.se/articles/2024/06/prime-minister-to...
[7] - https://aws.amazon.com/blogs/industries/cloud-technology-emp...
[8] - https://hungarytoday.hu/hungary-seeks-to-stay-leading-europe...
[9] - https://theloop.ecpr.eu/hungary-and-the-future-of-europe/
The post WWII doctrine of US that's applied in Europe is strengthening the bigger businesses. Those businesses use US tech since investing in an actual European tech sector is expensive. Especially after all the first players took critical positions.
The time to invest in that sector was in the 80s and 90s. Europe had a different relationship with the US and it was trying to encite small ex-Soviet states to join, so they can exploit the cheap labor. So nobody actually invested in local tech sector.
It is now an uphill battle that'll cost more than the original investment. Only countries with strong independence urge like France is willing to fight it. Most of the EU countries are not.
You also can't just say, "Here's a few hundred billion in public support to create alternatives to U.S. tech giants", because the U.S. would argue that it's unfair state aid and retaliate.
There isn't enough private capital in the EU with the risk tolerance required to take on such a challenge independently.
We also lack a reserve currency like the USD, so we can't print $2 trillion a year, much of which ultimately flows into the U.S. stock market and further boosts U.S. tech companies, making competition even harder.
EU markets are already fully penetrated by U.S. behemoths that can either withstand or acquire any privately funded competitor, thanks to their massive cash flows and valuations.
For all these reasons, the outlook isn't very promising.
That can be improved by making traditional investments (real estate, land) less attractive while making investments into businesses more attractive. You just need to change tax incentives by removing capital gain tax and introducing real estate/land value tax (or raising it). Removing red tape would help as well and then making the common market really common.
As it is there is very little incentive to invest in companies here.
That's unrealistic. Majority of people in the EU own property and/or land, and no one wants to pay even more taxes on it. In my EU country, the majority of politicians own more than two apartments. I don't see them working against their own interests.
That's why nothing every changes. Ever increasing taxes on productivity to benefit the real estate/land owners is how EU operates. No wonder we have fewer and fewer children and there isn't many people willing to found new businesses.
It's a death spiral which will end with the youth rebelling or going extinct. The latter being more probable looking at current fertility rates.
Indeed, it's a very sad story. I'm afraid the EU is in a coma, so waking up is not a given.
A question I have is who voted for this? I sure didn't.
I don't.
This has no effect, is it even used in production anywhere? It seems to be part of eIDAS which is a good thing, most countries already have their own identity systems as is stated in the README. The three or for id apps I have seen all have some kind of device check that is sent to the ID provider, it is not usually accisible for ServiceProviders though. On those apps you either get no indication or just a "seems suspicious" score.
The one in Sweden has a "return risk option". https://developers.bankid.com/api-references/auth--sign/auth
This does not make it possible to filter out people. And honestly considering the amount of shady phones people have I am not sure this will every work. Apple is sadly another issue, too many normals there.
It is nice that this is pointed out so we do not get a distopian future.
I use GrapheneOS as a daily driver and I absolutely love it. It should be the default. There's already one app I use that must do something similar and absolutely just won't run on it, so I have an entirely separate phone running stock Android just for that one app. Still worth the hassle.
Glad I don't live in a place where all this madness is taking root, but still, the trend itself sucks.
Furthermore, there's nothing stopping the governments implementing these standards from permitting GrapheneOS' signature. It's one of the ROMs that actually has a reliable signature so unlike random images from XDA there's a case for it to be permitted. Google's integrity check isn't just a binary check, it's a combination of a hash and a pre-defined list of suggested acceptable hashes.
So you complain to the service, they either ignore you or tell you to use the app, and then what? They are not breaking any law as far as I can tell.
And even if it was, class actions in Europe are close to inexistent, and it's not worth it for any one consumer to take the multinational running the service to court.
> there's nothing stopping the governments implementing these standards from permitting GrapheneOS' signature
incompetence and/or not caring
https://grapheneos.org/articles/attestation-compatibility-gu...
> Very well sir, which digital payment service would you like to use?
> It doesn't matter they all force me to use my phone.
EU wants to push more control on the internet, today it's "think of the children" but when the infrastructure is rolled out, it'll be "real name verifiction" on social media, chat control, etc.
Whoever is pushing this in EU has to be removed before things will get better.
Kinda, yes.
(slightly simplifying the mechanism here)
This seems to be based on the EU Wallet project, which is still work in progress. The EU wallet is based on OpenID (oidc4vci, oidc4vp). The wallet allows for selective disclosure of attributes. These attributes are signed by a issuing party (i.e. the government of a EU country). That way a RP (relying party) can verify that the data in the claim (e.g. this user is 18+) is valid.
However, this alone is not enough, because it could be a copy of that data. You can just query a wallet for that attribute, store it and replay it to some other website. This is obviously not wanted.
So the wallet also has a mechanism to bind the credential to a specific device. When issuing a credential the wallet provides a public key plus a proof of possession of the associated private key (e.g. a signature over an issuer-provided nonce) to the issuer. The issuer then includes that public key in the signed part of the credential. When the RP verifies the credential it also asks the wallet to sign part of the response using the private key associated with that public key. This is supposed to prove that the credential was sent by the device it was issued to.
Now this is where the draconian device requirements come in: the wallet is supposed to securely store the private key associated with the credential. For example in a Secure Enclave on the device. The big flaw here is that none of this binding stuff works if you can somehow get access to the private key, e.g. on a rooted phone if the wallet doesn't use a secure enclave or with a modified wallet app that doesn't use a secure enclave to store the private key. You could ask a friend who is 18+ to request the credential, copy it to your phone and use that to log in.
Is the EU essentially foisting a someone-else-owns-your-keys regime onto their citizens?
Without the wallet, you'll be forced to jump through the same hoops as you're doing right now. Depending on what EU country you live in, that can be anything between "no real difference" to "making an appointment to exchange stamps on documents".
Or which hoops you mean we have to currently jump through to access 12/14/16/18+ sites
The idea is that once you get used to that, you will get censored from all the internet.
> Is the EU essentially foisting a someone-else-owns-your-keys regime onto their citizens?
Not quite, it's the EU essentially foisting a don't-use-free-software regime onto their citizens
Oh no! Imagine you find a willing adult who does the verification on your phone. The whole system is moot!
Don't need "copy" here for that. They can just do the verification on your device without any technical tricks
Instead, they're trying to shoehorn your device into providing the same safety level and, in doing so, making it by design impossible for you to control your own device. Obviously if the sites trust a device that you control, you can make it tell them anything. The ideological part is that it's not your device anymore then and imo we should oppose that. The technical solution is to use the hardware security chip you already have with a reading mechanism that (nearly?) every smartphone already has and even works on any OS that can run a USB NFC reader. It could be an entirely open standard
Basically on such a system you can potentially manipulate the process. Here that would probably be to install the credentials of someone else on the device.
So they want a locked down OS environment where user does not have root privileges and software has to be verified (in this case by Google) to be installed.
None of this prohibits users from modifying their bootloader, kernel, or OS image; but any such modification would invalidate the secureboot signature and thus break attestation until the user registered their own signatures with the EU.
The EU currently only transacts with Google in this regard because, as far as I know, they are the only Android OS publisher (and perhaps the only Linux publisher?) that bothered to implement hardware-to-app attestation chaining live in production end-user devices in the decades since Secure Boot came onto the scene. All it takes to change that is an entity who has sufficient validity to convince them that outsourcing permitted-signature verification to Google is unethical, which it is.
It’s a safe bet that Steam Linux was already working on this in order to attest that the runtime environment is unmodified for VAC and other multiplayer-cheating prevention systems in games — and so once they publish all that, I expect we’ll find that they’ve petitioned their attested OS signature chain to the EU as satisfying age requirements for mature gaming.
The vendor lock-in here is that Apple and Google and, eventually, Valve, are both willing to put the weight of their business behind their claims to the EU that they do their best to protect the security of their environment from cheaters, with respect to the components required by the EU age verification app. The loophole one could drive a truck through that the EU has left open to break that lock-in in the future? Anyone can petition the EU to accept attestations from their own boot-kernel-OS chain signatures so long as they’re willing to accept the legal risks visited upon them if found to have knowingly permitted exploitation for age check bypasses, or neglected to respond in a timely and prudent manner when notified of such exploitability by researchers — and if the EU rejects their petition improperly, they’ll have to answer for that to their citizens.
But even if you were to want user's phones to be roots of trust...
> as far as I know, they are the only Android OS publisher (and perhaps the only Linux publisher?) that bothered to implement hardware-to-app attestation chaining
GrapheneOS does that. They guarantee this more than Google because Google allows devices with known vulnerabilities: https://grapheneos.social/@GrapheneOS/114864326550572663 (rest of the thread is worth reading, too)
Using Google Play's instead of Android's attestation framework means that nobody else ever could enter this market indeed, no matter how secure the OS
... unless they don't want to turn their device into a boat anchor that nothing else will talk to. It's not going to stop with age verification.
Counterproposal: fuck attestation, and fuck age verification. Individual users, not corporations, associations, or organizations, get to use any goddamned software they want any time they want for any purpose they want, and if you set up some system that can't deal with that, tough beans for you.
Intercepting the USB reader traffic to feed the computer a different card is about the most roundabout way of achieving that
Smartcards also seem to have the ability to issue certificate requests. I think the keys inside the cards are signed by a manufacturer trust chain (I got a gemalto card to play with for signatures and places like IdenTrust were able to verify authentic cards, but I wasn't trying to fool anything so it may be possible... but they would only issue certain levels of keys for specific cards)
I'm not saying you are wrong (I don't know enough about the details) but it all was much more sophisticated than I had thought and the chips seem to be running some sort of attestation of the chip in the card. Basically, you can't MITM things if doing so requires getting a private key that only exists in the factory. That sort of thing.
This is why it's important that initiatives like Web Environment Integrity fail. Once the tools are in place, they will always be leveraged by the State.
> and so once they publish all that, I expect we’ll find that they’ve petitioned their attested OS signature chain to the EU as satisfying age requirements for mature gaming.
I hope that Valve pays no mind to this nonsense and continues to allow art to be accessible to anyone.
Governments have real and serious need for verifications that are backed by their force. They’re a government; they are wielding force upon citizens by doing this, knowingly and intentionally. That is a normal and widespread purpose of the State existing at all: to compel people to align with the goals of the State, whether members of the State like it or not, until such time as the State’s goals are changed by whatever means it permits or by its collapse.
If this pans out for them, as cryptographically it will but remains to be how vendors and implementations handle it at scale, then they can introduce voting from your phone — the previously-unattainable holy grail of modern democracy — precisely because it lets the government forcibly stop the cheating that device-to-app/web attestation solves. And they can do so without leaking your identity to election officials if they care to! Just visit a government booth once in a while to have your identity signature renewed (and any prior signatures issued to your identity revoked). That’s how digital wallet passports and ID cards work already today anyways, with their photo/video/NFC processes.
Western sfbay-style tech was founded on the libertarian principle that one should be able to tell the government to fuck off and deny taxation, representation, blah blah etc. in favor of one’s armed enclave that does what it feels like. It’s fine to desire that, but it’s proven too radical to be compatible with the needs of nation-states or the needs they enforce satisfactions for on behalf of their citizens. Attacking attestation won’t solve the problem of the “State”, and has led us to a point where Google can claim truthfully to a “State” that the Android forks ecosystem isn’t competent enough to be trusted, because they can’t be bother to do attestations.
we've banned all graphic depictions from the internet, required a verified name attached to every blog post, and made sure to confirm everyone's digital passport before letting them resolve a DNS query, but at least now I can vote from me phone instead of having to go outside. The future is bright!
GrapheneOS has optional attestation, either local (another device) or remote (their server) attestation.
https://old.reddit.com/r/degoogle/comments/1mau7yl/eu_age_ve...
It really seems like tying this to Google violates some key principles of the EU market.
Who the hell wants this Internet...?
The under educated, unthinking unwashed masses. Just look at the tea leak. The amount of people that do not care about freedom or privacy on the internet vastly outnumber those that do. And because they do democracy unmasks itself in the digital realm as the tyranny of the unthinking majority.
Weep for the future.
ps: Had to add this post after the others identified the low class and the upper class as responsible for this ;). But depending on where you are, the low class might not be "the masses".
Scared rich people and bureaucrats
Unless their governments start issuing Android devices to all of their citizens, I don't understand how they can require use of this app for anything official.
Not sure who you mean by "they" but you already cannot use a lot of governmental services unless you have an Android or iOS device (at least in Austria). At least in practice that is almost impossible.
> you already cannot use a lot of governmental services unless you have an Android or iOS device (at least in Austria).
That's terrible. They have official services that require an app and can't be used via a standard browser or even paper forms? What do elderly people without smartphones do?
> What do elderly people without smartphones do?
They buy a smartphone and have their relatives set everything up for them. Not doing that isn't really an option because you can't even get your pension or planned (i.e. nonemergency) medical services anymore without going through the government mobile app.
If they don't have any relatives, they walk to the government building that used to solve these things for them using good old paper forms, and have officers there help them out. It's a completely braindead system that was envisioned by someone who has very little idea of how the common person lives.
Not that there are any channels to provide feedback, ironically enough. (Voting is a sham and has always been so here.)
Redacted, I wish...
To vote in the upcoming election, I was asked to upload an uncensored copy of an identity document to the website of the municipality of The Hague
To keep the domain I registered in 2014, the French TLD required me to send them the same thing by unencrypted email a few months ago. I tried sending a link to a PNG so it wouldn't linger in their inbox forever but they absolutely required it to be an attachment
To buy a prepaid card in Germany, I was required to show an uncensored identity document. I had put a tiny piece of tape tape over only the burgerservicenummer that the germans can't make use of anyway because it's the Dutch numbering system that's beholden only to specific authorities
There's scarcely anyone who appears to know what EU legislation says on identity numbers. The Dutch government themselves apparently don't
Who are the politicians making these decisions? How did they get elected? Did anyone vote for Totalitarianism 2.0?
I don't recall any party campaigning on reducing internet freedoms.
One thing I find reassuring is the nature of pushback on display on the repo (only read the first few comments there, mind you). Really not what I expected phrasing and rhetoric wise (unlike here), honestly kind of restored a very very tiny and fragile bit of faith in humanity in me, it's very reserved and reasonable stuff.
Who voted for this? Who asked for this?
This "think of the children" rhetoric targets encryption, anonimity, decentralized platforms, and private communication channels like messaging apps, VPNs, Tor, etc. It is nasty. Keep in mind that it does not actually prevent child exploitation and grooming. Most of the pedophiles are on Discord and Roblox anyways.
In any case, there are ways to prove someone is over 18 without revealing identity, but that is not that goal, is it? There are cryptographic schemes just for that, such as zk-SNARK, etc. ZKPs in general.
As much as the EU pretends there's some kind of united Europe, it covers different countries, with laws ranging from "sex work is just taxed work" to "all prostitution and porn is illegal". Even basic rights like gay marriage aren't consistent between member states.
Europeans were free to provide feedback to their representatives of course: https://ec.europa.eu/digital-building-blocks/sites/display/E...
However, everyone I've talked to about it said they don't care about it so they don't want to bother, which is probably what the people behind these laws are banking on.
I'm growing pretty tired of this rhetoric, but maybe this is a reasonable opportunity to discuss it:
- not all citizens of a jurisdiction are eligible for voting: in this case, cursory search suggests only 400M (88.8%) of 450M were eligible - seems a bit too high to me, but let's roll with it nevertheless
- not all who are eligible actually vote: voting in the EU parliamentary elections, which is what EU citizens can actually vote on, like most elsewhere, is not mandatory; it's a right, not a duty: turnout was 50.74%, and that is of the eligible population, so really just 45.1% (203M)
- most voting systems are mathematically unfair [0]: extensively researched, doesn't quite apply necessarily in this case though as per the next bit
- several key positions in the various bodies are elected indirectly: same here in the EU, at which point all bets are off
- laws, regulations, and policies are not voted for or against by citizens: same here in the EU too, nobody could have even possibly voted for this in the literal sense
It's a run of the mill representative system and I think it'd serve discussions a great deal if this was acknowledged properly. Surely it's agreeable at least that this wouldn't be such news if people were all just completely on board as the sentence "EU citizens voted for this." implies when read naively and literally.
I really don't see a point to this phrase other than inciting others. And before anyone brings it up, yes, this is common in US threads as well, yes, often expressed by EU folks against US folks, but no, that does not make this better. Why dig ourselves into rhetorical holes unnecessarily?
And "offering feedback" is not a vote or a voting I'd say.
[0] https://youtu.be/qf7ws2DF-zk
My dad gets by in his "my dad" way of life without a mobile phone at all, I wonder how much longer this will be possible. I was about to rant about being forced to have a mobile if you want to participate in society, but then he uses a desktop for some of the services for which the rest of us use a mobile, so my rant falls down in that, for a while now, to participate in society you've needed either a computer or a mobile.
Hopefully computer-only can eke out some kind of base-adequate participation for a while longer.
From a legal point of view, the app should be a reliable convenience feature and not replace traditional (physical) identity verification. How much your dad will be affected will depend on how shitty and lazy the services he uses are. If he doesn't use a phone or a computer, he probably won't notice the difference.
Also the EU: Well if you don't have a Google or Apple account you are not getting age verified.
If the proof can not be traced back to your identity, then what stops a person from creating large amounts of proofs and distributing them?
If the proof can be traced back to your identity, then... that would suck.
The reason you can't distribute a huge amount of proofs is that the app won't let you. To make sure the app won't let you, the app tries to verify that you're not running a modified app or a modified system environment. That's the remote attestation that "bans any android system not licensed by Google".
These tokens are signed and only usable for a limited amount of time so you can't just generate a million of them and sell them for others to use.
If the app can't rely on the system working as it should, it'll need to contain less privacy-friendly measures for limiting large scale token abuse.
For the proof to be traced back to your identity, you'd need to be tracked consistently across websites, possibly with the aid of the government itself. If ZKPs make it into the app, tracking you is basically impossible.
Of course, if you're authenticating with your full name and birth date, when opening a bank account for instance, you're not going to get the anonimity benefits. Still, you do get to see what party you've authenticated with and get a button in the app to request deletion or report suspicious behaviour if you think it was a scam.
If a user can only make one then they'll have to use that identity with that service forever. That's a nightmare for privacy. Sometimes people need another account, unknown to their employer/family/friends. People should be able to make multiple accounts without those being tied together through a common "age check" identifier. But, of course, there is no way to prevent those from being distributed.
At some level I believe that's the purpose behind some of this. If someone can only have one proof, then someone can only have one account to speak with. They'll be easier to monitor, easier to identify, easier to silence. That's why I think these types of laws and behaviors should be resisted and protested.
I've mentioned in a previous comment that it's telling that big tech isn't resisting these totally-just-coincidental ID laws coming from western countries. It supercharges their surveillance and tracking abilities, and widens their moats.
Also, porn is a smokescreen. The definition of "adult" content will rapidly expand, and these put the ID issuers in censorious a position of control over people and services. Nothing stops a government attestation server from rejecting a request because someone is blacklisted from "mass communication services" because they're a felon, protestor, LGBT activist, etc... or because a service has fallen out of favor.
Well, it's more like a framework, so not a ton of details. I've just glossed over it, but from what I can gather they have thought about it:
No personal data, especially no information from personal identification documents such as national ID card, is stored within an [Age Verification App Instance]. Only the Proof of Age attestation, specifically indicating "older than 18", is utilized for age verification purposes
Stored Verification(8b): [Relying Parties] may optionally store information derived from the Proof of Age attestation in the User's account, allowing the User to bypass repeated verification for future visits or purchases, streamlining the User experience. In this case, authentication methods such as WebAuthN should be utilised to ensure secure access while enabling the User to choose a pseudonym, preserving privacy. Risks in case of the device sharing should be considered.
[1]: https://ageverification.dev/Technical%20Specification/archit...
[2]: https://ageverification.dev/Technical%20Specification/annexe...
For all the shit Google deservedly gets they seem to be genuinely trying to implement good and privacy preserving solutions to a lot of these problems.
The issue of course is that there's essentially no way to do all this stuff with software and hardware the user actually controls themselves, so you end up with hard requirements that you use big tech as gatekeepers.
This is the slippery slope that IMO eventually ends the open web.
If you take that outcome as inevitable, which at this point I basically do given all the forces lined up to restrict access to information, I suppose Google is about the best steward you could hope for.
[0] https://blog.google/products/google-pay/google-wallet-age-id...
[1] https://news.ycombinator.com/item?id=43863672
I don't and I wish Google et al would take a god damned stand against it. All it takes is 2 or 3 big companies to just not play along with the destruction of the open internet (the very same responsible for their genesis and incredible success), and the bureaucrats will eventually relent. Unfortunately they've chosen the path of least resistance, which also is the path of regulatory capture to their sole benefit. Sad to see that win over the ideals of the early net.
I went on youtube in bed last night to watch a 10 minute video (that I knew I had to search for to find - it was a specific one), but the app opens to shorts and they're so damn stimulating that it was 30 minutes before I finally got to the vid I wanted. I started with pure agency and was immediately thrown off course. Say what you will about my discipline or habits, but imagine the affect this has on less... aware individuals such as children.
Walking around the world you see everyone buried in their phones.
There are aspects of this initiative that I totally welcome, if it has the result of some level of de-interneting. The argument is always "they do it to protect children first, then it comes for everyone". I hope they increase resistance for the end user. I agree its sad, but what we have currently is truly awful, and less of it is a good thing.
I understand that it may not have that effect and end up in the "worst of both worlds" situation. But I don't wan't google fighting any battles for me anymore. They might try on occasion to be respectful but their bottom line is to own my attention.
The linked Reddit discussion is about the issue of attestation in the EU age verification application requiring a licensed version of Android to function properly.
The EU is not banning non licensed Android systems. This would make it hard for EU citizens to use those though, if they need that app.
Seriously you can't make this stuff up.
It may be that the people in charge in the EU don't really care about the market dominance as long as they can collect enough extra money from them...
We don't need the governments to mass surveil us to protect us. We need them to sort the economy and stop invading countries and being deferential to corporate interests instead of the people they represent.
It's such an obvious push that If you don't want to see it, it makes me think you're shielding yourself to avoid contending with the reality: These politicians and govs all around, including the countries you claim "work" are absolutely power hungry and beholden to interests other than yours and will push for as much total surveillance as they can, including as much curtailment of freedoms as they can.
Obviously that won't mean elites will actually face justice or crimes will actually be solved because more surveillance is not accompanied with more government transparency, quite the opposite and bigger and more powerful burocracies, with more authoritarianism, allow for easy hidden exceptions that you can't question.
It's nothing new. Corruption is common. It's just mediocre to see "hackers" pushing for it just because the government and corporations tell them to, because foreign country bad, bad social media influences kids, drugs, word-ism, etc.
You say “so many people are advocating for this in HN” but this thread was empty except for one other comment (which was also critical of this) at the time you posted your comment.
HN and even the GitHub comments mostly start with the assumption that of course we should do this. Of course we should restrict social media to under 16/18s and either are in favor of ID to access the Internet or pretend it won't happen by consequence of this.
Now try to address what I said instead of poorly calling me out.
Or at the very least, many here support the goal of keeping children and/or teenagers off of social media entirely, while disliking the means of ID verification. But it's not like there's any other obvious means.
If you stretch the definition of "recent" to ~ 60d then you can also search for the pornhub/France thing. Quick google nets this thread: https://news.ycombinator.com/item?id=44210557. There are likely others, too... but I'm lazy :).
Please tell me exactly what you think and I can nitpick it vaguely instead of putting forth mine. Heh.
In any case, just look at the comments under my comment. You'll see them.
- https://news.ycombinator.com/item?id=44705630 (this is good, we need this). - https://news.ycombinator.com/item?id=44705597 (are you a conservative?! Anonymity should be reduced.)
Don't be disingenuous with your proof demands and tell us what you think and then we can discuss the merits of your argument.
The case that "so many" people are advocating this on HN. Sounds like a significant percentage!
> What's YOUR case. Assert a position
Their case is that you should give evidence.
> and provide proof in triplicate please. Please tell me exactly what you think and I can nitpick it vaguely instead of putting forth mine. Heh.
"you should give evidence" doesn't need its own proof. And nitpicking such a simple idea would be a waste of everyone's time.
"So many" means "so many". You're creating a straw man in bad faith.
What's your take on digital Age verification. Either provide useful commentary or stop trolling. Address the existence of the other comments I linked.
The internet used to be a bastion of freedom. That era ended around 2005.
Age verification is already a thing IRL, there is no reason to not extend it online considering so much of our lives is digital. Overall I think anonymity should be reduced on the internet in general - a big reason of the world issues, especially in USA is that ideas can grow in forums where people under etherial identities can tell lie after lie without any repercussion.
See, I wouldn't have as much of an issue if you were honest about this real intention, because of how on the nose it is to reasonable people.
The idea that I will have to upload 3D models of my face and ID, or get permission from Google, just to go online because you don't like the idea of someone else's kids using the internet is absurd.
Please stop using appeals to children in your quest to "stop ideas from growing".
Ah yes. Anonymity is the only thing that enables dishonesty and of course it's the government's moral duty to regulate it.
Once anonymity is banned, the world will be honest and good and True and we'll all look back on the Bad times thinking how silly we all were.
The best part of minority report was the way everything constantly tracked identity through retinal scans; i can't wait for the future!
It's a privacy preserving over 18 check.
Is it a "slope"? Sure, you can imagine an extension to the system that is "worse".
Is it "slippery"? This thing isn't draconian enough to be effective. It will be a minor speedbump that prevents exactly zero determined under-18's from accessing anything that they'd want to. So then the question is, does the government react by trying something more draconian, or does it give up?
Create a better, standardized, open-source parental control tool that is installed by default on all types of device that can connect to the web.
The internet aspect of the parental control should be a "Per Whitelist" system rather than Blacklisting. The parents should be the ones to decide which domains are Whitelisted for their kids, and government bodies could contribute with curated lists to help establish a base.
Yes, there would be some gray area sites like search engine image search, or social media sites like Twitter that can allow you to stumble into pornography, and that is why these devices that have the software turned ON, should send a token through the browser saying "Parental Control". It would be easier for websites to implement a blanket block of certain aspects of their site than expect them to implement whole ID checks systems and security to make sure that no leaks occur (look at the TEA app) like the UK is expecting everyone to do.
Also, I'm for teenagers (not little children) having access to pornography. I was once a teenager, every adult was, and we know that it's a natural thing to masturbate which includes the consumption of pornography for most in some way. Repressing their desires, their sexuality, and making this private aspect of their life difficult isn't the way. Yes, yes, there is nuance to it, (very hardcore/addiction/etc) but it should be up to the parents to decide with given tools if they trust their kid to consume such a thing.
As for the tool itself. Of course we have parental tools, but they can be pretty garbage, their all different, they're out of the way, and I understand that many people simply don't know how to operate them. That's why I believe that creating a standardized open-source project that multiple governments can directly contribute to and advertise for parents is the way, because at the end of the day, it should be up to the parents to decide these things, and for the government to facility that choice.
Obviously, besides the internet aspect, the tool should have all the bells and whistles that you'd expect from one, but that's not the topic.
EDIT: And yes, some children would find a way, just like they're doing now for the currently implemented ID checks. It's not lost of me that VPNs with free plans suddenly exploded in 4 digits % worth of downloads. A lot of those are tiny people who are smart enough. Or using an app like a game to trick Facial Recognition software.
It's just odd to see them bringing up America when their own government created this. Not the US. How about fight the actual problem instead of making sure the problem works on more devices.
Who cares if it's Google or an American company. The point is you decided to let the E.U dictate what software you can run on your phone.
If it's not unbelievably obvious, there's an entire class of people flying private jets to "world summits" where the transcripts aren't disclosed. What do you think is going on? Use your brain.
these people are monsters. don't help them, and don't be complicit. working on digital ID tech, and even disclosing vulns in it is like helping Hollerith make faster and more efficient punch cards.
Oh, so now we know who is pushing for age verification. FAANG
Will people sign up to banks and betting apps with their eu wallet digital identity?
https://news.ycombinator.com/item?id=43715884#43722778
Indeed, the bug links to another bug where the author says that it isn't restricted to Play Services remote attestation and recently followed up with a documentation update making that clear. https://github.com/eu-digital-identity-wallet/eudi-app-andro...
Unfortunate that it doesn't matter, because they're not going to accept anything that's not attested by some authority.
Attestation in itself is a bad thing, guaranteed to be horrifically abused in ways far, far worse than any problem it could possibly solve. You do not need to know what software I am running, period.
Your employer needs to know if your devices connected to its network have been rooted without your knowledge.
In any case, this is a completely different discussion from what OP alleged, which I hope we can all agree is completely false.
And a check for rooting against my knowledge probably becomes a check for rooting at all very quickly.
Adding to what I said earlier, this isn't even an app that any EU member state will use. It's just a PoC, as it says in the README. https://github.com/eu-digital-identity-wallet/av-app-android...
Unfortunately for the authors, the pitch forks are already out, and the mob is on the march. It's too bad that HN is contributing to it.
How sad is that, Europeans, you have fallen this low