The operating system was licensed by Google
The app was downloaded from the Play Store (thus requiring a Google account)
Device security checks have passed
While there is value to verify device security,this strongly ties the app to many Google properties and services,because those checks won't pass on an aftermarket Android OS
I would like to strongly urge to abandon this plan.
Requiring a dependency on American tech giants for age verification
further deepens the EU's dependency on America and the USA's
control over the internet.
Especially in the current political climate I hope I do not have
to explain how undesirable and dangerous that is.
As a resident of the aforementioned political climate, I find their concerns to be reasonable.
There are a number of comments in that same thread that indicate a mandate to utilize Google services may run afoul of EU member nations' integrity and privacy laws.
userbinator · 3h ago
"Device security checks" is the most horrifying aspect as it basically means "officially sanctioned hardware and software", and leads straight into the dystopia that Stallman warned us about in Right to Read.
There is some amusing irony in the EU relying on the US for furthering its own authoritarianism. It's unfortunate that freedom (in the classic rebellious, American sense) never became that popular in the EU, or for that matter, the UK.
nextos · 2h ago
> leads straight into the dystopia that Stallman warned us about
IMHO, the push for age verification is just a stepping stone towards requiring a mandatory ID for all social media posts made from EU. Given the current trends against freedom of speech, it's not unreasonable to think that by the end of the decade any site, including HN, might need to link usernames with their respective eIDs in case posts come from EU IP addresses.
> officially sanctioned hardware and software
Right now, if you want to run an alternative OS, it's already an uphill battle to use tons of member state services, as well as to do banking. Even if you have microG available, the situation is terrible. I imagine it's going to become harder. I cannot understand why the European Commission wants to reduce our reliance on FAANG services, and at the same time they make Google Play a de facto standard, reinforcing the mobile duopoly. In this context, free alternative mobile platforms, such as Sailfish, cannot flourish.
Zak · 1h ago
When Microsoft proposed such a scheme in the early 2000s under the name "Palladium", even the mainstream press decried it as a nightmare scenario. Google did pretty much the same thing in 2014 with Safetynet and there was barely a whimper. How did we lose our way?
wkat4242 · 24m ago
Back with palladium the people that used computers were still mostly knowledgeable like us. These days everyone carries a phone and nobody really understands the impact. In fact many people in the EU are even against the opening of iOS because they feel comfortable in apple's walled garden. Many people consider privacy a lost battle (I often get the argument "why are you railing against this, you have no privacy anymore anyway"). And that's from intelligent people usually.
userbinator · 59m ago
How did we lose our way?
They figured out that much of the population is easily manipulated and controlled by exploiting their desire for "safety and security" --- in stark contrast to that classic Franklin quote (yes, I know the context isn't the same, but the words are otherwise a perfect fit for the situation.) It's only a minority of the population; and I'd suspect a smaller minority in the EU than the US; which is willing to argue against it.
Next time you find yourself arguing for something or doing things a certain way, throw in an "it's better for security" or similar phrase with a plausible-sounding argument why, and see how easily it shuts down the opposition. In my experience, many won't even question it.
paleotrope · 20m ago
Politics and money.
Magnusmaster · 16m ago
It's already happening for several apps such as banking apps, payment apps, government ID apps, etc.
ars · 28m ago
My phone is rooted and passes "Device security checks", even though it's not supposed to.
I don't know how it works technically, but clearly there's a way to fake it.
ehnto · 1h ago
You don't even need to consider politics to acknowledge this is dangerous, wildly irresponsible of a government to tie internet access to a foreign corporate entity's control. The privacy concerns of not being able to use a device free from Google services, may only be second to the sovereignty issues it introduces.
Whoops, Google have delisted your government app from the Play Store, how quickly can you de-couple your citizens internet access from the corptocracy?
sidewndr46 · 30m ago
So remote attestation?
rightbyte · 4h ago
> As a resident of the aforementioned political climate, I find their concerns to be reasonable.
No. The lesson is that stuff like this is concerning what ever the "political climate".
Anyway, you mainly don't want the gov in your vicinity to snoop. Non-local OS:es is probably advantageous in that regard if you choose to run proprietary code...
johnnyanmac · 3h ago
>No. The lesson is that stuff like this is concerning what ever the "political climate".
We say this, but many also want to entrust all our PC games to one closed source launcher. Or have videos/TV all on one subscription service. There's definitely a spectrum of benevolent and greedy dictators people draw lines on.
dspillett · 3h ago
> many also want to entrust all our PC games to one closed source launcher
I think that is far more that people like the other closed source launchers less, and each launcher potentially adds it's own stream of notifications and adverts to their system so there is a cost to having multiple active even if the PC resource cost is practically undetectable.
Furthermore if comparing game launches and related issues to political climates, I'd consider all the current closed source ones to be the same in those respects. Also we are not subject to several local political climates at any one time in that way (though we are when looking at a wider scale, of course).
> Or have videos/TV all on one subscription service
While there are other issues (each service tracking you etc.) this is more due to the fact that each service charges what we used to pay (in fact more, as in some cases prices have gone up by more than general inflation) for a single service that provided the same amount of content that they cared about. This doesn't really equate to trust on political climates (except where commercial greed is considered a political matter).
lotsofpulp · 1h ago
> this is more due to the fact that each service charges what we used to pay (in fact more, as in some cases prices have gone up by more than general inflation) for a single service that provided the same amount of content that they cared about.
That is because the introductory prices were not 1 to 1 to the business’ existing revenue streams from cable and satellite transmission fees. Especially considering that before, there was a very limited supply of content restricted by time slots, and now you are buying far, far more on demand content without advertising breaks. And without contracts with a cable or satellite company.
People are spoiled, and don’t appreciate how much easier and cheaper it is to watch or listen to most content than it was pre streaming services.
One only needs to look at market cap graphs of the various media companies to see that streaming isn’t the cash cow people think it is.
A4ET8a8uTh0_v2 · 3h ago
This is genuinely a real issue. It seems that most people cannot forsee an issue down the road unless it just happens to personally affect them after it took place ( ideally immediately after ). Valve is a good example, because while it is providing good value for the service it provides, it will not stay like that forever, but the environment it did set up will. And it will hurt once MBAs divvy up that kingdom. Just sayin'
And obviously it is not just one arena, because it seems to be one glaring issue with human beings: they do not want to see the road ahead. And the ones they do are, at best, ignored.
decremental · 4h ago
From the telegraph.co.uk: "Elite police unit to monitor online critics of migrants" and there are people worried about the "political climate" in the US lmao
dmix · 5m ago
The UK in the last 2 decades has been far more totalitarian than the US, even up to 2025. But the people in England seem to happily accept it and openly defend government encroachment even here on HN, usually in the name of civility and protecting democracy. While even smallest steps towards eroding rights in US have people there decry it, so it's far more controversial and newsworthy
But it's nice so many people care about the last few places where hard freedoms exist. That sort of resistance should be encouraged. Even if it's for naive political ends.
fsckboy · 2h ago
>Especially in the current political climate I hope I do not have to explain how undesirable and dangerous that is.
this is not the way to make a point that the other party will find persuasive.
eru · 1h ago
What do you mean by 'the other party'? Many places have more than two parties.
wkat4242 · 16m ago
Yeah I'm glad I don't live in a two party state. The zero sum game politics that results in rips the country apart. You see this in the US and also in the UK (Brexit etc)
cwillu · 1h ago
“We have both kinds of music: country _and_ western”
0x_rs · 3h ago
The war on the free internet is accelerating. Without real push-back to these dystopian laws and consequences for the people proposing and lobbying for them, you'll miss what will ultimately end up being a temporary anomaly of mostly unrestrained free flow of information. It's not an hypothetical scenario or something that will develop down the line, it's happening today, worldwide.
RpFLCL · 2h ago
I heard from a friend last night that they were unable to see posts on X about current protests in their country because those were considered "adult" content which can now only be viewed after submitting to an ID check. Not porn, video of a protest.
You're 100% right that it's happening today.
btown · 1h ago
It’s really important to remember in this context that “the purpose of a system is what it does.”
Do not think for a moment that ID verification primarily protects children and only incidentally enables authoritarian restrictions on speech. Do not think for a second that verification initiatives are designed without anticipating this outcome.
Sadly the old guard of free speech and privacy activists on the internet has long gone, drowned by a sea of unprincipled populist reactionaries - if their team decided that the content is "problematic", then they are entirely justified in censoring and punishing the speakers for daring to speak it, and entirely justified in protecting everybody else from having to suffer the horror of reading/seeing/hearing it, and it matters not whether the mechanisms are legal or ethical because the ends justify the means.
fsckboy · 2h ago
>the old guard of free speech and privacy activists on the internet has long gone, drowned by a sea of unprincipled populist reactionaries
which is an unnecessary ideological divide if your concern is free speech and privacy; too bad the old guard of activists chose sides and alienated additional support for their cause.
stinkbeetle · 1h ago
> >the old guard of free speech and privacy activists on the internet has long gone, drowned by a sea of unprincipled populist reactionaries
> which is an unnecessary ideological divide if your concern is free speech and privacy;
What do you mean by this, an unnecessary ideological divide?
> too bad the old guard of activists chose sides and alienated additional support for their cause.
What sides did they choose and whose additional support did they alienate?
yupyupyups · 43m ago
There wont be any consequences if you expect them to legislate against themselves, or handcuff themselves and throw themselves into a cage.
Let's stop beating around the bush. We all know this doesn't make any sense.
quantummagic · 3h ago
They always start with "think of the children", but that's just the opening salvo. The wild west days of the internet are definitely behind us. We'll be lucky if we still have private personal computing in the future, or any semblance of free speech.
akersten · 2h ago
If we're to regain any ground here we need to adjust the messaging wrt terms like "wild west" - that's precisely the kind of terminology that scares the average voter into thinking the government needs to do something about this whole internet thing. We need to use patriotic and inspiring language, like "free" as in "free speech for the internet," or "safe and private" etc
deadbabe · 1h ago
It's not accelerating, it's over. We lost.
No comments yet
snickerbockers · 3h ago
The European union never ceases to amaze me. Whatever happened to becoming less dependent on American corporations?
They flip flop on this stuff at least once a month, and the most annoying part is that they always herald everything they do as some new epoch-defining initiative only to quietly forget about it and do the opposite a few months later.
If nation states are dogs, then EU is the chihuahua: loud, proud and extremely ineffective.
wting · 3h ago
Because of goomba fallacy.
The EU is not a hegemonic state, but rather an economic supranational organization. France/Germany tend to be primary proponents of increased EU strategic autonomy, while Poland/Czech/Baltic states are less supportive.
Similar to recent discussions of self-hosting, it's a tradeoff of autonomy/control vs efficiency.
wkat4242 · 28m ago
> Because of goomba fallacy.
> The EU is not a hegemonic state, but rather an economic supranational organization. France/Germany tend to be primary proponents of increased EU strategic autonomy, while Poland/Czech/Baltic states are less supportive.
Well obviously, these states know how bad the Russians are since they were terrorised by them for decades. They'll be the first on the chopping block. And they know that Europe does not have much deterrent of its own right now so they're screwed without the US. Though this will come.
alephnerd · 2h ago
> Germany tend to be primary proponents of increased EU strategic autonomy
Germany isn't doing this as much anymore, because Germany Inc has become increasingly dependent on their investments within the US [0], especially after the triple whammy of the Biden-era IRA [1], the sanctions on Russia sparking a domestic energy crisis [2], and Chinese players outcompeting German industry in China [3].
This can be seen with Germany purchasing American weapons for Ukraine over French objections [4]
> They flip flop on this stuff at least once a month
Because in the background it's a French vs German vs Irish vs Czech vs $insert_eu_state business interests competing with each other.
Notice how it's almost always French legislators and businesses that mention "domestic EU tech" and not Polish, Czech, Romanian, Dutch, or even German policymakers or businesses?
That's why.
National interests always end up trumping the EU in it's current form. And for a large portion of the EU, American BigTech represents the majority of FDI (tech and overall).
Japanese and Korean automotive players did the same thing with the US in the 1980s-90s in order to ensure their interests remained aligned (though the Plaza Accords did play a role)
ajsnigrutin · 2h ago
EU is a great chihuahua, authoritarian laws get passed, national politicians say that there's nothing they can do, but they benefit greatly from all the new posibilities of control over the internet.
I mean.. great for the politicians, not for an average european.
wmf · 2h ago
95% of Europeans are running American OSes today. Should age verification just wait 20 years for EurOS to be deployed?
queenkjuul · 2h ago
They could just choose not to depend on OS level verification tools
nemomarx · 1h ago
what's the rush on age verification? why does it need to happen now and not in a decade after working on digital ID and battle testing that etc?
wkat4242 · 15m ago
Because it's a conservative talking point. And they're appeasing them with all the extreme right parties popping up all over Europe
sensanaty · 1h ago
Why exactly do we need age verification, again? Other than the classic "But the children!" excuse of course.
wkat4242 · 27m ago
Yes please. Never would be even better.
Zak · 1h ago
Yes, and when that comes to pass, we should find something else it should wait another 20 years for.
Essentially, the core user journey is a privacy preserving "over 18" check. I suppose this prevents under 18's from accessing porn, in the same way that most blocking technologies impose an expense on everyone but fail to block tech-savvy children.
Doesn't seem like it could ever stop someone with a bittorrent client, unless you have to attest you are over 18 to even use bittorrent.
wkat4242 · 7m ago
If they could have stopped BitTorrent they would have long ago.
So no, this is totally ineffective. And it's not like there's actually a problem. There's no crisis of messed up kids or young adults. We all had access to porn in some form and we all turned out fine. I used to watch the late night pay tv which was just 'scrambled' by removing the sync signal. It was easy to put that back with some electronics chops. I saw my share of gangbangs and cumshots and I did not get messed up or get weird ideas. In fact I often get compliments I'm a sensitive and caring lover.
So did most of my school friends. Also video tapes got passed on at school and later CDroms (when the writable DVD came I was already an adult).
This is all to mitigate a "crisis" which doesn't actually exist.
washadjeffmad · 59m ago
It seems reversed, that the default is legal eligibility, and that minors should need to prove their status. They're the ones who need policing, after all, not us.
For instance, it's not illegal for me to be served alcohol. If I'm not carded when being sold a drink, nothing illegal has taken place.
If the lawmakers are being cowards and not saying they want to round up and ID all the children from birth until they are eligible to participate in the adult world, that's their battle to fight and not our burden.
GaggiX · 4h ago
>but fail to block tech-savvy children.
If I were a kid, I could see myself downloading Opera GX and enabling the free VPN. It's probably not "tech-savvy" because the browser gets a lot of ad views on YouTube; it would be pretty obvious.
avidiax · 4h ago
Or using a torrent. Or trading a fileshare with your friends. Or finding a box in the woods. Or finding dad's "tax returns" folder. Or getting on TOR. Or finding an open directory. Or asking AI to produce something.
Basically anything other than going to a legally compliant website and trying to attach your mom's passport to the age verification app and doing the challenge.
lotsofpulp · 3h ago
> Or finding dad's "tax returns" folder.
I would want to sit in on this audit.
latentsea · 4h ago
I think social media does more damage than porn. We should just instead legislate that all social media has to shutdown and just let everyone watch porn and be done with it. Sure, you wind up with ED if you watch that stuff since you were a kid, but hey, if birth rates around the world are anything to go by, no one seems to really want to bring children into this world anymore anyway, so it's not as if that actually matters anymore.
I think I have become far too cynical.
avidiax · 4h ago
The one good thing (in principle) about a service like this is that social media is much more centralized, so this kind of system could put seemingly-effective age restrictions on social media. For example, no under-14's, or under-14 requires a supervising guardian and has other guardrails.
But this still wouldn't stop determined kids from VPNing to another country to make their account, and wouldn't stop peer pressure on kids from bleeding to parents to help them.
zeta0134 · 3h ago
I keep coming back to the actual solution being to keep kids off the internet period. If you are under 18, and online without some sort of adult supervision, we have failed you. Maybe that ship has sailed with so much coursework requiring online access, but I maintain that perhaps we should declare it lost at sea and try again.
Because the practical reality here is, like, porn is the big scary word, but the actual danger to kids is *other people.* Other addictions still exist. Removing one vice without solving the underlying systemic problem merely shifts the goalposts, and everyone is up in arms about what a slippery slope that is for good reason.
EDIT: Clarity here because I phrased that badly in a hurry: I'm in disfavor of internet access being a requirement for schoolwork, but I failed to set that context initially. If parents trust their kids enough with access, once they've reached a certain point of maturity, that's fine. I'm against technological age gates and I'm against removal of bad content from the net at large. Parents should decide when their kids are ready, and guide them appropriately.
I will leave my original remarks unedited so the remaining discussion is sensible. (Sorry!)
Hizonner · 3h ago
> I keep coming back to the actual solution being to keep kids off the internet period.
W T F ? ? ?
> Because the practical reality here is, like, porn is the big scary word, but the actual danger to kids is other people.
Bad news, Champ. Other people also exist off of the Internet. They always have. The world is not entirely safe. And that does not mean children shouldn't get to be part of the world.
The main problem here is panicky idiocy.
cosmic_cheese · 2h ago
While there are absolutely issues with kids coming across things they shouldn’t, I’d argue an equally large issue is parents buying into the delusion that they can keep their children contained within a bubble of perfect innocence until adulthood.
That idea has never really been realistic short of keeping them isolated from society until 16-18 (which most would consider abuse), but it’s not even slightly possible today with how readily available information has become. It’s an inevitability that they will learn about the topics you’ve been avoiding and take on external influences you may not approve of.
Now to be clear, I’m not advocating for letting kids run wild on the internet with no guardrails, especially earlier on. Guardrails are important, but it’s even more important in my opinion to try to stay ahead of what they may encounter by talking with them about those things so when they eventually run across it, they’re not flying blind and might even seek your guidance about the incident since they know you’re not going to get angry about it. That’s much more likely to bring positive outcomes than if they ran into these things without parental support.
zeta0134 · 2h ago
Yeah, I'm nodding in agreement here for the most part. I didn't mean to suggest crazy helicopter parenting surveillance nonsense, just ... the idea that giving young minds the whole dang net and letting them loose without any guidance or oversight is kinda dangerous. Growing up we always had an adult in the computer lab, or the library, where most computer coursework was being taught. I had "the real internet" right there, but if I actually got into trouble, someone was bound to notice, and I could always ask for help.
The point I was actually trying to make is just this: if the parent's goal is to block content, then the simplest thing to do is to be there when the child is surfing the net. That shouldn't take crazy technological measures. At some point, most parents realize their kids are mature enough to handle things and back off, but the parent should be making that call for their own kid. I don't think the government should be doing it on their behalf. If the government believes the internet is dangerous for young minds, then it should focus on the thing it can control: educational curriculum, primarily. Trying to "fix the internet" is a fool's errand.
sillysaurusx · 3h ago
Couldn’t disagree more. I watched my first beheading video at 13, let alone porn. I still remember it, Nick Berg. I think I turned out ok. My online freedom was largely why I became who I am.
As for other people being the danger, there’s some truth to that for women. I have a daughter, so this will be a concern. But you know, she won’t die. Everyone goes through trauma. The key here is to make sure she feels comfortable enough to talk to me and to my wife before doing anything (too) stupid.
I snuck out of my parents’ house to go see a girl when I was 16. Took my dad’s station wagon. On the way, some car tried to pass me and ended up hitting a big truck on the side. Truck was fine, I was fine, that fella was not. He ended up on the side of the road. Me and trucker just kept going. I still think about that guy a lot, because obviously the correct thing to do would have been to call 911, but I was a dumb 16yo who was out past midnight to go see a girl.
Point is, if things went a little differently, I could have been the one who crashed, or even dead. But that doesn’t mean that the girl I was going to go see was somehow a threat to me. It means I was doing something dangerous.
Again, this is easy to say as a man. The threat model for women is different. But prohibiting minors from the internet without supervision is totally absurd, and I feel bad for any parent who helicopters their kids like that.
Ultimately your kid will grow up and have their own life. Do you want to be remembered as the parent who had them under lock and key in the name of safety, or as a parent who monitored from a distance and occasionally let them do stupid things so that they could learn from it? For me, the latter is far more preferable.
zeta0134 · 2h ago
I'm kindof horrified that your immediate response is to defend a beheading video as something a 13 year old should watch. As a normal thing. What the actual hell. Like, the rest of your argument has some good points, but you led with something guaranteed to offend.
I was not clear enough, so I will try again. If parents do not want their kids to access "bad content", whatever that means to them, then they need to supervise the access. If parents are okay with their kids accessing bad content, then that choice is theirs to make. The internet itself should not be the gatekeeper here, neither should the government, but the parents do need to actually parent. I do not believe technology should be doing the parenting. And BECAUSE I believe this is a choice the PARENT should make, I also do not believe unfettered access to the internet should be a requirement for students. As long as that is a requirement, the parents aren't in control, and we get draconian laws trying to "fix the internet."
You have wildly misinterpreted my intent, and admittedly it is because my opening sentence was poorly phrased.
sillysaurusx · 2h ago
I largely agree with your second paragraph, but the solution isn’t necessarily to give parents control, but rather to stop draconian laws from passing.
As far as the beheading video, why be offended? Yes, I think teenagers will be naturally curious, and that gore videos will be on their watch list along with porn. It was true for most of my friends, and admitting this truth rather than running from it is how you deal with it. It’s not "defending" when it happens as a matter of course.
Again, you’re basically arguing for draconian powers not for the government but for the parents. To me, this is two sides of the same coin; whether the jailer is the government or the parent, when I was a teen both would have been the enemy. I personally don’t want my child to think of me as the enemy. Other parents can make different choices.
And yes, I think it was fine for me to watch that video when I was 13.
heavyset_go · 2h ago
> Ultimately your kid will grow up and have their own life. Do you want to be remembered as the parent who had them under lock and key in the name of safety, or as a parent who monitored from a distance and occasionally let them do stupid things so that they could learn from it? For me, the latter is far more preferable.
You're trying to logically and emotionally appeal to people whose amygdala have been hijacked by a moral panic.
I agree with you, but good luck.
jajuuka · 2m ago
I think this misses the forest for the trees. I could care less if the app requires a Google Android phone or non-jailbroken iPhone to work. I care that age verification exists in the first place, when it most definitely shouldn't. Arguing and ranting about how a huge privacy compromise functions misses the point that privacy is being compromised.
It's just odd to see them bringing up America when their own government created this. Not the US. How about fight the actual problem instead of making sure the problem works on more devices.
reactordev · 4h ago
Asking my EU friends, why do you let yourselves be bamboozled by the US tech companies when you’re totally capable of doing it yourselves?
Seriously. You don’t need Google. You just need a plan and a will to execute.
mosura · 3h ago
It is amazing. All the US companies have to do is dangle a “free” solution and the EU will go for it, and then be all surprised pikachu at the terms they agreed to.
nsksl · 3h ago
Where do you get from that we are capable of doing it ourselves? All EU-made software I've used was terrible, and the one that was a bit better than terrible was bought by a US company.
Jensson · 1h ago
Where do you live? I live in Sweden and I have used a lot of not so bad software from Sweden. Maybe its just your country, but at least in Sweden the government can make software for its services that works well, better than what I've seen from the US government.
> and the one that was a bit better than terrible was bought by a US company
But here you say EU can make great software? Just that USA then buys it. So we should just ban USA from buying our great software companies, is that what you are saying?
bee_rider · 3h ago
Most closed source US software is garbage too. Some stuff, like Steam, is beloved anyway. But actually the program itself is terrible and slow even on decent computers.
Struggling to think of corporate produced software that doesn’t suck. iOS Safari is ok, I guess.
meowface · 2h ago
Sure but "almost all tech is bad but almost all non-bad tech is American" in effect means European software is seen as bad. (And as an American who's spent a lot of time in Europe, this has been my experience, personally.)
In America the least bad stuff eventually rises to the top. In Europe it feels like it's all just one shared pit.
Jensson · 1h ago
> almost all non-bad tech is American
The reason is because Americans buy the other tech firms, so its not because they don't make non-bad tech its because USA just monopolizes it via very aggressive acquisitions.
amelius · 4h ago
You need a pile of money first. And that works differently in the EU.
reactordev · 4h ago
You have sovereignty of the EU and nations willing. Don’t say it will take money. Money is fake. You can do this.
Everyone’s ready. The only reason US is wealthy is those subscription fees and vendor lock in we have.
amelius · 4h ago
They will be sued by Google for illegal state aid.
reactordev · 17m ago
Cool, in what court? EU court? It would be the EU doing this. Want to do business in the EU, GDPR extends to giving us the keys as well if you’re going to valet park here. Or they can go kick rocks while smart engineers in member countries build a new android. After all, a lot has changed since someone decided to bolt Java onto a Linux kernel.
globalnode · 4h ago
who cares, money is fake (as stated above), pay the fines and move on with an EU OS
johnnyanmac · 3h ago
how does a pile of money work in the EU?
heavyset_go · 2h ago
The same way it does anywhere else.
LtWorf · 2h ago
Investors want a realistic plan to make money, they will hardly fund anything without a clear strategy on how to make money.
bluecalm · 1h ago
The only will you get from EU is to protect incumbents and the only plan is to make another centrally planned fund that distributes money to chosen entities.
EU is very good at removing the carrot while wielding a big stick for would be entrepreneurs.
TrackerFF · 2h ago
Lack of capital. Fear of consequences.
Google rolls into town and wants to spend half a billion euro on a datacenter? Sure thing. They'll say that it'll boost the local economy while being built - by creating a couple of thousand jobs for the contractors that are going to build and maintain it, and then some onsite jobs for the next decade or two, creating a couple of hundred jobs for techs / engineers.
And as long as they keep playing ball with google, projects like that will pop up once in a while. If you're difficult, there's also a risk of the rich tech companies taking their business some other place.
With that said, I've recently noticed more voices for building our own stuff - as there's a real risk that US tech companies will simply comply if pushed enough, say, by a POTUS that's out for blood and wants to hurt certain foreign users. Ban/lock out certain users from gaining access to software, turn off their infrastructure, etc. who knows.
But, alas, there just isn't the same willingness to pour in capital on the important things. For private investors it doesn't make much sense, unless they have a bulletproof contract with domestic users willing buy their service - and using state funds isn't too popular, either.
Truth be told, any of the big tech businesses can undercut any competition, and probably build better and faster. If anything, it could be the case for tariffs - outsourcing critical infrastructure will leave you very exposed. If European countries all over the board started to abandon US tech companies, they'd cry to Trump, who in turn would probably start a trade-war.
reactordev · 20m ago
Now replace Google with an EU company doing it in the EU for EU jobs and everything you described. It’s not like money only comes from the US.
You are right to be worried. US companies under this administration can’t be trusted to follow the law. Why should they, when our commander in chief isn’t and has a panel of judges who let him do whatever. Just the other day he suggested Obama be investigated for treason. So yeah, we’re toxic, and you all should seriously quarantine yourselves.
snickerdoodle12 · 3h ago
Because politicians are corrupt
alephnerd · 3h ago
Because national interests always end up trumping the EU in it's current form.
American companies like Google [0][1], Amazon [2][7], and Microsoft [3][4][5][6] have spent billions in FDI and hiring, thus building strong relationships with EU states like Ireland, Romania, Poland, Finland, Sweden, and others, but French and German competitors haven't (or don't exist depending on the service or SLA).
This means a significant portion of EU member states have an incentive to maintain the relationship, because the alternative means significant capital outflows. A Polish legislator doesn't have to answer to French voters, so they will incentivize the relationship with BigTech. Thus, these nations will lobby tooth and nail against destroying the relationship.
It's the same reason Hungary courts Chinese FDI [8] and enhancing the Sino-Chinese relationship as leverage against the EU pushing too hard [9].
It's largely a political issue. At this stage you can't create alternatives to Google and other U.S. tech giants without removing them from the market (so essentially the Chinese approach, which has allowed them to build their own massive tech giants). But that path is nearly impossible for the EU due to the risk of U.S. retaliation. The EU can't even implement a digital tax.
You also can't just say, "Here's a few hundred billion in public support to create alternatives to U.S. tech giants", because the U.S. would argue that it's unfair state aid and retaliate.
There isn't enough private capital in the EU with the risk tolerance required to take on such a challenge independently.
We also lack a reserve currency like the USD, so we can't print $2 trillion a year, much of which ultimately flows into the U.S. stock market and further boosts U.S. tech companies, making competition even harder.
EU markets are already fully penetrated by U.S. behemoths that can either withstand or acquire any privately funded competitor, thanks to their massive cash flows and valuations.
For all these reasons, the outlook isn't very promising.
bluecalm · 1h ago
>>There isn't enough private capital in the EU with the risk tolerance required to take on such a challenge independently.
That can be improved by making traditional investments (real estate, land) less attractive while making investments into businesses more attractive. You just need to change tax incentives by removing capital gain tax and introducing real estate/land value tax (or raising it).
Removing red tape would help as well and then making the common market really common.
As it is there is very little incentive to invest in companies here.
lossolo · 42m ago
> That can be improved by making traditional investments (real estate, land) less attractive while making investments into businesses more attractive. You just need to change tax incentives by removing capital gain tax and introducing real estate/land value tax (or raising it). Removing red tape would help as well and then making the common market really common.
That's unrealistic. Majority of people in the EU own property and/or land, and no one wants to pay even more taxes on it. In my EU country, the majority of politicians own more than two apartments. I don't see them working against their own interests.
boroboro4 · 2h ago
Russia can do it. Thinking EU can’t shows only how low the self esteem is. And it’s a very sad story. EU needs to wake up sooner rather than later.
esseph · 2h ago
I'd argue Europe is further in to their economic decline that the US, but both are in a downward trajectory
lossolo · 37m ago
> And it’s a very sad story. EU needs to wake up sooner rather than later.
Indeed, it's a very sad story. I'm afraid the EU is in a coma, so waking up is not a given.
yupyupyups · 57m ago
This has nothing to do with age verification, but everything to do with identifying users on various services. They can compell the providers of said services to give them access to how each, now identified, user is using the service. Since a lot of our lives are digital, this is a major transfer of power from the people to a select few.
A question I have is who voted for this? I sure didn't.
nabakin · 2h ago
Unfortunately this isn't the first time a government has banned Android devices which are not licensed by Google. GrapheneOS has a list of them[1]
I use GrapheneOS as a daily driver and I absolutely love it. It should be the default. There's already one app I use that must do something similar and absolutely just won't run on it, so I have an entirely separate phone running stock Android just for that one app. Still worth the hassle.
Glad I don't live in a place where all this madness is taking root, but still, the trend itself sucks.
superkuh · 4h ago
The only winning move is not to play the game. One has to have a phone these days but you don't have to do your computing on it (during personal time). Use a real computer instead.
IlikeKitties · 1h ago
> I would like to pay for goods and services online.
> Very well sir, which digital payment service would you like to use?
> It doesn't matter they all force me to use my phone.
latentsea · 3h ago
Great advice that I just can't take.
ajsnigrutin · 2h ago
It's not a tech issue, it's a regulation issue.
EU wants to push more control on the internet, today it's "think of the children" but when the infrastructure is rolled out, it'll be "real name verifiction" on social media, chat control, etc.
Whoever is pushing this in EU has to be removed before things will get better.
hansvm · 1h ago
Luckily France is part of the EU. They seem to have better removal tools than the rest of us.
titanomachy · 4h ago
Without getting into the ideological weeds too much, is there a solid technical reason for this? Like if this verification wasn’t in place, could I just alter the source code or binary to always return “yes I’m 18” (or whatever) and completely subvert the intent of this tool? If so, is there a straightforward way to prevent this without involving Google?
Aaargh20318 · 3h ago
> if this verification wasn’t in place, could I just alter the source code or binary to always return “yes I’m 18” (or whatever) and completely subvert the intent of this tool?
Kinda, yes.
(slightly simplifying the mechanism here)
This seems to be based on the EU Wallet project, which is still work in progress. The EU wallet is based on OpenID (oidc4vci, oidc4vp). The wallet allows for selective disclosure of attributes. These attributes are signed by a issuing party (i.e. the government of a EU country). That way a RP (relying party) can verify that the data in the claim (e.g. this user is 18+) is valid.
However, this alone is not enough, because it could be a copy of that data. You can just query a wallet for that attribute, store it and replay it to some other website. This is obviously not wanted.
So the wallet also has a mechanism to bind the credential to a specific device. When issuing a credential the wallet provides a public key plus a proof of possession of the associated private key (e.g. a signature over an issuer-provided nonce) to the issuer. The issuer then includes that public key in the signed part of the credential. When the RP verifies the credential it also asks the wallet to sign part of the response using the private key associated with that public key. This is supposed to prove that the credential was sent by the device it was issued to.
Now this is where the draconian device requirements come in: the wallet is supposed to securely store the private key associated with the credential. For example in a Secure Enclave on the device. The big flaw here is that none of this binding stuff works if you can somehow get access to the private key, e.g. on a rooted phone if the wallet doesn't use a secure enclave or with a modified wallet app that doesn't use a secure enclave to store the private key. You could ask a friend who is 18+ to request the credential, copy it to your phone and use that to log in.
rkagerer · 1h ago
What if I refuse to buy a device with a secure enclave that I don't have access to? Am I now censored from a chunk of the internet?
Is the EU essentially foisting a someone-else-owns-your-keys regime onto their citizens?
IlikeKitties · 1h ago
> What if I refuse to buy a device with a secure enclave that I don't have access to? Am I now censored from a chunk of the internet?
The idea is that once you get used to that, you will get censored from all the internet.
> Is the EU essentially foisting a someone-else-owns-your-keys regime onto their citizens?
Not quite, it's the EU essentially foisting a don't-use-free-software regime onto their citizens
snickerdoodle12 · 3h ago
Wouldn't it make way more sense to just have the RP supply a nonce that gets signed by the IDP? Isn't this how oidc works already?
fluidcruft · 4h ago
I'm pretty sure all you need is the ability to login to a website and for that site to vouch for your age based on having examined your identification documents (or something like a network of PGP web-of-trust type notaries). I have a hunch that using a hardware token and biometrics is required to prevent fraud (FIDO and passkeys etc should work). The trick is preventing simulated tokens from existing/working which is where secure boot etc enter the picture.
altairprime · 3h ago
You would need to release a kernel and OS that requires users who modify the attestation and hardware token components of it to provide their own signing key rather than your production EU-registered one, chained back to the HSM signature emitted by the phone’s HSM signed bootloader; and then you would simply let the app check that its secure boot attestations chain to a secure bootloader/image/OS triplet that’s on file with the EU. Mix in some tech spice for the EU to prohibit OS releases that are validly signed but whose specific instance of a signature is found to be exploitable to bypass age checks and you’re set. None of this would prevent users from modding their devices, any more than macOS prevents modifications today if you turn off the security protections; but once you turn off the security protections, it can no longer attest with Apple’s signature because your modifications don’t match the signature any longer, and so Apple Wallet is inaccessible.
None of this prohibits users from modifying their bootloader, kernel, or OS image; but any such modification would invalidate the secureboot signature and thus break attestation until the user registered their own signatures with the EU.
The EU currently only transacts with Google in this regard because, as far as I know, they are the only Android OS publisher (and perhaps the only Linux publisher?) that bothered to implement hardware-to-app attestation chaining live in production end-user devices in the decades since Secure Boot came onto the scene. All it takes to change that is an entity who has sufficient validity to convince them that outsourcing permitted-signature verification to Google is unethical, which it is.
It’s a safe bet that Steam Linux was already working on this in order to attest that the runtime environment is unmodified for VAC and other multiplayer-cheating prevention systems in games — and so once they publish all that, I expect we’ll find that they’ve petitioned their attested OS signature chain to the EU as satisfying age requirements for mature gaming.
The vendor lock-in here is that Apple and Google and, eventually, Valve, are both willing to put the weight of their business behind their claims to the EU that they do their best to protect the security of their environment from cheaters, with respect to the components required by the EU age verification app. The loophole one could drive a truck through that the EU has left open to break that lock-in in the future? Anyone can petition the EU to accept attestations from their own boot-kernel-OS chain signatures so long as they’re willing to accept the legal risks visited upon them if found to have knowingly permitted exploitation for age check bypasses, or neglected to respond in a timely and prudent manner when notified of such exploitability by researchers — and if the EU rejects their petition improperly, they’ll have to answer for that to their citizens.
Hizonner · 3h ago
> None of this prohibits users from modifying their bootloader, kernel, or OS image;
... unless they don't want to turn their device into a boat anchor that nothing else will talk to. It's not going to stop with age verification.
Counterproposal: fuck attestation, and fuck age verification. Individual users, not corporations, associations, or organizations, get to use any goddamned software they want any time they want for any purpose they want, and if you set up some system that can't deal with that, tough beans for you.
fluidcruft · 1h ago
Or just rely on a separate trusted hardware device (think: USB+NFC yubikey) when the device itself can't be trusted.
akersten · 3h ago
> that bothered to implement hardware-to-app attestation chaining live in production end-user devices
This is why it's important that initiatives like Web Environment Integrity fail. Once the tools are in place, they will always be leveraged by the State.
> and so once they publish all that, I expect we’ll find that they’ve petitioned their attested OS signature chain to the EU as satisfying age requirements for mature gaming.
I hope that Valve pays no mind to this nonsense and continues to allow art to be accessible to anyone.
altairprime · 3h ago
That ship sailed decades ago when Intel promoted Secure Boot as a defense against malicious modifications; it stops rootkits and it stops cheaters, what more could one ask for, etc. App attestation of this sort has been offered in certain enterprise/government Windows 10 SKUs since day one. Apple’s web attestation protocol has been live on all T2 devices for about as long as T2 has been out.
Governments have real and serious need for verifications that are backed by their force. They’re a government; they are wielding force upon citizens by doing this, knowingly and intentionally. That is a normal and widespread purpose of the State existing at all: to compel people to align with the goals of the State, whether members of the State like it or not, until such time as the State’s goals are changed by whatever means it permits or by its collapse.
If this pans out for them, as cryptographically it will but remains to be how vendors and implementations handle it at scale, then they can introduce voting from your phone — the previously-unattainable holy grail of modern democracy — precisely because it lets the government forcibly stop the cheating that device-to-app/web attestation solves. And they can do so without leaking your identity to election officials if they care to! Just visit a government booth once in a while to have your identity signature renewed (and any prior signatures issued to your identity revoked). That’s how digital wallet passports and ID cards work already today anyways, with their photo/video/NFC processes.
Western sfbay-style tech was founded on the libertarian principle that one should be able to tell the government to fuck off and deny taxation, representation, blah blah etc. in favor of one’s armed enclave that does what it feels like. It’s fine to desire that, but it’s proven too radical to be compatible with the needs of nation-states or the needs they enforce satisfactions for on behalf of their citizens. Attacking attestation won’t solve the problem of the “State”, and has led us to a point where Google can claim truthfully to a “State” that the Android forks ecosystem isn’t competent enough to be trusted, because they can’t be bother to do attestations.
akersten · 2h ago
> If this pans out for them, as cryptographically it will but remains to be how vendors and implementations handle it at scale, then they can introduce voting from your phone — the previously-unattainable holy grail of modern democracy — precisely because it lets the government forcibly stop the cheating that device-to-app/web attestation solves. And they can do so without leaking your identity to election officials if they care to! Just visit a government booth once in a while to have your identity signature renewed (and any prior signatures issued to your identity revoked). That’s how digital wallet passports and ID cards work already today anyways, with their photo/video/NFC processes.
we've banned all graphic depictions from the internet, required a verified name attached to every blog post, and made sure to confirm everyone's digital passport before letting them resolve a DNS query, but at least now I can vote from me phone instead of having to go outside. The future is bright!
walterbell · 45m ago
> the Android forks ecosystem isn’t competent enough to be trusted, because they can’t be bother to do attestations
GrapheneOS has optional attestation, either local (another device) or remote (their server) attestation.
It really seems like tying this to Google violates some key principles of the EU market.
mk89 · 3h ago
I am not sure if I am more disturbed by the user journey they want to introduce for accessing websites or the fact that a private company (american, chinese, I don't care) has to become the gatekeeper to let me in.
Who the hell wants this Internet...?
IlikeKitties · 1h ago
> Who the hell wants this Internet...?
The under educated, unthinking unwashed masses. Just look at the tea leak. The amount of people that do not care about freedom or privacy on the internet vastly outnumber those that do. And because they do democracy unmasks itself in the digital realm as the tyranny of the unthinking majority.
Weep for the future.
heavyset_go · 3h ago
> Who the hell wants this Internet...?
Scared rich people and bureaucrats
potato3732842 · 4h ago
If you're wondering what regulatory capture looks like, this is it.
wmf · 2h ago
It's more likely to be laziness by the developers.
djrj477dhsnv · 4h ago
What kind of services will use this app?
Unless their governments start issuing Android devices to all of their citizens, I don't understand how they can require use of this app for anything official.
the_mitsuhiko · 4h ago
> Unless their governments start issuing Android devices to all of their citizens, I don't understand how they can require use of this app for anything official.
Not sure who you mean by "they" but you already cannot use a lot of governmental services unless you have an Android or iOS device (at least in Austria). At least in practice that is almost impossible.
djrj477dhsnv · 4h ago
By "they" I meant EU member state governments.
> you already cannot use a lot of governmental services unless you have an Android or iOS device (at least in Austria).
That's terrible. They have official services that require an app and can't be used via a standard browser or even paper forms? What do elderly people without smartphones do?
homebrewer · 4h ago
I am in a similar situation, with very aggressive push for turning all banking and every government service into mobile applications only.
> What do elderly people without smartphones do?
They buy a smartphone and have their relatives set everything up for them. Not doing that isn't really an option because you can't even get your pension or planned (i.e. nonemergency) medical services anymore without going through the government mobile app.
If they don't have any relatives, they walk to the government building that used to solve these things for them using good old paper forms, and have officers there help them out. It's a completely braindead system that was envisioned by someone who has very little idea of how the common person lives.
Not that there are any channels to provide feedback, ironically enough. (Voting is a sham and has always been so here.)
wmf · 2h ago
They will support iOS and Android which covers 99.9% of the population.
AAAAaccountAAAA · 1h ago
What about the rest? Don't basic rights apply to them?
perching_aix · 1h ago
This collision course has been a long time brewing, though I'm not even sure why integrity checking is included in this. The data source for the age information is the governments, there's no need to trust the clientside per se, it's just a middleman.
One thing I find reassuring is the nature of pushback on display on the repo (only read the first few comments there, mind you). Really not what I expected phrasing and rhetoric wise (unlike here), honestly kind of restored a very very tiny and fragile bit of faith in humanity in me, it's very reserved and reasonable stuff.
bluecalm · 1h ago
Funny how EU politicians complain about dependency on American tech and the next day do something like this.
It's all cheap talk anyway as they have 0 intention to make EU based alternatives possible but it's rarely in your face so much.
aniviacat · 4h ago
Does anyone know how this is implemented?
If the proof can not be traced back to your identity, then what stops a person from creating large amounts of proofs and distributing them?
If the proof can be traced back to your identity, then... that would suck.
RpFLCL · 2h ago
Even if they can't be traced back to a name/photo identity, it would still be a privacy disaster if you could only make one proof per service.
If a user can only make one then they'll have to use that identity with that service forever. That's a nightmare for privacy. Sometimes people need another account, unknown to their employer/family/friends. People should be able to make multiple accounts without those being tied together through a common "age check" identifier. But, of course, there is no way to prevent those from being distributed.
At some level I believe that's the purpose behind some of this. If someone can only have one proof, then someone can only have one account to speak with. They'll be easier to monitor, easier to identify, easier to silence. That's why I think these types of laws and behaviors should be resisted and protested.
I've mentioned in a previous comment that it's telling that big tech isn't resisting these totally-just-coincidental ID laws coming from western countries. It supercharges their surveillance and tracking abilities, and widens their moats.
Also, porn is a smokescreen. The definition of "adult" content will rapidly expand, and these put the ID issuers in censorious a position of control over people and services. Nothing stops a government attestation server from rejecting a request because someone is blacklisted from "mass communication services" because they're a felon, protestor, LGBT activist, etc... or because a service has fallen out of favor.
magicalhippo · 4h ago
The technical specification can be found here[1], with further details here[2].
Well, it's more like a framework, so not a ton of details. I've just glossed over it, but from what I can gather they have thought about it:
No personal data, especially no information from personal identification documents such as national ID card, is stored within an [Age Verification App Instance]. Only the Proof of Age attestation, specifically indicating "older than 18", is utilized for age verification purposes
Stored Verification(8b): [Relying Parties] may optionally store information derived from the Proof of Age attestation in the User's account, allowing the User to bypass repeated verification for future visits or purchases, streamlining the User experience. In this case, authentication methods such as WebAuthN should be utilised to ensure secure access while enabling the User to choose a pseudonym, preserving privacy. Risks in case of the device sharing should be considered.
This is the pr on it [0]. It was linked on hn at the time too [1]
For all the shit Google deservedly gets they seem to be genuinely trying to implement good and privacy preserving solutions to a lot of these problems.
The issue of course is that there's essentially no way to do all this stuff with software and hardware the user actually controls themselves, so you end up with hard requirements that you use big tech as gatekeepers.
This is the slippery slope that IMO eventually ends the open web.
If you take that outcome as inevitable, which at this point I basically do given all the forces lined up to restrict access to information, I suppose Google is about the best steward you could hope for.
I don't and I wish Google et al would take a god damned stand against it. All it takes is 2 or 3 big companies to just not play along with the destruction of the open internet (the very same responsible for their genesis and incredible success), and the bureaucrats will eventually relent. Unfortunately they've chosen the path of least resistance, which also is the path of regulatory capture to their sole benefit. Sad to see that win over the ideals of the early net.
dvsfish · 1h ago
I agree in principle but as time goes on I have found that the free and open internet as we know it already no longer exists in practise. Theres like 5 places to go on the internet these days - your social media platform of choice, your short form content platform of choice, youtube, perhaps an AI platform, and 1 misc place of your preference. And this loop of crap seems to demand more and more of your life.
I went on youtube in bed last night to watch a 10 minute video (that I knew I had to search for to find - it was a specific one), but the app opens to shorts and they're so damn stimulating that it was 30 minutes before I finally got to the vid I wanted. I started with pure agency and was immediately thrown off course. Say what you will about my discipline or habits, but imagine the affect this has on less... aware individuals such as children.
Walking around the world you see everyone buried in their phones.
There are aspects of this initiative that I totally welcome, if it has the result of some level of de-interneting. The argument is always "they do it to protect children first, then it comes for everyone". I hope they increase resistance for the end user. I agree its sad, but what we have currently is truly awful, and less of it is a good thing.
I understand that it may not have that effect and end up in the "worst of both worlds" situation. But I don't wan't google fighting any battles for me anymore. They might try on occasion to be respectful but their bottom line is to own my attention.
ajsnigrutin · 2h ago
The idea is, that you have a 'digital ID' on your phone, tied to your real identity, that will today be used to prove you're 18, but when the infrastructure exists, it will be used for other stuff too... like needing to attach your real name to any social media account (you already have an app that does that on your phone for the 18+ thing, so adding real name is easy to implement), and that will greatly affect freedom of speech.
hnpolicestate · 18m ago
The problem isn't being handcuffed by Google or an American company, it's being handcuffed at all. Is it some kind of psychological coping skill to misdirect from the obvious problem (an age verification app that bans user software preferences)?
Who cares if it's Google or an American company. The point is you decided to let the E.U dictate what software you can run on your phone.
Arch-TK · 2h ago
It's absolutely abysmal that the EU and UK are implementing laws relating to age verification requirements.
Who voted for this? Who asked for this?
bfg_9k · 4h ago
What an absolute clown show - the EU fines Google and Apple for being monopolistic and abusing market power and then proceed to implement apps like these that can only be used on American operating systems.
Seriously you can't make this stuff up.
tonis2 · 4h ago
Yeah, EU byrocrats love corporate overlords in real life
stephen_g · 4h ago
I mean there's a perfectly rational possible explanation for this - if the fines are actually just an extra targeted tax on these companies (but it's politically inconvenient to just do it honestly by levying a tax), and they would therefore adjust the laws to make sure they could still fine them if they had already complied...
It may be that the people in charge in the EU don't really care about the market dominance as long as they can collect enough extra money from them...
motohagiography · 1h ago
"age verification app," is such a phony pretext. They know that android fragmentation and the lack of consistent verifiable hardware is what prevents govts from implementing a punitive digital ID that is sufficient to punish and fine people using western standards of evidence and legal defense.
these people are monsters. don't help them, and don't be complicit. working on digital ID tech, and even disclosing vulns in it is like helping Hollerith make faster and more efficient punch cards.
exabrial · 3h ago
Lol. People put way too much trust in governments.
If it's not unbelievably obvious, there's an entire class of people flying private jets to "world summits" where the transcripts aren't disclosed. What do you think is going on? Use your brain.
isaacremuant · 4h ago
So many people advocating for this in HN and elsewhere when it's so clearly a draconian slippery slope for invasive surveillance and choice restriction. After these things get implemented people pretend it was always like this.
We don't need the governments to mass surveil us to protect us. We need them to sort the economy and stop invading countries and being deferential to corporate interests instead of the people they represent.
It's such an obvious push that If you don't want to see it, it makes me think you're shielding yourself to avoid contending with the reality: These politicians and govs all around, including the countries you claim "work" are absolutely power hungry and beholden to interests other than yours and will push for as much total surveillance as they can, including as much curtailment of freedoms as they can.
Obviously that won't mean elites will actually face justice or crimes will actually be solved because more surveillance is not accompanied with more government transparency, quite the opposite and bigger and more powerful burocracies, with more authoritarianism, allow for easy hidden exceptions that you can't question.
It's nothing new. Corruption is common. It's just mediocre to see "hackers" pushing for it just because the government and corporations tell them to, because foreign country bad, bad social media influences kids, drugs, word-ism, etc.
ViktorRay · 4h ago
At the time this comment was posted there was only one other comment in this entire thread.
You say “so many people are advocating for this in HN” but this thread was empty except for one other comment (which was also critical of this) at the time you posted your comment.
isaacremuant · 4h ago
I think if you use critical thinking to read you may easily find I'm talking about my experience with reading comments in relation to imposing age verification for online access, which means digital ID for internet access.
HN and even the GitHub comments mostly start with the assumption that of course we should do this. Of course we should restrict social media to under 16/18s and either are in favor of ID to access the Internet or pretend it won't happen by consequence of this.
Now try to address what I said instead of poorly calling me out.
lukan · 4h ago
Linking to some comments in favour of this might help your case.
Or at the very least, many here support the goal of keeping children and/or teenagers off of social media entirely, while disliking the means of ID verification. But it's not like there's any other obvious means.
baby_souffle · 1h ago
> It's been a relatively common position to find, at least before the most recent hubbub around Steam, Itch.io, Britain, etc.
If you stretch the definition of "recent" to ~ 60d then you can also search for the pornhub/France thing. Quick google nets this thread: https://news.ycombinator.com/item?id=44210557. There are likely others, too... but I'm lazy :).
isaacremuant · 4h ago
My case? What's YOUR case. Assert a position and provide proof in triplicate please.
Please tell me exactly what you think and I can nitpick it vaguely instead of putting forth mine. Heh.
In any case, just look at the comments under my comment. You'll see them.
Don't be disingenuous with your proof demands and tell us what you think and then we can discuss the merits of your argument.
Dylan16807 · 3h ago
> My case?
The case that "so many" people are advocating this on HN. Sounds like a significant percentage!
> What's YOUR case. Assert a position
Their case is that you should give evidence.
> and provide proof in triplicate please. Please tell me exactly what you think and I can nitpick it vaguely instead of putting forth mine. Heh.
"you should give evidence" doesn't need its own proof. And nitpicking such a simple idea would be a waste of everyone's time.
isaacremuant · 2h ago
You're not the original poster of the question so why are you trolling?
"So many" means "so many". You're creating a straw man in bad faith.
What's your take on digital Age verification. Either provide useful commentary or stop trolling. Address the existence of the other comments I linked.
Dylan16807 · 2h ago
Giving you a clear answer to your questions is trolling?
avidiax · 4h ago
> it's so clearly a draconian slippery slope for invasive surveillance and choice restriction
It's a privacy preserving over 18 check.
Is it a "slope"? Sure, you can imagine an extension to the system that is "worse".
Is it "slippery"? This thing isn't draconian enough to be effective. It will be a minor speedbump that prevents exactly zero determined under-18's from accessing anything that they'd want to. So then the question is, does the government react by trying something more draconian, or does it give up?
latentsea · 4h ago
Things like this are a pain in the ass for GrapheneOS users. It's not great to get locked out of legitimate usage of things when using an OS that actually puts privacy first.
ActorNightly · 4h ago
I don't think you are fully wrong, but the issue is your rhetoric is very much used by conservatives or "both sides are bad" which are just mask-on conservatives who end up voting the same way. And the problem with conservatives is not really the ideals and ideas, but the fact that they vote Republican (or whatever the equivalent party is in other countries), that all pretty much are the exact opposite of those ideals.
Age verification is already a thing IRL, there is no reason to not extend it online considering so much of our lives is digital. Overall I think anonymity should be reduced on the internet in general - a big reason of the world issues, especially in USA is that ideas can grow in forums where people under etherial identities can tell lie after lie without any repercussion.
djrj477dhsnv · 4h ago
How can you criticize those for voting Republican when you're advocating for the extremely authoritarian and dystopian position of banning anonymous discourse online?
heavyset_go · 2h ago
> a big reason of the world issues, especially in USA is that ideas can grow in forums where people under etherial identities can tell lie after lie without any repercussion.
See, I wouldn't have as much of an issue if you were honest about this real intention, because of how on the nose it is to reasonable people.
The idea that I will have to upload 3D models of my face and ID, or get permission from Google, just to go online because you don't like the idea of someone else's kids using the internet is absurd.
Please stop using appeals to children in your quest to "stop ideas from growing".
baby_souffle · 1h ago
> Age verification is already a thing IRL, there is no reason to not extend it online considering so much of our lives is digital. Overall I think anonymity should be reduced on the internet in general - a big reason of the world issues, especially in USA is that ideas can grow in forums where people under etherial identities can tell lie after lie without any repercussion.
Ah yes. Anonymity is the only thing that enables dishonesty and of course it's the government's moral duty to regulate it.
Once anonymity is banned, the world will be honest and good and True and we'll all look back on the Bad times thinking how silly we all were.
The best part of minority report was the way everything constantly tracked identity through retinal scans; i can't wait for the future!
Gunax · 3h ago
It's just information. Data. Bytes. We need a proper George Orwell for the digital age.
The internet used to be a bastion of freedom. That era ended around 2005.
marcinzm · 3h ago
Looks like someone just got a really cushy job at Google when they retire from leading this system.
FpUser · 1h ago
Sure, so much for freedom of choice and twisting people's arms. What is it their fucking leaders sing about being freedom loving and democratic?
Edmond · 4h ago
There is a correct cryptographic solution for information verification online:
We shouldn't need Age Verification checks for adults in the first place.
Create a better, standardized, open-source parental control tool that is installed by default on all types of device that can connect to the web.
The internet aspect of the parental control should be a "Per Whitelist" system rather than Blacklisting. The parents should be the ones to decide which domains are Whitelisted for their kids, and government bodies could contribute with curated lists to help establish a base.
Yes, there would be some gray area sites like search engine image search, or social media sites like Twitter that can allow you to stumble into pornography, and that is why these devices that have the software turned ON, should send a token through the browser saying "Parental Control". It would be easier for websites to implement a blanket block of certain aspects of their site than expect them to implement whole ID checks systems and security to make sure that no leaks occur (look at the TEA app) like the UK is expecting everyone to do.
Also, I'm for teenagers (not little children) having access to pornography. I was once a teenager, every adult was, and we know that it's a natural thing to masturbate which includes the consumption of pornography for most in some way. Repressing their desires, their sexuality, and making this private aspect of their life difficult isn't the way. Yes, yes, there is nuance to it, (very hardcore/addiction/etc) but it should be up to the parents to decide with given tools if they trust their kid to consume such a thing.
As for the tool itself. Of course we have parental tools, but they can be pretty garbage, their all different, they're out of the way, and I understand that many people simply don't know how to operate them. That's why I believe that creating a standardized open-source project that multiple governments can directly contribute to and advertise for parents is the way, because at the end of the day, it should be up to the parents to decide these things, and for the government to facility that choice.
Obviously, besides the internet aspect, the tool should have all the bells and whistles that you'd expect from one, but that's not the topic.
EDIT: And yes, some children would find a way, just like they're doing now for the currently implemented ID checks. It's not lost of me that VPNs with free plans suddenly exploded in 4 digits % worth of downloads. A lot of those are tiny people who are smart enough. Or using an app like a game to trick Facial Recognition software.
tetris11 · 4h ago
I guess GDPR is on the way out, unless Google pinky promises to keep all processing/data local to each EU state?
wmf · 2h ago
What if the data stays on the phone?
lern_too_spel · 3h ago
No evidence is given that they won't implement non-Google remote attestation solutions like https://attestation.app/about
Indeed, the bug links to another bug where the author says that it isn't restricted to Play Services remote attestation and recently followed up with a documentation update making that clear. https://github.com/eu-digital-identity-wallet/eudi-app-andro...
Hizonner · 3h ago
> No evidence is given that they won't implement non-Google remote attestation solutions like https://attestation.app/about
Unfortunate that it doesn't matter, because they're not going to accept anything that's not attested by some authority.
Attestation in itself is a bad thing, guaranteed to be horrifically abused in ways far, far worse than any problem it could possibly solve. You do not need to know what software I am running, period.
lern_too_spel · 2h ago
> You do not need to know what software I am running, period.
Your employer needs to know if your devices connected to its network have been rooted without your knowledge.
In any case, this is a completely different discussion from what OP alleged, which I hope we can all agree is completely false.
Dylan16807 · 2h ago
My employer needs to know if their devices have been rooted. My devices should be on guest wifi or not connected at all.
lern_too_spel · 2h ago
So you agree, in a needlessly antagonistic way.
saubeidl · 3h ago
No evidence is given they will.
lern_too_spel · 3h ago
You replied after I had updated the comment to provide said evidence.
The issue is being raised here: https://github.com/eu-digital-identity-wallet/av-app-android...
As a resident of the aforementioned political climate, I find their concerns to be reasonable.There are a number of comments in that same thread that indicate a mandate to utilize Google services may run afoul of EU member nations' integrity and privacy laws.
There is some amusing irony in the EU relying on the US for furthering its own authoritarianism. It's unfortunate that freedom (in the classic rebellious, American sense) never became that popular in the EU, or for that matter, the UK.
IMHO, the push for age verification is just a stepping stone towards requiring a mandatory ID for all social media posts made from EU. Given the current trends against freedom of speech, it's not unreasonable to think that by the end of the decade any site, including HN, might need to link usernames with their respective eIDs in case posts come from EU IP addresses.
> officially sanctioned hardware and software
Right now, if you want to run an alternative OS, it's already an uphill battle to use tons of member state services, as well as to do banking. Even if you have microG available, the situation is terrible. I imagine it's going to become harder. I cannot understand why the European Commission wants to reduce our reliance on FAANG services, and at the same time they make Google Play a de facto standard, reinforcing the mobile duopoly. In this context, free alternative mobile platforms, such as Sailfish, cannot flourish.
They figured out that much of the population is easily manipulated and controlled by exploiting their desire for "safety and security" --- in stark contrast to that classic Franklin quote (yes, I know the context isn't the same, but the words are otherwise a perfect fit for the situation.) It's only a minority of the population; and I'd suspect a smaller minority in the EU than the US; which is willing to argue against it.
Next time you find yourself arguing for something or doing things a certain way, throw in an "it's better for security" or similar phrase with a plausible-sounding argument why, and see how easily it shuts down the opposition. In my experience, many won't even question it.
I don't know how it works technically, but clearly there's a way to fake it.
Whoops, Google have delisted your government app from the Play Store, how quickly can you de-couple your citizens internet access from the corptocracy?
No. The lesson is that stuff like this is concerning what ever the "political climate".
Anyway, you mainly don't want the gov in your vicinity to snoop. Non-local OS:es is probably advantageous in that regard if you choose to run proprietary code...
We say this, but many also want to entrust all our PC games to one closed source launcher. Or have videos/TV all on one subscription service. There's definitely a spectrum of benevolent and greedy dictators people draw lines on.
I think that is far more that people like the other closed source launchers less, and each launcher potentially adds it's own stream of notifications and adverts to their system so there is a cost to having multiple active even if the PC resource cost is practically undetectable.
Furthermore if comparing game launches and related issues to political climates, I'd consider all the current closed source ones to be the same in those respects. Also we are not subject to several local political climates at any one time in that way (though we are when looking at a wider scale, of course).
> Or have videos/TV all on one subscription service
While there are other issues (each service tracking you etc.) this is more due to the fact that each service charges what we used to pay (in fact more, as in some cases prices have gone up by more than general inflation) for a single service that provided the same amount of content that they cared about. This doesn't really equate to trust on political climates (except where commercial greed is considered a political matter).
That is because the introductory prices were not 1 to 1 to the business’ existing revenue streams from cable and satellite transmission fees. Especially considering that before, there was a very limited supply of content restricted by time slots, and now you are buying far, far more on demand content without advertising breaks. And without contracts with a cable or satellite company.
People are spoiled, and don’t appreciate how much easier and cheaper it is to watch or listen to most content than it was pre streaming services.
One only needs to look at market cap graphs of the various media companies to see that streaming isn’t the cash cow people think it is.
And obviously it is not just one arena, because it seems to be one glaring issue with human beings: they do not want to see the road ahead. And the ones they do are, at best, ignored.
But it's nice so many people care about the last few places where hard freedoms exist. That sort of resistance should be encouraged. Even if it's for naive political ends.
this is not the way to make a point that the other party will find persuasive.
You're 100% right that it's happening today.
Do not think for a moment that ID verification primarily protects children and only incidentally enables authoritarian restrictions on speech. Do not think for a second that verification initiatives are designed without anticipating this outcome.
https://en.wikipedia.org/wiki/The_purpose_of_a_system_is_wha...
which is an unnecessary ideological divide if your concern is free speech and privacy; too bad the old guard of activists chose sides and alienated additional support for their cause.
> which is an unnecessary ideological divide if your concern is free speech and privacy;
What do you mean by this, an unnecessary ideological divide?
> too bad the old guard of activists chose sides and alienated additional support for their cause.
What sides did they choose and whose additional support did they alienate?
Let's stop beating around the bush. We all know this doesn't make any sense.
No comments yet
They flip flop on this stuff at least once a month, and the most annoying part is that they always herald everything they do as some new epoch-defining initiative only to quietly forget about it and do the opposite a few months later.
If nation states are dogs, then EU is the chihuahua: loud, proud and extremely ineffective.
The EU is not a hegemonic state, but rather an economic supranational organization. France/Germany tend to be primary proponents of increased EU strategic autonomy, while Poland/Czech/Baltic states are less supportive.
Similar to recent discussions of self-hosting, it's a tradeoff of autonomy/control vs efficiency.
> The EU is not a hegemonic state, but rather an economic supranational organization. France/Germany tend to be primary proponents of increased EU strategic autonomy, while Poland/Czech/Baltic states are less supportive.
Well obviously, these states know how bad the Russians are since they were terrorised by them for decades. They'll be the first on the chopping block. And they know that Europe does not have much deterrent of its own right now so they're screwed without the US. Though this will come.
Germany isn't doing this as much anymore, because Germany Inc has become increasingly dependent on their investments within the US [0], especially after the triple whammy of the Biden-era IRA [1], the sanctions on Russia sparking a domestic energy crisis [2], and Chinese players outcompeting German industry in China [3].
This can be seen with Germany purchasing American weapons for Ukraine over French objections [4]
[0] - https://flow.db.com/more/macro-and-markets/us-german-trade-r...
[1] - https://www.bloomberg.com/news/articles/2022-12-14/german-go...
[2] - https://oec.world/en/blog/bavarias-dependency-on-russian-gas...
[3] - https://www.reuters.com/business/majority-german-firms-feel-...
[4] - https://www.politico.eu/article/europe-donald-trump-weapons-...
Because in the background it's a French vs German vs Irish vs Czech vs $insert_eu_state business interests competing with each other.
Notice how it's almost always French legislators and businesses that mention "domestic EU tech" and not Polish, Czech, Romanian, Dutch, or even German policymakers or businesses?
That's why.
National interests always end up trumping the EU in it's current form. And for a large portion of the EU, American BigTech represents the majority of FDI (tech and overall).
Japanese and Korean automotive players did the same thing with the US in the 1980s-90s in order to ensure their interests remained aligned (though the Plaza Accords did play a role)
I mean.. great for the politicians, not for an average european.
https://ageverification.dev/Technical%20Specification/media/...
Essentially, the core user journey is a privacy preserving "over 18" check. I suppose this prevents under 18's from accessing porn, in the same way that most blocking technologies impose an expense on everyone but fail to block tech-savvy children.
Doesn't seem like it could ever stop someone with a bittorrent client, unless you have to attest you are over 18 to even use bittorrent.
So no, this is totally ineffective. And it's not like there's actually a problem. There's no crisis of messed up kids or young adults. We all had access to porn in some form and we all turned out fine. I used to watch the late night pay tv which was just 'scrambled' by removing the sync signal. It was easy to put that back with some electronics chops. I saw my share of gangbangs and cumshots and I did not get messed up or get weird ideas. In fact I often get compliments I'm a sensitive and caring lover.
So did most of my school friends. Also video tapes got passed on at school and later CDroms (when the writable DVD came I was already an adult).
This is all to mitigate a "crisis" which doesn't actually exist.
For instance, it's not illegal for me to be served alcohol. If I'm not carded when being sold a drink, nothing illegal has taken place.
If the lawmakers are being cowards and not saying they want to round up and ID all the children from birth until they are eligible to participate in the adult world, that's their battle to fight and not our burden.
If I were a kid, I could see myself downloading Opera GX and enabling the free VPN. It's probably not "tech-savvy" because the browser gets a lot of ad views on YouTube; it would be pretty obvious.
Basically anything other than going to a legally compliant website and trying to attach your mom's passport to the age verification app and doing the challenge.
I would want to sit in on this audit.
I think I have become far too cynical.
But this still wouldn't stop determined kids from VPNing to another country to make their account, and wouldn't stop peer pressure on kids from bleeding to parents to help them.
Because the practical reality here is, like, porn is the big scary word, but the actual danger to kids is *other people.* Other addictions still exist. Removing one vice without solving the underlying systemic problem merely shifts the goalposts, and everyone is up in arms about what a slippery slope that is for good reason.
EDIT: Clarity here because I phrased that badly in a hurry: I'm in disfavor of internet access being a requirement for schoolwork, but I failed to set that context initially. If parents trust their kids enough with access, once they've reached a certain point of maturity, that's fine. I'm against technological age gates and I'm against removal of bad content from the net at large. Parents should decide when their kids are ready, and guide them appropriately.
I will leave my original remarks unedited so the remaining discussion is sensible. (Sorry!)
W T F ? ? ?
> Because the practical reality here is, like, porn is the big scary word, but the actual danger to kids is other people.
Bad news, Champ. Other people also exist off of the Internet. They always have. The world is not entirely safe. And that does not mean children shouldn't get to be part of the world.
The main problem here is panicky idiocy.
That idea has never really been realistic short of keeping them isolated from society until 16-18 (which most would consider abuse), but it’s not even slightly possible today with how readily available information has become. It’s an inevitability that they will learn about the topics you’ve been avoiding and take on external influences you may not approve of.
Now to be clear, I’m not advocating for letting kids run wild on the internet with no guardrails, especially earlier on. Guardrails are important, but it’s even more important in my opinion to try to stay ahead of what they may encounter by talking with them about those things so when they eventually run across it, they’re not flying blind and might even seek your guidance about the incident since they know you’re not going to get angry about it. That’s much more likely to bring positive outcomes than if they ran into these things without parental support.
The point I was actually trying to make is just this: if the parent's goal is to block content, then the simplest thing to do is to be there when the child is surfing the net. That shouldn't take crazy technological measures. At some point, most parents realize their kids are mature enough to handle things and back off, but the parent should be making that call for their own kid. I don't think the government should be doing it on their behalf. If the government believes the internet is dangerous for young minds, then it should focus on the thing it can control: educational curriculum, primarily. Trying to "fix the internet" is a fool's errand.
As for other people being the danger, there’s some truth to that for women. I have a daughter, so this will be a concern. But you know, she won’t die. Everyone goes through trauma. The key here is to make sure she feels comfortable enough to talk to me and to my wife before doing anything (too) stupid.
I snuck out of my parents’ house to go see a girl when I was 16. Took my dad’s station wagon. On the way, some car tried to pass me and ended up hitting a big truck on the side. Truck was fine, I was fine, that fella was not. He ended up on the side of the road. Me and trucker just kept going. I still think about that guy a lot, because obviously the correct thing to do would have been to call 911, but I was a dumb 16yo who was out past midnight to go see a girl.
Point is, if things went a little differently, I could have been the one who crashed, or even dead. But that doesn’t mean that the girl I was going to go see was somehow a threat to me. It means I was doing something dangerous.
Again, this is easy to say as a man. The threat model for women is different. But prohibiting minors from the internet without supervision is totally absurd, and I feel bad for any parent who helicopters their kids like that.
Ultimately your kid will grow up and have their own life. Do you want to be remembered as the parent who had them under lock and key in the name of safety, or as a parent who monitored from a distance and occasionally let them do stupid things so that they could learn from it? For me, the latter is far more preferable.
I was not clear enough, so I will try again. If parents do not want their kids to access "bad content", whatever that means to them, then they need to supervise the access. If parents are okay with their kids accessing bad content, then that choice is theirs to make. The internet itself should not be the gatekeeper here, neither should the government, but the parents do need to actually parent. I do not believe technology should be doing the parenting. And BECAUSE I believe this is a choice the PARENT should make, I also do not believe unfettered access to the internet should be a requirement for students. As long as that is a requirement, the parents aren't in control, and we get draconian laws trying to "fix the internet."
You have wildly misinterpreted my intent, and admittedly it is because my opening sentence was poorly phrased.
As far as the beheading video, why be offended? Yes, I think teenagers will be naturally curious, and that gore videos will be on their watch list along with porn. It was true for most of my friends, and admitting this truth rather than running from it is how you deal with it. It’s not "defending" when it happens as a matter of course.
Again, you’re basically arguing for draconian powers not for the government but for the parents. To me, this is two sides of the same coin; whether the jailer is the government or the parent, when I was a teen both would have been the enemy. I personally don’t want my child to think of me as the enemy. Other parents can make different choices.
And yes, I think it was fine for me to watch that video when I was 13.
You're trying to logically and emotionally appeal to people whose amygdala have been hijacked by a moral panic.
I agree with you, but good luck.
It's just odd to see them bringing up America when their own government created this. Not the US. How about fight the actual problem instead of making sure the problem works on more devices.
Seriously. You don’t need Google. You just need a plan and a will to execute.
> and the one that was a bit better than terrible was bought by a US company
But here you say EU can make great software? Just that USA then buys it. So we should just ban USA from buying our great software companies, is that what you are saying?
Struggling to think of corporate produced software that doesn’t suck. iOS Safari is ok, I guess.
In America the least bad stuff eventually rises to the top. In Europe it feels like it's all just one shared pit.
The reason is because Americans buy the other tech firms, so its not because they don't make non-bad tech its because USA just monopolizes it via very aggressive acquisitions.
Everyone’s ready. The only reason US is wealthy is those subscription fees and vendor lock in we have.
Google rolls into town and wants to spend half a billion euro on a datacenter? Sure thing. They'll say that it'll boost the local economy while being built - by creating a couple of thousand jobs for the contractors that are going to build and maintain it, and then some onsite jobs for the next decade or two, creating a couple of hundred jobs for techs / engineers.
And as long as they keep playing ball with google, projects like that will pop up once in a while. If you're difficult, there's also a risk of the rich tech companies taking their business some other place.
With that said, I've recently noticed more voices for building our own stuff - as there's a real risk that US tech companies will simply comply if pushed enough, say, by a POTUS that's out for blood and wants to hurt certain foreign users. Ban/lock out certain users from gaining access to software, turn off their infrastructure, etc. who knows.
But, alas, there just isn't the same willingness to pour in capital on the important things. For private investors it doesn't make much sense, unless they have a bulletproof contract with domestic users willing buy their service - and using state funds isn't too popular, either.
Truth be told, any of the big tech businesses can undercut any competition, and probably build better and faster. If anything, it could be the case for tariffs - outsourcing critical infrastructure will leave you very exposed. If European countries all over the board started to abandon US tech companies, they'd cry to Trump, who in turn would probably start a trade-war.
You are right to be worried. US companies under this administration can’t be trusted to follow the law. Why should they, when our commander in chief isn’t and has a panel of judges who let him do whatever. Just the other day he suggested Obama be investigated for treason. So yeah, we’re toxic, and you all should seriously quarantine yourselves.
American companies like Google [0][1], Amazon [2][7], and Microsoft [3][4][5][6] have spent billions in FDI and hiring, thus building strong relationships with EU states like Ireland, Romania, Poland, Finland, Sweden, and others, but French and German competitors haven't (or don't exist depending on the service or SLA).
This means a significant portion of EU member states have an incentive to maintain the relationship, because the alternative means significant capital outflows. A Polish legislator doesn't have to answer to French voters, so they will incentivize the relationship with BigTech. Thus, these nations will lobby tooth and nail against destroying the relationship.
It's the same reason Hungary courts Chinese FDI [8] and enhancing the Sino-Chinese relationship as leverage against the EU pushing too hard [9].
[0] - https://www.gov.pl/web/primeminister/google-invests-billions...
[1] - https://www.gov.ie/ga/an-roinn-fiontar-turas%C3%B3ireachta-a...
[2] - https://www.aboutamazon.eu/news/job-creation-and-investment/...
[3] - https://centraleuropeantimes.com/microsoft-google-invest-big...
[4] - https://www.reuters.com/technology/nordics-efficient-energy-...
[5] - https://www.idaireland.com/latest-news/press-release/an-taoi...
[6] - https://www.government.se/articles/2024/06/prime-minister-to...
[7] - https://aws.amazon.com/blogs/industries/cloud-technology-emp...
[8] - https://hungarytoday.hu/hungary-seeks-to-stay-leading-europe...
[9] - https://theloop.ecpr.eu/hungary-and-the-future-of-europe/
You also can't just say, "Here's a few hundred billion in public support to create alternatives to U.S. tech giants", because the U.S. would argue that it's unfair state aid and retaliate.
There isn't enough private capital in the EU with the risk tolerance required to take on such a challenge independently.
We also lack a reserve currency like the USD, so we can't print $2 trillion a year, much of which ultimately flows into the U.S. stock market and further boosts U.S. tech companies, making competition even harder.
EU markets are already fully penetrated by U.S. behemoths that can either withstand or acquire any privately funded competitor, thanks to their massive cash flows and valuations.
For all these reasons, the outlook isn't very promising.
That can be improved by making traditional investments (real estate, land) less attractive while making investments into businesses more attractive. You just need to change tax incentives by removing capital gain tax and introducing real estate/land value tax (or raising it). Removing red tape would help as well and then making the common market really common.
As it is there is very little incentive to invest in companies here.
That's unrealistic. Majority of people in the EU own property and/or land, and no one wants to pay even more taxes on it. In my EU country, the majority of politicians own more than two apartments. I don't see them working against their own interests.
Indeed, it's a very sad story. I'm afraid the EU is in a coma, so waking up is not a given.
A question I have is who voted for this? I sure didn't.
[1] https://grapheneos.org/articles/attestation-compatibility-gu...
I use GrapheneOS as a daily driver and I absolutely love it. It should be the default. There's already one app I use that must do something similar and absolutely just won't run on it, so I have an entirely separate phone running stock Android just for that one app. Still worth the hassle.
Glad I don't live in a place where all this madness is taking root, but still, the trend itself sucks.
> Very well sir, which digital payment service would you like to use?
> It doesn't matter they all force me to use my phone.
EU wants to push more control on the internet, today it's "think of the children" but when the infrastructure is rolled out, it'll be "real name verifiction" on social media, chat control, etc.
Whoever is pushing this in EU has to be removed before things will get better.
Kinda, yes.
(slightly simplifying the mechanism here)
This seems to be based on the EU Wallet project, which is still work in progress. The EU wallet is based on OpenID (oidc4vci, oidc4vp). The wallet allows for selective disclosure of attributes. These attributes are signed by a issuing party (i.e. the government of a EU country). That way a RP (relying party) can verify that the data in the claim (e.g. this user is 18+) is valid.
However, this alone is not enough, because it could be a copy of that data. You can just query a wallet for that attribute, store it and replay it to some other website. This is obviously not wanted.
So the wallet also has a mechanism to bind the credential to a specific device. When issuing a credential the wallet provides a public key plus a proof of possession of the associated private key (e.g. a signature over an issuer-provided nonce) to the issuer. The issuer then includes that public key in the signed part of the credential. When the RP verifies the credential it also asks the wallet to sign part of the response using the private key associated with that public key. This is supposed to prove that the credential was sent by the device it was issued to.
Now this is where the draconian device requirements come in: the wallet is supposed to securely store the private key associated with the credential. For example in a Secure Enclave on the device. The big flaw here is that none of this binding stuff works if you can somehow get access to the private key, e.g. on a rooted phone if the wallet doesn't use a secure enclave or with a modified wallet app that doesn't use a secure enclave to store the private key. You could ask a friend who is 18+ to request the credential, copy it to your phone and use that to log in.
Is the EU essentially foisting a someone-else-owns-your-keys regime onto their citizens?
The idea is that once you get used to that, you will get censored from all the internet.
> Is the EU essentially foisting a someone-else-owns-your-keys regime onto their citizens?
Not quite, it's the EU essentially foisting a don't-use-free-software regime onto their citizens
None of this prohibits users from modifying their bootloader, kernel, or OS image; but any such modification would invalidate the secureboot signature and thus break attestation until the user registered their own signatures with the EU.
The EU currently only transacts with Google in this regard because, as far as I know, they are the only Android OS publisher (and perhaps the only Linux publisher?) that bothered to implement hardware-to-app attestation chaining live in production end-user devices in the decades since Secure Boot came onto the scene. All it takes to change that is an entity who has sufficient validity to convince them that outsourcing permitted-signature verification to Google is unethical, which it is.
It’s a safe bet that Steam Linux was already working on this in order to attest that the runtime environment is unmodified for VAC and other multiplayer-cheating prevention systems in games — and so once they publish all that, I expect we’ll find that they’ve petitioned their attested OS signature chain to the EU as satisfying age requirements for mature gaming.
The vendor lock-in here is that Apple and Google and, eventually, Valve, are both willing to put the weight of their business behind their claims to the EU that they do their best to protect the security of their environment from cheaters, with respect to the components required by the EU age verification app. The loophole one could drive a truck through that the EU has left open to break that lock-in in the future? Anyone can petition the EU to accept attestations from their own boot-kernel-OS chain signatures so long as they’re willing to accept the legal risks visited upon them if found to have knowingly permitted exploitation for age check bypasses, or neglected to respond in a timely and prudent manner when notified of such exploitability by researchers — and if the EU rejects their petition improperly, they’ll have to answer for that to their citizens.
... unless they don't want to turn their device into a boat anchor that nothing else will talk to. It's not going to stop with age verification.
Counterproposal: fuck attestation, and fuck age verification. Individual users, not corporations, associations, or organizations, get to use any goddamned software they want any time they want for any purpose they want, and if you set up some system that can't deal with that, tough beans for you.
This is why it's important that initiatives like Web Environment Integrity fail. Once the tools are in place, they will always be leveraged by the State.
> and so once they publish all that, I expect we’ll find that they’ve petitioned their attested OS signature chain to the EU as satisfying age requirements for mature gaming.
I hope that Valve pays no mind to this nonsense and continues to allow art to be accessible to anyone.
Governments have real and serious need for verifications that are backed by their force. They’re a government; they are wielding force upon citizens by doing this, knowingly and intentionally. That is a normal and widespread purpose of the State existing at all: to compel people to align with the goals of the State, whether members of the State like it or not, until such time as the State’s goals are changed by whatever means it permits or by its collapse.
If this pans out for them, as cryptographically it will but remains to be how vendors and implementations handle it at scale, then they can introduce voting from your phone — the previously-unattainable holy grail of modern democracy — precisely because it lets the government forcibly stop the cheating that device-to-app/web attestation solves. And they can do so without leaking your identity to election officials if they care to! Just visit a government booth once in a while to have your identity signature renewed (and any prior signatures issued to your identity revoked). That’s how digital wallet passports and ID cards work already today anyways, with their photo/video/NFC processes.
Western sfbay-style tech was founded on the libertarian principle that one should be able to tell the government to fuck off and deny taxation, representation, blah blah etc. in favor of one’s armed enclave that does what it feels like. It’s fine to desire that, but it’s proven too radical to be compatible with the needs of nation-states or the needs they enforce satisfactions for on behalf of their citizens. Attacking attestation won’t solve the problem of the “State”, and has led us to a point where Google can claim truthfully to a “State” that the Android forks ecosystem isn’t competent enough to be trusted, because they can’t be bother to do attestations.
we've banned all graphic depictions from the internet, required a verified name attached to every blog post, and made sure to confirm everyone's digital passport before letting them resolve a DNS query, but at least now I can vote from me phone instead of having to go outside. The future is bright!
GrapheneOS has optional attestation, either local (another device) or remote (their server) attestation.
It really seems like tying this to Google violates some key principles of the EU market.
Who the hell wants this Internet...?
The under educated, unthinking unwashed masses. Just look at the tea leak. The amount of people that do not care about freedom or privacy on the internet vastly outnumber those that do. And because they do democracy unmasks itself in the digital realm as the tyranny of the unthinking majority.
Weep for the future.
Scared rich people and bureaucrats
Unless their governments start issuing Android devices to all of their citizens, I don't understand how they can require use of this app for anything official.
Not sure who you mean by "they" but you already cannot use a lot of governmental services unless you have an Android or iOS device (at least in Austria). At least in practice that is almost impossible.
> you already cannot use a lot of governmental services unless you have an Android or iOS device (at least in Austria).
That's terrible. They have official services that require an app and can't be used via a standard browser or even paper forms? What do elderly people without smartphones do?
> What do elderly people without smartphones do?
They buy a smartphone and have their relatives set everything up for them. Not doing that isn't really an option because you can't even get your pension or planned (i.e. nonemergency) medical services anymore without going through the government mobile app.
If they don't have any relatives, they walk to the government building that used to solve these things for them using good old paper forms, and have officers there help them out. It's a completely braindead system that was envisioned by someone who has very little idea of how the common person lives.
Not that there are any channels to provide feedback, ironically enough. (Voting is a sham and has always been so here.)
One thing I find reassuring is the nature of pushback on display on the repo (only read the first few comments there, mind you). Really not what I expected phrasing and rhetoric wise (unlike here), honestly kind of restored a very very tiny and fragile bit of faith in humanity in me, it's very reserved and reasonable stuff.
If the proof can not be traced back to your identity, then what stops a person from creating large amounts of proofs and distributing them?
If the proof can be traced back to your identity, then... that would suck.
If a user can only make one then they'll have to use that identity with that service forever. That's a nightmare for privacy. Sometimes people need another account, unknown to their employer/family/friends. People should be able to make multiple accounts without those being tied together through a common "age check" identifier. But, of course, there is no way to prevent those from being distributed.
At some level I believe that's the purpose behind some of this. If someone can only have one proof, then someone can only have one account to speak with. They'll be easier to monitor, easier to identify, easier to silence. That's why I think these types of laws and behaviors should be resisted and protested.
I've mentioned in a previous comment that it's telling that big tech isn't resisting these totally-just-coincidental ID laws coming from western countries. It supercharges their surveillance and tracking abilities, and widens their moats.
Also, porn is a smokescreen. The definition of "adult" content will rapidly expand, and these put the ID issuers in censorious a position of control over people and services. Nothing stops a government attestation server from rejecting a request because someone is blacklisted from "mass communication services" because they're a felon, protestor, LGBT activist, etc... or because a service has fallen out of favor.
Well, it's more like a framework, so not a ton of details. I've just glossed over it, but from what I can gather they have thought about it:
No personal data, especially no information from personal identification documents such as national ID card, is stored within an [Age Verification App Instance]. Only the Proof of Age attestation, specifically indicating "older than 18", is utilized for age verification purposes
Stored Verification(8b): [Relying Parties] may optionally store information derived from the Proof of Age attestation in the User's account, allowing the User to bypass repeated verification for future visits or purchases, streamlining the User experience. In this case, authentication methods such as WebAuthN should be utilised to ensure secure access while enabling the User to choose a pseudonym, preserving privacy. Risks in case of the device sharing should be considered.
[1]: https://ageverification.dev/Technical%20Specification/archit...
[2]: https://ageverification.dev/Technical%20Specification/annexe...
For all the shit Google deservedly gets they seem to be genuinely trying to implement good and privacy preserving solutions to a lot of these problems.
The issue of course is that there's essentially no way to do all this stuff with software and hardware the user actually controls themselves, so you end up with hard requirements that you use big tech as gatekeepers.
This is the slippery slope that IMO eventually ends the open web.
If you take that outcome as inevitable, which at this point I basically do given all the forces lined up to restrict access to information, I suppose Google is about the best steward you could hope for.
[0] https://blog.google/products/google-pay/google-wallet-age-id...
[1] https://news.ycombinator.com/item?id=43863672
I don't and I wish Google et al would take a god damned stand against it. All it takes is 2 or 3 big companies to just not play along with the destruction of the open internet (the very same responsible for their genesis and incredible success), and the bureaucrats will eventually relent. Unfortunately they've chosen the path of least resistance, which also is the path of regulatory capture to their sole benefit. Sad to see that win over the ideals of the early net.
I went on youtube in bed last night to watch a 10 minute video (that I knew I had to search for to find - it was a specific one), but the app opens to shorts and they're so damn stimulating that it was 30 minutes before I finally got to the vid I wanted. I started with pure agency and was immediately thrown off course. Say what you will about my discipline or habits, but imagine the affect this has on less... aware individuals such as children.
Walking around the world you see everyone buried in their phones.
There are aspects of this initiative that I totally welcome, if it has the result of some level of de-interneting. The argument is always "they do it to protect children first, then it comes for everyone". I hope they increase resistance for the end user. I agree its sad, but what we have currently is truly awful, and less of it is a good thing.
I understand that it may not have that effect and end up in the "worst of both worlds" situation. But I don't wan't google fighting any battles for me anymore. They might try on occasion to be respectful but their bottom line is to own my attention.
Who cares if it's Google or an American company. The point is you decided to let the E.U dictate what software you can run on your phone.
Who voted for this? Who asked for this?
Seriously you can't make this stuff up.
It may be that the people in charge in the EU don't really care about the market dominance as long as they can collect enough extra money from them...
these people are monsters. don't help them, and don't be complicit. working on digital ID tech, and even disclosing vulns in it is like helping Hollerith make faster and more efficient punch cards.
If it's not unbelievably obvious, there's an entire class of people flying private jets to "world summits" where the transcripts aren't disclosed. What do you think is going on? Use your brain.
We don't need the governments to mass surveil us to protect us. We need them to sort the economy and stop invading countries and being deferential to corporate interests instead of the people they represent.
It's such an obvious push that If you don't want to see it, it makes me think you're shielding yourself to avoid contending with the reality: These politicians and govs all around, including the countries you claim "work" are absolutely power hungry and beholden to interests other than yours and will push for as much total surveillance as they can, including as much curtailment of freedoms as they can.
Obviously that won't mean elites will actually face justice or crimes will actually be solved because more surveillance is not accompanied with more government transparency, quite the opposite and bigger and more powerful burocracies, with more authoritarianism, allow for easy hidden exceptions that you can't question.
It's nothing new. Corruption is common. It's just mediocre to see "hackers" pushing for it just because the government and corporations tell them to, because foreign country bad, bad social media influences kids, drugs, word-ism, etc.
You say “so many people are advocating for this in HN” but this thread was empty except for one other comment (which was also critical of this) at the time you posted your comment.
HN and even the GitHub comments mostly start with the assumption that of course we should do this. Of course we should restrict social media to under 16/18s and either are in favor of ID to access the Internet or pretend it won't happen by consequence of this.
Now try to address what I said instead of poorly calling me out.
Or at the very least, many here support the goal of keeping children and/or teenagers off of social media entirely, while disliking the means of ID verification. But it's not like there's any other obvious means.
If you stretch the definition of "recent" to ~ 60d then you can also search for the pornhub/France thing. Quick google nets this thread: https://news.ycombinator.com/item?id=44210557. There are likely others, too... but I'm lazy :).
Please tell me exactly what you think and I can nitpick it vaguely instead of putting forth mine. Heh.
In any case, just look at the comments under my comment. You'll see them.
- https://news.ycombinator.com/item?id=44705630 (this is good, we need this). - https://news.ycombinator.com/item?id=44705597 (are you a conservative?! Anonymity should be reduced.)
Don't be disingenuous with your proof demands and tell us what you think and then we can discuss the merits of your argument.
The case that "so many" people are advocating this on HN. Sounds like a significant percentage!
> What's YOUR case. Assert a position
Their case is that you should give evidence.
> and provide proof in triplicate please. Please tell me exactly what you think and I can nitpick it vaguely instead of putting forth mine. Heh.
"you should give evidence" doesn't need its own proof. And nitpicking such a simple idea would be a waste of everyone's time.
"So many" means "so many". You're creating a straw man in bad faith.
What's your take on digital Age verification. Either provide useful commentary or stop trolling. Address the existence of the other comments I linked.
It's a privacy preserving over 18 check.
Is it a "slope"? Sure, you can imagine an extension to the system that is "worse".
Is it "slippery"? This thing isn't draconian enough to be effective. It will be a minor speedbump that prevents exactly zero determined under-18's from accessing anything that they'd want to. So then the question is, does the government react by trying something more draconian, or does it give up?
Age verification is already a thing IRL, there is no reason to not extend it online considering so much of our lives is digital. Overall I think anonymity should be reduced on the internet in general - a big reason of the world issues, especially in USA is that ideas can grow in forums where people under etherial identities can tell lie after lie without any repercussion.
See, I wouldn't have as much of an issue if you were honest about this real intention, because of how on the nose it is to reasonable people.
The idea that I will have to upload 3D models of my face and ID, or get permission from Google, just to go online because you don't like the idea of someone else's kids using the internet is absurd.
Please stop using appeals to children in your quest to "stop ideas from growing".
Ah yes. Anonymity is the only thing that enables dishonesty and of course it's the government's moral duty to regulate it.
Once anonymity is banned, the world will be honest and good and True and we'll all look back on the Bad times thinking how silly we all were.
The best part of minority report was the way everything constantly tracked identity through retinal scans; i can't wait for the future!
The internet used to be a bastion of freedom. That era ended around 2005.
https://news.ycombinator.com/item?id=43715884#43722778
Create a better, standardized, open-source parental control tool that is installed by default on all types of device that can connect to the web.
The internet aspect of the parental control should be a "Per Whitelist" system rather than Blacklisting. The parents should be the ones to decide which domains are Whitelisted for their kids, and government bodies could contribute with curated lists to help establish a base.
Yes, there would be some gray area sites like search engine image search, or social media sites like Twitter that can allow you to stumble into pornography, and that is why these devices that have the software turned ON, should send a token through the browser saying "Parental Control". It would be easier for websites to implement a blanket block of certain aspects of their site than expect them to implement whole ID checks systems and security to make sure that no leaks occur (look at the TEA app) like the UK is expecting everyone to do.
Also, I'm for teenagers (not little children) having access to pornography. I was once a teenager, every adult was, and we know that it's a natural thing to masturbate which includes the consumption of pornography for most in some way. Repressing their desires, their sexuality, and making this private aspect of their life difficult isn't the way. Yes, yes, there is nuance to it, (very hardcore/addiction/etc) but it should be up to the parents to decide with given tools if they trust their kid to consume such a thing.
As for the tool itself. Of course we have parental tools, but they can be pretty garbage, their all different, they're out of the way, and I understand that many people simply don't know how to operate them. That's why I believe that creating a standardized open-source project that multiple governments can directly contribute to and advertise for parents is the way, because at the end of the day, it should be up to the parents to decide these things, and for the government to facility that choice.
Obviously, besides the internet aspect, the tool should have all the bells and whistles that you'd expect from one, but that's not the topic.
EDIT: And yes, some children would find a way, just like they're doing now for the currently implemented ID checks. It's not lost of me that VPNs with free plans suddenly exploded in 4 digits % worth of downloads. A lot of those are tiny people who are smart enough. Or using an app like a game to trick Facial Recognition software.
Indeed, the bug links to another bug where the author says that it isn't restricted to Play Services remote attestation and recently followed up with a documentation update making that clear. https://github.com/eu-digital-identity-wallet/eudi-app-andro...
Unfortunate that it doesn't matter, because they're not going to accept anything that's not attested by some authority.
Attestation in itself is a bad thing, guaranteed to be horrifically abused in ways far, far worse than any problem it could possibly solve. You do not need to know what software I am running, period.
Your employer needs to know if your devices connected to its network have been rooted without your knowledge.
In any case, this is a completely different discussion from what OP alleged, which I hope we can all agree is completely false.
Adding to what I said earlier, this isn't even an app that any EU member state will use. It's just a PoC, as it says in the README. https://github.com/eu-digital-identity-wallet/av-app-android...
Unfortunately for the authors, the pitch forks are already out, and the mob is on the march. It's too bad that HN is contributing to it.