Cool now the pedophile class can track everyone. What could go wrong?
I would be more interested in EU-wide firewall that blocks all advertisements from outside. Just a little quality of life.
Taxes for big Internet platforms please, and remove any copyright laws that US media imposes in Europe. Looking at the broken YouTube copyright system where anyone can strike channels without any proof or review in particular…
Turns out it’s not. It has security issue where you can just delete configs to verify yourself as the owner of the device.
Edit: After on-boarding and setting a pin, fingerprint etc.
Well, the first version of any software is always shit.
This is absolutely insane. Creating a surveillance dystopia “for the children”. What about that even sounds like a good idea?
I swear people would call personal identity cards dystopian if we wanted to introduce them today.
There is nothing dystopian about applying existing laws on the internet.
-
In Germany, compulsory ID cards were introduced by the nazis.
-
The internet is a communications network, analogous to the telephone or post system. Such compulsory surveillance of private communication is not part of any existing laws.
First versions of a personal id in Germany were introduced in 1850. I doubt the nazis introduced ids in South Africa or Vietnam.
I also don’t think the internet is comparable to telephone or postal services. There is a whole information space on the internet simply not existing in the other two.
You guys need to stop treating the internet as the wild west.
Famously free countries. Let me guess, SA used ID cards for the same purpose as the nazis?
Not knowing how the internet is like a telephone network is exactly the problem. It’s like making laws about breaking and entering without knowing what locks or windows are.
The internet is not lawless. It wouldn’t exist without laws, chief among them constitutional guarantees for freedom of information.
https://en.wikipedia.org/wiki/List_of_national_identity_card_policies_by_country
Must be all Nazis then 🤡
Not knowing how the internet is like a telephone network is exactly the problem.
I can’t imagine AI generated porn of real women being published on telephone lines without the internet.
But yeah sure it’s just information bro nothing to worry about.
Because robot scam callers have never been a thing.
-
The issue isn’t with being identifiable, it’s with control over who has access to your identity. Even back when IDs were introduced, people would take issue with them being copied and sold by the bale to literally anyone who asks.
So the new verification app must be pretty great as this completely removes the need to hand out your identity details
It’s funny that you’re right, but not in the way I think you intended. Now you don’t have to hand it out because it’s persistently available and tied to everything you do online! It’s clear you’re being contrarian and aren’t making points in good faith, so this isn’t for you, but to anyone else reading I recommend checking out EFF’s post on the subject.
Zero Knowledge Proofs: The Bad News
What ZKPs don’t do is mitigate verifier abuse or limit their requests, such as over-asking for information they don’t need or limiting the number of times they request your age over time. They don’t prevent websites or applications from collecting other kinds of observable personally identifiable information like your IP address or other device information while interacting with them.
ZKPs are a great tool for sharing less data about ourselves over time or in a one time transaction. But this doesn’t do a lot about the data broker industry that already has massive, existing profiles of data on people. We understand that this was not what ZKPs for age verification were presented to solve. But it is still imperative to point out that utilizing this technology to share even more about ourselves online through mandatory age verification establishes a wider scope for sharing in an already saturated ecosystem of easily linked, existing personal information online. Going from presenting your physical ID maybe 2-3 times a week to potentially proving your age to multiple websites and apps every day online is going to render going online itself as a burden at minimum and a barrier entirely at most for those who can’t obtain an ID.
So the bad thing about this is that data sellers already have your data and zero knowledge proof doesn’t change that? Pretty weak point in my opinion.
Here are 2 things that you should know:
- This requires websites, apps, other services to comply. Many won’t feel bound by EU laws, shun the cost, or may even be ideologically opposed. EG 4chan. See the beef between it and the UK: https://www.bbc.com/news/articles/c624330lg1ko
For this to work, you must block a lot of non-EU websites. There will be a lot of pressure to do just that, not just from ideologues but also the copyright industry, and maybe even parts of Big Tech. The copyright industry wants to block pirate sites. Actually, anything that suppresses competition is good. See for example how piracy shield works in Italy.
- This is supposed to help against “cyberbullying” and “grooming”, according to von der Leyen. https://ec.europa.eu/commission/presscorner/detail/en/statement_26_817
That means, that all online activities by minors must be carefully monitored. “Private” messages from or to minors must be scanned for suspicious content and possibly handed over to authorities. That implies that offering encryption to minors must be outlawed.
Especially cyberbullying is very complex and deeply personal phenomenon. It may include spreading rumors, or excluding someone from a group. Somehow Big Tech is supposed to find a way to solve this. We take all the grievances against Big Tech, and this is the conclusion?
But maybe it’s okay, because our governments will be instructing Big Tech on what do. Is that really how much you trust your government?
I find it unlikely that this infrastructure would only be used against minors, once it exists. EG the government servers that indicate your age could also indicate that you are under investigation, and that all your activities should be recorded for the police.
Does this also mean that if two minors of lets say age 16 exchange spicy pictures that were previously only between them, from then on involves at least one adult “reviewer” who then has to save the image for documentation purposes creating a large library of flagged spicy pics, possibly worth millions?
That already exists.
Those spicy pictures are so-called CSAM; Child Sexual Abuse Material. Most countries have exceptions in their laws to keep kids out of jail. But it is legally very risky. As soon as such images are shared, even other minors may face prosecution.
When the police seize such images, they go into databases. They are also shared with some privileged companies, that are allowed to handle such images. They use them to scan for these or similar images being shared on the net. I understand that it is quite lucrative to offer such services, on account of having near monopolies. I’m sure not all those who volunteer for these jobs are hardy men who do it only for the satisfaction.
This is basically the cover story to the EU caving to US tech companies because if you can’t tell a person from a bot, your advertising model is dead. I’d wager VDL will make massive bank when she drops out of the commission. I’ll never forgive Germany and Macron for putting her in that position.
Except bots will be “verified 30-something human persons” quicker than the most tech-literate human manages to go through verification.
Unfortunately, it’s an old German tradition to misuse the EU commission as a toxic waste dump for politicians too bad for domestic use. It’ll happen again.
I’m kind of starting to think the whole Internet thing was a bad idea and we actually should get rid of it. Well, maybe not all of it. Let’s go back to silly blogs and personal websites that are updated once a month.
Let’s go back to CB radio! I did find it unrealistic in One Battle After Another that the revolutionaries were planning stuff in secret instead of openly on social media though.
I mean online banking, administration, shopping and streaming is cool but the social media part was a bad idea.
Greetings from germany to my fellow germans who had a light chuckle seeing Censorsula announcing a zero knowledge app.
I’d like a more credible source that this is zero knowledge.
they said it’s open source, so it should be verifiable, otherwise it definitely shouldn’t be trusted.
She must be very envious of Xi, or rather, her lobbyists are. The place for rotten corrupt politicians should be in prison for life, not on a comfortable throne in Brussels.
Why the comparisons with China? Doubt that they’re using zero knowledge proofs and open source.
None of that matters because the objective is the same. This measure is simply the normalization of government and corporate overreach towards authoritarianism under the flimsy excuse that it’s to protect children.
They know very well that it’s unpopular, and therefore western leaders are coming up with the strategy of implementing this crap all at once and taking a certain care to generate as little further distrust as possible. The enshitification will come later.
The verification making sense and trust in government are 2 separate problems. Not defending here one or the other, just saying that the mixing up doesn’t help.
The verification could make sense with something like a physical gift card.
Go to a store or kiosk, show them your ID card or driver’s license, and they’ll give you a card randomly chosen from the shelf with a code to activate the +18 version of any social network of your choice.
Each code could only be used once. People would have to buy more, at a symbolic cost, for each social network they wished to activate.
I would tend to be against this on principle in the same way, but at least it would be something I could understand where the objective is actually what is being presented (protecting the children), albeit misguided, because to me it is clear that what is currently being promoted and proposed has nothing to do with age verification, but rather with mass surveillance, marketing and censorship. Fascistic authoritarianism.
But now you’re giving your id to third parties. Why do you trust them more than your government, which has that data anyway?
It would still be made by the government and distributed by third parties and the government. What matters here to give me confidence is that it would be physical and only one person at the counter would know my age which would obviously be much safer and would ensure that no other information would be passed on.
Also,
https://cybernews.com/security/eu-age-verification-app-hack/
LoL
“Online platforms can easily rely on our age verification app so there are no more excuses. We will have zero tolerance for companies that do not respect our children’s rights.”
Not being able to access a website is not a right. Being able to browse the web without being exposed to disturbing material without consent can be seen as a right, but it doesn’t require age verification beyond a simple “are you over 18 years old?”.
Being forced to provide an image of yourself or your ID to a website that you can’t trust if you want to access a website or service, if there’s also the option to do it with a zero-knowledge proof, could maybe be seen as a violation of one’s privacy rights (non-functionally-necessary data must be opt-in, AFAIK). But these rights are not limited to children, and it doesn’t apply to under-age them as they won’t be able to access the service anyways.
Zero-knowledge proofs are cool, the german id card has such a feature, afaik. It just certifies that the user is >18 years old, and doesn’t leak the actual age, your name, or other identifiable information, afaik. (I’ve never used it.) I can’t judge what they implemented, or if one can trust that they implement what they specify, or what metadata might be involved.
Being able to access the 18+ side of the web without having to worry about privacy is an important right. It weights more than protecting children from the consequences of their own free decisions in this case, imo.
And I still don’t give a shit what your children do on the Internet. Even the hassle is more than I care to abide, even if it is somehow perfectly safe and private.
A lesser violation of privacy is still a violation of privacy. “It could be worse” isn’t a particularly persuasive argument
Being able to browse the web without being exposed to disturbing material without consent
Advertisements on the internet are very disturbing…
Maybe we can restrict exposure to Christian nationalism and cishet relationships while we are at it.
The EU verification app is actually doing what you described for the German ID card, you get back a signed predicate “over 18” and that’s it. It’s also there for other legally meaningful ages, in a way you can you it to target the age a bit better, but you would have to issue many challenges to the user.
but it doesn’t require age verification beyond a simple “are you over 18 years old?”.
In what world does that stop any kid? Should a bartender also just ask if people are over 18 (or what your drinking age limit is) and then just believe whatever little Johnny says?
Of course it only stops children that want to be stopped, aka it protects them from stuff they want to be protected from.
See also my last sentence:
It weights more than protecting children from the consequences of their own free decisions in this case, imo.
Of course, you can disagree here. The fundamental question is, do we want to let the subject decide by itself, or do - as the lawmaker - the decision for all subjects.
For drinking alcohol I’d prefer latter, because:
- Young humans are less resistant against the bad effects of alcohol than adult ones. (==> Makes sense to restrict only a part of the population.)
- It can be addicting. (==> Hard to make own decision.)
- There can be peer pressure to take drugs. (==> Hard to make own decision.)
- The damages would be expensive for the health care system. (==> Negative effects for all of us, not just the individual.)
For gore and porn I don’t see such points.
If you dont think people can get issues from watching things, you should look up issues people have gotten from having a job of reviewing flagged content on social media sites.
I’m a little confused at what you’re writing, as it seems like you think the children that should choose if they should access a porn (or other adult content) site. They will of cause continue to watch. Just like they would eat doughnuts as a meal all the time if they had the choice.
You forgot to read the sentence right before the one you quoted
I read it, I re-read it. What did I miss? Commenter seems to think that it is the children that want to be protected, when it’s the parents/government that want a more effective way of blocking children from accessing porn (and other) sites.
Where are the photos of the document processed though? And if not on the phone itself, is the server backend open source as well? Can I self-host it? And is the data which is used to generate certificates deleted immediately or stored in the backend? I have questions.
It probably just uses the EU eID system. That uses NFC and not any camera pictures whatsoever
the zk proofs should be generated locally on whatever device you are using. It won’t be any actual photos, it’ll likely be NFC, it depends on verifying the cryptographic signature has signed the data you are trying to prove, and image doesn’t have that.
When I scan the qr code on my phone, it actually launched my country’s own eIDAS app. The EU verification app looks more like an application of eIDAS, data is stored on your national id card, that’s it.
Agreed.
It sounds like a better solution than sending photos of ID documents anywhere and everywhere, but at the same time it’s not really different, it’s just centralized. It removes other vectors of privacy breaches, but it doesn’t remove the possibility of a breach entirely.
Just stop requiring age verification to protect an open and anonymous internet. If governments are worried about what kids are doing online, start charging their parents with neglect, because they’re supposed to be the responsible party for their kids’ behavior.
To be honest, I simply wouldn’t feel comfortable storing this data on the third party servers hosted on hyper scaler infrastructure. That probably works for most but I’m not keen on a Telekom / AWS combination there. The regulation itself is a totally different discussion. There’s arguments both in favor and against and I don’t really wanna judge that here. I’ll say though, that IMHO the OS level is totally the wrong place to do it. Just gives large non-European companies a powerful bonus datapoint.
Disagree. Parents apparently cannot oversee the harm they are causing. And the social pressure is too high. So it needs to be regulated.
Not my problem.
Parents apparently cannot oversee the harm they are causing.
Then that’s still the parents’ fault, IMO. If you can’t teach your child to use the internet safely and responsibly, or adequately monitor the services they use, then you don’t give them internet-enabled devices.
Imagine if instead of the internet, we were talking about going out after dark. A few kids go out and do stupid things at night, but instead of blaming the parents who let them out unsupervised, we set a national curfew for everyone unless you obtain a nighttime permit from the government. Does that sound reasonable?
Sure it’s the parents fault. The discussion is not whose fault it is but the result. Which means → regulate it.
Your comparison with going out after dark is totally off. It’s much easier to monitor if the kid is in the house than if they access web site they shouldn’t.
Just to blame the parents is too easy. There’s a reason why porn, alcohol, and cigarettes is not allowed to be sold to minors in shops. What you’re asking is that parents shouldn’t allow their kids to to go to shops, just so you don’t have to be provide proof of your age to access to alcohol in your local shop.
More and more of our lives are online and I totally see why we need to do propper online verification for some things.
Agreed. The “parents are too blame” crowd is insane to me. How are you gonna control what your kid does on the wifi hotspot Derek in the last row on the school bus created?
The app (open source, cross platform, completely locally, no photo id, no 3rd parties involved) only provides sites with a yes/no on “is person over 18?”, via an on-device zkp.
So good luck pitching a solution that is more privacy friendly than this, because this is pretty much the perfect solution. I’m honestly elated that the EU is releasing this, because it means I’ll NOT need to deal with privacy-nightmare situations like in other countries where legislation came before a technical solution. This lays a fantastic baseline for the EU to force companies to use THIS solution for age verification, essentially killing the data harvesters dead.
The article says the document is not send to a third party, most likely it uses info on the passport (NFC, not photo) to generate a proof that the holder is an adult.
Photos?
I’m fairly certain the app will use the NFC feature of your ID to verify age and only age. Everything else would be a gross violation of privacy, it does not need to store anything else.
Besides, photos only prove possession of an ID card, not ownership. Imagine if an ATM allowed withdrawing funds from a card without having to enter anything. Using the NFC feature requires entering a PIN only the owner should know.
Powers that be do not want an anonymous internet that helps illegal actions (illegal is large, from organizing slavery to organizing a protest that could endanger the established organization).
The rest is just posturing, seizing opportunities, and moving gradually. It’s just allowing government intelligence to do their job for the powers that be.
If we want to change this, we need more democracy. Like much more. And properly teaching basics of political science / sociology / macroeconomic so voters know where the tradeoffs are, because there are always tradeoffs.
That’s a lot of very misdirected effort, with a lot of bad and not-at-all-necessary consequences.
I could not imagine myself in this timeline.
Virkkunen said the Commission will also establish a European co-ordination mechanism to ensure consistency as member states implement their own national age verification schemes, which currently vary significantly in approach and minimum age thresholds.
The app arrives as at least a dozen European countries, including the UK and Norway, have enacted or are actively considering legislation setting minimum age limits for social media, typically between 13 and 16 years.
Part of a global lobbying effort as Canada’s governing party, the Liberal Party of Canada, is also discussing age verification simultaneously, as are a number of US states.
deleted by creator
Is the app actually old enough?
As long as it increases shareholder value (they will now know who is a bot & who isn’t + potentially a lot more of your contextual personal info) that is mission achieved for the … representatives of the
megacorpspeople.
