Top
Best
New

Posted by roundabout-host 14 hours ago

European "age verification" "app" forcing everyone to use Android or iOS(github.com)
440 points | 294 commentspage 3
TacticalCoder 3 hours ago||
> European "age verification" "app" forcing everyone to use Android or iOS

As a european if I wanted to see the glass half-full I'd say: at least the good news is that from that headline we can name a gigantic loser... Microsoft.

cynicalsecurity 13 hours ago||
Why the hell EU even needs an age verification app? Who's genius idea is this and what for?
christkv 6 hours ago|
Step one in the "EU Firewall" and future credit system. Step out of line and get debanked or other things they will come up with to keep you inline.
iLoveOncall 14 hours ago||
I agree with the sentiment but is there even any phone that doesn't run Android (or derivatives) or iOS and that can install modern "apps"?
sebtron 13 hours ago||
Why does it have to be a phone? Some people still use tablets, laptops and, believe it or not, desktop PCs.
xienze 13 hours ago|||
Smartphones are much more ubiquitous than any of those devices. Across all demographics.
marginalia_nu 13 hours ago||
Accessibility doesn't end with catering to most people though. Since this will be a prerequisite to communicate online, that simply isn't good enough.
xienze 13 hours ago||
You're under the impression that your concerns matter. What matters is the end game of tying real identity to digital identity.
marginalia_nu 13 hours ago||
Well my concerns happen to be my constitutional rights.
iLoveOncall 13 hours ago|||
Tablets would be compatible, and there's absolutely no indication that there won't be a separate system for computers.

It's actually disingenuous to think there won't be. This is a repository for a mobile app only.

roundabout-host 12 hours ago||
The spec mandates mobile versions to exist, and not PC ones. While a PC version can be provided, no government will do that, because they will do the bare minimum.
_factor 14 hours ago|||
This will ensure there never is.
roundabout-host 12 hours ago|||
Android derivatives are not considered enough, because they will not be Google-attested, so the app will refuse them.
lexlambda 13 hours ago|||
You must realize, age verification is for more then just Googles Android apps.

Such a strong new legal framework must consider consumer hardware actually in use:

- Android variations Like GrapheneOS, Huawei's HarmonyOS, older phones running custom ROMs - Linux phones, which are sold in the EU and by EU companies

- Desktop operating systems

All of them can run Web Apps, and thus need age verification

pluralmonad 4 hours ago||
Well, none of them _need_ age verification.
zzril 13 hours ago|||
My PinePhone runs postmarketOS and can technically run every modern Linux desktop "app".
mrsssnake 7 hours ago|||
Even on the Android or iOS phone the EU app won't run if the device owner made even a tiniest change of the operating system without Google or Apple approval.

The EU developed system excludes the 1% of people for which the popular mobile solutions do not work and also make the rest 99% totally dependent on the selected corporations.

asadotzler 4 hours ago|||
Windows and Mac have billions of users.
hahahaa 14 hours ago||
Run linux?
roundabout-host 10 hours ago||
I don't understand. Even if you run GNU/Linux, when you access a restricted website on it, you will have to scan a QR code with the Android or iOS app. <https://cinema.ageverification.dev> is a demo which shows that.
iLoveOncall 5 hours ago||
> https://cinema.ageverification.dev is a demo which shows that.

Unrelated to the substance of the comment but this is a depressing example. Imagine having to verify your age and your identity to buy a movie ticket. This is pure insanity.

Dark times are ahead. Anyone that doesn't see we'll all be living in dictatorships within the next 10 years is putting their head in the sand.

trallnag 6 hours ago||
The EU skipped "having kids" and jumped directly to "protecting kids"
Cider9986 3 hours ago|
Excellent point.
zombot 11 hours ago||
Doesn't that mean that Apple and Google are getting all that data about every single affected user?
roundabout-host 10 hours ago|
They are.
0xbadcafebee 2 hours ago||
Guys, you don't understand, their hands are tied! They need to make the children safe from seeing boobies by forcing mass surveillance on everyone (despite the fact that children can trivially get around it)... and to force mass surveillance on everyone, they need to capitulate to American tech companies. It's unfortunate, but you'll just have to give up your privacy.
g-b-r 13 hours ago||
What would this be applied to? Let's check the freshly printed report by the "Special Panel on child safety online and potential age restrictions for social media" (https://commission.europa.eu/document/download/d833504d-5ec3...).

We have a definition at the beginning, for "Social media and other digital services (in short, social media+)":

“Within the scope of this report, the terms ‘social media+’ and ‘social media and other digital services’, are used to broadly define services that may be available to minors and contain age-inappropriate and/or risky features (for example, addictive and harmful features, among which infinite scroll, autoplay, recommendation algorithms and persistent notifications) and/or content. Social media and other digital services providers include online platforms serving as intermediaries of content from third parties, such as social media, as well as app stores. AI systems posing risks to minors’ safety and development, including AI companions, video games exposing children to harmful commercial practices or dangerous contacts, and video-sharing platforms enabling age-inappropriate access to minors are also included.”

So, let's see, services that may contain age-inappropriate and/or risky content, "online platforms serving as intermediaries of content from third parties".

How quickly can you come up with something that wouldn't fall in that definition?

It seems that anything that allows user-contributed content (such as plain old forums) or communication among users would be comprised in it.

And, yes, to be sure we explicitly include app stores (I guess including e.g. F-Droid, and what about software repositories?) and video games with intercommunication features.

What is this definition used for?

Recommendation 1 of chapter 3: “A harmonised EU-wide access restriction to *social media and other digital services*, including AI companions, for children under 13 is necessary.”

This is a report, not law, but it was commissioned by Ursula von der Leyen and “The report is intended to inform future actions to be proposed by the European Commission and EU Member States to reinforce child safety online.”

shevy-java 13 hours ago||
What baffles me the most is how the EU commission constantly works in favour of US corporations in the long run. This is really strange. Something does not work in the explanations given by the EU commission. To me it looks like US lobbyists run the EU here.
xienze 13 hours ago|
Well, they really, really, really want the end game of tying (real) identity to digital identity. And they want it now, not 10+ years in the future when _theoretically_ there _might_ be some EU-friendly mobile operating system that everyone uses. Right now, Google and Apple are basically the entire smartphone market, so they gotta work with what they've got if they want these plans to come to fruition.
perching_aix 13 hours ago|
I guess it's that time of the week again. Do we have a sockpuppet account to welcome in you by any chance?

The (actual) complaint of the thread appears to be resolved already (which would make sense given this is old news):

> In the README, the following is listed:

>> App and device verification based on Google Play Integrity API and Apple App Attestation

The README.md does not appear to feature such a section (nor any of the other files for that matter).

Separately, the title is editorializing, and falsely suggests there's some big bad EU app, even though the app that does exist is merely a reference implementation, not for end user usage. There's a reason the repository you're linking a discussion thread from only holds specs.

Edit:

> the specification does not prohibit it

My account has been rate-limited, so I'm not able to reply directly. Nevertheless, I'm sure you can appreciate that your title is still quite the lie then. "Not prohibiting it" is very different from "forcing", after all.

roundabout-host 12 hours ago|
In the thread you will find many examples of national implementations which do require attestation. It was removed from the README as a PR measure, but in practice the specification does not prohibit it, so national implementations will still use it.
More comments...