cross-posted from: https://sh.itjust.works/post/42943610
Taken from the readme of the app on github:
The current release provides only basic functionality, with several key features to be introduced in future versions, including:
App and device verification based on Google Play Integrity API and Apple App Attestation
Additional issuance methods beyond the currently implemented eID based method.
These planned features align with the requirements and methods described in the Age Verification Profile.
There is an issue opened to remove this as it’s basically telling us that to verify our age in the EU an American corporation has the last word, making it not only a privacy nightmare but a de-facto monopoly on the phone market that will leave out of the verification checks even the fairphone (european) with /e/os.
In digital age it should be understood as a personal liberty to not be compelled by state to use nonfree software in any shape or form. Just like court rulings must be public and legislation too (sadly this doesn’t apply in EU).
The EU governing bodies are speaking out of both sides of their mouths if they claim that they want data sovereignty while simultaneously relying on an evil, American company to verify your “integrity” 🤡
You’ll never be sovereign if you rely on a for-profit entity that makes money by spying on people and selling your data.
You’re only a full citizen if you use Google or Apple is a dystopia I should have seen coming.
I agree with most concerns here but as a professional prototypist… people do not seem to understand here and on related issues what “reference implementation” means.
This is NOT supposed to be used! By anybody! This is basically a technical demonstration that shows how it can be done at all.
Think of this as a test suite rather than software proper.
Again, this does not mean it’s OK to even suggest that Google and Apple are in any way acceptable bottleneck. I do believe those are terrible choices. I do also believe relying on them just to do a proof of concept or technical demonstration is quite “lazy” but I also bet that this was necessary due to the scope of the project, e.g. “deliver us an app that works in 6 months on an average mobile phone”. I really don’t think they had discussion on accessibility, inclusion, etc.
So… yes, do keep track and be concerned but also don’t conflate a proof of concept with a maintained app that will be required to be used on all EU citizen mobile phones next year.
There’s a big difference between a reference implementation and a proof of concept. A proof of concept just shows it’s possible at all, but a reference implementation is meant as a reference for “you should do it this way”. Expect most companies to just directly copy the reference because they’ll feel it’s a waste of time developing their own system that’s in compliance.
What in the fuckety anti-anti-trust megacorp win is this???
Where is the petition to sign??
The main problem isn’t the Google Play integration, but that this requires an Android or iOS device at all. This should be based on something like flutter or electron, and be easily portable with an agnostic build script for e.g. Linux, UBports, postmarketOS, and so on, as well. If only for the reason that most Android and iOS devices will effectively become unpatchable after the mandatory 5-ish years run out, while a standardized UEFI desktop platform will not. There are so many reasons not to have a “standard” smartphone nowadays. Also see here.
Am I being paranoid that supplying your ID or face to use certain services will make it easier for the state or bad actors to identify activists? I haven’t bothered to read into this situation.
Like all of a sudden, reddit isn’t so private now (not that it really was before).
That’s exactly why we need to stop this law ASAP. It’s dangerous and anti-democratic. Who cares if some kids see some titties on the web? Seriously…
Nope, that’s exactly what will happen. I dunno if I’d call it “intended” (at least not by the politicians that will put it forward), but the various state intelligence apparatus are absolutely banking on it.
Here is the source that they want to make e.g. Youtube, Netflix, … rely on this new app: https://www.mlex.com/mlex/articles/2368265/online-services-get-up-to-12-months-to-apply-age-verification-eu-guidelines-say
identify yourself, citizen.
You have a license for that opinion?
Is there anyone more familiar with this age verification process that can explain if and what data does this share with some UE body or government? Is the the system 100% client-side or is there any API or tie to other govt service that may be able to track when and where (website) you’re trying to verify your age? Thanks.
Apparently they want everybody to get some sort of “EU wallet”, that is, some digital signed identity which sounds super dystopian. But that’s just what I read. It sounds like a complete disaster.
I feel like a productive way to address this would be to make a child mode mandatory for all operating systems, as some EU countries already did, and then to give parents a better incentive to actually enable it. For example, all end-user devices could be pressured into prominently showing an option to enable it when first booted up (without forcing your hand either way) so that it’s hard to miss. There are so many other ways to improve this situation.
Maybe you shouldn’t provably tie your identity to a privacy phone?
