I don’t use apps from official software installation sources. I will boycott any site or service that asks me for unnecessary information.
Parents should protect children online.
Oh this sounds good… I missed reading the following essential requirements
- They achieved an unhackable system that also “air gaps” the information used to prove child ID from any external agent, including themselves
- So it will be pulled immediately if it fails or exposes any childs data
- Demonstrably withstands hacking? They have independent audit data?
- Clear accountability clearly laid out for data breaches, including criminal charges?
- Ministerial accountability?
to moniter political dissidents against the right wing to be exact, and may track women as well.
Have you not been following the EU and the right-wing influence the last few years? Spain is practically the only leftist country left.
The motives are irrelevant. This will destroy the internet as we know it and disempower citizens. I can’t help but wonder if the empowerment LLMs may have to an individual is terrifying leaders into an authoritarian mindset, finally demanding to be able to know and track what we do online, everywhere we do it. This is about protecting their ability to rule, not children from harm.
It could greatly boost the use of decentralized apps. Which will ultimately give people more power than they have right now. So in the long run, it might have some positive side effects.
I can’t help but wonder if the empowerment LLMs may have to an individual is terrifying leaders into an authoritarian mindset
LLMs are here to enrich the rich, not to “empower the individual”. They require ridiculously expensive computing power, which makes them impractical or even impossible to self-host (with data centers buying up the market, the required hardware becomes unaffordable to the individual). Now you’re at the mercy of renting out the compute from the oligarchs and their companies, and you’re also relying on their censored and biased models (see Grok and his “Mecha-Hitler” antics if you want a taste of the future). Please don’t expect that to empower you, or anyone else. It can’t, and even if it could, it wouldn’t be available to you.
Unless we democratise LLMs, they’ll just become yet another tool of enslavement in the clutches of the Epstein class.
The internet as we know it is a playground for billionaires to get richer. Good riddance.
Unlike most other age verification system, this doesn’t reveal any other personal information but your age. No credit card number, no personal id.
So I’m curious how you get to your conclusion?
Extrapolating from US decisions, like I would have done
I’m not necessarily against this. Right now, social media companies can knowingly target children with sophisticated conditioning techniques that can and will steer their cognitive development. Although they know for a fact that they are manipulating children, they hide behind plausible deniability.
I don’t like age verification, but I don’t see an alternative. Between the robots and the advanced manipulation techniques, something has to give.
No alternative? How about they start regulating the companies who are writing the algorithms.
They dont just hurt kids, they are detrimental to adults too, why allow the harmful companies to keep the status quo.
This has always been more about increasing policing of the internet and slowly de-anonomising anyone who is online.but I don’t see an alternative
An alternative to what? This will not prevent children from accessing content. The weak point is the humans that willingly allows it in the first place. Having an extra step won’t stop them if it can help them not be bothered by actually having to look after their kid.
This is not sacrificing freedom to gain security; it’s sacrificing freedom to not gain anything.
Welp, this was bound to happen, wasn’t it? I’m pretty sure they’re referring to this application, which I stumbled upon a while back. If I remember correctly, the app “allows” (or implicitly forces) the user to store a government issued identity: able to attest to an age-restricted website, whether or not the user is of age.
It does this, supposedly by “just” sharing an age-bracket with the website; but here’s the kicker: the Union, in its generosity, has granted their citizens an in-app option, to withdraw this signal from the websites it has been provided to. What this means in practice, is the app storing one’s government-issued identify, also ties back to every account requiring “age-verification”…
So now, every device containing the app, has the owner’s government-issued identify on it, together with connections to every age-restricted service. And considering the apps are maintained by the Union, or member states (through their own implementations), creating a backdoor to the application’s contents… I mean to “observe app usage”, would be absolutely trivial.
Again, I’ve read it a while back, so some things might’ve changed, and my memory might be spotty; but I’m quite sure it’s along the lines I’ve described.
I see how this would be considered a problem in the US.
In Europe we see these things differently. I have a number of apps already, that knows my government id. Honestly I don’t know how many, I haven’t needed to keep track.
All sorts of apps from drivers license to a social networking app, which all needs to know my exact id to work. Even my kids has their government id on their phones. This includes an app which only purpose is to prove the users identity.
Having one more appwith your id is not a problem. Specially when its purpos is to NOT show your id.
Why does any of your apps need to involve a government ID? Why do kids need ID on their phone?
Exactly. We’re not afraid of government overreach, but corporate overreach. In the US it’s the opposite (if you include regulatory capture as government overreach). Both regions are underestimating risks in one of these areas. Dictatorship and oligarchy can happen and we should be careful
Ewww gross. Fuck age verification
bad title, this isnt about protecting kids online
this isnt about protecting kids online
It never is, but they always try to sell unpopular things as “protecting the kids”.
Gaaaarbaaaaage.
People keep saying that they verify your age at the super market and I keep trying to remember the last time that happened to me and I just cannot. Nor, for that matter, at bars or coffee shops (for after lunch chat chilling before returning for the afternoon stint).
It may just be my corner of the European Union being much more lax than others.
I’m sorry you look so old. I do too, I basically never get carded, and really never did. My friend that’s actually a year older than me still gets carded every single time, and he’s 36.
The only time they verify your age at the grocery store in America is if you’re buying alcohol
Here they also do it for tobacco.
How about being a fucking parent instead of letting the government do it?
What if the kid’s parents let them be pro Palestine? Can’t let parent’s risk defense contractor’s profits
The government isn’t doing shit except censorship and mass data surveillance. This has less than nothing to do with kids.
Because nobody cares about offline children. Why don’t they spend this money on them ? Because they support rich people.
Offline children are fine. That is, if tney exist
From my understanding this age verification app seems to be based on the age verification blueprint they have been working on for a while now, which is supposed to be part of the European “digital wallet”
https://digital-strategy.ec.europa.eu/en/policies/eu-age-verification
From my understanding it works as follows:
- There will be a central “authority”, with which you can identify
- This authority will provide you with tokens indicating you are 18+ (or whatever age verfication you may need)
- These tokens are stored locally, and contain no identifying information other than a simple “is this guy 18+?”
- You can use these tokens to verify age with a website that requires age verification
This solution does seemingly address my two greatest concern with online age verficiation:
- You cannot trust the website, so they only get the information they need. They don’t get any identifiable information
- You cannot trust the authority, so they don’t get to know for which websites and for what reason you request 18+ tokens
Assuming that this blueprint is followed, it seems like a decent approach at online age verification.
We should not care about verifying age.
The big problem is the trustworthiness of that central authority to maintain the confidentiality of your information, and to not use it for other purposes.
The central authority is basically my government. They already know.
Which they of course will not.
I get why this sounds better than websites directly collecting IDs, but I think it still understates the problem. Even if the site only sees “18+”, the system still begins with strong identity proofing somewhere upstream. So this is not really anonymous access, it is identity-based access with a privacy layer on top.
The bigger issue is centralization. You still need trusted issuers, approved apps, approved standards, and authorities deciding who can participate. That means users are being asked to trust a centralized framework not to expand, not to abuse its power, and not to fail. History gives us no reason to be relaxed about that.
I am also skeptical of the privacy promises. These systems are always presented in their ideal form, but real-world implementations involve metadata, logging, renewal, compliance rules, vendors, and future policy changes. “The website does not know who you are” is only one small part of the privacy question.
So even in the best-case version, this is still dangerous because it normalizes the idea that access to lawful online content should depend on credentials issued inside a centrally governed identity ecosystem. Today it is age verification. Tomorrow it is broader permissioned access to the internet. That is why I do not see this as a decent compromise, but as infrastructure for future control.
I do see your concerns as valid. But at least in my country, we already have all of that.
I have an app I use to id myself to all sorts of stuff. Almost all of us has that. All the changes you mention are not changes, we have already had that for years. The new thing is that you don’t give your id to the website.
Just like during the pandemic, we had an app to prove our vaccination status, without revealing id. Before that we had to prove id, and then they looked up vaccination status.
As far as I understand, there’s no need for “verified apps”. The third party just verifies your token with the emitter.
Also once they get their foot in the door, they can remove the privacy next time they want to unmask someone online saying “I support Palestine action”
The skepticism is very understandable. It is important to scrutinise solutions like this to make sure that they indeed do as they say they do, and to make sure the government doesn’t overreach with their authority.
That said, it should also be possible for laws to be enforced, and there are laws on the books that are supposed to prevent children from accessing things they we as a society have agreed they have no business accessing (alcohol, tabacco, porn, and increasingly commonly social media)
Currently there is no good method to actually enforce those laws on the internet, so there needs to be a solution for that.
I think this form of age verification may be a decent compromise between privacy and the need to enforce these existing laws.there are laws on the books that are supposed to prevent children from accessing things they we as a society have agreed they have no business accessing
The problem is that different societies have different lists of things that they deem children shouldn’t access (or in some cases, citizens in general). For instance, conservative-leaning U.S. states are increasingly labeling any and all LGBTQ content as being unsuitable for children, furthering their indoctrination against a persecuted minority group.
Parents are in the wrong for preventing their children from accessing content depicting LGBTQ perspectives, and age verification tools in such markets are likely to be designed with the express intent of blocking access to LGBTQ content for minors by default.
Likely? They’ve admitted it. That’s the whole point.
I think the disagreement comes from treating “we have laws” as automatically meaning “we must enforce them everywhere at any cost.” The method matters. This approach flips the burden of proof by treating everyone as a minor unless they prove otherwise. That is a pretty extreme shift from how things normally work in the real world.
We also shouldn’t pretend this actually solves the problem. Kids got access to adult magazines before, and they will get access now through a parent’s phone, shared devices, or older friends. If that’s the target, this kind of system is mostly symbolic while adding friction and control for everyone else.
And more importantly, it normalizes something much bigger. Once you accept that accessing legal content requires proving attributes through some approved system, it becomes very easy to expand that logic. Today it’s age. Tomorrow it can be anything else.
So I don’t see this as a balanced compromise. It’s a disproportionate response to an enforcement gap, with long-term consequences that go way beyond the original problem.
I don’t think laws should be enforced at any cost, but if we can reasonably enforce laws I think there is a duty to do so.
Then there is also a different question of whether we agree with the laws on the books, but that is a different matter imo. Personally I don’t think we should limit access to pornography as strictly as the laws says we should, and I don’t think the ills of social media are solved with a simple age limit.
But that is a separate discussion from the implementation of a (in my eyes) reasonable approach to age verification
I don’t think it’s entirely a separate issue, because how a law is enforced is part of evaluating whether it makes sense in practice.
If a law can only be enforced by treating everyone as a minor until proven otherwise, that’s a strong signal that the law, or at least its scope, may be flawed.
Why are all 4 of those in one category, who.decided that all if a sudden?
This is the intelligent non-invasive way to implement this. Basically using a similar cryptographic signing scheme as SSL certificates. We’ve known how to do this for decades.
Hi. This system doesn’t have the cryptographic properties that you think it does. The authority could keep a map between tokens and real IDs. They just say they don’t.
See the problem is the central authority.
I don’t see a central authority (i.e. your government) issuing tokens, as much different from the government issuing you a ID card by which you can verify your age to buy alcohol in the supermarket.
As long as that central authority doesn’t get to know what I use the tokens for, it seems like an acceptable solution to me.
Too me one of the big issues is being able to trust a government or business to not trace a person’s identity back through the token. There are technical ways to prevent that as far as I’m aware, but there’s such a strong incentive against such protections that it’s really hard to trust unless you’re technologically skilled enough to verify the process yourself.
The difference is in the potential for creep.
The proposed implementation would actually be less invasive than a national ID card (assuming the implementation information provided is complete and accurate), but also usable in less scenarios.
AFAICT there is no provision for actually verifying the person using the app is the person who’s identity is verified in the app.
What’s to stop one person having a verified identity and just sharing it with the people around them once it’s been issued ?
As an example, with an ID card in a bar you need to match the photo, this digital system would be like turning up to a bar with an ID that had no picture or details on , but just said “over 18”, you could then hand this to a friend and they could also use it.
I personally think that if a system is mandatory then an easily circumventable verification system is the best choice , but such an easily circumventable system is exactly the kind of thing governments have used as an excuse to push for further encroachment.
Take the UK for example, the online safety act they have is easily circumvented with a VPN (which many people noted before it was implemented) the government basically stuck their head in the sand and claimed vpn’s weren’t widespread enough to be a problem.
Skip to now and they’ve got representatives looking to force vpn compliance with the online safety act without having the slightest clue about why that wouldn’t and can’t work the way they want.
A more suspicious person might suspect the attack on vpn usage was an expected part of the overall plan.
Even a less suspicious person could still see the direct line from one to the other.
I’m not saying they will, but if i were a betting person, I’d certainly put some money on it.
but whose the “central authority” that you have to provide your ID to? and what happens when that central authority inevitably gets hacked?
That central authority would, from my understanding, be your government. They already have your information, so if they get hacked you are already screwed ;)
But they could easily keep track of all the tokens they issued to you, and match them with services you use.
This has never been about protecting the kids. This is about mass surveillance.
This actually sounds pretty reasonable. Thanks for bringing it up.
On one hand this is an elegant solution that is already in use in Germany for years, if companies want to implement it that is. But I think only Sony’s Playstore uses it. Or so I have heard. No US company wants to use it and I am sure they will lobby to get more data from users than a token if this gets rolled out EU wide. I am skeptical about this.
Finally a sane approach to online age verification
There is no such thing
or rather their foot at the door. they just need SOMETHING and once they get started they can just keep making things worse. its never about protecting kids.
Could even have an OAuth flow that only provides a service unique key that the service can use to call the central authority to confirm the user is 18+ and nothing else, I always thought this would be the second best solution
Unless I’m reading this incorrectly, this seems far more invasive than the California law.
