- Please don’t link to Reddit. Context below: - The EU is currently developing a whitelabel app to perform privacy-preserving (at least in theory) age verification to be adopted and personalized in the coming months by member states. The app is open source and available here: https://github.com/eu-digital-identity-wallet/av-app-android-wallet-ui. - Problem is, the app is planning to include remote attestation feature to verify the integrity of the app: https://github.com/eu-digital-identity-wallet/av-app-android-wallet-ui?tab=readme-ov-file#disclaimer. This is supposed to provide assurance to the age verification service that the app being used is authentic and running on a genuine operating system. Genuine in the case of Android means: - 
The operating system was licensed by Google 
- 
The app was downloaded from the Play Store (thus requiring a Google account) 
- 
Device security checks have passed 
 - While there is value to verify device security, this strongly ties the app to many Google properties and services, because those checks won’t pass on an aftermarket Android OS, even those which increase security significantly like GrapheneOS, because the app plans to use Google “Play Integrity”, which only allows Google licensed systems instead of the standard Android attestation feature to verify systems. - This also means that even though you can compile the app, you won’t be able to use it, because it won’t come from the Play Store and thus the age verification service will reject it. - The issue has been raised here https://github.com/eu-digital-identity-wallet/av-app-android-wallet-ui/issues/10 but no response from team members as of now. - So is there a way to apply pressure on the EU to think this through first? Surely they could have different ways that doesn’t lock them in to google services. - According to the users in that issue, the mere application of the API is illegal, as is the dependency. Sooo I dunno what kind of PACs there are in the EU but I would be leaning on and contributing to those. - I do feel like that’s a precarious state to leave this in, especially if they’re developing the backend for it. - Is there even enough momentum for a SKG-style wave of coverage? It would need to be justified properly by citing things like the Tea app data leak, to make a strong case (to political pencil pushers) for the danger of tying personal information to profiles or even to platforms. Otherwise the only thing they’ll see is “gamers want to make porn accessible to children”. - I don’t know. This whole situation boils my blood because I really care about online anonymity, and this is kind of nightmare scenario shit for me. I’m not even in the UK or EU. - I’m not even in the UK or EU. - We’ve had this shit in the US for a while now. 
 
 
- To avoid people from simply copying the “age proof” and having others reuse it, a nonce/private key combo is needed. To protect that key a DRM style locked down device is necessary. Conveniently removing your ability to know what your device is doing, just a “trust us”. - Seeing the EU doesn’t make any popular hardware, their plan will always rely on either Asian or US manufacturers implementing the black-box “safety” chip. - If it is about hiding some data handled by the app, that will be instantly extracted. 
 There are plenty of people with full integrity on rooted phones. It’s really annoying to set up and keep going, and requiring that would fuck over most rooted phone/custom os users, but someone to fully inspect and leak everything about the app will always be popping up.- If it is about hiding some data handled by the app, that will be instantly extracted. - Look at the design of DRM chips. They bake the key into hardware. Some keys have been leaked, I think playstation 2 is an example, but typically by a source inside the company. - That applies to play integrity, and a lot of getting that working is juggling various signatures and keys. 
 The suggestion above which I replied to was instead about software-managed keys, something handed to the app which it then stores, where the google drm is polled to get that sacred piece of data. Since this is present in the software, it can be plainly read by the user on rooted devices, which hardware-based keys cannot.- Play integrity is hardware based, but the eu app is software based, merely polling googles hardware based stuff somewhere in the process. - merely polling googles hardware based stuff - I understand. In the context of digital sovereignty, even if the linked shitty implementation is discarded (as it should be), every correct implementation will require magic DRM-like chip. This chip will be made by a US or Asian manufacturer, as the EU has no manufacturing. 
 
 
 
- The key doesn’t have to be on your phone. You can just send it to some service to sign it, identifying yourself to that service in whatever way. - It’s that “whatever way” that is difficult. This proposal merely shifts the problem: now the login to that 3rd party can be shared, and age verification subverted. - A phone can also be shared. If it happens at scale, it will be flagged pretty quickly. It’s not a real problem. - The only real problem is the very intention of such laws. - If it happens at scale, it will be flagged pretty quickly. - How? In a correct implementation, the 3rd parties only receive proof-of-age, no identity. How will re-use and sharing be detected? - There are 3 parties: - the user
- the age-gated site
- the age verification service
 - The site (2) sends the request to the user (1), who passes it on to the service (3) where it is signed and returned the same way. The request comes with a nonce and a time stamp, making reuse difficult. An unusual volume of requests from a single user will be detected by the service. 
 
 
 
 
 
 
- Wouldnt it be enough to verify through IMEI to make sure the OS isnt emulated? - IMEI is PII - Is it tied to my real identity? 
 If not it seems to me that it should be sufficient as to serve as a security this phone is legit and not emulated/compromised.- Yes it’s tied to your identity. That’s what PII is. It’s also not tied at all to your OS. 
- In the eu, phone numbers by law are tied to state identities. 
 And the phone provider can naturally resolve their sim IDs down to the phone number they are assigned to.
 Anything related to celltower interactions is PII.
 
 
 
 
- 
- What’s going on with Europe lately? You all really want GOOGLE of all mega corps in control of your identity? - You’re going the opposite way, it should be your right to install an alternate OS on your phone. If anything they should be banning Google licensed Android. - Its not the populace, our politicians just like in the US have gone rogue. People are voting for the nutters due to anti immigration propaganda and so increasingly getting far right. Its happening across the entire western world and its bad news for everyone. - Except this isn’t even the right wing nutters doing it. These are mainstream politicians executing their power grabbing neolib agenda, with very little democratic oversight or public debate. 
- had a hope for europe to actually be socialists, at least no one ever confuses america for being left 
- At least in the UK it has been the Labor party doing it, they all want control. 
 
- I just wanted the EU to fork lineageOS and provide it as an alternative in major chains. - I miss LineageOS so much, my last couple of phones haven’t had a build of it and my asshole banking apps wont work on it now. - For my next phone i’m just not going to buy one unless it’s already supported and if I have to skip online banking I’ll do it. - I use the banks webpage. Still works on LineageOS even when the app doesn’t 
- one advantage of cards over banking apps - I use cards, I don’t even have NFC on my phone, but it is nice to be able to check my bank account, lock/unlock the card, deposit checks, etc. - I may be able to do most of that on the website, idk. Guess I’m probably going to find out :) - Use the old phone w generic android for banking apps. Most banking websites will still have app functionality too 
- I can just text bal to my bank to get my balance 
 
 
 
- Fwiw there’s fairphone with eOS 
 
- They get their tech advice for laws from big tech. 
- We dont want it. VdL is one of the most corrupt people in policits and unfortunately has a lot of influence - VdL = Ursula von der Leyen to the uninitiated. Conservative politician, but the more boring kind, not the Orbán-style post-fascism kind. 
 
- to hear it from any non-Americans on lemmy they’re better than America. - looks like they’re just as susceptible to this fascist bullshit to me though… - We invented this bullshit, of course we’re susceptible. - Still better than America, though ;P XD 
- deleted by creator 
- Hey Google, where was the origin of fascism? 
 
 
- Fuck the play integrity API, Play Store and Google play services - And the EU for their stupid fucking censorship - Sure, but it has some good sides as well - It’s just a shame that they aren’t just made of the good sides - Excuse me, censorship is not good in any way. The people should have the power to decide what they want to see, and what they want to say. Not government officials nor private platform owners. - I was saying the EU has done some great things, not that censorship has good sides - Ah, my apologies. It was unclear - My bad - My instance could also hint at it ;) 
 
 
 
 
 
 
- Yeah no. Requiring anything Google for something as basic as this violates the GDPR. If they go through with this, it’s one legal case until they have to revise it. - Edit: German eID works on any Android btw., flawless actually. I sure hope I can use that for verification - Edit: German eID works on any Android btw., flawless actually. I sure hope I can use that for verification - Same in Italy… I mean, I can pay taxes with that application but I cannot be verified for my age ? Seriously EU ? - deleted by creator 
 
- Yes and the PC app you connect the Android app to also works on Linux. It’s even on flathub. Pretty nice, can’t complain. - That Flathub app is unofficial afaik, which is why I don’t use it. Normally I wouldn’t care, but this seems important enough to not use a repackaged version 
 
- EID and equivalents are great for a lot of things, but do you want your porn site to know who you are? The new app is supposed to verify your age but not give out your PII. Not sure eID can do that? - EID can be used for anonymous age verification. It doesn’t even need to give out your birthday and can attest to any “over the age of X” requirement. - Ah, better than what we have in Estonia then 
- “Government issued app can be used for anonymous age verification.” - Doesn’t sound like the most trustworthy statement… 
 
 
- violates the GDPR. - I wouldn’t be too sure. Data protection mainly binds private actors. Any data processing demanded by law is legal. You’d really have to know the finer points of the law to judge if this is ok. - The GDPR also applies to public institutions as far as I’m aware - but most importantly the concern here is Google and data collected by Google. This data collection is in no way necessary to provide the age verification service. Most of it is not even related to it. The state legally cannot force you to agree to some corporations (i.e. Google’s) terms, even if we completely ignore the GDPR. - Data processing mandated by law is legal. Governments can pass laws, unlike private actors. Public institutions are bound by GDPR, but can also rely on provisions that give them greater leeway. - I don’t see how that this is in any way necessary, either. But a judge may be convinced by the claim that this is industry standard best practice to keep the app safe. In any case, there may be some finer points to the law. - The state legally cannot force you to agree to some corporations (i.e. Google’s) terms, - I’m not too sure about that, either. For example, when you are out of work, the state will cause you trouble if you do not find offered jobs acceptable. - It’s another question, if not having access to age-gated content is so bad as to force you to do anything. Minors nominally have the same rights as full citizens, and they are to be denied access, too. 
 
 
 
- What is it with everyone being obsessed with porn censorship suddenly? Why is this a trend? - At first I thought it’s about control and data gathering, but this seems like too much of a genuine attempt at such a system. Why is the government so obsessed with parenting and nannying the citizens? - Fascism is making a comeback, and everyone’s dumb enough to believe it’s an America problem, instead of a global oligarchy, class war, problem. 
- deleted by creator 
- The legal precedent for gaining the ability to ban content under the guise of preventing the dissemination of “obscenity” allows the future banning of “obscene” political opinions and “obscene” dissent. - Once the “obscene” political content is banned, the language will change to “offensive”. - After “offensive” content is banned, then the language will change to “inappropriate”. - After “inappropriate”, the language will change to “oppositional”. - If you believe this is a “slippery slope” fallacy, then as a counterpoint, I would refer to the actual history of the term “politically correct”: - In the early-to-mid 20th century, the phrase politically correct was used to describe strict adherence to a range of ideological orthodoxies within politics. In 1934, The New York Times reported that Nazi Germany was granting reporting permits “only to pure ‘Aryans’ whose opinions are politically correct”.[5] - The term political correctness first appeared in Marxist–Leninist vocabulary following the Russian Revolution of 1917. At that time, it was used to describe strict adherence to the policies and principles of the Communist Party of the Soviet Union, that is, the party line.[24] Later in the United States, the phrase came to be associated with accusations of dogmatism in debates between communists and socialists. According to American educator Herbert Kohl, writing about debates in New York in the late 1940s and early 1950s. - The term “politically correct” was used disparagingly, to refer to someone whose loyalty to the CP line overrode compassion, and led to bad politics. It was used by Socialists against Communists, and was meant to separate out Socialists who believed in egalitarian moral ideas from dogmatic Communists who would advocate and defend party positions regardless of their moral substance. - — “Uncommon Differences”, The Lion and the Unicorn[4] - You’re right but the example you gave seems to illustrate a different effect that’s almost opposite — let me explain. - The phrase “politically correct” is language which meant something very specific, that was then hijacked by the far-right into the culture war where its meaning could be hollowed out/watered down to just mean basically “polite”, then used interchangeably in a motte-and-bailey style between the two meanings whenever useful, basically a weaponized fallacy designed to scare and confuse people — and you know that’s exactly what it’s doing by because no right-winger can define what this boogeyman really means. This has been done before with things like: Critical Race Theory, DEI, cancel culture, woke, cultural Marxism, cultural bolshevism/judeo bolshevism (if you go back far enough), “Great Replacement”, “illegals”, the list goes on. - I see your point. I should’ve limited my citation to the phrase’s authoritarian origins from the early 20th century. - To clarify, the slippery slope towards “political correctness” I wanted to describe is a sort of corporate techno-feudalist language bereft of any real political philosophy or moral epistemology. It is the language of LinkedIn, the “angel investor class”, financiers, cavalier buzzwords, sweeping overgeneralizations, and hyperbole. Yet, fundamentally, it will aim to erase any class awareness, empiricism, or contempt for arbitrary authority. The idea is to impose an avaricious financial-might-makes-right for whatever-we-believe-right-now way of thinking in every human being. - What I want to convey is that there is an unspoken effort by authoritarians of the so-called “left” and “right” who unapologetically yearn for the hybridization of both Huxley’s A Brave New World and Orwell’s 1984 dystopian models, sometimes loudly proclaimed and other times subconsciously suggested. - These are my opinions and not meant as gospel. - I get what you mean. You’re saying we’re sliding towards something that brings back political correctness in its original definition, and I agree with you. - The idea is to impose an avaricious financial-might-makes-right - This resonates a lot. I’d argue we’re already there. All this talk of “meritocracy” (fallaciously opposed to “DEI”), the prosperity gospel (that one’s even older), it’s all been promoting this idea of worthiness determined by net worth. Totalitarianism needs a socially accepted might-makes-right narrative wherever it can find it, then that can be the foundation for the fascist dogma/cult that will justify the regime’s existence and legitimize its disregard for human life. Bonus points if you can make that might-makes-right narrative sound righteous (e.g. “merit” determines that you “deserve” your wealth, when really it’s a circular argument: merit is never questioned for those who have the wealth, it’s always assumed because how else could they have made that much money!). 
 
 
 
- Govt. want to control access to everything
- People are not too happy about this
- Govt. say “to protect children, you have to install this app, under these conditions”
- You want to protect childrens, so you do so
- Govt. say “to protect this or that, we have to impose approved gates on many websites, based on the app you installed before”
- You want to protect this or that, so you accept it
- Govt. say “fuck you, you whatever is not in line with the fucking biggot at the helm of your country/federation/whatever, now we know what you do, we control what’s allowed, and anything to get around the blocks is illegal and will land you in jail. Fuck you again, fucker.”
- You’re a happy little plant in a pot.
 - Basically, it’s not about porn. It’s not about protecting kids. It’s not about helping “victims of abuse”. If anything, it’s putting all these in more danger, along with everyone else. - “protect children” - actively defending child rape
- calls vaccines poison
- calls prenatal care and school lunch subsidy woke
- spends billions bombing brown children
 - If hypocrisy was poisonous we wouldn’t have these problems 
 
 
- Why is the government so obsessed with parenting and nannying the citizens? - I think it’s because people from outside the traditional political families are getting popular votes. - For the established politicians, blaming “the internet” and building a supressing censorship machine is easier than looking in the mirror and seeing where the discontent comes from. 
- Been wondering myself. It’s certainly part of the general right-ward trend. Societies are becoming more illiberal. It’s not just the right that is moving to the right. - Obscenity laws have always been about enforcing the “correct” sexuality. Protecting minors meant preventing them from becoming “confused”; ie becoming LGBTQ. - You also have growing nationalism. In Europe, people are saying we should enforce “our laws” and “our values” against meddling foreigners (ie Big Tech). It often sounds a lot like the rants against the “globalists” that have been a staple among the US far right for decades. Age verification is part of that. - For example, Germany has long enforced age verification within its borders. It’s part of the whole over-regulation thing that makes competitive tech companies almost impossible in Europe. For some reason, Europeans have trouble accepting that. You can see it here on Lemmy. The solution must be to enshittify everything to level the playing field. 
- It’s not about porn. It’s about tracking your every move online. 
- This is just my speculation, so take it as you will. The EU has been pushing for digital ID cards for quite a while, and this is just another attempt. The last serious attempt was the Covid vaccination passport, but so many people still opted for paper certs, and the rest deleted the app when vaccination was no longer mandatory, that it failed again. So, now the authorities are becoming smart and trying to go through the vector that has a proven record of driving technological change: porn. 
- Gonna guess it’s outside influence with money pushing their ideology. Just like the crap with Visa and steam, itch.io, etc. 
- This has been discussed a while back, at least here in NL as far as I know it started because of legalising online gambling for which you need to be identified. Also, due to GDPR, businesses aren’t allowed to make copies of ID’s/passports/driving licences any more which is required for certain businesses (notaries, accountants, etc). In my office we currently use some kind of identification software, but it isn’t anonyms because well we wouldn’t be able to do our job. - This sounds like a misunderstanding of gdpr to me? - There is a bit of a conflict between the laws requiring certain companies to identify their clients and GDPR in basis, but there is something in GDPR that allows these companies to still collect the relevant data and use it or to verify the data and not store it depending on the use case. - The whole use case thing is even the reason why companies are allowed to collect data from you. You couldn’t get anything delivered if this exception wasn’t there, because they wouldn’t be allowed to progress your address. - At least that’s what I gathered from the Dutch implementation the AVG, when I last read it a couple years ago. 
 
 
- FYI: Most of the world actually restricts, and some outright bans, porn. - Its only western countries that have unrestricted access to porn. 
- Most western governments look at the ability of some of the more authoritarian places ability to just snap there fingers and make the entire internet go away with great envy. 
- Too many bots online :D I’d like to know if I’m talking to a real sockpuppet when I’m online :D…but just for that and only share data from my “wallet id” on a strict need to know basis. 
 
- European Digital identity - looks inside: - Hosted on GitHub in the US 👏 - That’s ironic 
 
- Why is the EU licking america’s asshole? - 'Cos it’s been turning (far-)right as well in the last few years. - Which is why Europeans shouldn’t be too eager to laugh about the US being a fascist hellhole. It could happen there again if they’re not vigilant. - Dude, I keep telling my possibly AfD voting cousin we’re just a few years behind the US if things continue as they do. Our politicians aren’t better people, they’re just sneakier for now. - The way that the EU has been bending over for Trump is worrying. 
 
- No one is laughing… We’re horrified how the people who have been screaming “freedom” and being obnoxious about how much more free they are than anyone else in the entire universe, seem to love getting enslaved while being obnoxious about how cool it is to be enslaved. - Europe has its problems. We’ve had them for generations, and right now they’re getting worse. But at least we have a culture of fighting back, something americans don’t. - But at least we have a culture of fighting back, something americans don’t. - Talk is cheap. Prove it in the coming years. I really hope you’re right, because I want SOMEWHERE to not be either a coporate fascist hellholle or a collapsed country in the future… 
- In Hungary, we still have people who think fascism is when “evil people do evil things for the sake of evil”, so when fascists want to hurt Roma, LGBTQIA+, etc. people, no one dares to call them fascists as long as said people have “receipts” in the form of cobbled together statistics, and have a not too cruel solution. 
 
 
 
 
- So, darkweb sites it is. - And then EU politicians will be surprised Pikachu, when CSAM (actual CSAM) will be popular… 
 
- The US might have shot itself in the foot by electing Trump, but the EU is really going to shoot itself in the head if that continue in the same trajectory. - deleted by creator - Sorry to horrify you but we are definitely worse. 
- You should read more international news if you think either the EU or US is “the worst place”. Somalia for example has been in civil war since the 1980s. 
 
 
- So VPN on the router permanently set to Singapore it is. - Apparently this is illegal to implement as of right now, but it’s not helping the feeling of technological doomerism I get whenever I think about this whole identity verification situation. - Sorry, do you have any sources for this? I was just thinking about getting a VPS in Switzerland today. - Some other commenter mentioned that this is brought up in issues tracker in the repo. Sorry, I didn’t actually check for it. - I’m not in the EU, I didn’t dig into it. FWIW I am also moving my own connections to exit from Switzerland sooner or later. 
 
 
 
- so if I use graphene os then I can’t look at porn in the eu - Just use a VPN then. - Wait till they put up a EU Great Firewall and ban VPNs - While this will happen eventually, and circumvention takes skills, it is fundamentally possible, for motivated individuals. 
 
 
 
- Wut?!?! 
- They killed the old net and are in the middle of murdering the new one too. 
- It hurt itself in its confusion! - Google Pain Services 
 
- Well, I hope they’ll pay for my “EU age verification” phone, since my own won’t work. I’ll gladly buy one and not use it either. 
























