from schizoidman@lemmy.zip to privacy@lemmy.ml on 28 Jul 11:02
https://lemmy.zip/post/44938969
cross-posted from: sh.itjust.works/post/42943610
Taken from the readme of the app on github:
The current release provides only basic functionality, with several key features to be introduced in future versions, including:
App and device verification based on Google Play Integrity API and Apple App Attestation
Additional issuance methods beyond the currently implemented eID based method.
These planned features align with the requirements and methods described in the Age Verification Profile.
There is an issue opened to remove this as it’s basically telling us that to verify our age in the EU an American corporation has the last word, making it not only a privacy nightmare but a de-facto monopoly on the phone market that will leave out of the verification checks even the fairphone (european) with /e/os.
threaded - newest
Graphene OS can give apps access to the Google Play Integrity API.
Related thread …grapheneos.org/…/14859-play-integrity-after-2025
And MicroG GmsCore
Maybe you shouldn’t provably tie your identity to a privacy phone?
Am I being paranoid that supplying your ID or face to use certain services will make it easier for the state or bad actors to identify activists? I haven’t bothered to read into this situation.
Like all of a sudden, reddit isn’t so private now (not that it really was before).
You’re not being paranoid, this is probably one of the intended uses of this technology. Being able to pretend to care about the children is just set dressing.
Any government-level “for the kids” effort that doesn’t start with paying teachers more than a pittance is a transparent push for something else.
Nope, that’s exactly what will happen. I dunno if I’d call it “intended” (at least not by the politicians that will put it forward), but the various state intelligence apparatus are absolutely banking on it.
That’s exactly why we need to stop this law ASAP. It’s dangerous and anti-democratic. Who cares if some kids see some titties on the web? Seriously…
This verification efforts were kicked off earlier this month; this app hasn’t really launched yet, has it? I think proper implementation after a test phase will maybe come next year. I think it is too early to complain that aftermarket OS’s are being excluded. It seems to me that nobody has tackled that problem yet rather than this being a willful exclusion. And while the EU lawmakers thought it was okay to put the Googles of the world in a position where they get to be judge, jury, and executioner for the right to be forgotten, I have a feeling that GDPR and the general vibe within the EU will not allow this to only work with the help of one American corporation on the continent’s most used OS. We need to be watchful but not despairing just yet.
It will never launch, it’s an example of how it can be done.
Very naive
In digital age it should be understood as a personal liberty to not be compelled by state to use nonfree software in any shape or form. Just like court rulings must be public and legislation too (sadly this doesn’t apply in EU).
It is.
I agree with most concerns here but as a professional prototypist… people do not seem to understand here and on related issues what “reference implementation” means.
This is NOT supposed to be used! By anybody! This is basically a technical demonstration that shows how it can be done at all.
Think of this as a test suite rather than software proper.
Again, this does not mean it’s OK to even suggest that Google and Apple are in any way acceptable bottleneck. I do believe those are terrible choices. I do also believe relying on them just to do a proof of concept or technical demonstration is quite “lazy” but I also bet that this was necessary due to the scope of the project, e.g. “deliver us an app that works in 6 months on an average mobile phone”. I really don’t think they had discussion on accessibility, inclusion, etc.
So… yes, do keep track and be concerned but also don’t conflate a proof of concept with a maintained app that will be required to be used on all EU citizen mobile phones next year.
There’s a big difference between a reference implementation and a proof of concept. A proof of concept just shows it’s possible at all, but a reference implementation is meant as a reference for “you should do it this way”. Expect most companies to just directly copy the reference because they’ll feel it’s a waste of time developing their own system that’s in compliance.
This is definitely going to be copy&pasted as a foundation in many EU states. Therefore, that it requires Android and iOS at all, let alone Google Play, is a fundamental error. Some people avoid smartphones for good reasons, yet still access parts of the internet that may apparently soon be gatekept by this new age verification mechanism. Also see here.
Sure it’s beyond a proof of concept and others will definitely heavily on it yet my point still stand, namely no one is supposed to use this directly. As I also said yes it’s wrong to rely on Google and Apple in general but even more so with talks of EU sovereignty so I’m not giving them any slack for that. What I’m still insisting on is that this repository is not the app people will have to use.
You’re only a full citizen if you use Google or Apple is a dystopia I should have seen coming.
And if you accept terms of use: github.com/eu-digital-identity-wallet/…/15
Age verification was always the trojan horse...
They started with porn for a good reason too
Wait til they make you sub to their AI for your citizenship to work.
Is there anyone more familiar with this age verification process that can explain if and what data does this share with some UE body or government? Is the the system 100% client-side or is there any API or tie to other govt service that may be able to track when and where (website) you’re trying to verify your age? Thanks.
Apparently they want everybody to get some sort of “EU wallet”, that is, some digital signed identity which sounds super dystopian. But that’s just what I read. It sounds like a complete disaster.
I feel like a productive way to address this would be to make a child mode mandatory for all operating systems, as some EU countries already did, and then to give parents a better incentive to actually enable it. For example, all end-user devices could be pressured into prominently showing an option to enable it when first booted up (without forcing your hand either way) so that it’s hard to miss. There are so many other ways to improve this situation.
I found out recently that every android device asks if you will be using the device, or if a child will, as soon as you log in to the device for the first time. The funny part is that it asks AFTER you sign in, effectively linking to to that device, even if you’re giving it to a 15 years old teen.
And that’s why my kids only have Linux PCs, and phones that they use that belong to me, so I can take them away in case it’s necessary (spoiler, they try to stay away from those phones as much as possible, lol).
Since many parents don’t seem to be aware this mode exists, I think it’s a good idea to ask that prominently by default. Technically versed parents like you can still use other approaches.
Absolutely, it is a useful feature for technologically challenged parents, no doubt. However, this way of doing it (using any GAFAM related company or similar) exposes kids to data mining since way before they can make this decision (which most will likely choose to do it anyway, but that’s besides the point). Now, what if these kids grow up to be privacy-minded adults? Their data is already in the hands of others without their consent, and we all know that once data is out there, there’s nothing you can do to reel it back into privacy.
This issue is right up there with parents, or any acquaintances for that matter, uploading photos, videos and PII of our kids with titles like “my awesome nieces and nephews”. My wife’s sister was kicked out of my house because of this, and was banned from interacting with my kids for almost 2 years. The reason? I told her I do not allow my kids’ pictures in social media, and she still did it (maybe thinking I would just bend over and take it).
It’s up to each parent to protect the privacy of their children until they’re old enough to choose for themselves. We are raising privacy-minded kids, but that’s no guarantee that they will be privacy-minded when they are adults. The opposite also holds true. We should not expose our kids to any type of surveillance outside the parents, and even the parents’ surveillance of their kids needs to have limits.
This is why I believe all of us with a little more sense and knowledge, should strive to advocate against this system. All it takes for bad people to win is for good people to do nothing.
Sorry for the slight tangent, but I agree with your response. Perhaps the best approach for technologically illiterate parents might be a child mode that runs a local filter list where it doesn’t send everywhere your kid goes to some online service, or simply not allowing kids to go online unsupervised when they’re not even teens yet. This is a solvable problem however, I feel like, at least more so than the server-side age checks.
It seems like the UK is now trying to make the nanny surveillance state part of all web forums, even outside of the UK: telegraph.co.uk/…/hundreds-of-websites-to-shut-do… Apparently, lemmy.zip is now even blocking UK users. I wonder if it would help if more forums did that, to show where we are heading if nobody is standing up…
This article is interesting as well: eff.org/…/just-banning-minors-social-media-not-pr… My favorite quote is this one, “All methods for conducting age checks come with serious drawbacks. Approaches to verify a user’s age generally involve some form of government-issued ID document, which millions of people in Europe—including migrants, members of marginalized groups and unhoused people, exchange students, refugees and tourists—may not have access to. […] Age assurance methods always impact the rights of children and teenagers: Their rights to privacy and data protection, free expression, information and participation.”
Thanks so much. It’s refreshing to see how some people still have common sense.
In all honesty, I’m very tired of these invasions. But the reality is that this was created by us, parents, families, and tech corps and governments just saw the opening and walked right in.
Tech made us lazy, we fell into the bliss of convenience while entirely dropping our rights on their laps to do with as they wish. I’m guilty of that myself. I allowed Google home and Alexa devices into my home and used them all the time. Then it all clicked when I started seeing information on subjects that interested me, my wife and my kids all over the place, without even looking for them. I panicked bad when I realized something was very wrong, but the damage was already done.
This is what got me into the Privacy and security wagon, and it took me almost 8 years to revert that as much as possible and finally have some sense of safety (because some of that stuff is out there for good, and there’s nothing any of us can do about it).
Now I keep a sort of digital fortress around my family and myself, and I not willing to let it go anymore. This has made our family much more interactive in real life while at the same time harder targets for tech corps and governments.
Evidently, there are some of these that are unavoidable for us common folk, but we can compartmentalize our lives in ways that it’s harder, if not impossible to tie everything about us together into a single fully integrated profile. Yes, it requires work, time, money and missing out on some convenience, but the alternative is infinitely worse, full of unknown dangers that can affect us now or later.
Until most people are fully pushing back on all these dangers, it will only get way worse over time.
I believe that removing the possibility of profit for tech companies is the only way to effectively reverse this trend, however, most people are too distracted by all the screens around them and the carefully crafted content made precisely for this purpose to figure out what is really going on, and by the time we all end up figuring it out, it may very well be too late.
So, I would like to see less excuses by most people on how “it’s too hard for most people”, “some parents are not as tech savvy” and similar BS. That only helps keep the myth of “there’s nothing I can do about it” I alive, which is what all these institutions are banking on.
This is why lemmy is great. At least for now, most instances aren’t run for-profit and it shows.
The main problem isn’t the Google Play integration, but that this requires an Android or iOS device at all. This should be based on something like flutter or electron, and be easily portable with an agnostic build script for e.g. Linux, UBports, postmarketOS, and so on, as well. If only for the reason that most Android and iOS devices will effectively become unpatchable after the mandatory 5-ish years run out, while a standardized UEFI desktop platform will not. There are so many reasons not to have a “standard” smartphone nowadays. Also see here.
The EU governing bodies are speaking out of both sides of their mouths if they claim that they want data sovereignty while simultaneously relying on an evil, American company to verify your “integrity” 🤡
You’ll never be sovereign if you rely on a for-profit entity that makes money by spying on people and selling your data.
Here is the source that they want to make e.g. Youtube, Netflix, … rely on this new app: mlex.com/…/online-services-get-up-to-12-months-to…
What in the fuckety anti-anti-trust megacorp win is this???
Where is the petition to sign??
identify yourself, citizen.
You have a license for that opinion?
I wouldn’t install the government invading your privacy app on my graphene setup even were it an option.
There’s still an option of carrying a plastic chipped ID card with you.
It’d better to check whether the bootloader is unlocked. If banks can do it, then this app can also do it.