EU Age Verification Solution

Posted by t0bia_s 2 days ago

Comments

Comment by jampekka 1 day ago

The slogan "Age Verification Solution for all Europeans" is a lie.

The honest slogan is "Age Verification Solution for Europeans Who Use Mobile Devices that are Controlled by US Corporations and by Extension US Government Which Can Revoke Your Use of the Solution with No Recourse".

Comment by econ 1 day ago

I asked about the wero[1] US tech lock-in since it is based on Ideal which (in contrast) also works with a browser + card reader + pin code. The response was not to worry about that. Wtf?

I also find the de-banking mechanism fascinating. Bunch of anons decide privately if you are fkd for whatever reason they want (if any)

[1] - https://wero-wallet.eu

Comment by nilslindemann 1 day ago

What about users with no smart phone?

Comment by pjmlp 1 day ago

No smartphnone and dependent on two US companies, is there an official complaint form?

EDIT: A possible way, https://european-union.europa.eu/contact-eu/write-us_en

Comment by techcode 1 day ago

In The Netherlands I wouldn't be able to login to any government or adjecent websites (e.g. portal of my local health center/GP, health insurance, retirement/pension insurance) without a smart phone running DigiD app for 2FA.

The non-EU Serbia has the equivalent app, but also you might be able to get individual/personal e-certificate (for logging into e-government or signing e-documents) added into smart card chip of your ID. But in practice it seems thats only used for business purposes, like CEO/Accountants/etc to sign/submit business records/taxes.

Comment by tmtvl 1 day ago

In Belgium the eID software runs on GNU/Linux, so I can log in to government websites using my ID card and a card reader. In my experience it even works better on GNU/Linux than on MS Windows.

It's one of the only things that Belgium does right.

Comment by closuregarden 1 day ago

The DigiD app isn't required. You can log-in with DigiD using SMS 2FA. This is what I currently do, because I don't want to install closed-source software on my device.

Comment by mcv 1 day ago

DigiD used to work fine without an app. I think it still does, because I have to explicitly select using the app to log in.

Comment by exceptione 1 day ago

Dumb phone works as well with sms verification.

Comment by techcode 1 day ago

I used to work for a GSM messaging gateway/SMSC. And seeing first hand how most of those SMS messages (2FA, password reset, bank transaction/balance ...etc) are usually routed (sure over SSL but stored/forwarded as unencrypted GSM packets) through several different companies around the world - before reaching your mobile operator ...

And on top of that you add stuff like sim cloning, and all the other things that one gets by having a direct SS7 connection (there were blog posts/YouTube videos - IIRC Linus Tech Tips calls/SMS got routed to Australia).

Using SMS for 2FA or anything similar is my last resort.

Granted I stopped working there 15+ years ago - but I imagine that the basic economy reasoning where it's impractical for every mobile operator to have a direct peering contract with every other operator in the world - is still the same.

And messages originating from non mobile users/operators (like DigiD 2FA) always start at one of these messaging gateways/SMSCs (e.g. InfoBip.com), and often go through a few different ones before reaching your mobile operator.

Comment by Someone 1 day ago

From skimming the texts, I don’t see a 100% hard requirement of using a smart phone.

Yes, in https://ageverification.dev/av-doc-technical-specification/d..., section 2.3 User Journey says

“To enable online age verification, the User is required to install an AV app on their mobile device”

but section 3 Architecture says

“The solution relies on a device-based proof of age model, leveraging widely available mobile devices such as smartphones and tablets to store age attestations. This approach supports the goal of rapid deployment and broad accessibility. Alternative mechanisms for storing and presenting proof of age may be considered for future versions of the solution.”

and

“It is also recognised that devices may be shared among multiple users, for example, when a child has access to a parent’s mobile phone”

That indicates the child may not need to have a smartphone.

I think the vast majority of cases where this will be used it with users wanting to run smartphone or tablet apps, though. For those cases, requiring the user to own a smartphone isn’t problematic.

Comment by jampekka 1 day ago

The app is available only on Android (and maybe iOS) and requires Google/Apple attestation.

There's been extensive discussion about this, but the developers refuse to even fully acknowledge the problem.

Comment by Someone 1 day ago

Is there a “the App”? The text I referenced talks of “a Reference Implementation”. That suggests, to me, that there will be multiple apps, leaving open ones for other platforms than smartphones.

And yes, it remains to be seen whether, as they say “alternative mechanisms for storing and presenting proof of age” that “may be considered for future versions of the solution” actually will actually surface, but their argument “The solution relies on a device-based proof of age model, leveraging widely available mobile devices such as smartphones and tablets to store age attestations. This approach supports the goal of rapid deployment and broad accessibility.” has merit.

Comment by jampekka 1 day ago

There are Android and iOS apps. It's advertised as a "white label solution", meaning productized apps should be built on it.

https://ageverification.dev/Setup

Comment by budududuroiu 1 day ago

EU leaders are aware that for the next couple of decades, they will have to lead from a position of deep unpopularity. This is the "solution" to that problem, not whatever they're claiming is the problem.

Comment by raxxorraxor 1 day ago

I really doubt it will establish itself as something broadly adopted. Perhaps the EU tries to force the issue, but that will undermine this "solution" as well and there are ways to evade that.

There were good ideas at first but especially data protection features have already been scrapped. Also you need to buy into the Apple or Google ecosystem, no alternatives allowed. Especially funny if the next sentence contains some reference about independence...

I will not use it for anything privately as I neither trust the issuer, nor the notified bodies providing the infrastructure.

Our police accessed app data from Corona movement apps, it will do the same for any and all digital solutions the bureaucracy tries to sell. This is political problem we had for decades. Authorities aren't trustworthy, the legislative refuses to introduce strong privacy protection and instead tries to do the opposite. They even further enabled large platforms to scrap user data even more unhinged. To hell with them and with their shitty projects, I don't need a shitty content gatekeeper, even if you pay me.

Comment by squigz 1 day ago

> they will have to lead from a position of deep unpopularity

Can you elaborate on... why?

Comment by t0bia_s 1 day ago

Tons of regulations over and over.

  General Data Protection Regulation (GDPR)
  EU Artificial Intelligence Act (AI Act)
  ePrivacy Directive (Cookie Law)
  Digital Services Act (DSA)
  Digital Markets Act (DMA)
  Common Agricultural Policy (CAP)
  Carbon Border Adjustment Mechanism (CBAM)
  EU Emissions Trading System (ETS)
  Corporate Sustainability Due Diligence Directive (CSDDD)
  REACH Regulation (chemicals control)
  Packaging and Packaging Waste Regulation (PPWR)
  Nature Restoration Law
  Renewable Energy Directive (RED III)
  Working Time Directive
  Posted Workers Directive
  Roaming Regulation (price caps for telecoms)
  VAT Directive (harmonized VAT rules)
  State Aid Rules
  Schengen Border Code (migration/border controls)
  Eco-design and product standardization rules
  Corporate Sustainability Reporting Directive (CSRD)
  EU Taxonomy Regulation
  Sustainable Finance Disclosure Regulation
  Regulation to Prevent and Combat Child Sexual Abuse

It dictate sustainability, but instead create unsustainable behemot that costs tax payers more than it brings. It hampers competitiveness, remove freedoms from citizens and holding back the economy. One of the original ideas of building EU was to bring common market. Not any more.

Basically EU holds power through funding projects by grants, which fundamentally breaks free market and there is no transparency in it (ie. Pfizer contracts, proponents of Chat Control, etc.).

Comment by snowpid 1 day ago

ehm lol? Roaming Regulation (price caps for telecoms) is very popular and was even advertised by the EU itself. DSA, DMA and REACH arent very famous but you explain more deeply most people would agree. Orban was voted out of office e.g. because chemical problems in a Samsung factory. So at least your hypothesis must be cited. Apple and Google arent very popular mega corps.

Comment by t0bia_s 1 day ago

Apple and Google arent very popular mega corps

That's why DSA doesn't work. Small and medium-sized enterprises comply and delete unnecessary content because they face crippling fines, while big ones just pay fines made from harmful content. Over and over.

Comment by snowpid 1 day ago

tell me more about these popular small and medium sized enterprises which are struggeling under the obligation of the DSA. I like to hear which ones at least.

Btw, the Very Large ones regulated under DSA are either neutral or negative seen.

Comment by subscribed 1 day ago

Half of these are vital for wellbeing and financial reasons. Only a libertarian or MAG hatter argued that, say, Working Time directive, Schengen regulations or GDPR are detrimental to EU citizens.

LOL.

Comment by xinayder 1 day ago

The best solution is to not have age verification. Period.

Comment by DavideNL 1 day ago

Original url / Statement by von der Leyen: https://news.ycombinator.com/item?id=47778263

Comment by tiel88 1 day ago

I couldn't possibly even begin to express the vastness of my disdain for these Eurocrats... but even I can't believe they decided to name it EAVS.

The EAVS will be dropping yeah?