Please don’t link to Reddit. Context below:
The EU is currently developing a whitelabel app to perform privacy-preserving (at least in theory) age verification to be adopted and personalized in the coming months by member states. The app is open source and available here: https://github.com/eu-digital-identity-wallet/av-app-android-wallet-ui.
Problem is, the app is planning to include remote attestation feature to verify the integrity of the app: https://github.com/eu-digital-identity-wallet/av-app-android-wallet-ui?tab=readme-ov-file#disclaimer. This is supposed to provide assurance to the age verification service that the app being used is authentic and running on a genuine operating system. Genuine in the case of Android means:
-
The operating system was licensed by Google
-
The app was downloaded from the Play Store (thus requiring a Google account)
-
Device security checks have passed
While there is value to verify device security, this strongly ties the app to many Google properties and services, because those checks won’t pass on an aftermarket Android OS, even those which increase security significantly like GrapheneOS, because the app plans to use Google “Play Integrity”, which only allows Google licensed systems instead of the standard Android attestation feature to verify systems.
This also means that even though you can compile the app, you won’t be able to use it, because it won’t come from the Play Store and thus the age verification service will reject it.
The issue has been raised here https://github.com/eu-digital-identity-wallet/av-app-android-wallet-ui/issues/10 but no response from team members as of now.
So is there a way to apply pressure on the EU to think this through first? Surely they could have different ways that doesn’t lock them in to google services.
According to the users in that issue, the mere application of the API is illegal, as is the dependency. Sooo I dunno what kind of PACs there are in the EU but I would be leaning on and contributing to those.
To avoid people from simply copying the “age proof” and having others reuse it, a nonce/private key combo is needed. To protect that key a DRM style locked down device is necessary. Conveniently removing your ability to know what your device is doing, just a “trust us”.
Seeing the EU doesn’t make any popular hardware, their plan will always rely on either Asian or US manufacturers implementing the black-box “safety” chip.
The key doesn’t have to be on your phone. You can just send it to some service to sign it, identifying yourself to that service in whatever way.
It’s that “whatever way” that is difficult. This proposal merely shifts the problem: now the login to that 3rd party can be shared, and age verification subverted.
A phone can also be shared. If it happens at scale, it will be flagged pretty quickly. It’s not a real problem.
The only real problem is the very intention of such laws.
If it happens at scale, it will be flagged pretty quickly.
How? In a correct implementation, the 3rd parties only receive proof-of-age, no identity. How will re-use and sharing be detected?
There are 3 parties:
- the user
- the age-gated site
- the age verification service
The site (2) sends the request to the user (1), who passes it on to the service (3) where it is signed and returned the same way. The request comes with a nonce and a time stamp, making reuse difficult. An unusual volume of requests from a single user will be detected by the service.
-
Fuck the play integrity API, Play Store and Google play services
And the EU for their stupid fucking censorship
Sure, but it has some good sides as well
It’s just a shame that they aren’t just made of the good sides
Excuse me, censorship is not good in any way. The people should have the power to decide what they want to see, and what they want to say. Not government officials nor private platform owners.
I was saying the EU has done some great things, not that censorship has good sides
Ah, my apologies. It was unclear
My bad
My instance could also hint at it ;)
Yeah no. Requiring anything Google for something as basic as this violates the GDPR. If they go through with this, it’s one legal case until they have to revise it.
Edit: German eID works on any Android btw., flawless actually. I sure hope I can use that for verification
The US might have shot itself in the foot by electing Trump, but the EU is really going to shoot itself in the head if that continue in the same trajectory.
So, darkweb sites it is.
And then EU politicians will be surprised Pikachu, when CSAM (actual CSAM) will be popular…
So VPN on the router permanently set to Singapore it is.
It hurt itself in its confusion!
How long before that extends to PCs and non-Windows OSes are blocked? Also, add non-Chrome browsers to that as well (that includes Edge, Chromium, Brave, etc. as well as Firefox and its forks).
What’s going on with Europe lately? You all really want GOOGLE of all mega corps in control of your identity?
You’re going the opposite way, it should be your right to install an alternate OS on your phone. If anything they should be banning Google licensed Android.
They get their tech advice for laws from big tech.
We dont want it. VdL is one of the most corrupt people in policits and unfortunately has a lot of influence
VdL = Ursula von der Leyen to the uninitiated. Conservative politician, but the more boring kind, not the Orbán-style post-fascism kind.
Its not the populace, our politicians just like in the US have gone rogue. People are voting for the nutters due to anti immigration propaganda and so increasingly getting far right. Its happening across the entire western world and its bad news for everyone.
Except this isn’t even the right wing nutters doing it. These are mainstream politicians executing their power grabbing neolib agenda, with very little democratic oversight or public debate.
had a hope for europe to actually be socialists, at least no one ever confuses america for being left
European Digital identity
looks inside:
Hosted on GitHub in the US 👏
What is it with everyone being obsessed with porn censorship suddenly? Why is this a trend?
At first I thought it’s about control and data gathering, but this seems like too much of a genuine attempt at such a system. Why is the government so obsessed with parenting and nannying the citizens?
It’s not about porn. It’s about tracking your every move online.
Why is the government so obsessed with parenting and nannying the citizens?
I think it’s because people from outside the traditional political families are getting popular votes.
For the established politicians, blaming “the internet” and building a supressing censorship machine is easier than looking in the mirror and seeing where the discontent comes from.
Fascism is making a comeback, and everyone’s dumb enough to believe it’s an America problem, instead of a global oligarchy, class war, problem.
FYI: Most of the world actually restricts, and some outright bans, porn.
Its only western countries that have unrestricted access to porn.
This is just my speculation, so take it as you will. The EU has been pushing for digital ID cards for quite a while, and this is just another attempt. The last serious attempt was the Covid vaccination passport, but so many people still opted for paper certs, and the rest deleted the app when vaccination was no longer mandatory, that it failed again. So, now the authorities are becoming smart and trying to go through the vector that has a proven record of driving technological change: porn.
- Govt. want to control access to everything
- People are not too happy about this
- Govt. say “to protect children, you have to install this app, under these conditions”
- You want to protect childrens, so you do so
- Govt. say “to protect this or that, we have to impose approved gates on many websites, based on the app you installed before”
- You want to protect this or that, so you accept it
- Govt. say “fuck you, you whatever is not in line with the fucking biggot at the helm of your country/federation/whatever, now we know what you do, we control what’s allowed, and anything to get around the blocks is illegal and will land you in jail. Fuck you again, fucker.”
- You’re a happy little plant in a pot.
Basically, it’s not about porn. It’s not about protecting kids. It’s not about helping “victims of abuse”. If anything, it’s putting all these in more danger, along with everyone else.
The legal precedent for gaining the ability to ban content under the guise of preventing the dissemination of “obscenity” allows the future banning of “obscene” political opinions and “obscene” dissent.
Once the “obscene” political content is banned, the language will change to “offensive”.
After “offensive” content is banned, then the language will change to “inappropriate”.
After “inappropriate”, the language will change to “oppositional”.
If you believe this is a “slippery slope” fallacy, then as a counterpoint, I would refer to the actual history of the term “politically correct”:
In the early-to-mid 20th century, the phrase politically correct was used to describe strict adherence to a range of ideological orthodoxies within politics. In 1934, The New York Times reported that Nazi Germany was granting reporting permits “only to pure ‘Aryans’ whose opinions are politically correct”.[5]
The term political correctness first appeared in Marxist–Leninist vocabulary following the Russian Revolution of 1917. At that time, it was used to describe strict adherence to the policies and principles of the Communist Party of the Soviet Union, that is, the party line.[24] Later in the United States, the phrase came to be associated with accusations of dogmatism in debates between communists and socialists. According to American educator Herbert Kohl, writing about debates in New York in the late 1940s and early 1950s.
The term “politically correct” was used disparagingly, to refer to someone whose loyalty to the CP line overrode compassion, and led to bad politics. It was used by Socialists against Communists, and was meant to separate out Socialists who believed in egalitarian moral ideas from dogmatic Communists who would advocate and defend party positions regardless of their moral substance.
— “Uncommon Differences”, The Lion and the Unicorn[4]
You’re right but the example you gave seems to illustrate a different effect that’s almost opposite — let me explain.
The phrase “politically correct” is language which meant something very specific, that was then hijacked by the far-right into the culture war where its meaning could be hollowed out/watered down to just mean basically “polite”, then used interchangeably in a motte-and-bailey style between the two meanings whenever useful, basically a weaponized fallacy designed to scare and confuse people — and you know that’s exactly what it’s doing by because no right-winger can define what this boogeyman really means. This has been done before with things like: Critical Race Theory, DEI, cancel culture, woke, cultural Marxism, cultural bolshevism/judeo bolshevism (if you go back far enough), “Great Replacement”, “illegals”, the list goes on.
I see your point. I should’ve limited my citation to the phrase’s authoritarian origins from the early 20th century.
To clarify, the slippery slope towards “political correctness” I wanted to describe is a sort of corporate techno-feudalist language bereft of any real political philosophy or moral epistemology. It is the language of LinkedIn, the “angel investor class”, financiers, cavalier buzzwords, sweeping overgeneralizations, and hyperbole. Yet, fundamentally, it will aim to erase any class awareness, empiricism, or contempt for arbitrary authority. The idea is to impose an avaricious financial-might-makes-right for whatever-we-believe-right-now way of thinking in every human being.
What I want to convey is that there is an unspoken effort by authoritarians of the so-called “left” and “right” who unapologetically yearn for the hybridization of both Huxley’s A Brave New World and Orwell’s 1984 dystopian models, sometimes loudly proclaimed and other times subconsciously suggested.
These are my opinions and not meant as gospel.
I get what you mean. You’re saying we’re sliding towards something that brings back political correctness in its original definition, and I agree with you.
The idea is to impose an avaricious financial-might-makes-right
This resonates a lot. I’d argue we’re already there. All this talk of “meritocracy” (fallaciously opposed to “DEI”), the prosperity gospel (that one’s even older), it’s all been promoting this idea of worthiness determined by net worth. Totalitarianism needs a socially accepted might-makes-right narrative wherever it can find it, then that can be the foundation for the fascist dogma/cult that will justify the regime’s existence and legitimize its disregard for human life. Bonus points if you can make that might-makes-right narrative sound righteous (e.g. “merit” determines that you “deserve” your wealth, when really it’s a circular argument: merit is never questioned for those who have the wealth, it’s always assumed because how else could they have made that much money!).
They killed the old net and are in the middle of murdering the new one too.
Why is the EU licking america’s asshole?
'Cos it’s been turning (far-)right as well in the last few years.
Which is why Europeans shouldn’t be too eager to laugh about the US being a fascist hellhole. It could happen there again if they’re not vigilant.
Dude, I keep telling my possibly AfD voting cousin we’re just a few years behind the US if things continue as they do. Our politicians aren’t better people, they’re just sneakier for now.
The way that the EU has been bending over for Trump is worrying.
No one is laughing… We’re horrified how the people who have been screaming “freedom” and being obnoxious about how much more free they are than anyone else in the entire universe, seem to love getting enslaved while being obnoxious about how cool it is to be enslaved.
Europe has its problems. We’ve had them for generations, and right now they’re getting worse. But at least we have a culture of fighting back, something americans don’t.
But at least we have a culture of fighting back, something americans don’t.
Talk is cheap. Prove it in the coming years. I really hope you’re right, because I want SOMEWHERE to not be either a coporate fascist hellholle or a collapsed country in the future…
In Hungary, we still have people who think fascism is when “evil people do evil things for the sake of evil”, so when fascists want to hurt Roma, LGBTQIA+, etc. people, no one dares to call them fascists as long as said people have “receipts” in the form of cobbled together statistics, and have a not too cruel solution.
Wut?!?!
so if I use graphene os then I can’t look at porn in the eu
Just use a VPN then.
Wait till they put up a EU Great Firewall and ban VPNs
