{{title}}
{{editor}}'s edit
{{actor}} deleted this content
.
{{editor}}'s edit
Furthermore I am surprised this is considered an important next step, given apps like the Dutch identity app Yivi (who has no such dependency) already exist and can be used for age verification by the government just fine (on the few select platforms that work with it). Yivi is even available on Open Source app stores like F-Droid.
I think Yivi's existence should be sufficient proof that Google Play Integrity integration is unnecessary.
Yivi (formerly IRMA) homepage: https://yivi.app/en/
You must be logged in to vote0 replies
Comment options
{{title}}
You must be logged in to vote
0 replies
Comment options
{{title}}
In addition, tying age verification to specific operating systems and their vendors (large American tech companies) violates two of the three principles listed elsewhere in this org:
- made available to anyone who wants to use it
- controlled by users
0 replies
Comment options
{{title}}
You must be logged in to vote
0 replies
Comment options
{{title}}
Digital sovereignty is a necessary step to reduce the risks of data processing. There should be no dependencies for external services from third parties at all since each one adds a whole ecosystem of potential security issues.
You must be logged in to vote0 replies
Comment options
{{title}}
{{editor}}'s edit
{{actor}} deleted this content
.
{{editor}}'s edit
This is insane, what's the threat model? Someone remotely exploiting a device to steal proof of age of majority just to watch p__n (most common use case)? Is it even realistic? Why does this service need an app at all? Just create a modern web app, maybe even leveraging Digital Credentials API. I'm tired of app-for-everything.
You must be logged in to vote0 replies
Comment options
{{title}}
{{editor}}'s edit
{{actor}} deleted this content
.
{{editor}}'s edit
This happens because those who draft the technical specifications don't know how the technologies they propose work.
As I've explained elsewhere, this is ridiculous. Here's a brief excerpt from one of my posts elsewhere:
It's incredible that the European Commission sanctions Google for abuse of dominant position and asks to open the operating system to other stores to allow "free" competition and you [the writer of technical specifications] impose the use of tools that exclude the free choice of the user and give to Google all the power of choice, that's really INCREDIBLE...
There are dozens of ways to secure these apps' certificates without using proprietary systems.
Not to mention that Play Integrity systems are 100% illegal.
0 replies
Comment options
{{title}}
There are dozens of ways to secure these apps' certificates without using proprietary systems.
Does it need to protect those certificates at all? Maybe I'm too naive, but couldn't this simply be implemented by verifying random challenge signed by a national identity provider?
- User goes to p__n website
- Website detects user is visiting from Europe
- Website downloads them a file containing a random string
- Website tells them to visit verifyage.gov.example
- User logs via identity provider and uploads the file
- Challenge is signed and downloaded through the browser
- User goes back to the p__n website and uploads the file
- Website verifies the challenge is signed by a trusted entity
Avoids having to protect the signed challenge at all since it's single use, scheme is similar to authenticating with SSH or WebAuthn. I haven't checked the architecture thorough, perhaps does something similar in the end with more bloat in between.
You must be logged in to vote9 replies
Comment options
{{title}}
{{editor}}'s edit
{{actor}} deleted this content
.
{{editor}}'s edit
Perhaps the logical conclusion would be that strict age verification just isn't a useful thing to try, and instead parents should be encouraged to actually make use of the client-side filters that pretty much all smartphones have. I've made that argument here.
I agree, however given the people* currently see the internet helped by certain incidences (*cough* Roblox *cough*) I'm not very hopeful that this view will change in the near future. Maybe it could change once the system is implemented and fails horribly but that will take time.
* Note: With "people" I don't just mean politicians. I've heard this from clueless parents as well as people from the "I've nothing to hide"-crowd that truly believe there is no way this could ever go wrong.
Comment options
{{title}}
What the hell is a p__n website?
Comment options
{{title}}
Porn, pornography. I see no reason fo the self-censorship here.
Comment options
{{title}}
I was just following the format of the post I was originally responding to
Comment options
{{title}}
Comment options
{{title}}
{{editor}}'s edit
{{actor}} deleted this content
.
{{editor}}'s edit
You must be logged in to vote
0 replies
Comment options
{{title}}
You must be logged in to vote
0 replies
Comment options
{{title}}
A mandatory Google account is unacceptable in a OSS Project
You must be logged in to vote1 reply
Comment options
{{title}}
Comment options
{{title}}
Getting access to a website as a EU citizen by accepting the TOS of EU-penalized American megacorp is peak 1984.
You must be logged in to vote0 replies
Comment options
{{title}}
Besides the privacy issues, this feels like South Korea's IE6 problem back in the days, everything was so tied and dependent on it, that they couldn't get rid of it. But I guess we are just humans repeating mistakes, getting influenced by lobbyists, uninformed people, people who can't imagine how things will look like in 10 or more years
You must be logged in to vote0 replies
Comment options
{{title}}
This would be massive hinderance to all South EU states, where adoption of non google phones is large.
This would be also massive dependency on google.
Furthermore, why on earth are you building digital ids but then not doing IDPs, then forcing users to use some extra app for agecheck... they and their OS maintains...
It is bad UX, it causes issues, not sure if adds any security.
You must be logged in to vote0 replies
Comment options
{{title}}
I work in cybersecurity and this is a privacy and security nightmare. Just stop.
Using a EU-controlled website with national credentials like it is proposed here #18 is the only reasonable solution.
Or maybe just do not implement this at all. People are going to go to p*** websites a way or another anyway.
You must be logged in to vote1 reply
Comment options
{{title}}
This is one sane response.
I will word it differently: if this cannot be implemented without hurting A LOT OF PEOPLE, then maybe it should not be implemented to solve just one problem.
Their solution is simply dangerous and will hurt a lot of people, additionally will destroy computing by turning it into a closed cage.
{{title}}
You must be logged in to vote
11 replies
Comment options
{{title}}
Comment options
{{title}}
I mean, the whole thing is public knowledge
"Star of That ‘70s Show and a host of Hollywood hits, 45-year-old Kutcher resigned as chairman of the Thorn board in mid-September amid uproar over a letter he wrote to a judge in support of convicted rapist and fellow That ‘70s Show actor Danny Masterson, prior to his sentencing."
Comment options
{{title}}
Comment options
{{title}}
Comment options
{{title}}
Comment options
{{title}}
Did my comment about my 1984 comment getting removed really get removed??
Damn.
Tells me all I need to know.
You must be logged in to vote1 reply
Comment options
{{title}}
see no evil, hear no evil, speak no evil 😂
Comment options
{{title}}
This is a measure to ban general computers. We will all be made to give up real computers and own a locked phone with telescreen features and censorship.
You must be logged in to vote2 replies
Comment options
{{title}}
Waiting for the EU to do an "universal bootloader unlock" law....
Comment options
{{title}}
That's exactly it. Just in a frog boiling mode.
Do not let boil yourself. Age checks today, locked hardware tomorrow. Australia ALREADY INCREASED FINES for bypassing age checks, next step will be a mandatory "locked hardware" to stop bypassing age checks. The UK ALREADY EXPANDED age checks from porn to "harmful content".
THEY WILL NOT STOP.
Comment options
{{title}}
Remember that EU actions, for better or worse, are imitated all over the world.
You must be logged in to vote1 reply
Comment options
{{title}}
It's more like all the politicians are corrupts and taking order from oligarchs and private lobbies
Comment options
{{title}}
If the concern is Russian farms offering automated ID verification for a cost, do note that this "security" can and will be spoofed, with a new method appearing almost a few days after the current one is patched. It will only hurt legitimate users.
You must be logged in to vote24 replies
Comment options
{{title}}
Remember the goold old days where biometrics and creepy surveillance were seen as dystopian? 😂
Talking about effectiveness: the only way to make sure someone does not kill someone else is to cut his arm and legs, remove his teeth too, so this is probably what nukeop wants too
Comment options
{{title}}
That's actually what you want, you keep saying it's not effective enough.
Comment options
{{title}}
My opinion is "fuck this shit"
A reason for that is "it will never work"
Another is "they're not doing it for "the kids""
Comment options
{{title}}
No, the idea is that it only hurts legitimate users who simply do not want Android or iOS, and it's not even effective against the ones it attempts to block (and no sane system can be). So the best way is not to have it.
Comment options
{{title}}
There will be more sale points of verified accounts than you could ever imagine. With or without any attestation. What is more, EU already CREATED underground money for that. Congrats EU! If you want to build the biggest underground our world has seen, then you are on a right path.
Comment options
{{title}}
WHy not use something like this?
Unified Attestation??
Single backend · Offline verification · No device IDs
Attestation that feels boringly reliable.
Unified Attestation is a free, open-source alternative to Google Play Integrity. It delivers short-lived integrity tokens signed by a single backend, verified offline by app servers, and issued via a privileged Android system service. It can live alongside Play Integrity, and it’s simple to integrate for app developers on both the app and server sides.
An initiative by Volla Systeme GmbH.
Volla Systeme GmbH is a Gemran based Company so European what means that this would make more sense as using a American controlled services that locks people into the Stock roms that can and will harvest data with no option to disable data harvesting, forced cloud account to install applications over the intended way and other anti features the EU doesn't stand for based on the Privacy regulation (i am just assuming and hoping here).
12 replies
Comment options
{{title}}
Unified Attestation has the same problems. It just puts a different group of companies in charge doing the same bullshit that play integrity does.
Comment options
{{title}}
there should be a fork that removes all Antifeatures like Play integirty and face scanning as that also requires api's that are only found in google play services or only work on vanilla play services device and don't or function worse on alternatives like microG.
There cannot be a fork. Paradoxically, the source is libre, but you can't modify it in practice, because it relies on some attestation to work and this is enforced by all parties.
Comment options
{{title}}
{{editor}}'s edit
{{actor}} deleted this content
.
{{editor}}'s edit
The truth is that these people don't give a fuck about you and everything they do is for the single purpose of screwing you, and maybe make some profit along the way
Very true. Who gives a damn about user privacy, when they can make trillions and beyond fucking out of the data. Also, none of this is about helping a child stay away from p**n, rather, gaining full control over everything citizen does. Safety my foot.
FYI: India already fucks with user privacy beyond imagination, and we Indians are so happy since we can spend 247365 behind facebook, instagram and shit.
{{title}}
This isn't Tiktok, you don't have to self-censor words like "porn".
Comment options
{{title}}
Hardware owner has a full right to have full control over his own device and any data on it. Stop introducing elements which silently try to take the ownership away.
If you want - RENT THE PHONES, then you can lock them and say those are yours and we are just renting them.
{{title}}
{{editor}}'s edit
{{actor}} deleted this content
.
{{editor}}'s edit
Whatever the "security measures", if a child wishes to access a restricted website, they can just... bribe someone into scanning the QR code on their behalf. It is not more secure with the "attestation". It only hurts legitimate users who want freedom.
You must be logged in to vote0 replies
Comment options
{{title}}
Will it work on a Nokia 3310, or on my laptop? I don't own a smartphone.
You must be logged in to vote0 replies
Comment options
{{title}}
A big problem I see here is that the EU commission requires people
living in the EU to submit to private US corporations. This kind of
undermines literally everything else - all the data privacy becomes
instantly nullified and void if the EU commission already hands over
our data to other entities. We could simply dismiss the whole EU
infrastructure since Washington controls all policies in this regard.
Trump merely amplifies and extends this problem here, but the
underlying issue remains even with "friendlier" presidents in
charge. In addition I kind of suspect that this is also a wanted
outcome by the EU commission anyway, for some reason, so I
don't hold only the USA responsible here. It takes two to tango.
Also, this attempts to require of everyone to have a smartphone
in the first place. Which constitution mandated this ever?
6 replies
Comment options
{{title}}
Also, this attempts to require of everyone to have a smartphone in the first place.
I'm not sure how this will work either. Perhaps a solution has been proposed and I just haven't seen anyone mention it? It also means they need a Google account (which I do not have...) and that the phone must be charged. Phone stipend I guess? Plus a yearly cheque from Google for all the data they harvest from me.
Comment options
{{title}}
public corporations, not private
Public only means that they are publicly traded.
In any case, a better descriptor for them in this context is that they are for-profit monopolistic foreign corporations.
{{title}}
Actually those are public corporations, not private
In continental Europe, "public" means government-managed; "private" means non-government-managed. The English world considers everything from the monetary point of view. The rest of the world doesn't.
Comment options
{{title}}
That's not true at all. A public company is not a government-owned company, anywhere.
Comment options
{{title}}
I don't think this issue is for debating the semantics of "public sector company" vs "public company". Maybe "take this offline", as the saying goes. From context it was clear what the commenter meant.
Comment options
{{title}}
In the README, the following is listed:
App and device verification based on Google Play Integrity API and Apple App Attestation
No, there's not.
You must be logged in to vote0 replies
Comment options
{{title}}
Stop hardware attestation at all cost. This is the final warning, if you keep ignoring it, age verification will be a small inconvenience compared to the nightmare which any "attestation" brings.
WAKE UP PEOPLE BEFORE IT'S TOO LATE
You will literally destroy computing if you agree to any "attestation".
I will personally smuggle and sell "illegal" cracked hardware and radios if it comes to this. And worse.
DO NOT AGREE TO THEIR DEMANDS, DO NOT NEGOTIATE WITH TERRORISTS. DO NOT USE HARDWARE ATTESTATION AND AGE CHECKS.
You must be logged in to vote0 replies
Comment options
{{title}}
It is simple silly to tie anything governmental to specific technologies. It should be based on open standards anyone can implement and integrate with.
You must be logged in to vote1 reply
Comment options
{{title}}
{{editor}}'s edit
{{actor}} deleted this content
.
{{editor}}'s edit
Comment options
{{title}}
I dont believe in age verification at all. Its some more east german stasi bs. Where is freedom? Every youngster will probably go to tor or whatever to access a social network is that what we want? While they are at it they might get up to slightly more nefarious dark web things like ordering a hit on their teach.
You must be logged in to vote2 replies
Comment options
{{title}}
Comment options
{{title}}
They are doing their part helping youngsters get comfortable with dark web.
Comment options
{{title}}
{{editor}}'s edit
{{actor}} deleted this content
.
{{editor}}'s edit
I have neither google nor apple software. Will I be unable to use a myriad of online services if I don't bow and give my money and my data to American corporations? Another shot in the foot, as usual.
You must be logged in to vote1 reply
Comment options
{{title}}
Comment options
{{title}}
Fuck age verification and any kind of ID check online.
If you support this, you might as well be okay with US tech dependency; the EU is not ruled by angels. If you think otherwise, you have been brainwashed by EU technocrats.
You must be logged in to vote0 replies
0 Comments
Log in to join the conversation.No comments yet. Be the first to share your thoughts.