alt Hacker NewsEU Age Control: The trojan horse for digital IDs
Comments
> Real cryptographic unlinkability schemes like BBS+ or CL signatures would produce uncorrelated proofs even on reuse. This is not that.
This discussion was already led ad nauseam with the Swiss eID proposal (which is supposed to be EUID compatible) and the reason why the system relies on rotating signatures instead of ZKPs is that the cryptography hardware modules in most phones don't support algorithms such as BBS+. This creates a tradeoff where the states would have to essentially roll their own crypto storage and bank on this being safer than simply rotating through batches of signatures generated by the hardware cryptography modules (which is largely unproblematic in the grand scheme of things). The major advantage of using the hardware module is that it makes it much harder for attackers to extract the actual secret should the device ever fall into someone else's hands, something that happens to phones from time to time.
Overall, as with every digital ID thread, it would help if some of the fearmon gering commentators would read the actually EUDI specs for once in their lives as it already addresses most of the concerns copy-pasted into these threads https://eudi.dev/1.6.0/architecture-and-reference-framework-....
Digital ids are inevitable in my view, just as digital currency has become inescapable because it is more convenient and efficient, these ids will be issued and things like paper proofs of identity will fall away over time. Physical tokens like bank cards and driving licenses are neither necessary nor a good solution in a networked world.
Our focus therefore should be controlling what governments can do with them - for example disallowing blocking/removing someone’s id, just as we should disallow removing citizenship.
With the way elections changed after social media became big. Govts want to have control back, like they did before. And are increasingly curbing open internet with boogeyman CP or terrorists, new fear of mass AI CP. Ultimately we'll get 2nd hand version of great firewall and social credit system. Some "liberal democracies" already have root of such systems implemented.
It's frustrating to see how shortsighted and tech-illiterate politicians are on these topics. This article from Norway today presents the attitude of the minister of digitization as simply "Social media companies are making billions and we expect them to adequately implement age verification systems with solutions that respect privacy and we will fine those who fail at doing this".
The fantastic irony is that in some weak attempt to protect against the "evil big tech companies" they directly facilitate increased mass surveillance and removal of individual rights, instead of choosing more scalable and robust answers such as funding and promoting the development of protocols and open standards that can be applied voluntarily and in a decentralized manner to help mitigate these problems.
I have computers side by side on my desktop running Linux, and it is amazing to me how I can call `wormhole send --message hello` and receive it on the machine next to me, knowing that only I can receive this message, without it running through an age approval mechanism, without it being client-side scanned, and without being logged in some government database.
This is the century of AI and robotics - technologies which can facilitate great concentration of power and wealth. Gradually introducing mechanisms that facilitate digital fascism seems like a really bad way to guard us against this.
https://www.nrk.no/norge/datatilsynet-bekymret-for-personver...
> In any case, it was always presented as a toolbox that countries should adapt into their apps – so judging the app by itself does not make much sense, it depends on how these techniques are implemented in each country’s verification app. There will be no single EU app, despite what the honchos of EU say.
Even more reason to make the "demo" app do things correctly because it's very unlikely that all member states actually implement things correctly.
> The internet is scary, parents think they can’t protect their children from many bad things happening, and someone came to provide a “solution."
A simple solution is just not providing your kids with a phone or computer.
Don't forget that many sources of porn will not obey this. Think the pirate bay will ask for age verification? If they obeyed the law they wouldn't even exist.
It's a solution for nothing, as the article points out too.
There are slight contradictions in this open list of complaints with a bit of guesstimates.
As mentioned digital ids are a thing and this is where everything is moving. The author mentions that it would be great to use it but does not believe it is possible and then says age checks will lead to it and it is bad. There are reasons why digital ids will be forced and one of the big ones is because bigtech companies do not want to invest into looking after the content, e.g. misinformation, bullying, etc. Not to mention the inability of companies to control the age of users, and everyone knows this is not in the interest of advertisers.
Criticism is good but it also has to offer some options. Saying everything is bad bad does not help. All in all I have kids and it is very difficult to filter all of their internet traffic and I am not your average parent. Kids are reading crap and get brainwashed everyday, and the idea that you should just let them is ridiculous. Cyber bullying is a thing and I wonder what would you do when your kids get to be on the receiving side.
IMO this is trying to blame politicians who represent their electorate who wants this without acknowledging that the issue is in huge ad funded companies whose interest is to gather all that private data without any supervision or filtering. BTW Data is constantly being leaked from large companies as well, not only gov entities.
In relation to guesstimates the author jumps to possible conclusions without sufficient proof.
What would the author suggest to fix the main issues though?
We’ve had eID for a long time and I’m fine with it becoming more prominent online. Same for age verification, once we settle on a way to do it without US/Palantir being involved in the process.
It seems unlikely that a true Zero Knowledge Proof system for things like age verification would ever be allowed.
Also, remote attestation doesn't work that way and for good reason. Under a true ZKP system, a single defector (extracted/leaked/etc key) would be able to generate an infinite number of false attestations without detection.
Not a fan, but unfortunately a "digital proof of citizenship" seems to inevitable due to the en-shitification of the internet, autocratic state actor's doctrines to destabilise free societies through disinformation that matches well with social media's en-rage-ment business model, and the more recent AI slopification / AI bots running wild.
The question is whether citizens can build enough pressure for such verification systems to be state-based and truly zero-knowledge (akin to the EU's) versus having the private sector 'verify' each user to siphon data, profit off it (Thiel's Persona) and fortify surveillance-capitalism and autocratic administrations.
Many countries have digital IDs for years now.
It's not for digital IDs. It's for surveillance.
Digital IDs are fine (and desired even) if you are only requiring it for GOVERNMENT (same entity that released them) communication. Push for age control is scheme to make that info available for private companies and that's the trojan horse here.
How's this going to work now that there are, arguably, already more AI agents online than humans? Or close to it. Most of the web if fake AI slop already. Many websites are more crawled by bots than by real people.
We'll need to apply for digital IDs for bots and AI agents?
Where is the big to what we have now?
Not much more freedom, but the control is outside voters reach.
Just ask Nicolas Guillou
To understand the age verification push, got to follow the incentives[0].
Interesting point about ZKP systems. The challenge with age verification is balancing privacy with enforcement — any centralized solution creates a honeypot for data breaches.
A digital ID not based on EU hardware should be taken down with prejudice. It's a direct threat to national security. US companies and, by extension, US government authorities have control over every popular endpoint (mobile phones, desktop OS).
Besides, if someone wants a digital ID, it already exists in many countries. Phones with NFC chips can read many passports, e.g. Germany has an "electronic passport" since 2005. It's barely used, though, because it's bullshit.
ai;dr
> There will be no single EU app, despite what the honchos of EU say.
This shows that the EU commission is systematically lying.
This problem used to exist in the past with Leyen - she is ultimately a lobbyist and that has to stop. Friedrich Merz too by the way - there is a reason why recent polls indicate that the german voters want him out of politics at once.
The EU needs to reform. Right now lobbyists have too much abuse-power. The age sniffing is a great example here - isn't it suspicious how this goes in sync right now in so many countries? Who is paying for this? Nobody needs that, except for some companies.
> Big platforms must verify age for certain content.
But why is their concern, suddenly my concern? I see no need to be in support of any law that would require people to ID in order to access information on the world wide web. That's very obviously the real goal and agenda - everyone with a bit of brains sees this.
> It is the same EU that hates these American corporations and wants EU alternatives for everything
That's not true. The EU commission I consider a lobbyist group, for instance. They lie and lie and lie.
The EU parliament is not much better - you can buy legislation quite easily: https://en.wikipedia.org/wiki/Qatar_corruption_scandal_at_th...
Nothing will seriously changed. The current way how the EU is structure is totally wrong; and it will not be fixed because those in the system, benefit from it financially. See the recent attempt to force EU taxpayers to pay more for those goons. They constantly try to inflate their own budget, at our cost.
> yet no one can make a phone usable for age verification without the blessing of Google
Indeed. We have total incompetence at the leadership level. It should be replaced with technical prowess, but as long as lobbyists such as Leyen are running the show, nothing will change. See the corruption scandals when she was still in Germany. Interestingly the AfD is also full of that, yet voters don't see it - Weidel was working for many years for Goldman sucks. So a next generation of lobbyists will replace the older generation soon. That's why this system how it is, is unfixable. It is broken by design.
[dead]
Site seems slashdotted? Or HNd? Do we call it that here? :)
[dead]
It's not a trojan horse, it's spelled out in the decision, debates, and legal texts to be the explicit goal. The age verification requirement was picked both as a means to prove the technology is sound and as a simple starting point for a full digital ID solution.
The EU already has some form of digital ID in fact, every government provides some kind of OIDC-like service tied to either smart cards or accounts that authenticate the user against a government. The digital wallet solution is an extension to that system that will allow foreign EU citizens to authenticate themselves more easily (eIDAS 2 already implemented an OIDC-like solution but implementation isn't automatic) as well as offer to store the (often mandatory to carry) ID on your phone.
The "what if you buy alcohol for your kids" sscenario of somone giving someone else their age verification tokens is tired and nonsensical. You can already do that in the real world. We accept that risk and, depending on the country, make it a crime in case they do catch you. It hasn't made liquor stores send someone along to see you drink your booze or watch you enjoy your porn mag.