This is a great example of how this whole requirement hasn't been properly thought out.
> Desktop support is not currently within the project's scope.
What I would like to take from this is that, by their own definition, desktop apps are out of scope for Age Verification. So does that mean we will see a return of the 'desktop applications' instead of everything being a web service ?
One can dream perhaps. Until then adults who are willing to 'do what they're told' will be the ones who are inconvenienced by this constantly.
Edit: Also this will completely disable any new phone OS' being developed. Why would anyone bother when you can't verify your wallet to do anything online.
> What I would like to take from this is that, by their own definition, desktop apps are out of scope for Age Verification. So does that mean we will see a return of the 'desktop applications' instead of everything being a web service ?
I doubt it unless something odd happens like triggering some reaction. They’ve looked at the data and see the majority of society using “phones”, which are really just increasingly small computers that happen to have a feature to also make calls; and they’ve decided that this trap they’re leading us all into can and may even need to stay open and inviting for a while anyways until the older people die off and desktop form factors kind of fall by the wayside, before the trap is even ready to be sprung. In the mean time they’ll just gaslight and lie about what they’re doing, to save and protect the children of course, until the day that you tune around from a distraction and the trap door is shut behind you.
It’s the same MO as always, with the gullible and naive enablers being essentially the worse threat than the actual perpetrators.
> This is a great example of how this whole requirement hasn't been properly thought out.
I think this is more an example of you misunderstanding the desires of the people pushing for this.
They want to actually ban this content, they just know that is a harder sell than restricting to adults. So for them, making it harder or impossible to access the content is a feature, not a bug.
This is hardware attestation in a nutshell: a double edged sword, and a sharp one at that.
The biggest issue is that the attestation hardware and the application client is the same device with the same manufacturer, who also happens to have a slight conflict of interest between monetizing customers and preserving any sort of privacy.
IMHO the pro-attestation forces are so overwhelming that we should all cherish the moment while we have anything open left.
My understanding of the "double edged sword" idiom is that the tool has both downsides and upsides. What are the upsides to restricting what I can do with the hardware I paid for?
Better that it's a dummy device I can stick in a corner and turn on when needed, than the thing I need to carry around all day for various purposes like finding my way around and showing a legal public transport ticket
Lets pretend the EU would mandate Desktop Support, we all know it will be only applied to Windows and Apple. Maybe for Linux, BSD it will never be applied.
In anycase we all know ways of bypassing this age verification will be found, probably by the kids themselves. But all this will do is enable US big tech, killing the very EU based companies the EU has been crying about for years.
Meta, Twitter, Google and M/S could not have created a better law to protect them then this law.
Kids will bypass any verification by secretly using an adult ID or just straight away asking them to do it.
Hell the crazy things I used to do to connect to the internet after my mother went to sleep. She didn't wanted me using the internet because of phone charges so I secretly got into the roof to strip the phone wire bare and connect my own hidden cable that I would unroll and route it to my room to connect to my modem at night. YES part of it was to watch porn and download mp3s and roms. No I wasn't of legal age. Did my life got ruined by this? Well I'm an IT engineer now so arrive at your own conclusion.
I think this current hysteric moral panic is definitely being pushed by a lobby of a nascent AI industry that wants to create a problem for their surveillance tech solution.
My experience with digitalisation is that the optional physical service desks quickly start disappearing once the younger generations start using digital equivalents.
Card payments and digital banking have closed most bank offices outside the larger cities. Mail dropoff boxes are slowly dying out. Paper bank invoices now cost extra (an unreasonable amount extra).
Granny may be able to verify her age, but the service desk won't necessarily be local.
Here's the official Dutch government solution for if your mobile phone doesn't have NFC, if they don't support your phone's OS, or if they actively went out of their way to block your android distribution: "go ask for another person's device then" https://www.digid.nl/stappenplan/id-check-toevoegen-aan-de-d...
A lot of people outraged by this but ultimately this is good news - the more flagrant & public the technical incompetence of the people putting together these idiotic systems, the easier mass push back will be to foment.
Most people don't care about this. They spend hours per day on a surveillance device, willingly contributing their data, personal information and media to monopolistic companies, including putting it into the public online sphere for the world to see. Many people are genuinely convinced this is about the safety of kids, even though the same workarounds slightly competent users know how to implement (VPNs) are the exact same tool the supposed evil-doers know how to use.
I can't find which document it was specifically, but I seem to remember that the hackers' ethos always been that it doesn't matter who you are, what your title is or skin looks like, but that your arguments are to be valued by its merit rather than by who says it. Age seems like another one of these properties you are stuck with
So in order to be a part of European society I need to accept the terms and conditions of US companies?
What happens if something goes wrong and you have to rely on contacting a human in Google of all places? Sorry, you have a copyright strike on your YouTube account, now you can't file taxes! Hopefully you have enough followers on Twitter than you can get them to pay attention.
I finally took a look at the DSA, and it only mentions anything relevant to age verification in three places:
- Recital 71, which vaguely suggests minors' privacy and security should be extra-protected, but says that services shouldn't process extra personal data to identify them.
- Article 28, which says that platforms should provide a high level of "privacy, safety, and security of minors", again without processing extra personal data to identify them. It also says that the Commision may "issue guidelines", but says nothing suggesting age verification should be implemented.
- Article 35, which says that "large online platforms" should maybe implement age verification.
Furthermore, recital 57 says that the regulations for online platforms shouldn't apply to micro/small enterprises (which has a definition somewhere). All together, I don't see anything suggesting that anyone but the largest online services is being forced to implement age verification right now.
Judging by various posts by the Commision I've seen online, they're certainly pushing for the situation to be seen this way, but de iure, that's currently not happening.
EDIT: I found the guidelines mentioned [0], and a nice commentary on the age verification parts [1].
- this project is just one implementation (POC if you want)
- they simply state the current scope of the project
For anyone sane managing projects it makes sense to correctly allocate resources that would cover the most people.
and to all those whining butthurt individuals here - reality check is that it's way more probable that someone has and uses a smartphone than a computer. go out of your tiny bubbles...
When the UK age verification legislation was being debated I recall people saying "don't worry about unintended consequences, it's not like you'll be have to show your ID to random websites! Someone will show up with a reasonable methodology. You'll be able to e.g. show your ID at a shop and get an anonymous token.".
And plenty of people, including myself, thought "this is so dystopian it couldn't possibly happen".
It did happen, and it's as bad as the doomsayers said it would be.
I would be curious what it's like in the UK. It would probably do well as an HN submission if you're up for writing a blog post about it. All I know is that they passed some legislation that requires people to authenticate for anything that could possibly show nudity or something, including Wikipedia, and that VPN apps were going wild. I don't know what it's actually like in daily life, how one does authenticate to Wikipedia (or if they bought themselves time for now by iirc suing the govt?), if there are privacy-friendly age verification options and if those options are commonly implemented by the websites that need it, etc.
Personally I haven't noticed anything with Wikipedia, or Reddit (only ever used when searching for opinions through Google with "Reddit" on the search query).
If you want to watch porn or view anything NSFW with websites that complied, I suppose you just start up NordVPN and select Chicago or something like that. Brits who watch porn are probably just watching more American themed porn now.
Otherwise, (some of) these websites are supposed to show you a digital verification screen with third party gateways. Usually using an ID card. I'd guess most people just installed VPNs.
This is insane. USA is already pushing sanctions against Europeans via US companies (e.g. Microsoft revoking ICC accounts), and now they are about to tie basic functioning in the society to two US megacorporations. At the very least this will solidify the duopoly.
At this point I don't find it impossible that critics or other "enemies" of US (or Israel) in Europe will get their phones bricked as sanctions, and as a result become second class citizens.
I don't even see the necessity for having hardware attestation. We've had for decades online ID systems that can you can run on any device with an internet connection.
Well, in the end there may only be one thing left we can collectively do, but which we surely won't collectively do, because too many of us are way too comfortable to accept any discomforts: We can avoid using services implementing shit, so that any business that singles out desktop users or disadvantages them, doesn't have much of a customer base. Voting with out feet.
I have very little hope, that the common user will make use of their own agency avoiding a dystopia, or even think about issues associated with their behavior. We can see this everywhere even today. The majority of people are clueless and just accept whatever bone is thrown their way. Need to buy a new phone every year now? OK. Pressured to accept digital surveillance by not even state agencies but private profit oriented companies, that want to sell your data or use it for nefarious purposes? OK. Giving all your communication data to big tech? OK. ... It is all just a big "auto-accept any digital rape" for most people, as they don't even want to think about the technical implications and implications for society. It's all so far above their technological understanding, that they just exit the bus, when it comes to discussing these things. That is the problem we face. How to make the normal person aware and interested in their own digital rights.
We have to assume this is only the first step. The next step will be mandatory identity attestation for everything and your only choices will be to either accept it or not use any services at all.
Unless you can show a direct cause-and-effect relationship from clicking OK on some form to something negative happening in their real life that impacts them in actual physical real life, a real event at a particular time that they can observe with their eyes that relates to their real life (family, job, social life, going about their day), most people won't care. Otherwise it all blurs to some abstract words and theoretical tinfoil-like worries about the "government" and ufos and sovereign citizens.
How to make the normal person aware and interested in their own digital rights.
Start a revolutionary, reactionary movement. Many people wonder how the current US president was elected. Regardless what your political stance is, it's good evidence that if you can recruit a huge number of followers in your agenda (and in the process, likely make nearly as many opponents), and have them repeat your "propaganda" as much as possible, you can do anything. That's how you can defeat Big Tech.
The common user spends 7+ hours per day on their phone, has hundreds of apps installed which are all tracking and harvesting their data and personal information, regularly use at least 1 different type of social media or algorithm feeding app trying to alter their behaviour, probably are involved in at least 1 parasocial relationship with an influencer or content creator. And the common person sees that as the norm, doesn't believe it is contributing to any sort of mental health epidemic, or if they do acknowledge it, still can't resist it and improve their life.
If you so much as began talking about something like digital sovereignty, they'd bunch you with the fake moon landing and flat Earthers.
At this point I think they very well do understand. Rocky times are ahead, TPTB know they're at risk if things get bad enough for the average denizen and they want to get in as much leverage against future dissidents as possible.
I think the title "EU age verification app not planning desktop support" is misleading because it gives the impression that there will be no way to support EU age verification on the desktop.
This is addressed in the comments:
> It should also be noted that this project is an example of a solution that is considered to meet certain requirements of the DSA, regarding the protection of minors. It does not prevent the use of other solutions that also meet those requirements.
So I think a better title might be "EU age verification example app not planning desktop support"
(don't get me wrong, I'm not a fan of how this is implemented, but it's important to be accurate in our critique)
As more people move away from spyPhone devices, how is this going to work. Especially having BigTech being able to hold the EU ransom over access to basic government services.
A phone should not be a requirement to partake in society, and I´d even argue the same for a bank account. But I see this month another strong push towards a digital Euro. Is that the true purpose behind this push for .eu ID Apps?
93 comments
[ 2.8 ms ] story [ 95.6 ms ] thread> Desktop support is not currently within the project's scope.
What I would like to take from this is that, by their own definition, desktop apps are out of scope for Age Verification. So does that mean we will see a return of the 'desktop applications' instead of everything being a web service ?
One can dream perhaps. Until then adults who are willing to 'do what they're told' will be the ones who are inconvenienced by this constantly.
Edit: Also this will completely disable any new phone OS' being developed. Why would anyone bother when you can't verify your wallet to do anything online.
I doubt it unless something odd happens like triggering some reaction. They’ve looked at the data and see the majority of society using “phones”, which are really just increasingly small computers that happen to have a feature to also make calls; and they’ve decided that this trap they’re leading us all into can and may even need to stay open and inviting for a while anyways until the older people die off and desktop form factors kind of fall by the wayside, before the trap is even ready to be sprung. In the mean time they’ll just gaslight and lie about what they’re doing, to save and protect the children of course, until the day that you tune around from a distraction and the trap door is shut behind you.
It’s the same MO as always, with the gullible and naive enablers being essentially the worse threat than the actual perpetrators.
I think this is more an example of you misunderstanding the desires of the people pushing for this.
They want to actually ban this content, they just know that is a harder sell than restricting to adults. So for them, making it harder or impossible to access the content is a feature, not a bug.
The biggest issue is that the attestation hardware and the application client is the same device with the same manufacturer, who also happens to have a slight conflict of interest between monetizing customers and preserving any sort of privacy.
IMHO the pro-attestation forces are so overwhelming that we should all cherish the moment while we have anything open left.
In anycase we all know ways of bypassing this age verification will be found, probably by the kids themselves. But all this will do is enable US big tech, killing the very EU based companies the EU has been crying about for years.
Meta, Twitter, Google and M/S could not have created a better law to protect them then this law.
Hell the crazy things I used to do to connect to the internet after my mother went to sleep. She didn't wanted me using the internet because of phone charges so I secretly got into the roof to strip the phone wire bare and connect my own hidden cable that I would unroll and route it to my room to connect to my modem at night. YES part of it was to watch porn and download mp3s and roms. No I wasn't of legal age. Did my life got ruined by this? Well I'm an IT engineer now so arrive at your own conclusion.
I think this current hysteric moral panic is definitely being pushed by a lobby of a nascent AI industry that wants to create a problem for their surveillance tech solution.
Card payments and digital banking have closed most bank offices outside the larger cities. Mail dropoff boxes are slowly dying out. Paper bank invoices now cost extra (an unreasonable amount extra).
Granny may be able to verify her age, but the service desk won't necessarily be local.
The discussion has been shifted from "whether age verification should be a thing" to "how to implement a more convenient age verification system."
Most people don't care about this. They spend hours per day on a surveillance device, willingly contributing their data, personal information and media to monopolistic companies, including putting it into the public online sphere for the world to see. Many people are genuinely convinced this is about the safety of kids, even though the same workarounds slightly competent users know how to implement (VPNs) are the exact same tool the supposed evil-doers know how to use.
What happens if something goes wrong and you have to rely on contacting a human in Google of all places? Sorry, you have a copyright strike on your YouTube account, now you can't file taxes! Hopefully you have enough followers on Twitter than you can get them to pay attention.
- Recital 71, which vaguely suggests minors' privacy and security should be extra-protected, but says that services shouldn't process extra personal data to identify them.
- Article 28, which says that platforms should provide a high level of "privacy, safety, and security of minors", again without processing extra personal data to identify them. It also says that the Commision may "issue guidelines", but says nothing suggesting age verification should be implemented.
- Article 35, which says that "large online platforms" should maybe implement age verification.
Furthermore, recital 57 says that the regulations for online platforms shouldn't apply to micro/small enterprises (which has a definition somewhere). All together, I don't see anything suggesting that anyone but the largest online services is being forced to implement age verification right now.
Judging by various posts by the Commision I've seen online, they're certainly pushing for the situation to be seen this way, but de iure, that's currently not happening.
EDIT: I found the guidelines mentioned [0], and a nice commentary on the age verification parts [1].
[0]: https://digital-strategy.ec.europa.eu/en/library/commission-... [1]: https://dsa-observatory.eu/2025/07/31/do-the-dsa-guidelines-...
- this project is just one implementation (POC if you want) - they simply state the current scope of the project
For anyone sane managing projects it makes sense to correctly allocate resources that would cover the most people.
and to all those whining butthurt individuals here - reality check is that it's way more probable that someone has and uses a smartphone than a computer. go out of your tiny bubbles...
And plenty of people, including myself, thought "this is so dystopian it couldn't possibly happen".
It did happen, and it's as bad as the doomsayers said it would be.
If you want to watch porn or view anything NSFW with websites that complied, I suppose you just start up NordVPN and select Chicago or something like that. Brits who watch porn are probably just watching more American themed porn now.
Otherwise, (some of) these websites are supposed to show you a digital verification screen with third party gateways. Usually using an ID card. I'd guess most people just installed VPNs.
At this point I don't find it impossible that critics or other "enemies" of US (or Israel) in Europe will get their phones bricked as sanctions, and as a result become second class citizens.
I don't even see the necessity for having hardware attestation. We've had for decades online ID systems that can you can run on any device with an internet connection.
But think of the children, right?
I have very little hope, that the common user will make use of their own agency avoiding a dystopia, or even think about issues associated with their behavior. We can see this everywhere even today. The majority of people are clueless and just accept whatever bone is thrown their way. Need to buy a new phone every year now? OK. Pressured to accept digital surveillance by not even state agencies but private profit oriented companies, that want to sell your data or use it for nefarious purposes? OK. Giving all your communication data to big tech? OK. ... It is all just a big "auto-accept any digital rape" for most people, as they don't even want to think about the technical implications and implications for society. It's all so far above their technological understanding, that they just exit the bus, when it comes to discussing these things. That is the problem we face. How to make the normal person aware and interested in their own digital rights.
Start a revolutionary, reactionary movement. Many people wonder how the current US president was elected. Regardless what your political stance is, it's good evidence that if you can recruit a huge number of followers in your agenda (and in the process, likely make nearly as many opponents), and have them repeat your "propaganda" as much as possible, you can do anything. That's how you can defeat Big Tech.
If you so much as began talking about something like digital sovereignty, they'd bunch you with the fake moon landing and flat Earthers.
I have no hope in them.
This is addressed in the comments:
> It should also be noted that this project is an example of a solution that is considered to meet certain requirements of the DSA, regarding the protection of minors. It does not prevent the use of other solutions that also meet those requirements.
So I think a better title might be "EU age verification example app not planning desktop support"
(don't get me wrong, I'm not a fan of how this is implemented, but it's important to be accurate in our critique)
A phone should not be a requirement to partake in society, and I´d even argue the same for a bank account. But I see this month another strong push towards a digital Euro. Is that the true purpose behind this push for .eu ID Apps?