Regardless of whether you personally use Android or iOS, I think that we can all agree that it is not right to be forced to use a specific platform in order to access almost any Internet services.
This is only an issue if it's the only way of verifying your age. If it's still accessible to everyone and this makes it significantly easier for 99.9999999% of people then why not?
Well, the plan is for it to be the only one. And even if it isn't, what's the alternative? Persona again? No thanks. They could have helped and made an alternative version of this system which used the ID chip plugged into a desktop PC, but they intentionally won't do so.
> Are there any other Operating Systems than iOS, Android or Android flavors?
I remember a gov.uk team presentation. They had a usecase of someone using a PS Vita to access a government assistance program because that was the only device they had access to.
Among 450 million people in the EU there are definitely more OSes than just latest versions of iOS and Android.
> Are there any other Operating Systems than iOS, Android or Android flavors
Yes, there are many more: GNU/Linux, Windows, macOS, *BSD, etc.
This will prevent people who only own a computer and not a modern iOS/Android smartphone from accessing services and platforms.
This also sets a very strong anti-competition pressure. Which company will try now to invest on developing a new OS for smartphones if we already know users will not be able to access the most popular services & platforms with it?
Yes. LineageOS, GrapheneOS, Arch, Sailfish, various other open distros, Windows Phone, and a surprising number of random proprietary options (these are sometimes based on Android, and have some social media apps, but can't run regular Android apps that weren't specifically designed or altered for it) including for modern dumbphones. There are always more over time, too.
There's also old versions of iOS and Android. We don't want to end up in a situation where people are locked into one of only two vendors and can be forced to keep buying the newest model to use an ID app that only supports the most recent software. That'd be even worse for the environment than the current disposable smartphone culture.
Everything to do with the age verification push is corrupt and stupid to begin with. There isn't even a legitimate cause behind all this for forcing ANY app, even if it didn't also force people to buy a specific, expensive, privacy-invading American product.
Even in a world where Android and iOS have 100% of market share, the law (including indirect but obvious consequences of the law) should not force using them.
I don't understand. Even if you run GNU/Linux, when you access a restricted website on it, you will have to scan a QR code with the Android or iOS app. <https://cinema.ageverification.dev> is a demo which shows that.
Unrelated to the substance of the comment but this is a depressing example. Imagine having to verify your age and your identity to buy a movie ticket. This is pure insanity.
Dark times are ahead. Anyone that doesn't see we'll all be living in dictatorships within the next 10 years is putting their head in the sand.
Accessibility doesn't end with catering to most people though. Since this will be a prerequisite to basically communicate online, that simply isn't good enough.
The spec mandates mobile versions to exist, and not PC ones. While a PC version can be provided, no government will do that, because they will do the bare minimum.
You must realize, age verification is for more then just Googles Android apps.
Such a strong new legal framework must consider consumer hardware actually in use:
- Android variations Like GrapheneOS, Huawei's HarmonyOS, older phones running custom ROMs
- Linux phones, which are sold in
the EU and by EU companies
- Desktop operating systems
All of them can run Web Apps, and thus need age verification
Even on the Android or iOS phone the EU app won't run if the device owner made even a tiniest change of the operating system without Google or Apple approval.
The EU developed system excludes the 1% of people for which the popular mobile solutions do not work and also make the rest 99% totally dependent on the selected corporations.
Two platforms that are not owned by companies in the EU. Effectively handing the keys to your state ID to private foreign enterprise.
What will you do when Apple/Google or the US Government effective immediately delete/block your app? The impact initially may be small but after a few years if widely used, you can break a country.
This is a problem, but not the only one. The biggest one is that the phones in question are locked and deny user freedom. I would not be content with an European "alternative", but which is as locked as iOS.
Don't fall for the trap. The question isn't how we should technically force age verification on anybody. The question is why they're pushing it onto everyone. I did not consent to this, neither did you.
But it is needed to protect the children. The politicians say so, so it has to be true. Being against this is very dangerous to our children and democracy. There is no alternative.
Seriously, there is something tremendously wrong with governance when politicians keep changing the whole world around us, without us having any say in it at all. The threat this measure poses to the internet and society is significant, yet it is being pushed through without any substantial debate or push back. This just is not how decent and actual democracies should function. What messed up timeline is this?
When they run out of other rights to destroy, they will pipe videos of little girls crying from food poisoning into your e-verified telescreen during ChildSafe^TM viewing hours, and the result will be that you will get to choose between two state approved restaurants thereafter.
> Seriously, there is something tremendously wrong with governance when politicians keep changing the whole world around us, without us having any say in it at all.
That's where you're wrong. Most people actually do agree with age verification. Just because a decision is stupid it doesn't mean it's undemocratic. Trump was elected democratically, twice. Brexit passed through a referendum.
Luckily, the EU's current structure was put to a referendum. That referendum then failed to get the votes needed, so they implemented it anyway. Much superior.
It's just like democracy. Without the "dem(b)" part. Much better now.
We have such warm feelings about it! What could possibly go wrong with doing such strong governance and extreme-right parties polling at record highs in more than half the EU countries? We have warm feelings now. Or maybe the warm feelings the result of 30 years of climate action in the EU. Luckily, the extreme right is hard at work defending our right to airconditioning!
> Social media is destroying children's brains! Do you want access to be delayed until a certain age?
> Do you want children under a certain age to be banned from social media, which means that you will now have to give your ID, only with Android or iOS?
I don't think it's going to be any more convincing with that. At this point anyone I encounter in "normal" life already assumes that I and everyone else has and primarily uses a Google or Apple account.
Most people are in favor of solving world hunger, poverty, the wars and climate change. Until you hand them the bill. Likewise most people will not agree with age verification when actually implemented.
It requires reason to understand the consequences of your decisions. Reason is something democracies have a shortage of. Thus, democracies structurally suffer from issues like this.
It worked great for the last several hundred years. The problem is government keeps expanding to control more and more of our lives. People just need to understand that government cannot and should not be the solution to every problem.
Whether it's federal, state, or local, you're going to see laws imposed on the 40% of people who don't agree with it. From what I've seen it's the federal legislature that is interested in protecting my rights and the state and local legislatures that want to infringe on my rights. The governments we are under have never been particularly hands off.
This doesn't make it untrue, instead it just confirms it (I know you didn't say or mean to disprove it, just wanted to add my thoughts here).
People make dumb decisions and don't think about possible outcomes twice, or even once. But (unfortunately, in this case) this is a core principle in a democracy. People may be lied to, or at least they are fearmongered into thinking that age verification is needed and encryption needs to be weakened because they thing they have nothing to hide, but if in the end they elect the people that are pro-age-verification, it's perfectly democratic.
IMO the media (including, most importantly, social media) is the problem, not the politicians and/or the democracy or whatever. They all play their part, sure, but it's how people are influenced by the current state of media what's driving all these populistic forces.
The governments won't protect them either. The governments are the ones enabling these corporations to exist and facilitate harm towards children. Maybe they shouldn't be allowed to have those corporations.
Maybe OS vendors should stop trying to sell ads and instead fix their operating systems so that parents can responsibly monitor their children's online activity in a way that promotes both parental responsibility, and children's human rights ... but of course, that would require OS vendors to stop selling ads.
The scope of the things we already do to "protect the children" is tremendous. None of them have, will, or could prevent them from continuing to use it as an excuse for things that should never be done.
You seem to have jumped from "protecting children" to accusing them of an unrelated war crime for not censoring things aggressively enough.
On top of that, the relevant law they would have to comply with in those countries would be the laws of those countries, and those are the governments committing the genocides.
I think that's trying to see something that isn't there, just to try and make some sense out of things. The reality is much simpler - they are elected parlimentarians, same as any regional government, and they vote without much thought based on quick brief summary. System to protect the children? Sounds great, let's vote yes - anyone who doesn't is a pedo, right?
There’s a huge amount of stuff that the EU does that no one consented to, or had a realistic democratic avenue to influence.
I’m in the UK and very anti Brexit. But were we still in, I would have no idea how to influence what happens behind those closed doors at the European Commision.
Granted the current UK Labour/ Conservative pact on these issues show they’re completely out of control. But I still theoretically know how I could influence policy.
> But I still theoretically know how I could influence policy.
I mean even in the EU there's theoretic ways to influence policy, it's just that the system is currently sabotaged and/or partly not strong enough to withstand politicians who want to actively work against it.
Not being for or against UK or Brexit, but I don't think this is a EU problem. These kinds of problems exist in all European democracies, at least this is what it feels like currently.
I know this sounds bad, but when has consent mattered before? I agree with you wholeheartedly, but consent is simply not something these power structures value.
I and many others have been banned from Twitter for the last two weeks because of a new process[1]. I have to view all links in incognito tabs or hand over my biometric data to a trillionaire. Just don't use Twitter some may quip, well that would be a great group effort, but I can't do it alone.
'They' are not pushing age verification onto everyone. 'We' are pushing it onto ourselves. People want this. It is popular all over the world. If 'they' are doing anything, it is subverting what people want into something else. Which is the worry here, as people asked for age verification but didn't ask to be locked into the mobile phone duopoly. The system people want for age verification could be implemented as Firefox plugin. If it requires these attestation services for binary blobs provided by the government, it includes features someone else wants.
Funny how the worry of "digital exclusion" of the elders who would never be able to use a smartphone has been thrown out of the window in recent years.
That's because they are lying to the people here. Just look at the "we must protect the children" lobbyists. It has never been about the children in the first place, that is just the convenient lie to force an authoritarian system in place.
Don't worry the focus is on the youth with this legislation. I have the suspicion it's about indoctrination of surveillance as normal.
Additionally the amount of elderly that don't have or can't use a phone or don't have anyone that can help them with it will decrease rapidly anyway. In my experience it's mostly the same generation as the people that remember WWII.
They probably think that they do not use "social media" either, so it does not affect them. But elders are not the only category. In any case, it is fundamentally wrong to be forced to use a specific platform, American or European, mobile or desktop, for Internet service access.
Some years ago I had deliberate weeks in my life where I just went back to my old 2G brick phone from like 2001. I was amazed how it was still working perfectly. I mean, yes, 2G will be shutdown even in Germany soon, so the old phone isn't an option either way anymore. But there are 4G brick phones which I'd like to use then. But this won't be possible. My bus ticket is digital and can't be screenshotted or printed, my student card too, same with the "Deutschlandticket" (rail ticket in Germany). Hell, even my sauna sends me a QR code to get in via Email now. I mean, at least I can print it out. But this trend will only continue.
In the thread you will find many examples of national implementations which do require attestation. It was removed from the README as a PR measure, but in practice the specification does not prohibit it, so national implementations will still use it.
You won't be able to see a doctor when you're sick.
You won't be able to open a bank account to receive your salary.
You won't be able to buy train or plane tickets.
My point is I am most worried that these kind of "digital verification" type things most impact actual necessities. The social media I couldn't care less about. "I just won't use it" isn't really a solution.
You already can't do any of these things without some kind of governmental issued ID which already has your birthdate on it.
idk why people are so scared of it, do you really believe they don't know what you do on your personal internet connection linked to your name and payment data ?
Like yeah sure if you pay everything in cash and never use internet OK that's a big problem, but for the average HN shitposter who's already terminally online it really doesn't change much
> You already can't do any of these things without some kind of governmental issued ID which already has your birthdate on it.
Do you have to present this ID for every purchase you make or every website you visit? Will it be stored and processed by every shop you enter? If not, how is this relevant here? Currently, the personal data exists but is not accessed by anyone unless it is really required. And even then, the scope can be minimized if the user wants.
> do you really believe they don't know what you do on your personal internet connection linked to your name and payment data ?
Yes. I use Whonix on Qubes to access HN and other websites.
> but for the average HN shitposter who's already terminally online it really doesn't change much
> Do you have to present this ID for every purchase you make or every website you visit?
Basically yes, your mobile connection is attached to a name, your landline is attached to a name, your adresse too, the card you use to pay online too.
> do you really believe they don't know what you do on your personal internet connection linked to your name and payment data?
Many people in the Western Europe used, until very recently, prepaid anonymous mobile data cards that they recharged monthly with charging vouchers paid for in cash.
All this ended in the last 5 - 10 years. The U.S.-American corporate glass citizen slave mentality is actually a little tad bit new here, thus the outrage.
Where exactly in Europe? Countries I interacted with did not had anonymous burner phones. You could buy prepaid card, but you had to show your id and give out your name. You had contract like any other (contract for that number).
Prepaid card was just a payment thing, not anonymity thing. I know, because I functioned on prepaid cards for anonymity unrelated reasons.
You already have to provide your passport/health insurance/legal id which already has your identity to your airline/doctor/employer. Why is this suddenly a problem when it is digitized?
What baffles me the most is how the EU commission constantly
works in favour of US corporations in the long run. This is
really strange. Something does not work in the explanations
given by the EU commission. To me it looks like US lobbyists
run the EU here.
Well, they really, really, really want the end game of tying (real) identity to digital identity. And they want it now, not 10+ years in the future when _theoretically_ there _might_ be some EU-friendly mobile operating system that everyone uses. Right now, Google and Apple are basically the entire smartphone market, so they gotta work with what they've got if they want these plans to come to fruition.
The EU gets billions of dollars from fining US companies. That money is used to pay for a lot of programs and the bean counters don't wan't that source of funding to dry up.
This is the elephant in the room regarding the big "digital sovereignty" talks in the EU.
For the moment in the EU institutions the focus is mostly at the post-acceptance stage that everything must eventually migrate off US clouds. There is still some denial and hope that things will go back like "before" because it's going to be extremely costly to migrate, but at least high level EU civil servants start to see the strategic value of moving out.
However there is ZERO talk about mobile platforms... No alternative solution like linux for the desktop, no money or care given to the few alternative that tentatively exist, and zero talk about forcing companies (at least for the ones shipping android phones) to open up their firmwares and allow users to install alternative OS if they want to sell in the EU.
So whilst the backend guys more or less got the memo about sovereignty, I think there is still a lot of educational work to do regarding end user devices and what kind of digital slavery hole we're digging ourselves in...
In fact, it requires attestation: even if you install Google Play on some Android in an emulator/container/VM, on an alternative Android distro or in a rooted device, the app will not accept it.
Wth. Does it at least have the decency to use aosp attestation? Or are they just happy to give the keys to the kingdom to Google and require Play Protect?
Because this is all a political move. This so-called "EU sovereignty" drive is in fact aimed at further reducing sovereignty of the member states via further transfer of power and control to the EU.
These digital ID wallets do exactly that. Member states lose control of the ID infrastructure, which will now be controlled by the EU. There isn't much sovereignty left at national level...
This is totally not the EU version of China's social credit score system and WeChat SSO system.
It will totally not be used to sanction you the moment you become a nuisance to the EU elites by saying "wrong speech" that goes against their mandated doctrine.
Where is control in being mandated to implement and EU-wide, EU-defined system? This is a net loss.
My previous comment should be taken in its entirety. The loss of sovereignty of individual countries is comprehensive across all domains and this is just one brick in the wall.
The US federal government has been doing that to the states for a while now. They don't have the constitutional authority to do something, so instead they shove a lever under something they nominally are allowed to do and tell the states "do the thing we're not allowed to, the way we tell you to, or else." Where the "or else" is something like, they collect billions of tax dollars from your constituents that you then can't use to provide them with services, and return them to only the states that bend the knee.
(The US constitution originally required federal taxes to be apportioned for exactly that reason.)
Moreover, it's ignoring the context of the thread. The relevance is obviously that ordering someone to do something against their will and then saying they're still in charge because they're the ones doing it is a sham.
This is not entirely true. I don't have much details but I know people who started to work on two separate free software projects aiming to make supported mobile OS.
These projects couldn't get funding before but they do now. Afaik it's still a battle with AI companies lobbying that soverign AI is much more important than mobile OS but there is some growing interest.
Imho i don't even think some linux based alternative to Android would be that hard to pull off but it's the hw companies that will be skeptical to build hw for such OS. I would have to be some govs puahing it as secure gov devices first.
It requires age verification and provides code, which third parties the user doesn't control will use, that creates a dependency on those platforms.
> there's nothing preventing those new OSes form providing proper security signals.
A network effect, far from being nothing, is a barrier the height of a mountain.
The purpose of attestation is to lock out competing platforms. It security value is a joke. Devices pass attestation with known vulnerabilities and fail it for being competitors, even if the competitors have better security.
Offering to make attestations nobody accepts is a farce. The problem to be solved is how to run existing software that was originally written for other platforms when the new platform is new and doesn't have enough users for third party developers to specifically target it, which is the exact thing it can't do. And without that it can't get enough users for third party developers to specifically target it.
It requires a government-authorised "age verification" "app", but it does not require that it is accessible through standard protocols, so that it can work on any platform. In practice, the governments will only make it available for Android and iOS. Plus, you cannot have a free OS providing "attestation"; "attestation" is incompatible with root access and modifying the OS.
I think the asumption being if there is gov backed mobile OS govs would also support their app ecosystem there. That's kinda the point of funding alternative free mobile OS?
That wont help anything. Then you are just force to use Android, iOS, or Sailfish. It need to be a platform agnostic thing, else you're just hitching the fulcrum of civil society on private company.
Exactly. The app is only inclusive if it is accessible over a standard protocol (Web) without "attestation", so that it works for any platform. If I release a GNU/Linux distribution tomorrow, I should be able to use the app on it with only some work on my part.
I don't disagree, but the eu needs their own mobile OS alternative in general so if they absolutely need to rely on a private company, it isn't an american one
This doesn't follow. Why is public infrastructure no longer a possibility as soon as computers get involved? We aren't talking about cutting edge innovation here anymore, mobile phones are boring standard devices.
Ok we get new HN articles every week now about migrating to EU solutions and digital sovereignty. At this point EU should just do as China, please: have EU their own cloud providers, softwares, hardwares, phones and also its own closed-EU only mini-internet barrier by a big EU digital policy border. Just like China, NKorea and Russia. They would be finally at peace with themselves.
Mobile is the UI/UX equivalent of… I don’t even know… a moon landing? A wonder of the world?
I’m not saying it can’t be duplicated. I’m saying if you want to build a mobile platform you need to approach it with appropriate respect for the incredible difficulty of making something that usable.
"zero talk about forcing companies (at least for the ones shipping android phones) to open up their firmwares and allow users to install alternative OS if they want to sell in the EU."
Complete public datasheets on how to program the hardware should be a requirement fit a DMA2.0.
I agree wholeheartedly with the argument raised in this github issue, but I think people are wrong to be skeptical about the concept of a government-issued age verification app.
Thing is, the status quo is absolutely worse. My 13yo son likes making Roblox games. Suddenly, some months ago, Roblox made a change where you’re not allowed to share your games with friends unless you do “age verification”, apparently in some misguided bid to beat the pedos. In Roblox’ case, this means sharing your 3D likeness with some sketchy American business who pinky promises to delete said data after. I don’t want random American tech companies to have my kids’ biometric info like that, able to sell it to whoever asks. Nor my passport or anything like that.
I’d much prefer a government supplied app, that’s guaranteed to protect my privacy, and has no business incentive to sell my data, where I can see what data about me (or my son) is shared with Roblox or whichever sleazy business wants it.
Obviously this only makes sense if the government is less sleazy than the average American tech business, but for all its faults, I think that currently holds for the EU (and most of its member countries). There’s plenty precedent of EU governments doing privacy-conscious apps right (the Dutch covid tracking app comes to mind).
Government issued versus corporate issued age verification is a false dichotomy. There are other options, such as refusing games that require them. (Yes, we do have a teen, and yes we did exactly that with Roblox.)
Pretending that those options are equal is a false dichotomy. Not participating is an option up to a point, and then it is increasingly limiting all other options.
We will see how optional it is to not participate in age verification when software used for interfacing with the world (such as bank apps or similar) require you to use age verification. On top of this, barring your children from apps requiring it is just going to socially isolate them from their peers.
The fact of the matter is that if we want companies to be accountable for the pedophiles on their platform, they simply have to enforce some privacy invasive policies.
This is generally my opinion, and goodness it's swung around quite a bit. This entire debate feels like it should be solved by adequate parental controls.
To the extent that it matters, I think the missing link here is "primary education should support a parent's intent to limit unrestricted internet access for their children." That is, during school activities where internet use is unavoidable, require supervision. (Maybe a lab monitor that can roam the room and see screens?) And for homework, don't assume the kid has internet access, because that is the parent's choice, and they may well not. On the flip side, if the parent trusts their kid with that access, or intends for them to learn through real world experience, let them. That should not be the state's decision.
The problem of course is that this idea in my head is a pipe dream. Schools seem to be well onboard with digital coursework, presumably for efficiency reasons? Unclear. I'm not sure what a more practical middle ground actually looks like.
Truthfully, I don't know! Especially for younger kids though, there's usually at least an adult in the room, right? Even when they're visiting a friend, the other parent is there to step in and check on them occasionally?
I guess once you hand your teenager a smart phone (and all their friends have one too!) all bets are off. That's new, and wasn't a thing when I grew up. We were rural and on the tail end of dial-up, so I couldn't get online at home without someone hearing the modem. That sure limited my attempts to do so without permission!
The California Digital Age Assurance Act is a law mandating adequate parental controls. And it's a great law that should be copied instead of doing the verification nonsense.
Homeschool and exercise close, very close, supervision over what your kids do on the internet.
I'd have hated this as a child. But case for unrestricted internet and social media access for children, at this point, seems pretty shut.
For those who sadly cannot homeschool their children... well, we need to push for school choice and to dismantle the teachers' unions. Which poetically probably ultimately is the same thing.
In many European countries, homeschooling does not really exist. For good reasons. Mingling with many kids from the same age cohort with diverse backgrounds is good for kids. Homeschooling is also often used by religious zealots to indoctrinate their children.
People with attitudes like yours give homeschooling a terrible name, and make it easier for those regularly trying to dismantle it. It's an excellent tool for responsible parents, and a horrible weapon in the hands of zealots.
I am thankful to have had extensive access to technology as a (homeschooled) kid, and parents who encouraged curiosity.
Destroy "optimize for engagement" social media, which harms everyone, and stop pretending like this is some problem that only harms children.
To the extent that it matters, I think the missing link here is "primary education should support a parent's intent to limit unrestricted internet access for their children." That is, during school activities where internet use is unavoidable, require supervision.
Don't get me started. We try to restrict internet time, no Youtube (Shorts are poison/heroin), TikTok, etc. They go to primary school and there is a teacher that makes TikTok videos at school, they can play Roblox in breaks, etc. (Aside from this issue, the teachers are great though!)
There are only so many battles you can choose as a parent (not getting your kids photographed, put on Facebook, etc.).
In contrast to what the grandparent states, the government should unambiguously state: no smartphones, social media, and online games in primary school, period. That's the only way to make it work. Ironically, smartphones are forbidden in all high schools here.
Fwiw we did that with Roblox too, but I hate it because Roblox Studio was a pretty damn fun collaborative gamedev experience.
I mean his classmates argue with their parents about whether they can install TikTok (and most parents lose). Meanwhile I’m denying my son the right to make a game together with a friend. It’s so creative and so educative and I’m saying no to it. It sucks and I hate Roblox for making something so cool and then taking it away for such stupid reasons.
There's plenty of ways to make games outside of Roblox. Maybe they could sit down together and work through some Löve2D or Godot tutorials? No one can take that away arbitrarily
I think GP meant “collaboratively” as in collaborating online through the game itself. The same way you might e.g. collaborate on a Google Doc.
“Sit down together” might be impractical here, if GP’s child’s friends are e.g. friends they made before a move, who are thus quite far away physically. Or friends with snobby parents who won’t let them come over to GP’s house for whatever dumb reason. Or friends with extra-curriculars such that their free time never lines up with GP’s kid’s free time—meaning that only async collaboration will work.
(That’s just a steelman position, though; in general I agree.)
You are correct. And they do sit down together. Hours of ridiculous ideas flowing, and then when they go back home they can continue working on it. Or, well, they could until recently.
This thread is like me complaining Google face-scan-gated Google Docs and people are saying “he can just sit down with the friend and learn LaTeX together!” Yeah, no.
Neither multiplayer gamedevving nor multiplayer game playing are supported as well by either of these.
Fwiw he does Godot too. It’s fun, but it’s purely solo. Godot’s answer to collaboration is Git, which is a complete non-starter for a 13yo. Note, I don’t judge them for it, they compete with Unity, not with Roblox.
Thats obviously fine to do but it is very much going to have consequences for some kids. My kids spend hours a week playing roblox with their IRL friends. 10 - 15 kids on a group call on speaker phone all logged into the same code laughing and yelling for a couple hours a night. If I was to suddenly tell them that they can't play those games with their friends it would have very real effects on their social life. My kids spend a ton of time outside with friends but to ignore that they also spend time gaming with them is not an option.
Oh no, what kind of miserable life will your kids have if they learn to do their own thing and not always blindly follow the crowd? Imagine if they were to learn that the Crowd are idiots who should rarely ever be followed. Might ruin their life.
If the other kids are jumping off bridges, I would have a great reason to tie my kid to the house. But this isn't that obvious to kids. They will be resentful, they will hate your guts. This will have lasting consequences to your relationship
The "app" could be a good solution, if it didn't require attested Android or iOS. It could, for example, have me plug my ID chip into my GNU/Linux system and expose it with a standard protocol. That would be no problem. The problem is that they do not want such a way.
In any case, I think that age gating would not be needed if the platforms were regulated to remove addictive recommendation algorithms.
Using an ID card reader is already possible. See here for a list of Linux repos supporting German IDs: https://www.ausweisapp.bund.de/en/open-source Finding a working hardware/software combination for your ID card is up to you.
The app is an alternative for people who don't want to buy or carry around a card reader, but who already have a smartphone.
It is possible for e-signatures and similar variants. However, there is no sign that the "age verification" will support this variant. If you go to the demo <https://cinema.ageverification.dev>, no option is given other than the Android/iOS app.
So it seems that the app is only an alternative in the case of government portals, but it is not an alternative for "age verification".
The German implementation already allows it. The GitHub issue you linked to explains multiple times that it is a reference implementation, as have several previous HN comment threads linking to this page. It is not the actual implementation that any country plans to use.
The German implementation allows it for some uses, but not for "age verification". The demo does not account for the fact that other options may exist.
ID cards aren’t exactly super standardized inside the EU. German ID cards have a RFID chip which basically contains all the same info that’s printed on the outside (PIN protected).
Smartphones can read that chip and the state as well as private businesses could in principle use this to do age verification – even the super minimal version of age verification that just asks for a certain age threshold and gets a binary response whether that threshold is met. (Which to me if we can achieve it is the perfect solution.)
The infrastructure is there and since 2017 those RFID chips are even actived by default when new ID cards are issued. (The cards are valid for ten years so nearly all ID cards have those active chips.)
The biggest issue currently is a network effect one: hardly anyone is using the chip so people don’t create their initial PIN, creating a UX hurdle for adoption. (If you want to use your ID card chip you have to find your initial PIN somewhere in your documents – if you didn’t throw it away – and then create your proper PIN, you can’t just start using it.)
I can sense usage increasing but exactly because of the poor initial use UX all sorts of private alternate solutions exist that are plain worse from a privacy preserving point of view. For example ones where you film your ID card from both sides (so the hologram is visible) which just suck. (You just share everything … which is just so unnecessary.)
To change this we would need a policy that requires age verification without sharing the birthdate or any other PII.
Unfortunately, we can't even get states to commit to our RealID requirements[1] (which doesn't even add a chip/PIN, it only strengthens validation of documents submitted at the time of application for a driving license). And the notion of a national ID is anathema to large swaths of the population.
Many (all?) EU countries have a national ID card, and most (all?) IDs has a chip that can be used for secure document signing. I don't know if it can be used by itself for age verification. Maybe it would need to contrast your signature with some sort of DB that can retrieve your age...
As a purely tactical measure, we use the same older person (me) for age verification for all family members - zero failures so far and it poisons the well.
In the case of Roblox they have a horrible system where they estimate your age and only allow you to interact with people of a similar age, meaning if you verified your kid with your face then they'd only be able to interact with adults and not other kids. At least that's the theory. It doesn't take a lot of effort to figure out how a predator could misuse this system to their advantage (which is why I call it horrible)
Predators have been using roblox since its inception, but I don't think they are doing age verification because of that. They're looking to expand into more adult experiences and, of all horrible ideas, dating.
I think it is much simpler: they are feeling regulatory pressure. In various countries there are increasingly strict laws that allow people to hold companies accountable for issues on their platform. By using age verification, they can increasingly move responsibility away.
> As a purely tactical measure, we use the same older person (me) for age verification for all family members - zero failures so far and it poisons the well.
Is there a 'break glass' workflow in case you are not available (e.g., health incident)?
We have had the need to prove age for hundreds of years. To buy alcohol. To drive a car. To vote. We depend on government-issued documents to do this. Not sure why anyone would really expect this to change just because it's online now.
Older systems were imperfect and were understood to be. I've meet veterans who joined the Navy at 14 or 16. I've met many College students who can pass as old enough to buy alcohol, especially with a fake id. Dead people are sometimes registered to vote. We know this and have systems to try to catch these exceptions.
But cellphone access is different; it's assumed to be perfect, but it's increasingly being moderated by machine learning heuristics that serve as judge, jury, and executioner, severing your services if a couple of your actions trigger a fuzzy approximation to some of the training data.
AI moderation helps suppress spammers, but it's also punishing false positives, and there is just no recourse. Any ID system that piggybacks on "Apple | Google" is effectively shunning some non trivial portion of society. Governments of the people need to provision their own tech systems that are accessible to all citizens, even those who have run afoul of an AI moderation system.
This year, an octogenarian friend got locked out of his android phone permanently. He had never had a PIN on his Samsung phone.
Then he signed up at a new bank, giving them his phone number. Somehow the bank enrolled his in their online banking system, which notified Samsung, who remotely initiated the "let's give your phone a pin" flow, presumably to protect him during online banking. (This happened without his knowledge -- he had not installed the bank's phone app.)
Later that day, when his phone went into a modal "let's setup a pin" screen, he panicked, assuming an attacker had gained control of his phone, since this was not something he initiated. No button would let him exit the screen, so he powered it down. Now, when he powers it up, it demands a pin, but he doesn't know what pin that would be. The only way to get the phone back would be to factory reset it, meaning he'd be wiping his data. He had the money to replace his phone, but that may not be true of every citizen, especially at his age.
People assume digital auth systems are perfect. But you don't hear from consumers who can't get online to tell you "I've lost access."
I've shared some other similar stories: a widow who got banned for life from facebook within minutes of making an account from an apple device on a consumer ISP with her real cell phone number.
A coworker attempted to sell his son's sporting goods on facebook marketplace and was banned for life with no appeal because AI thought it was "weapons."
Some high school students each made a gmail address from the same laptop one afternoon, only to be banned the next day. Each supplied their own cellphone number, but the accounts got shut down, presumably because multiple accounts were being created from the same device too rapidly.
AI moderation means there are a ton of unwritten rules, and private companies will keep you out of their platforms if you break them. That's fine, but it means governments have no business serving their citizens from these exclusive platforms.
I've never gotten banned but I've been moderated/throttled (even here with the occasional "you're posting too fast") quite often. The triggers on things happening too fast from the same IP address or session seem quite sensitive and thus when I'm doing anything critical such as online transactions I space them out by many minutes, which is inconvenient.
It started when he signed up at a new bank, giving them his phone number. Somehow the bank enrolled his in their online banking system, which notified Samsung, who remotely initiated the "let's give your phone a pin" flow, presumably to protect him during online banking.
Do you have a proof that this actually a thing? I don't see what mechanism exists to do this and I don't see why Samsung would even bother to do this.
No it's not. Government use of these platform or not, once they become big enough being cut out of them means being cut out of a significant part of society. We shouldn't accept "no recourse" and "no due process" just because its a private company.
Hundreds? 200 years ago most people did not even have birth certificates. I can think of multiple famous examples of people who lived in Europe 500 to 800 years ago where we don't know their real age. In existing countries with poor state capacity, a lot of people don't have legitimate birth certificates and there is some evidence that they make up their age to some degree. For example on surveys in such countries there are too many people reporting round number ages. My experience in such countries is that you can find very young looking males riding motorcycles late at night around the city and anybody can buy alcohol. That's how it was in the United States "hundreds" of years ago. Please read a book.
Proving your age is a relatively new phenomenon. My grandmother, born in Chicago in the 1920s didn't even know her exact age. That is not at all uncommon for her generation.
Then get your kid off Roblox. I promise you that Roblox exploits more children in a single day than all sex offenders put together do in a year.
Why is pedophilia such a problem on Roblox? It's because they heavily advertise towards children and one of the fastest ways for children to make money is asking their parents, then next is prostitution. Roblox is uniquely bad because they heavily advertise both products and the "self-made entrepreneur" image to children.
Putting the blame on nebulous "predators" when the system itself is clearly to blame is the very tacit Roblox relies on. Look at vehicular manslaughter are drunk and distracted drivers solely to blame for deaths? Clearly not since there are just as many drunks and phones in Europe as in the US. When the system creates more predators than exist otherwise then you know it needs to change.
If your son likes making games keep him on Godot. Your job as a parent is to find or build a good distribution system. you can see if he is generally interested or if he was pressured by an exploitative system grooming him into pumping out slop for the trough. Age verification is going to make the platform more exploitative in the business sense. Both in that it legitimizes bad practices and lets Roblox target their exploitative practices more effectively.
Check out Luanti. My son pulled off his own multiplayer game, by mixing some existing mods and writing a pinch of Lua. He is not into programming, and he did not even use LLM, do it was probably not all that hard. And the result was impressive, and I say that as a professional programmer.
What you’re proposing works only if the government is always trustworthy and abiding by the rules. But there has been cases that ICE agents in US was able to track down people from their social media posts and in the past Nazis used the address registration lists to track down Jews for deportation to concentration camps.
We don’t know what EU would become in 5 to 10 years in the future, and I would rather not have any identification information about me or family being stored by a government body or any other party that can track/link me or my family members
They have this information anyway if you have an EU passport or an identity card. The government app allows you to share selected properties of these documents with third parties.
It’s not only government shares that info, the government can keep track on with which parties they shared that info and for what purpose.
As an example if I’m obliged to share my ID data via government to open a twitter account how would I know that the government would not link my twitter account to my ID and later use that info keep track of me and prosecute?
People would think that it would never happen, but not long ago that actually happened in East Germany. The Stasi kept track/files on almost every East German and this would be a digital version of the same thing
What would you do that, they start with open source app, make the online is mandatory and once it’s established and mandated, then they closed source the app and implement data collection?
There is no guarantee that the app would stay open source and under public scrutiny forever. Governments have done way shady things in the past. Given the recent push for chat control, I would never trust anything put out by EU.
Yes? Democracy is essentially exactly that - tyranny of the majority. The reason why successful democracies have so many checks and balances, constitutions that uphold essential rights etc is because of this fact. Really the main benefit of democracy is that it prevents the government from doing things which are wildly unpopular. To the extent that it "gives the people power", that is neutered as much as possible to prevent the majority from going "hey, we don't want these people here" and committing democratic genocide or whatever.
The slave aristocracy of the Confederate States of America, and members only Communist Party of China are both democracies.
What we consider democracy went through a LOT of iteration, and continues to this day. Representative first-past-the-post is a form of democracy that can have the unfortunate side effect of the minority of the electorate establishing a tyranny of the majority. There is a lot of scholarship on how to make democratic systems more democratic.
> The slave aristocracy of the Confederate States of America
And the northern states--they had slaves too.
Ulysses S. Grant, when asked why he didn't free his slaves until some time after the war, said "Good help is hard to find."
"The sole object of this war is to restore the Union. Should I become convinced it has any other object, or that the Government designs its soldiers to execute the wishes of the Abolitionists, I pledge you my honor as a man and a soldier I would resign my commission and carry my sword to the other side."
- General Ulysses S. Grant, USA, in a letter to the Chicago Tribune, 1862
I found the origin of that second Grant quote, and well as a boatload of other very interesting facts which one is quite unlikely to get from Google or AI these days, in "The Democratic Speaker's Handbook" compiled by Matthew Carey, Jr., 1868.
> He threatened to resign and cast his lot with the South.
> The editor of the Randolph Citizen recalls some interesting reminscenses of the great Reticent. He had a tongue at one time, it would seem:
> In the summer of 1861 General Grant, then Colonel of the Twenty-first Illinois Regiment of Infantry, was stationed at Mexico, on the North Missouri Railroad, and had command of the post. He remained several months, mingling freely with the people, regardless of the peculiar shade of any one's political opinions; and as the distinguished Colonel had then no thought of aspiring to the Presidency or a dictatorship, no occasion existed for the reticence to which latterly he owed the greater part of his popularity. Ulysses the Silent was then Ulysses the Garrulous, and embraced every fair opportunity which came in his way to express his sentiments and opinions in regard to political affairs. One of these declarations we distinctly remember. In a public conversion in Ringo's banking-house, a sterling Union man put this question to him: "What do you honestly think was the real object of this war on the part of the Federal Government?"
> "Sir," said Grant, "I have no doubt in the world that the sole object is the restoration of the Union. I will say further, though, that I am a Democrat--every man in my regiment is a Democrat--and whenever I shall be convinced that this war has for its object anything else than what I have mentioned, or that the Government designs using its soldiers to execute the purposes of the abolitionists, I pledge you my honor as a man and a soldier that I will not only resign my commission, but will carry my sword to the other side, and cast my lot with that people."
It's really quite remarkable that the victors of that war succeeded so marvelously in convincing people years later that it was about slavery--the the racist white people of the North went to war and died by the hundreds of thousands to free slaves--and to have people utterly convinced of that to this day.
Lots of other enlightening stuff to be found in that book, and in other original sources. Get the facts now while you still can and preserve them.
That seems backwards to me. You can choose to personally not do business with whatever big tech corp you dislike. Men with guns will show up at your house if you stop "doing business" with the regional government.
That adds to the concern as a European. Thanks to the CLOUD Act, sharing data with an American tech company effectively is sharing data with the American government.
I am also European, not sure why that matters though.
This type of argument always sounds to me like someone was abused by their ex-partner, but now prefers their new partner who abuses them a little less.
This is a common negotiation practice in business as well as politics. You make some absolutely outrageous demand, and people protest, but then you give them the -originally planned- light version of it, and they will accept it; in light of the worse option.
There is no reason to endure this BS, hence I referenced manufacturing consent.
I sometimes can not believe how easily people allow themselves to be manipulated.
///
And you can vote out "Big Tech" - by refusing to use their products. Giving up your rights to play some videogame, as GP outlined, is an absolutely sad thing to witness. There are people who fought and died for the rights we have, and we allow them to be eroded for some silly consumerism.
> And you can vote out "Big Tech" - by refusing to use their products
That argument completely ignores network effects. Case in point, Twitter is, for better or worse, still where a lot of public figures post their updates and announcements. It also now randomly bans people unless they give their biometric data to an oligarch that supports right wing extremists: https://www.reddit.com/r/privacy/comments/1ukil0b/twitter_x_...
I hear you on the overall privacy issues related to age verification with US Corps. My concern with government registries of personal information is related to things like:
- Netherlands, WWII: The Dutch civil registry meticulously recorded religion. It’s a major reason ~75% of Dutch Jews were killed, the highest rate in occupied Western Europe (vs ~25% in France, where records were poorer).
- US, Japanese internment: The Census Bureau provided block-level data on Japanese Americans in 1942 despite confidentiality guarantees; 2007 research showed individual names and addresses were shared too.
- Rwanda, 1994: Belgian colonial administrators had put ethnicity (Hutu/Tutsi) on national ID cards in the 1930s. Sixty years later those cards were the primary tool at genocide checkpoints.
There’s loads more. Europe may be safe now so it feels safe to give government this information. However, as shown in all the instances above, the information was collected for one reason and used for a wholly different reason when times changed.
Who knows what kinds of ethnicities, beliefs, behaviors or personal histories will be the focus of future regimes? It could be Roblox users, HN commenters, people who religiously repost x.com links as xcancel.com ones, anything. Whatever it is, they will have access to all the data on any system we allow them to record. This isn’t even a totally made up hypothetical from far away places, multiple governments in Europe were doing this kind of thing just decades ago. Historically speaking, we are all currently living in an unusually peaceful era, that will likely be temporary for many of us.
> - Netherlands, WWII: The Dutch civil registry meticulously recorded religion. It’s a major reason ~75% of Dutch Jews were killed, the highest rate in occupied Western Europe (vs ~25% in France, where records were poorer).
Records were poorer in France because René Carmille and the French resistance sabotaged the machines. Machines made by a large tech company which was a competitor to IBM.
> Who knows what kinds of ethnicities, beliefs, behaviors or personal histories will be the focus of future regimes?
Absolutely. But I do know who has that data -- big tech, and it's willing to sell it for a nominal price. No doubt that price will be higher for a deaparate government wanting to kill everyone with green eyes, but that just means a higher profit margin for facebook as they mine their shadow profiles.
My opinions is that an idiotic government will use whatever data it can find, and we should be more worried that one appears than imagine that because they do not have some data they will not do some idiocy.
I am not for collecting all data without a reason, sometimes probably too much is collected. But idiots can come with any rule if they want just to find someone to blame (I mean, they already use skin color or accent so if in need, they can come up with a rule like "born on a Monday").
It doesn't have to be an either or dichotomy. For example, you could pass laws that make it illegal for an online game to demand age verification, identification, biometrics, etc. The main reason for any of this are some corporate attorneys justifying their own salaries based on "what if" and scaremongering. Regardless of how much personal information they succeed at demanding at this stage, or how [in]effective it is at addressing their claimed problems, they will be back again pushing for even more until they're actually told a hard "no".
> this means sharing your 3D likeness with some sketchy American business who pinky promises to delete said data after. I don’t want random American tech companies to have my kids’ biometric info like that, able to sell it to whoever asks. Nor my passport or anything like that.
Actually the market leader app for scanning faces and documents is an Israeli company. They encourage to use mobile for scanning, for your convenience. They promise they delete the data. Yeah, if they're lying you can sue them in Israel.
Trusting government... Do you even know any history? Like any? How many more atrocities, genocides, mass murders, lies, fraud, and many, many other crimes must these governments commit and also try to hide before you learn your lesson?
I'm just gobsmacked, and your e the highest up vote... HN is simply full of government skills and I'm not even allowed to point that out. Crazy stuff.
Same as for banks. Downloading some verification app with a confidence inspiring 1.2 rating on the app store, getting on a call with some random gig worker looking like they are taking the call in their living room and wiggling your ID around while giving a thumbs up is not the way I would like to prove my identity to a bank.
But there's no alternative. The EU digital identity wallet would be the alternative. You control and exactly see, what kind of information the bank is getting from you and you can be sure that it doesn't flow through some sketchy third-party identification service.
From what I can gather from the linked discussion it was started as a pull request or a issue and was transferred to a discussion later. Perhaps some data was lost there? If you expand the comments fully there is also mention of a nuked merge request, I assume it was related to this text.
It used to say that, it was removed as a PR measure, while in practice the national implementations (as you do not use this app, but a national one) require it, because the specification only mandates Android/iOS versions to be provided (it allows others, but no government will do so), and it does not mandate them not to have "attestation".
This entire issue is a disaster of a Github issue. It looks like its on the entirely wrong repository. I did eventually find the text in another repository; the one for the Android reference implementation: https://github.com/eu-digital-identity-wallet/av-app-android...
It was removed from there to clarify the entire "Hey, this application is not done yet"
It being in the reference implementation instead of the spec is a massive difference. One means that it's just there to show an example, and we should push national governments to do it better in their implementations, while the other would mean that it'd be a requirement for all implementations, which it doesn't appear to be.
Honestly, root detection is a cat and mouse game. So many ways to spoof it. Same with Play Integrity. If the goal is to prevent bad actors, it will never work really. It will be just a big headache for the citizens. Look at how gatekeeping certain websites is working. VPNs became mainstream. So are proxies too especially for bad actors. Malicious actors have just to pay up a service to do so. And I am sure it will be the same with Android (it already is with keyboxes you can purchase to spoof play integrity)
In my opinion the whole "it's just a reference and national govs can decide" is a nonsense excuse to diffuse blame in a circle. The only outcome is that national governments will closely follow the reference and reuse the decision, the citizens of each country then have to manually complain to their own government individually, at which point they might get ignored because, well the reference implementation has it or talks about it, so they're just following the recommended security requirements, and who are you anyway to be demanding our system get less secure are you some kind of cybercriminal?
We have a definition at the beginning, for "Social media and other digital services (in short, social media+)":
“Within the scope of this report, the terms ‘social media+’ and ‘social media and other digital services’, are used to broadly define services that may be available to minors and contain age-inappropriate and/or risky features (for example, addictive and harmful features, among which infinite scroll, autoplay, recommendation algorithms and persistent notifications) and/or content. Social media and other digital services providers include online platforms serving as intermediaries of content from third parties, such as social media, as well as app stores. AI systems posing risks to minors’ safety and development, including AI companions, video games exposing children to harmful commercial practices or dangerous contacts, and video-sharing platforms enabling age-inappropriate access to minors are also included.”
So, let's see, services that may contain age-inappropriate and/or risky content, "online platforms serving as intermediaries of content from third parties".
How quickly can you come up with something that wouldn't fall in that definition?
It seems that anything that allows user-contributed content (such as plain old forums) or communication among users would be comprised in it.
And, yes, to be sure we explicitly include app stores (I guess including e.g. F-Droid, and what about software repositories?) and video games with intercommunication features.
What is this definition used for?
Recommendation 1 of chapter 3: “A harmonised EU-wide access restriction to *social media and other digital services*, including AI companions, for children under 13 is necessary.”
This is a report, not law, but it was commissioned by Ursula von der Leyen and
“The report is intended to inform future actions to be proposed by the European Commission and EU Member States to reinforce child safety online.”
The issue is not the issue, the issue is what their "solution" enables for expanding the surface that governments have for controlling details of how you live your life in the future once accepted.
This is even more than just android, I'm sure there are plenty of us using AOSP forks that do not have google services installed. I think the EU will overturn this with enough noise though. Hopefully the UK doesn't do the same, I've avoided having to root my phone so far and would like to keep it that way if possible.
Age verification is a convenient political trope to get verification of humanity in the door. People can get fired up about it, argue about "think of the children", preserving anonymity on the Internet, supported platforms for government-mandated verification apps, etc, and completely miss the underlying purpose.
Adtech companies rent human attention to their Customers. Autonomous agents are an "adulterant" in the adtech company's stock of "raw material". Their Customers don't want to pay for ad impressions to autonomous agents, therefore the agents must be filtered out. A stock of "proven human attention" to rent is what they need.
So, we have "think of the children" campaigns because they're an easy sell to the public. This is just an early step in the escalating war against people putting their "identity" into the hands of autonomous agents. (I assume we'll have devices measuring biometric feedback in the future, all wrapped-up neatly in attestation.)
Tells us the us is some sort of failed democracy then implements China like access control for the population because they want to ensure they can prosecute you for wrong think in the future. Yeah Im loving this "liberal order" that looks more like good old facism dressed up to look "nice". Even how the passing of chat control was done has ensured I´m voting for any party that will dismantle the EU. EU Parliament is not a democratic of representative institution. Its about as legitimate and democratic as the Duma in Russia.
296 comments
[ 0.31 ms ] story [ 125 ms ] threadIt's not like it's a feature for you the end user, it doesn't solve any of your problems, on the contrary, it creates new ones.
Does Roblox sell them ? If no it's a non sequitur.
How much of a problem is the online availability of alcohol or cigarettes in the health of children ?
Are there any other Operating Systems than iOS, Android or Android flavors?
WebOS was nice but who is still using this? Symbian? Can you even use Social Media Apps with another phone OS?
I remember a gov.uk team presentation. They had a usecase of someone using a PS Vita to access a government assistance program because that was the only device they had access to.
Among 450 million people in the EU there are definitely more OSes than just latest versions of iOS and Android.
Yes, there are many more: GNU/Linux, Windows, macOS, *BSD, etc.
This will prevent people who only own a computer and not a modern iOS/Android smartphone from accessing services and platforms.
This also sets a very strong anti-competition pressure. Which company will try now to invest on developing a new OS for smartphones if we already know users will not be able to access the most popular services & platforms with it?
Like Windows, MacOS and Linux?
There is GrapheneOS, HarmonyOS by Huawei, LineageOS for older phones and many more Android ROMs.
Additionally, Linux phones exist and are already sold in the EU to consumers, not just a prototype.
There's really no justification around limiting the OS selection.
There is also Linux, Windows, MacOS and many more operatint system not limited to phones.
There's also old versions of iOS and Android. We don't want to end up in a situation where people are locked into one of only two vendors and can be forced to keep buying the newest model to use an ID app that only supports the most recent software. That'd be even worse for the environment than the current disposable smartphone culture.
Everything to do with the age verification push is corrupt and stupid to begin with. There isn't even a legitimate cause behind all this for forcing ANY app, even if it didn't also force people to buy a specific, expensive, privacy-invading American product.
Unrelated to the substance of the comment but this is a depressing example. Imagine having to verify your age and your identity to buy a movie ticket. This is pure insanity.
Dark times are ahead. Anyone that doesn't see we'll all be living in dictatorships within the next 10 years is putting their head in the sand.
It's actually disingenuous to think there won't be. This is a repository for a mobile app only.
Such a strong new legal framework must consider consumer hardware actually in use:
- Android variations Like GrapheneOS, Huawei's HarmonyOS, older phones running custom ROMs - Linux phones, which are sold in the EU and by EU companies
- Desktop operating systems
All of them can run Web Apps, and thus need age verification
The EU developed system excludes the 1% of people for which the popular mobile solutions do not work and also make the rest 99% totally dependent on the selected corporations.
What will you do when Apple/Google or the US Government effective immediately delete/block your app? The impact initially may be small but after a few years if widely used, you can break a country.
Seriously, there is something tremendously wrong with governance when politicians keep changing the whole world around us, without us having any say in it at all. The threat this measure poses to the internet and society is significant, yet it is being pushed through without any substantial debate or push back. This just is not how decent and actual democracies should function. What messed up timeline is this?
That's where you're wrong. Most people actually do agree with age verification. Just because a decision is stupid it doesn't mean it's undemocratic. Trump was elected democratically, twice. Brexit passed through a referendum.
It's just like democracy. Without the "dem(b)" part. Much better now.
We have such warm feelings about it! What could possibly go wrong with doing such strong governance and extreme-right parties polling at record highs in more than half the EU countries? We have warm feelings now. Or maybe the warm feelings the result of 30 years of climate action in the EU. Luckily, the extreme right is hard at work defending our right to airconditioning!
> Social media is destroying children's brains! Do you want access to be delayed until a certain age?
> Do you want children under a certain age to be banned from social media, which means that you will now have to give your ID, only with Android or iOS?
99% of people understand this as "you need a smartphone" which is not a problem in 2026, even for the elderly.
Maybe 99% of people have surrendered to Google/Apple (include me there), but the 1% has a valid point...
No, it did not.
> E.g. In a country of 100M people, if 60% agree with a bill and it becomes law
That's not how that law was adopted.
People make dumb decisions and don't think about possible outcomes twice, or even once. But (unfortunately, in this case) this is a core principle in a democracy. People may be lied to, or at least they are fearmongered into thinking that age verification is needed and encryption needs to be weakened because they thing they have nothing to hide, but if in the end they elect the people that are pro-age-verification, it's perfectly democratic.
IMO the media (including, most importantly, social media) is the problem, not the politicians and/or the democracy or whatever. They all play their part, sure, but it's how people are influenced by the current state of media what's driving all these populistic forces.
On top of that, the relevant law they would have to comply with in those countries would be the laws of those countries, and those are the governments committing the genocides.
1. We must do something.
2. This is something.
3. Therefore, we must do this.
https://en.wikipedia.org/wiki/Politician%27s_syllogism
The representatives elected by Europeans did though: 483 votes in favor, 92 against
I’m no conspiracy theorist, but it does seem that there’s an international influence outweighing democracy.
Cui bono?
But the null hypothesis is that there is no new legislation to vote on. It must have come from somewhere!
I’m in the UK and very anti Brexit. But were we still in, I would have no idea how to influence what happens behind those closed doors at the European Commision.
Granted the current UK Labour/ Conservative pact on these issues show they’re completely out of control. But I still theoretically know how I could influence policy.
I mean even in the EU there's theoretic ways to influence policy, it's just that the system is currently sabotaged and/or partly not strong enough to withstand politicians who want to actively work against it.
Not being for or against UK or Brexit, but I don't think this is a EU problem. These kinds of problems exist in all European democracies, at least this is what it feels like currently.
[1] https://old.reddit.com/r/Twitter/comments/1uk6a98/lets_confi...
Additionally the amount of elderly that don't have or can't use a phone or don't have anyone that can help them with it will decrease rapidly anyway. In my experience it's mostly the same generation as the people that remember WWII.
You won't be able to open a bank account to receive your salary.
You won't be able to buy train or plane tickets.
My point is I am most worried that these kind of "digital verification" type things most impact actual necessities. The social media I couldn't care less about. "I just won't use it" isn't really a solution.
idk why people are so scared of it, do you really believe they don't know what you do on your personal internet connection linked to your name and payment data ?
Like yeah sure if you pay everything in cash and never use internet OK that's a big problem, but for the average HN shitposter who's already terminally online it really doesn't change much
Do you have to present this ID for every purchase you make or every website you visit? Will it be stored and processed by every shop you enter? If not, how is this relevant here? Currently, the personal data exists but is not accessed by anyone unless it is really required. And even then, the scope can be minimized if the user wants.
> do you really believe they don't know what you do on your personal internet connection linked to your name and payment data ?
Yes. I use Whonix on Qubes to access HN and other websites.
> but for the average HN shitposter who's already terminally online it really doesn't change much
Speak for yourself.
Basically yes, your mobile connection is attached to a name, your landline is attached to a name, your adresse too, the card you use to pay online too.
Many people in the Western Europe used, until very recently, prepaid anonymous mobile data cards that they recharged monthly with charging vouchers paid for in cash.
All this ended in the last 5 - 10 years. The U.S.-American corporate glass citizen slave mentality is actually a little tad bit new here, thus the outrage.
In Europe it was the norm far longer than in the U.S.A.
Prepaid card was just a payment thing, not anonymity thing. I know, because I functioned on prepaid cards for anonymity unrelated reasons.
However there is ZERO talk about mobile platforms... No alternative solution like linux for the desktop, no money or care given to the few alternative that tentatively exist, and zero talk about forcing companies (at least for the ones shipping android phones) to open up their firmwares and allow users to install alternative OS if they want to sell in the EU.
So whilst the backend guys more or less got the memo about sovereignty, I think there is still a lot of educational work to do regarding end user devices and what kind of digital slavery hole we're digging ourselves in...
The point is that the signatures are compared against a database of certified builds - and that exists on Google servers.
If you want AOSP attestation, you need to build your own database to compare against.
These digital ID wallets do exactly that. Member states lose control of the ID infrastructure, which will now be controlled by the EU. There isn't much sovereignty left at national level...
It will totally not be used to sanction you the moment you become a nuisance to the EU elites by saying "wrong speech" that goes against their mandated doctrine.
Add here shared border control since 2027 in eu, and chat control now.
And prominent names like democratic republics of Kongo and North Korea.
My previous comment should be taken in its entirety. The loss of sovereignty of individual countries is comprehensive across all domains and this is just one brick in the wall.
(The US constitution originally required federal taxes to be apportioned for exactly that reason.)
https://citizens-initiative.europa.eu/faq-eu-competences-and...
Moreover, it's ignoring the context of the thread. The relevance is obviously that ordering someone to do something against their will and then saying they're still in charge because they're the ones doing it is a sham.
But is DOES require work - and it's much easier to complain than to put in work.
It requires age verification and provides code, which third parties the user doesn't control will use, that creates a dependency on those platforms.
> there's nothing preventing those new OSes form providing proper security signals.
A network effect, far from being nothing, is a barrier the height of a mountain.
The purpose of attestation is to lock out competing platforms. It security value is a joke. Devices pass attestation with known vulnerabilities and fail it for being competitors, even if the competitors have better security.
Offering to make attestations nobody accepts is a farce. The problem to be solved is how to run existing software that was originally written for other platforms when the new platform is new and doesn't have enough users for third party developers to specifically target it, which is the exact thing it can't do. And without that it can't get enough users for third party developers to specifically target it.
This is kind of your... opinion man.
In reality pretty much all security sensitive applications require attestation from their side.
I’m not saying it can’t be duplicated. I’m saying if you want to build a mobile platform you need to approach it with appropriate respect for the incredible difficulty of making something that usable.
The only thing they're improving on mobile these days are addictiveness and data collection.
Complete public datasheets on how to program the hardware should be a requirement fit a DMA2.0.
Thing is, the status quo is absolutely worse. My 13yo son likes making Roblox games. Suddenly, some months ago, Roblox made a change where you’re not allowed to share your games with friends unless you do “age verification”, apparently in some misguided bid to beat the pedos. In Roblox’ case, this means sharing your 3D likeness with some sketchy American business who pinky promises to delete said data after. I don’t want random American tech companies to have my kids’ biometric info like that, able to sell it to whoever asks. Nor my passport or anything like that.
I’d much prefer a government supplied app, that’s guaranteed to protect my privacy, and has no business incentive to sell my data, where I can see what data about me (or my son) is shared with Roblox or whichever sleazy business wants it.
Obviously this only makes sense if the government is less sleazy than the average American tech business, but for all its faults, I think that currently holds for the EU (and most of its member countries). There’s plenty precedent of EU governments doing privacy-conscious apps right (the Dutch covid tracking app comes to mind).
I hope they see reason and fix this here issue.
FIFY
The fact of the matter is that if we want companies to be accountable for the pedophiles on their platform, they simply have to enforce some privacy invasive policies.
How about the option of the state not being so tyrannical in meddling about what people anonymously do online in their free time?
To the extent that it matters, I think the missing link here is "primary education should support a parent's intent to limit unrestricted internet access for their children." That is, during school activities where internet use is unavoidable, require supervision. (Maybe a lab monitor that can roam the room and see screens?) And for homework, don't assume the kid has internet access, because that is the parent's choice, and they may well not. On the flip side, if the parent trusts their kid with that access, or intends for them to learn through real world experience, let them. That should not be the state's decision.
The problem of course is that this idea in my head is a pipe dream. Schools seem to be well onboard with digital coursework, presumably for efficiency reasons? Unclear. I'm not sure what a more practical middle ground actually looks like.
I guess once you hand your teenager a smart phone (and all their friends have one too!) all bets are off. That's new, and wasn't a thing when I grew up. We were rural and on the tail end of dial-up, so I couldn't get online at home without someone hearing the modem. That sure limited my attempts to do so without permission!
I'd have hated this as a child. But case for unrestricted internet and social media access for children, at this point, seems pretty shut.
For those who sadly cannot homeschool their children... well, we need to push for school choice and to dismantle the teachers' unions. Which poetically probably ultimately is the same thing.
I am thankful to have had extensive access to technology as a (homeschooled) kid, and parents who encouraged curiosity.
Destroy "optimize for engagement" social media, which harms everyone, and stop pretending like this is some problem that only harms children.
Don't get me started. We try to restrict internet time, no Youtube (Shorts are poison/heroin), TikTok, etc. They go to primary school and there is a teacher that makes TikTok videos at school, they can play Roblox in breaks, etc. (Aside from this issue, the teachers are great though!)
There are only so many battles you can choose as a parent (not getting your kids photographed, put on Facebook, etc.).
In contrast to what the grandparent states, the government should unambiguously state: no smartphones, social media, and online games in primary school, period. That's the only way to make it work. Ironically, smartphones are forbidden in all high schools here.
I mean his classmates argue with their parents about whether they can install TikTok (and most parents lose). Meanwhile I’m denying my son the right to make a game together with a friend. It’s so creative and so educative and I’m saying no to it. It sucks and I hate Roblox for making something so cool and then taking it away for such stupid reasons.
“Sit down together” might be impractical here, if GP’s child’s friends are e.g. friends they made before a move, who are thus quite far away physically. Or friends with snobby parents who won’t let them come over to GP’s house for whatever dumb reason. Or friends with extra-curriculars such that their free time never lines up with GP’s kid’s free time—meaning that only async collaboration will work.
(That’s just a steelman position, though; in general I agree.)
This thread is like me complaining Google face-scan-gated Google Docs and people are saying “he can just sit down with the friend and learn LaTeX together!” Yeah, no.
Fwiw he does Godot too. It’s fun, but it’s purely solo. Godot’s answer to collaboration is Git, which is a complete non-starter for a 13yo. Note, I don’t judge them for it, they compete with Unity, not with Roblox.
In any case, I think that age gating would not be needed if the platforms were regulated to remove addictive recommendation algorithms.
The app is an alternative for people who don't want to buy or carry around a card reader, but who already have a smartphone.
So it seems that the app is only an alternative in the case of government portals, but it is not an alternative for "age verification".
[I'm in the US, we're very ID-averse here, weird, but is what it is]
Smartphones can read that chip and the state as well as private businesses could in principle use this to do age verification – even the super minimal version of age verification that just asks for a certain age threshold and gets a binary response whether that threshold is met. (Which to me if we can achieve it is the perfect solution.)
The infrastructure is there and since 2017 those RFID chips are even actived by default when new ID cards are issued. (The cards are valid for ten years so nearly all ID cards have those active chips.)
The biggest issue currently is a network effect one: hardly anyone is using the chip so people don’t create their initial PIN, creating a UX hurdle for adoption. (If you want to use your ID card chip you have to find your initial PIN somewhere in your documents – if you didn’t throw it away – and then create your proper PIN, you can’t just start using it.)
I can sense usage increasing but exactly because of the poor initial use UX all sorts of private alternate solutions exist that are plain worse from a privacy preserving point of view. For example ones where you film your ID card from both sides (so the hologram is visible) which just suck. (You just share everything … which is just so unnecessary.)
To change this we would need a policy that requires age verification without sharing the birthdate or any other PII.
Unfortunately, we can't even get states to commit to our RealID requirements[1] (which doesn't even add a chip/PIN, it only strengthens validation of documents submitted at the time of application for a driving license). And the notion of a national ID is anathema to large swaths of the population.
1 - https://en.wikipedia.org/wiki/REAL_ID_Act
Reference: https://en.help.roblox.com/hc/en-us/articles/39143693116052-...
Is there a 'break glass' workflow in case you are not available (e.g., health incident)?
But cellphone access is different; it's assumed to be perfect, but it's increasingly being moderated by machine learning heuristics that serve as judge, jury, and executioner, severing your services if a couple of your actions trigger a fuzzy approximation to some of the training data.
AI moderation helps suppress spammers, but it's also punishing false positives, and there is just no recourse. Any ID system that piggybacks on "Apple | Google" is effectively shunning some non trivial portion of society. Governments of the people need to provision their own tech systems that are accessible to all citizens, even those who have run afoul of an AI moderation system.
Then he signed up at a new bank, giving them his phone number. Somehow the bank enrolled his in their online banking system, which notified Samsung, who remotely initiated the "let's give your phone a pin" flow, presumably to protect him during online banking. (This happened without his knowledge -- he had not installed the bank's phone app.)
Later that day, when his phone went into a modal "let's setup a pin" screen, he panicked, assuming an attacker had gained control of his phone, since this was not something he initiated. No button would let him exit the screen, so he powered it down. Now, when he powers it up, it demands a pin, but he doesn't know what pin that would be. The only way to get the phone back would be to factory reset it, meaning he'd be wiping his data. He had the money to replace his phone, but that may not be true of every citizen, especially at his age.
People assume digital auth systems are perfect. But you don't hear from consumers who can't get online to tell you "I've lost access."
I've shared some other similar stories: a widow who got banned for life from facebook within minutes of making an account from an apple device on a consumer ISP with her real cell phone number.
A coworker attempted to sell his son's sporting goods on facebook marketplace and was banned for life with no appeal because AI thought it was "weapons."
Some high school students each made a gmail address from the same laptop one afternoon, only to be banned the next day. Each supplied their own cellphone number, but the accounts got shut down, presumably because multiple accounts were being created from the same device too rapidly.
AI moderation means there are a ton of unwritten rules, and private companies will keep you out of their platforms if you break them. That's fine, but it means governments have no business serving their citizens from these exclusive platforms.
Do you have a proof that this actually a thing? I don't see what mechanism exists to do this and I don't see why Samsung would even bother to do this.
No it's not. Government use of these platform or not, once they become big enough being cut out of them means being cut out of a significant part of society. We shouldn't accept "no recourse" and "no due process" just because its a private company.
Why is pedophilia such a problem on Roblox? It's because they heavily advertise towards children and one of the fastest ways for children to make money is asking their parents, then next is prostitution. Roblox is uniquely bad because they heavily advertise both products and the "self-made entrepreneur" image to children.
Putting the blame on nebulous "predators" when the system itself is clearly to blame is the very tacit Roblox relies on. Look at vehicular manslaughter are drunk and distracted drivers solely to blame for deaths? Clearly not since there are just as many drunks and phones in Europe as in the US. When the system creates more predators than exist otherwise then you know it needs to change.
If your son likes making games keep him on Godot. Your job as a parent is to find or build a good distribution system. you can see if he is generally interested or if he was pressured by an exploitative system grooming him into pumping out slop for the trough. Age verification is going to make the platform more exploitative in the business sense. Both in that it legitimizes bad practices and lets Roblox target their exploitative practices more effectively.
Very few kids are going to go though the incredible difficulty of making multiplayer work in something like Godot.
We don’t know what EU would become in 5 to 10 years in the future, and I would rather not have any identification information about me or family being stored by a government body or any other party that can track/link me or my family members
As an example if I’m obliged to share my ID data via government to open a twitter account how would I know that the government would not link my twitter account to my ID and later use that info keep track of me and prosecute?
People would think that it would never happen, but not long ago that actually happened in East Germany. The Stasi kept track/files on almost every East German and this would be a digital version of the same thing
I agree that governments should minimize collection of their citizen's data. I just don't see where it is supposed to happen in this case.
There is no guarantee that the app would stay open source and under public scrutiny forever. Governments have done way shady things in the past. Given the recent push for chat control, I would never trust anything put out by EU.
I don't fully trust my government. But I definitely trust it more than any American tech company.
I can also vote out my government. I can't do that for Big Tech.
Like you also voted out the EU pricks that pushed chat control?
https://edri.org/our-work/how-a-hollywood-star-lobbies-the-e...
You can't. Not if you're in the minority. Tyranny of the majority is still tyranny.
You what you as an individual most certainly can do is stop using Roblox. Not ideal, but way easier than moving to a new country.
Is that a bad thing?
> you as an individual
I understand. Such is living in a society. No man is an island.
> Not ideal, but way easier than moving to a new country.
I've moved countries five times. I still haven't been able to get rid of my dependencies on Big Tech.
Meanwhile, all you need to do to get rid of a dependency on big tech is to log off.
What we consider democracy went through a LOT of iteration, and continues to this day. Representative first-past-the-post is a form of democracy that can have the unfortunate side effect of the minority of the electorate establishing a tyranny of the majority. There is a lot of scholarship on how to make democratic systems more democratic.
And the northern states--they had slaves too.
Ulysses S. Grant, when asked why he didn't free his slaves until some time after the war, said "Good help is hard to find."
"The sole object of this war is to restore the Union. Should I become convinced it has any other object, or that the Government designs its soldiers to execute the wishes of the Abolitionists, I pledge you my honor as a man and a soldier I would resign my commission and carry my sword to the other side."
- General Ulysses S. Grant, USA, in a letter to the Chicago Tribune, 1862
https://archive.org/details/democraticspeake00caza
From page 32:
> Grant as a Talker
> He threatened to resign and cast his lot with the South.
> The editor of the Randolph Citizen recalls some interesting reminscenses of the great Reticent. He had a tongue at one time, it would seem:
> In the summer of 1861 General Grant, then Colonel of the Twenty-first Illinois Regiment of Infantry, was stationed at Mexico, on the North Missouri Railroad, and had command of the post. He remained several months, mingling freely with the people, regardless of the peculiar shade of any one's political opinions; and as the distinguished Colonel had then no thought of aspiring to the Presidency or a dictatorship, no occasion existed for the reticence to which latterly he owed the greater part of his popularity. Ulysses the Silent was then Ulysses the Garrulous, and embraced every fair opportunity which came in his way to express his sentiments and opinions in regard to political affairs. One of these declarations we distinctly remember. In a public conversion in Ringo's banking-house, a sterling Union man put this question to him: "What do you honestly think was the real object of this war on the part of the Federal Government?"
> "Sir," said Grant, "I have no doubt in the world that the sole object is the restoration of the Union. I will say further, though, that I am a Democrat--every man in my regiment is a Democrat--and whenever I shall be convinced that this war has for its object anything else than what I have mentioned, or that the Government designs using its soldiers to execute the purposes of the abolitionists, I pledge you my honor as a man and a soldier that I will not only resign my commission, but will carry my sword to the other side, and cast my lot with that people."
It's really quite remarkable that the victors of that war succeeded so marvelously in convincing people years later that it was about slavery--the the racist white people of the North went to war and died by the hundreds of thousands to free slaves--and to have people utterly convinced of that to this day.
Lots of other enlightening stuff to be found in that book, and in other original sources. Get the facts now while you still can and preserve them.
You can democratically trample the rights of minority groups.
Since it hasn't been linked in the tree of replies here, I'll add this for others: https://en.wikipedia.org/wiki/Tyranny_of_the_majority
And that I would definitely like to avoid.
This type of argument always sounds to me like someone was abused by their ex-partner, but now prefers their new partner who abuses them a little less.
This is a common negotiation practice in business as well as politics. You make some absolutely outrageous demand, and people protest, but then you give them the -originally planned- light version of it, and they will accept it; in light of the worse option.
There is no reason to endure this BS, hence I referenced manufacturing consent.
I sometimes can not believe how easily people allow themselves to be manipulated.
///
And you can vote out "Big Tech" - by refusing to use their products. Giving up your rights to play some videogame, as GP outlined, is an absolutely sad thing to witness. There are people who fought and died for the rights we have, and we allow them to be eroded for some silly consumerism.
That argument completely ignores network effects. Case in point, Twitter is, for better or worse, still where a lot of public figures post their updates and announcements. It also now randomly bans people unless they give their biometric data to an oligarch that supports right wing extremists: https://www.reddit.com/r/privacy/comments/1ukil0b/twitter_x_...
My son had a similar "making games" interests and I just showed him the Godot engine. Roblox bosses are doing you a favor. Act now :D
- Netherlands, WWII: The Dutch civil registry meticulously recorded religion. It’s a major reason ~75% of Dutch Jews were killed, the highest rate in occupied Western Europe (vs ~25% in France, where records were poorer).
- US, Japanese internment: The Census Bureau provided block-level data on Japanese Americans in 1942 despite confidentiality guarantees; 2007 research showed individual names and addresses were shared too.
- Rwanda, 1994: Belgian colonial administrators had put ethnicity (Hutu/Tutsi) on national ID cards in the 1930s. Sixty years later those cards were the primary tool at genocide checkpoints.
There’s loads more. Europe may be safe now so it feels safe to give government this information. However, as shown in all the instances above, the information was collected for one reason and used for a wholly different reason when times changed.
Who knows what kinds of ethnicities, beliefs, behaviors or personal histories will be the focus of future regimes? It could be Roblox users, HN commenters, people who religiously repost x.com links as xcancel.com ones, anything. Whatever it is, they will have access to all the data on any system we allow them to record. This isn’t even a totally made up hypothetical from far away places, multiple governments in Europe were doing this kind of thing just decades ago. Historically speaking, we are all currently living in an unusually peaceful era, that will likely be temporary for many of us.
Records were poorer in France because René Carmille and the French resistance sabotaged the machines. Machines made by a large tech company which was a competitor to IBM.
> Who knows what kinds of ethnicities, beliefs, behaviors or personal histories will be the focus of future regimes?
Absolutely. But I do know who has that data -- big tech, and it's willing to sell it for a nominal price. No doubt that price will be higher for a deaparate government wanting to kill everyone with green eyes, but that just means a higher profit margin for facebook as they mine their shadow profiles.
I am not for collecting all data without a reason, sometimes probably too much is collected. But idiots can come with any rule if they want just to find someone to blame (I mean, they already use skin color or accent so if in need, they can come up with a rule like "born on a Monday").
[citation needed]
Actually the market leader app for scanning faces and documents is an Israeli company. They encourage to use mobile for scanning, for your convenience. They promise they delete the data. Yeah, if they're lying you can sue them in Israel.
I'm just gobsmacked, and your e the highest up vote... HN is simply full of government skills and I'm not even allowed to point that out. Crazy stuff.
But there's no alternative. The EU digital identity wallet would be the alternative. You control and exactly see, what kind of information the bank is getting from you and you can be sure that it doesn't flow through some sketchy third-party identification service.
App and device verification based on Google Play Integrity API and Apple App Attestation
But I can't find that anywhere. Am I missing something?
It was removed from there to clarify the entire "Hey, this application is not done yet"
It being in the reference implementation instead of the spec is a massive difference. One means that it's just there to show an example, and we should push national governments to do it better in their implementations, while the other would mean that it'd be a requirement for all implementations, which it doesn't appear to be.
It also looks like the reference implementation removed that functionality entirely several months ago: https://github.com/eu-digital-identity-wallet/av-app-android...
Play Integrity is still recommended to be evaluated in the documentation, with no mentions of its consequences. https://github.com/eu-digital-identity-wallet/av-app-android...
"EU age verification app to ban any Android system not licensed by Google" 27-jul-2025 https://www.reddit.com/r/BuyFromEU/comments/1mah79o/eu_age_v...
and
"EU age verification app not planning desktop support" 24-sep-2025 https://news.ycombinator.com/item?id=45359074
We have a definition at the beginning, for "Social media and other digital services (in short, social media+)":
“Within the scope of this report, the terms ‘social media+’ and ‘social media and other digital services’, are used to broadly define services that may be available to minors and contain age-inappropriate and/or risky features (for example, addictive and harmful features, among which infinite scroll, autoplay, recommendation algorithms and persistent notifications) and/or content. Social media and other digital services providers include online platforms serving as intermediaries of content from third parties, such as social media, as well as app stores. AI systems posing risks to minors’ safety and development, including AI companions, video games exposing children to harmful commercial practices or dangerous contacts, and video-sharing platforms enabling age-inappropriate access to minors are also included.”
So, let's see, services that may contain age-inappropriate and/or risky content, "online platforms serving as intermediaries of content from third parties".
How quickly can you come up with something that wouldn't fall in that definition?
It seems that anything that allows user-contributed content (such as plain old forums) or communication among users would be comprised in it.
And, yes, to be sure we explicitly include app stores (I guess including e.g. F-Droid, and what about software repositories?) and video games with intercommunication features.
What is this definition used for?
Recommendation 1 of chapter 3: “A harmonised EU-wide access restriction to *social media and other digital services*, including AI companions, for children under 13 is necessary.”
This is a report, not law, but it was commissioned by Ursula von der Leyen and “The report is intended to inform future actions to be proposed by the European Commission and EU Member States to reinforce child safety online.”
Adtech companies rent human attention to their Customers. Autonomous agents are an "adulterant" in the adtech company's stock of "raw material". Their Customers don't want to pay for ad impressions to autonomous agents, therefore the agents must be filtered out. A stock of "proven human attention" to rent is what they need.
So, we have "think of the children" campaigns because they're an easy sell to the public. This is just an early step in the escalating war against people putting their "identity" into the hands of autonomous agents. (I assume we'll have devices measuring biometric feedback in the future, all wrapped-up neatly in attestation.)