| ▲ | jeroenhd 5 hours ago |
| It's not a trojan horse, it's spelled out in the decision, debates, and legal texts to be the explicit goal. The age verification requirement was picked both as a means to prove the technology is sound and as a simple starting point for a full digital ID solution. The EU already has some form of digital ID in fact, every government provides some kind of OIDC-like service tied to either smart cards or accounts that authenticate the user against a government. The digital wallet solution is an extension to that system that will allow foreign EU citizens to authenticate themselves more easily (eIDAS 2 already implemented an OIDC-like solution but implementation isn't automatic) as well as offer to store the (often mandatory to carry) ID on your phone. The "what if you buy alcohol for your kids" sscenario of somone giving someone else their age verification tokens is tired and nonsensical. You can already do that in the real world. We accept that risk and, depending on the country, make it a crime in case they do catch you. It hasn't made liquor stores send someone along to see you drink your booze or watch you enjoy your porn mag. |
|
| ▲ | pzo 4 hours ago | parent | next [-] |
| The difference you barely have to show you physical ID - mostly only when interacting with bank, signing document, government. I never got asked when buying alcohol and if asked at least I would only let to have a look instead of snapping a picture. Imagine if suddenly every grocery, pharmacy, petrol station, parking place, restaurant, bar etc. now would ask you for your ID AND would snap a picture and store in their database - you wouldn't be happy about it. |
| |
| ▲ | maccard 3 hours ago | parent | next [-] | | If you want an example of how this will be abused by companies, https://www.theguardian.com/money/2015/aug/12/airport-shops-... | |
| ▲ | jeroenhd 2 hours ago | parent | prev | next [-] | | Why would they? The only reasons to show ID I can think of is when watching porn or maybe when buying alcohol online, though I doubt stores will want to risk driving customers away with that. | | |
| ▲ | dwedge 2 hours ago | parent | next [-] | | Or using social media, signing up for any account where you can post content, and soon creating an account on your own device. As for why would they, the same reason there are hundreds of tracking cookies on every site. | |
| ▲ | throwthrowuknow 2 hours ago | parent | prev [-] | | Consider that stores create reward point systems specifically for the purpose of connecting a customer profile to purchases. |
| |
| ▲ | rglullis 3 hours ago | parent | prev [-] | | Yeah, imagine if every convenience store had CCTV security filming everyone 24/7. Oh, wait... | | |
| ▲ | pzo 3 hours ago | parent [-] | | they don't know necessary who are you and what are you buying. I don't think also for big shops with many customers that techonology and reliably do instance segmentation - this is not face id. | | |
| ▲ | rglullis 3 hours ago | parent | next [-] | | They don't, but there is a significant chance that their "security solution" uploads all the data to a cloud provider (Amazon, Google, Oracle) which will be more than happy to analyze the data for them. | | |
| ▲ | jonathanstrange 3 hours ago | parent [-] | | That's possible but would be completely and highly illegal, the EU regularly fines companies violating GDPR, and those fines are not trivial at all, they can be quite hefty. | | |
| ▲ | rglullis 2 hours ago | parent [-] | | I was talking about the reality of the US, but even if I was talking about Europe: how does the GDPR even enter this equation here? I was never asked for consent to have my face recorded when I get into a shop in Germany. Were you? | | |
| ▲ | ragall 2 hours ago | parent [-] | | Security recordings fall into the category if legitimate need, and have to be deleted after a short while. | | |
| ▲ | rglullis an hour ago | parent [-] | | How is that enforced? | | |
| ▲ | carlos22 an hour ago | parent [-] | | Its not. Especially when using US Cloud services. And people do that. Hell even government run schools us GDRP-violating software and force the students to BUY them. The law is nice, the reality is different... |
|
|
|
|
| |
| ▲ | SiempreViernes 2 hours ago | parent | prev [-] | | Doesn't stop the stores from posting clips of you embarrassing yourself online and your acquaintances giving your name away for clout. |
|
|
|
|
| ▲ | broken-kebab 3 hours ago | parent | prev | next [-] |
| >You can already do that in the real world. This argument stays on the sand of inadequate analogy. The way that flaw is described in the story it allows industrialization of bypassing the feature. It's huge difference with the "real world". |
| |
| ▲ | phatfish 3 hours ago | parent | next [-] | | The article is actually one of the better ones I've read. The technical analysis is somewhat above my head, but appears reasonable, and it is suggesting solutions in some cases rather than just dismissing the concerns of parents, and going full privacy nut about our democratically elected governments. All i would say is that the solution doesn't need to be 100% effective. The same as real world "age gates" or ID verification (which is just some random person looking at your ID in most cases) are not. The precedent set -- that everything online should NOT be immediately accessible to children -- provides parents (the ones that care at least) with some backup when trying to raise their children. Ultimately society as a whole is responsible children, and i don't want to live in a society that thinks it is fine for kids to scroll any content on social media and watch porn as soon as they are able to work out how to use a smartphone. The replay attack mentioned may always be a loophole, I'm not sure. But any site hosting the replay attacks should be targeted for shutdown/blocking. The "source" ID must come from somewhere as well, so that could be a route to shutting them down (there are 100's of age verification requests against one ID each day, that's a bit weird...). If parents are helping their kids bypass age gates or straight up don't care their 11 year old is watching porn, then there is not much to be done in that case. The key thing should be keeping the majority of children in compliance to give cover to the parents that do care. Not giving all the power to bad parents and social media companies as is the situation the moment. | |
| ▲ | jeroenhd 2 hours ago | parent | prev [-] | | And unlike in the real world, there's little to no real benefit to it online. What value is there to industrializing any of this? Kids who will pay someone for their age tokens to watch porn or create social media would probably be smart enough to download a free VPN instead. Even in the very worst case scenario for the designers of this system, where large amounts of people manage to extract their tokens and hand them out for free, the downsides everyone fears won't apply anymore. I think a lot of people might be happy about that. | | |
| ▲ | dwedge 2 hours ago | parent [-] | | This "they'll just use a vpn" argument is infuriating to me because it's being used to downplay intrusive laws and make them more palatable. The obvious next step (the UK already hinted at it after the online safety act) is forcing VPNs to do ID verification. |
|
|
|
| ▲ | tpm 4 hours ago | parent | prev [-] |
| > The digital wallet solution is an extension to that system that will allow foreign EU citizens to authenticate themselves more easily Is there a roadmap and/or a timeframe for that? I have a Slovak ID same as the author, when will it be useful for accessing internet services? |
| |
| ▲ | jeroenhd 2 hours ago | parent [-] | | Age verification has taken about three or four years to reach the concept stage, and that's the first stage that will be rolled out. The legal framework behind all this was released all the way back in 2014 and has been officially adopted ten years later. Officially, by December 2026, each member state must have at least one official wallet solution available for its citizens. That said, eIDAS 2.0 also mandated that, as of this year, whatever Slovak digital identity solution has been rolled out so far must also work in other member states. In my experience, different governments adopt different foreign identity services at different paces, most of them seemingly missing the deadline. Banks and other private institutions permitted to ask for ID are supposed to accept the wallet solutions by late 2027. I expect deadlines to be missed given we've barely gotten the age verification PoC done, but with the groundwork laid out, things might just work out. |
|
