So, darkweb sites it is.

Fuck the play integrity API, Play Store and Google play services

So VPN on the router permanently set to Singapore it is.

It hurt itself in its confusion!

The US might have shot itself in the foot by electing Trump, but the EU is really going to shoot itself in the head if that continue in the same trajectory.

Yeah no. Requiring anything Google for something as basic as this violates the GDPR. If they go through with this, it's one legal case until they have to revise it.

Edit: German eID works on any Android btw., flawless actually. I sure hope I can use that for verification

Please don't link to Reddit. Context below:

The EU is currently developing a whitelabel app to perform privacy-preserving (at least in theory) age verification to be adopted and personalized in the coming months by member states. The app is open source and available here: https://github.com/eu-digital-identity-wallet/av-app-android-wallet-ui.

Problem is, the app is planning to include remote attestation feature to verify the integrity of the app: https://github.com/eu-digital-identity-wallet/av-app-android-wallet-ui?tab=readme-ov-file#disclaimer. This is supposed to provide assurance to the age verification service that the app being used is authentic and running on a genuine operating system. Genuine in the case of Android means:

• The operating system was licensed by Google

• The app was downloaded from the Play Store (thus requiring a Google account)

• Device security checks have passed

While there is value to verify device security, this strongly ties the app to many Google properties and services, because those checks won't pass on an aftermarket Android OS, even those which increase security significantly like GrapheneOS, because the app plans to use Google "Play Integrity", which only allows Google licensed systems instead of the standard Android attestation feature to verify systems.

This also means that even though you can compile the app, you won't be able to use it, because it won't come from the Play Store and thus the age verification service will reject it.

The issue has been raised here https://github.com/eu-digital-identity-wallet/av-app-android-wallet-ui/issues/10 but no response from team members as of now.

So is there a way to apply pressure on the EU to think this through first? Surely they could have different ways that doesn't lock them in to google services.

According to the users in that issue, the mere application of the API is illegal, as is the dependency. Sooo I dunno what kind of PACs there are in the EU but I would be leaning on and contributing to those.

EID and equivalents are great for a lot of things, but do you want your porn site to know who you are? The new app is supposed to verify your age but not give out your PII. Not sure eID can do that?

Yes and the PC app you connect the Android app to also works on Linux. It's even on flathub. Pretty nice, can't complain.

Apparently this is illegal to implement as of right now, but it’s not helping the feeling of technological doomerism I get whenever I think about this whole identity verification situation.

I do feel like that’s a precarious state to leave this in, especially if they’re developing the backend for it.

Is there even enough momentum for a SKG-style wave of coverage? It would need to be justified properly by citing things like the Tea app data leak, to make a strong case (to political pencil pushers) for the danger of tying personal information to profiles or even to platforms. Otherwise the only thing they’ll see is “gamers want to make porn accessible to children”.

I don’t know. This whole situation boils my blood because I really care about online anonymity, and this is kind of nightmare scenario shit for me. I’m not even in the UK or EU.

Wouldnt it be enough to verify through IMEI to make sure the OS isnt emulated?

Google Pain Services

They killed the old net and are in the middle of murdering the new one too.

TBH, as someone from the US it's both horrifying and somewhat reassuring to know that we're somehow not the worst right now.

As usual, it's the implementation that matters.

Someone jumped at me for comparing EU and MAGA to Stalin's and Hitler's regimes, quote, "arguing in newspapers whose worker class has been liberated more". Like they are not equal at all and all such.

EID can be used for anonymous age verification. It doesn't even need to give out your birthday and can attest to any "over the age of X" requirement.

Ref: https://www.bfdi.bund.de/DE/Buerger/Inhalte/Telematik-Statistik-Verkehr-Bildung/Meldewesen-Statistik/Der_Personalausweis.html