Yeah no. Requiring anything Google for something as basic as this violates the GDPR. If they go through with this, it's one legal case until they have to revise it.

Edit: German eID works on any Android btw., flawless actually. I sure hope I can use that for verification

Please don't link to Reddit. Context below:

The EU is currently developing a whitelabel app to perform privacy-preserving (at least in theory) age verification to be adopted and personalized in the coming months by member states. The app is open source and available here: https://github.com/eu-digital-identity-wallet/av-app-android-wallet-ui.

Problem is, the app is planning to include remote attestation feature to verify the integrity of the app: https://github.com/eu-digital-identity-wallet/av-app-android-wallet-ui?tab=readme-ov-file#disclaimer. This is supposed to provide assurance to the age verification service that the app being used is authentic and running on a genuine operating system. Genuine in the case of Android means:

• The operating system was licensed by Google

• The app was downloaded from the Play Store (thus requiring a Google account)

• Device security checks have passed

While there is value to verify device security, this strongly ties the app to many Google properties and services, because those checks won't pass on an aftermarket Android OS, even those which increase security significantly like GrapheneOS, because the app plans to use Google "Play Integrity", which only allows Google licensed systems instead of the standard Android attestation feature to verify systems.

This also means that even though you can compile the app, you won't be able to use it, because it won't come from the Play Store and thus the age verification service will reject it.

The issue has been raised here https://github.com/eu-digital-identity-wallet/av-app-android-wallet-ui/issues/10 but no response from team members as of now.

So is there a way to apply pressure on the EU to think this through first? Surely they could have different ways that doesn't lock them in to google services.

According to the users in that issue, the mere application of the API is illegal, as is the dependency. Sooo I dunno what kind of PACs there are in the EU but I would be leaning on and contributing to those.

EID and equivalents are great for a lot of things, but do you want your porn site to know who you are? The new app is supposed to verify your age but not give out your PII. Not sure eID can do that?

Yes and the PC app you connect the Android app to also works on Linux. It's even on flathub. Pretty nice, can't complain.

Apparently this is illegal to implement as of right now, but it’s not helping the feeling of technological doomerism I get whenever I think about this whole identity verification situation.

I do feel like that’s a precarious state to leave this in, especially if they’re developing the backend for it.

Is there even enough momentum for a SKG-style wave of coverage? It would need to be justified properly by citing things like the Tea app data leak, to make a strong case (to political pencil pushers) for the danger of tying personal information to profiles or even to platforms. Otherwise the only thing they’ll see is “gamers want to make porn accessible to children”.

I don’t know. This whole situation boils my blood because I really care about online anonymity, and this is kind of nightmare scenario shit for me. I’m not even in the UK or EU.

Wouldnt it be enough to verify through IMEI to make sure the OS isnt emulated?

Google Pain Services

They killed the old net and are in the middle of murdering the new one too.

TBH, as someone from the US it's both horrifying and somewhat reassuring to know that we're somehow not the worst right now.

As usual, it's the implementation that matters.

Someone jumped at me for comparing EU and MAGA to Stalin's and Hitler's regimes, quote, "arguing in newspapers whose worker class has been liberated more". Like they are not equal at all and all such.

EID can be used for anonymous age verification. It doesn't even need to give out your birthday and can attest to any "over the age of X" requirement.

Ref: https://www.bfdi.bund.de/DE/Buerger/Inhalte/Telematik-Statistik-Verkehr-Bildung/Meldewesen-Statistik/Der_Personalausweis.html

Sorry to horrify you but we are definitely worse.

Ah, better than what we have in Estonia then

What is it with everyone being obsessed with porn censorship suddenly? Why is this a trend?

At first I thought it's about control and data gathering, but this seems like too much of a genuine attempt at such a system. Why is the government so obsessed with parenting and nannying the citizens?

This has been discussed a while back, at least here in NL as far as I know it started because of legalising online gambling for which you need to be identified. Also, due to GDPR, businesses aren't allowed to make copies of ID's/passports/driving licences any more which is required for certain businesses (notaries, accountants, etc). In my office we currently use some kind of identification software, but it isn't anonyms because well we wouldn't be able to do our job.

This is just my speculation, so take it as you will. The EU has been pushing for digital ID cards for quite a while, and this is just another attempt. The last serious attempt was the Covid vaccination passport, but so many people still opted for paper certs, and the rest deleted the app when vaccination was no longer mandatory, that it failed again. So, now the authorities are becoming smart and trying to go through the vector that has a proven record of driving technological change: porn.

Edit: German eID works on any Android btw., flawless actually. I sure hope I can use that for verification

Same in Italy... I mean, I can pay taxes with that application but I cannot be verified for my age ? Seriously EU ?