Comment by WarOnPrivacy
10 days ago
In the case of Android, genuine means:
The operating system was licensed by Google
The app was downloaded from the Play Store (thus requiring a Google account)
Device security checks have passed
While there is value to verify device security, this strongly ties the app to many Google properties and services, because those checks won't pass on an aftermarket Android OS
The issue is being raised here: https://github.com/eu-digital-identity-wallet/av-app-android...
I would like to strongly urge to abandon this plan.
Requiring a dependency on American tech giants for age verification
further deepens the EU's dependency on America and the USA's
control over the internet.
Especially in the current political climate I hope I do not have
to explain how undesirable and dangerous that is.
As a resident of the aforementioned political climate, I find their concerns to be reasonable.
There are a number of comments in that same thread that indicate a mandate to utilize Google services may run afoul of EU member nations' integrity and privacy laws.
"Device security checks" is the most horrifying aspect as it basically means "officially sanctioned hardware and software", and leads straight into the dystopia that Stallman warned us about in Right to Read.
There is some amusing irony in the EU relying on the US for furthering its own authoritarianism. It's unfortunate that freedom (in the classic rebellious, American sense) never became that popular in the EU, or for that matter, the UK.
> leads straight into the dystopia that Stallman warned us about
IMHO, the push for age verification is just a stepping stone towards requiring a mandatory ID for all social media posts made from EU. Given the current trends against freedom of speech, it's not unreasonable to think that by the end of the decade any site, including HN, might need to link usernames with their respective eIDs in case posts come from EU IP addresses.
> officially sanctioned hardware and software
Right now, if you want to run an alternative OS, it's already an uphill battle to use tons of member state services, as well as to do banking. Even if you have microG available, the situation is terrible. I imagine it's going to become harder. I cannot understand why the European Commission wants to reduce our reliance on FAANG services, and at the same time they make Google Play a de facto standard, reinforcing the mobile duopoly. In this context, free alternative mobile platforms, such as Sailfish, cannot flourish.
> I cannot understand why the European Commission wants to reduce our reliance on FAANG services, and at the same time they make Google Play a de facto standard
It seems to be different branches of the EU? This has been a recurring problem in EU tech legislation - the EU government bodies are sufficiently autonomous that the right hand seldom knows what the left is doing...
10 replies →
> I cannot understand why the European Commission wants to reduce our reliance on FAANG services, and at the same time they make Google Play a de facto standard, reinforcing the mobile duopoly.
It's called bad faith, and it's an all too common problem with politicians and business types alike.
10 replies →
> "it's not unreasonable to think that by the end of the decade any site, including HN, might need to link usernames with their respective eIDs in case posts come from EU IP addresses."
A rule of thumb that works too often is "how is mainland China doing things?"[0], and assume the West will follow behind shortly.
[0] https://www.washingtonpost.com/world/2025/07/15/china-digita... ("Big Brother gets new powers in China with digital ID system")
(tl;dr: Mandatory digital ID, with central government attesting and holding personal data in escrow. The "privacy-preserving", "least-bad option" a sizeable portion of even HN itself advocates for).
> "This means that companies, like social media site Weibo or online shopping behemoth Alibaba, will no longer be able to see the personal information of their users with digital IDs — but Chinese authorities will be able to see the real identity behind online accounts across a range of sites."
3 replies →
It's already close to impossible. Banking apps and government apps are close to mandatory to function in today's society, yet they plain do not work on Lineage, even with microg, or they work but need ridiculous workarounds. Never mind other "soft mandatory" things like messaging apps or whatever.
I'm dedicated and I have a literal PhD in computer science, yet I'm fucking exhausted fighting this battle all the time. 0.1% chance someone has the capability to, and willingly goes through all this bother.
Then tfa is just a nail in the coffin.
1 reply →
VPN ban is coming next.
1 reply →
> In this context, free alternative mobile platforms, such as Sailfish, cannot flourish.
If you are a system that depends on people being constantly under the yoke of your jurisdictional powers, you do not want a strong, free, ecosystem. You want as little diversity as possible, ideally two so there is an illusion of choice.
> I cannot understand why the European Commission wants to reduce our reliance on FAANG services, and at the same time they make Google Play a de facto standard
You'll be surprised, most of the time it's simple ignorance: the people making decisions don't know everything about everything. Hence democracy comes to rescue.
But the way the European Commission takes decisions is anti-democratic (secret draft documents, undisclosed lobbying, overlooking the role of the Parliament…)
>any site, including HN, might need to link usernames with their respective eIDs
I think, keybase already does it, and there are users here with signed proofs of identity.
I would honestly love that. No more paid trolls on social media, the democratic process has a chance to adapt to technology, we can avoid the fate of the US.
109 replies →
Good luck convincing America to go along with this, especially in the current political climate.
The EU doesn't have power beyond their jurisdiction, as much as they may pretend otherwise. Facebook and Google go along with what the EU wants because they make money there, and have physical properties located on the continent. YC does not.
1 reply →
"a mandatory ID for all social media posts made from EU. Given the current trends against freedom of speech"
what?? how is this againt freedom of speech???, south korea implement this ages ago and there is nothing like that
4 replies →
There's not a trend against freedom of speech so much as existing laws outlawing certain categories of speech being applied to the internet. If you lie in a commercial context, that's fraud; if you lie in court, that's perjury; if you tell your buddies to go do crimes together, that's conspiracy to commit; if you tell someone to give you money or else, that's blackmail...
If you come from the perspective that there used to be freedom of speech and now there's all those pesky laws restricting what you can say, it looks like a slippery slope. If you realize that people have been required to check ID when selling material unsuitable for minors in physical stores since before the internet existed, it seems a bit more unlikely that ID requirements will expand to cover everything else.
42 replies →
When Microsoft proposed such a scheme in the early 2000s under the name "Palladium", even the mainstream press decried it as a nightmare scenario. Google did pretty much the same thing in 2014 with Safetynet and there was barely a whimper. How did we lose our way?
Back with palladium the people that used computers were still mostly knowledgeable like us. These days everyone carries a phone and nobody really understands the impact. In fact many people in the EU are even against the opening of iOS because they feel comfortable in apple's walled garden. Many people consider privacy a lost battle (I often get the argument "why are you railing against this, you have no privacy anymore anyway"). And that's from intelligent people usually.
5 replies →
How did we lose our way?
They figured out that much of the population is easily manipulated and controlled by exploiting their desire for "safety and security" --- in stark contrast to that classic Franklin quote (yes, I know the context isn't the same, but the words are otherwise a perfect fit for the situation.) It's only a minority of the population; and I'd suspect a smaller minority in the EU than the US; which is willing to argue against it.
Next time you find yourself arguing for something or doing things a certain way, throw in an "it's better for security" or similar phrase with a plausible-sounding argument why, and see how easily it shuts down the opposition. In my experience, many won't even question it.
On a PC people are used to tinker around, the whole ecosystem is built around that assumption.
The smartphone was a closed ecosystem from the start, tinkering around was an uphill battle fought with custom ROMs that only few users dared to try (if the bootloader wasn't locked down to begin with). Adding more restrictions didn't have much impact on most users.
Palladium was just one issue. Now it's one of dozens.
Even activists can get exhausted
Politics and money.
fatigue.
same idea has been pushed since forever(you can include ACTA and other copyright protectionist movements like that as its originators too) over and over again.
People need to protest all the time and win, legislators can just keep pushing it over and over again.
What's even worse you get really smart people seeing noting wrong with this.. Meanwhile this reeks of same methods that were used in my country under communist regime.
>or for that matter, the UK.
Hate to say it mate, UK is already one of the worst offenders.
In their own "internet bubble," with curated Google searches that only present a very "Commonwealth countries bias" in search results. After I worked in the UK for a couple of years, I noticed there is a strong bias toward the same sites (Government and UK companies, especially biased toward "facts"). Second, you leave the UK. You will never get it. Try a VPN outside of the UK and search for the same stuff, you will notice it right away.
The UK have used the "think about the children" excuse for different stuff they don't like (Remember the Porn pass Idea? Where you had to go down to your local Tesco to get a "wanker pass" from the cashier.)
Same thing, now just for EU, and they use the "protect the children" excuse, but they have now started to aim at video game companies and others to "verify" age for the sake of "protecting the children". It is horrifying that they want to ID children in the excuse of their "safety". In a couple of years, they will likely offer free in-game currency to trick users into giving away their personal information.
> There is some amusing irony in the EU relying on the US for furthering its own authoritarianism.
I think you're trying too hard to post cynical remarks as if the were this major gotcha. Even though the bill is quite awful, Occam's razor is quick to point out this has all the hallmarks of an overzealous technocrat than authoritarianism. Try to think about it for a second:
- the goal of the legislation is to ensure adult content is not provided or actively pushed to children,
- adult content is pushed primarily by tech platforms,
- the strategy is to allow access to adult content only to users who prove they are adults,
- the strategy followed is to push an age verification system.
- technocrats know age verification systems can be circumvented if tampered with.
- technocrats proceed to add provisions that mitigate the risk of tampering age verification systems.
The detail you're glancing over is US's hegemony over social media and tech platforms. The world is dominated by three platforms: Microsoft's, Apple's, Google's. Even Samsung is not European. How do you expect to push a technical solution for an authorization platform without leveraging the systems that people use?
Also, the way the current US administration is pushing their blend of fascism onto the world is something I do not find funny. If anything, this would mean the American fascists are succeeding.
> How do you expect to push a technical solution for an authorization platform without leveraging the systems that people use?
Imagine a world in which there are ten thousand phone platforms, some of them are developed by communities rather than business entities, and anyone can easily create a new one. Can your system function in that world? If so, then do it that way. If not, then assume it shouldn't work and stop trying to build it.
3 replies →
> the goal of the legislation is to ensure adult content is not provided or actively pushed to children,
Yeah, you can stop here. https://en.wikipedia.org/wiki/Think_of_the_children
It's completely unnecessary,there are plenty of parental control options and software for parents to install.
What will happen in reality is that videos and information is labelled adult content when in reality it isn't, e.g. videos of democratic protests. How do I know that? Because that's what's already happening.
> How do you expect to push a technical solution for an authorization platform without leveraging the systems that people use?
Hardware attestation is an Open standard in the Android world, and it doesn't require Google buttplug in the phone to function.
Details here: https://grapheneos.org/articles/attestation-compatibility-gu...
(I'm not discussing with your other points because at this point they're null and void)
> an overzealous technocrat than authoritarianism
Maybe an easy to manipulate technocrat with an authoritarian figure guiding them from behind.
> the goal of the legislation is to ensure adult content is not provided or actively pushed to children
It always starts with the children or terrorists. It's an easy way to sneak the idea in your head. You wouldn't want children to be harmed or terrorists to win, would you? Once you got used to the though, everything else follows.
Name something you want or like I can lazily turn it into a "think of the children" situation.
My phone is rooted and passes "Device security checks", even though it's not supposed to.
I don't know how it works technically, but clearly there's a way to fake it.
AFAIK there are still cracks available, although it's been getting more difficult over time.
This is another one of the reasons why I'm opposed to the current trend of "memory safety" that the megacorps are so enthusiastic about. When insecurity is freedom, and security means securing against the user's control, attacking insecurity will only close off paths to freedom.
2 replies →
There are two levels, one can be faked, one can not.
2 replies →
It's no irony.
Well payed "transatlantic" lobbyists across all political parties of the EU at work.
They are self-serving and learnt to give a big F* about the citizens of the EU.
You can't have privacy-friendy age verification that is also compatible with tinkering.
The problem is relay services that supply positive age verification results to any interested user for a fee. With a non-privacy-preserving solution, those aren't a problem, law enforcement can just track whose credentials those services are using and shut them down.
I'm not a fan of the whole idea in general, but if we have to choose, I choose privacy over hackability.
But you can, and GrapheneOS shows exactly why. And there are developers who instead of choosing fake and flaved* Google "attestation", choose to conduct hardware attestation.
*Google claims phones not updated for the last 8 years are secure merely because they have privileged Google services. Tell you what: many of them are rooted, with Google play services blind to it, and still claiming phones are "verified".
1 reply →
It's already happening for several apps such as banking apps, payment apps, government ID apps, etc.
Or, for that matter, the US. https://www.congress.gov/bill/118th-congress/house-bill/7891...
And people used to be ridiculed by claiming the EU is basically a Soviet Union with better looking face.
But slowly slowly it will turn into mass terror and deaths. The control freaks in power are taking our freedoms away inch by inch.
You don't even need to consider politics to acknowledge this is dangerous, wildly irresponsible of a government to tie internet access to a foreign corporate entity's control. The privacy concerns of not being able to use a device free from Google services, may only be second to the sovereignty issues it introduces.
Whoops, Google have delisted your government app from the Play Store, how quickly can you de-couple your citizens internet access from the corptocracy?
Guardians of minors are responsible for what they view, as well as what they drink or breathe. So they should make sure their devices are configured properly, same way they make sure there is no alcohol or tobacco intake.
Then we have systems like:
PICS https://en.wikipedia.org/wiki/Platform_for_Internet_Content_...
POWDER https://en.wikipedia.org/wiki/Protocol_for_Web_Description_R...
ASACP/RTA https://en.wikipedia.org/wiki/Association_of_Sites_Advocatin...
Proving we do not need a system prone to PII leaks, just collaboration between content providers and guardians, helped by OS & browser vendors.
But it seems restricting minors is a side effect, at best, of the on going theatre.
> As a resident of the aforementioned political climate, I find their concerns to be reasonable.
No. The lesson is that stuff like this is concerning what ever the "political climate".
Anyway, you mainly don't want the gov in your vicinity to snoop. Non-local OS:es is probably advantageous in that regard if you choose to run proprietary code...
>No. The lesson is that stuff like this is concerning what ever the "political climate".
We say this, but many also want to entrust all our PC games to one closed source launcher. Or have videos/TV all on one subscription service. There's definitely a spectrum of benevolent and greedy dictators people draw lines on.
> many also want to entrust all our PC games to one closed source launcher
I think that is far more that people like the other closed source launchers less, and each launcher potentially adds it's own stream of notifications and adverts to their system so there is a cost to having multiple active even if the PC resource cost is practically undetectable.
Furthermore if comparing game launches and related issues to political climates, I'd consider all the current closed source ones to be the same in those respects. Also we are not subject to several local political climates at any one time in that way (though we are when looking at a wider scale, of course).
> Or have videos/TV all on one subscription service
While there are other issues (each service tracking you etc.) this is more due to the fact that each service charges what we used to pay (in fact more, as in some cases prices have gone up by more than general inflation) for a single service that provided the same amount of content that they cared about. This doesn't really equate to trust on political climates (except where commercial greed is considered a political matter).
9 replies →
This is genuinely a real issue. It seems that most people cannot forsee an issue down the road unless it just happens to personally affect them after it took place ( ideally immediately after ). Valve is a good example, because while it is providing good value for the service it provides, it will not stay like that forever, but the environment it did set up will. And it will hurt once MBAs divvy up that kingdom. Just sayin'
And obviously it is not just one arena, because it seems to be one glaring issue with human beings: they do not want to see the road ahead. And the ones they do are, at best, ignored.
Ye well I agree. I am guilty of using Steam to play some games on Linux with low effort. But as you note there is a spectrum.
the issue is that incentive structure is different from some of those that you've mentioned.
Steam makes the most money if it bridges interests of consumers and publishers together - they don't profit by screwing over the customer(either publishers or end users). Is depending on them a problem? yes, but least likely one. preferably you could move your digital licenses to any provider you want.
Meanwhile subscription services profit the most from enshittification, especially ones that offer 'free' access with ads, or different tiers.
and this current issue isn't even about dependence on google - that's bad in itself - but about gigantic governmental overreach and step towards killing anonymity online under guise of protecting the children.
It is even worse when you consider some EU countries already went after people when politicians got insulted online.
We don't even need this google layer. There already is a digital EU ID.
https://commission.europa.eu/strategy-and-policy/priorities-...
>Especially in the current political climate I hope I do not have to explain how undesirable and dangerous that is.
this is not the way to make a point that the other party will find persuasive.
What do you mean by 'the other party'? Many places have more than two parties.
I assumed that meant "the other side of the conversation", e.g. "all parties involved".
Yeah I'm glad I don't live in a two party state. The zero sum game politics that results in rips the country apart. You see this in the US and also in the UK (Brexit etc)
4 replies →
I assumed they meant Republicans/Trump, but it's a bit confusing because those parties aren't very popular in the EU:
https://www.pewresearch.org/global/2025/06/11/confidence-in-...
whatever your political alignment, saying the situation in the US is problematic might sell pretty well in the EU.
Don't be obtuse to make a point, the OP specifically stated they were in the United States.
[flagged]
(I wish non-Americans wouldn't spend all their time tripping over themselves to try to insult Americans. If you didn't feel so insecure about yourselves and resentful of the success of others, you wouldn't feel such a need to justify your existence.)
In this case, however, it's your poor English to blame. In English when you talk to another person, that other person can be called the other party. It's not an attitude, it's a very neutral term.
2 replies →
“We have both kinds of music: country _and_ western”
Why is it I can use my German national ID online without these Google requirements, but age verification suddenly requires dependency on Google?
Someone opened an issue about changing the wording https://github.com/eu-digital-identity-wallet/eudi-doc-archi...
So remote attestation?
Europeans are completely domesticated and servile to America, this is to be expected. Germans even let them spy on their government!
so what option is??? do you rely on third party store to do check??? I bet its more secure than google has verify it for you
So we wouldn't be real EU citizens, unless Google says so? Can we get rid of passports then? /s
I think Google login at the borders should be fine.
From the telegraph.co.uk: "Elite police unit to monitor online critics of migrants" and there are people worried about the "political climate" in the US lmao
The UK in the last 2 decades has been far more totalitarian than the US, even up to 2025. But the people in England seem to accept it and openly defend government encroachment even here on HN. While even smallest steps towards eroding rights in US have people there decry it, so it's far more controversial and newsworthy
But it's nice so many people care about the last few places where hard freedoms exist. The biggest risk is missing the forest for the trees and not seeing the local extensions of short term political comprise.
> Especially in the current political climate
I am forever thankful that Trump won the last election. If it were a Democrat party at the helm it would be practically impossible to have opposition to this, as most of the left would simply fall in line and cancel anyone daring to oppose the party. Look at how Obama strengthened the Patriot Act and carried out mass deportations with but a tiny grumble from the press.
Here is a list of every state and federal bill proposed in the United States in recent history (that I could find). Have a look at the letter beside the names of the sponsors. Then, after you've discovered that online surveillance bills are almost entirely written by republicans, go read about how your president is bankrolling ICE and their purchase of US citizen's air travel data.
Now go and find how much opposition there was to such laws when the Democrats were in power. Spoiler: it's negative. Whenever Democrats inherit a law like that from Republicans they expand its scope with giddy abandon as the media and their "vote blue no matter who" followers stand by and clap.
My thesis isn't that Democrats write those bills, my thesis is that there is never effective citizen resistance against government overreach when Democrats are in power. People can only be free when they are fighting the government and people only fight Republican governments, ergo we must vote Republican to keep the fight going. Both sides are our enemy, but one side enjoys a much larger cult following that will never attack it.